dur-duweb.newscyclecloud.com Open in urlscan Pro
3.210.172.4 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://dur-duweb.newscyclecloud.com/
Submission Tags: falconsandbox
Submission: On November 12 via api (November 12th 2021, 7:20:36 pm UTC) from US — Scanned from DE

Summary HTTP 220 Redirects Links 41 Behaviour Indicators

Summary

This website contacted 42 IPs in 5 countries across 31 domains to perform 220 HTTP transactions. The main IP is 3.210.172.4, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is dur-duweb.newscyclecloud.com.

This is the only time dur-duweb.newscyclecloud.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
52	3.210.172.4 3.210.172.4	14618 (AMAZON-AES) (AMAZON-AES)
1	143.204.93.201 143.204.93.201	16509 (AMAZON-02) (AMAZON-02)
2	93.184.221.133 93.184.221.133	15133 (EDGECAST) (EDGECAST)
1	92.123.224.73 92.123.224.73	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	192.229.221.28 192.229.221.28	15133 (EDGECAST) (EDGECAST)
1	34.206.9.165 34.206.9.165	14618 (AMAZON-AES) (AMAZON-AES)
1	2a00:1450:400... 2a00:1450:4001:801::200a	15169 (GOOGLE) (GOOGLE)
2	69.39.6.197 69.39.6.197	21803 (CEDAR-NET...) (CEDAR-NETWORKS)
2	2606:4700::68... 2606:4700::6810:5514	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:50c0:800... 2606:50c0:8002::153	54113 (FASTLY) (FASTLY)
10	2a02:26f0:f7:... 2a02:26f0:f7::5c7b:e031	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	54.225.138.77 54.225.138.77	14618 (AMAZON-AES) (AMAZON-AES)
2	46.105.202.39 46.105.202.39	16276 (OVH) (OVH)
1	18.214.172.53 18.214.172.53	14618 (AMAZON-AES) (AMAZON-AES)
1	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:80e::200e	15169 (GOOGLE) (GOOGLE)
1	18.196.20.13 18.196.20.13	16509 (AMAZON-02) (AMAZON-02)
1	143.204.98.75 143.204.98.75	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f01... 2a03:2880:f01c:216:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	143.204.98.63 143.204.98.63	16509 (AMAZON-02) (AMAZON-02)
2	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
2	18.66.248.54 18.66.248.54	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:6c0... 2a02:26f0:6c00:28d::19fd	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	104.244.42.8 104.244.42.8	13414 (TWITTER) (TWITTER)
19	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
27	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
4	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
6	142.250.186.65 142.250.186.65	15169 (GOOGLE) (GOOGLE)
1	23.23.104.191 23.23.104.191	14618 (AMAZON-AES) (AMAZON-AES)
35	142.250.186.33 142.250.186.33	15169 (GOOGLE) (GOOGLE)
5	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c07::9b	15169 (GOOGLE) (GOOGLE)
1 6	2a00:1450:400... 2a00:1450:4001:810::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:809::2006	15169 (GOOGLE) (GOOGLE)
6	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
2	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
3 4	216.58.212.162 216.58.212.162	15169 (GOOGLE) (GOOGLE)
2 4	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
2 3	37.252.172.38 37.252.172.38	29990 (ASN-APPNEX) (ASN-APPNEX)
220	42

52 3.210.172.4 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-210-172-4.compute-1.amazonaws.com

dur-duweb.newscyclecloud.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.93.201 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-93-201.fra50.r.cloudfront.net

jwpsrv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 93.184.221.133 (London, United Kingdom)

ASN15133 (EDGECAST, US)

static.castfire.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 92.123.224.73 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a92-123-224-73.deploy.static.akamaitechnologies.com

a.postrelease.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.229.221.28 (United States)

ASN15133 (EDGECAST, US)

redir.adap.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.206.9.165 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-206-9-165.compute-1.amazonaws.com

www.siteencore.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.39.6.197 (Durango, United States)

ASN21803 (CEDAR-NETWORKS, US)
PTR: 197-006-039-069.cedarnetworks.com

old.durangoherald.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.durangoherald.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:5514 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:50c0:8002::153 (United States)

ASN54113 (FASTLY, US)

kenwheeler.github.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a02:26f0:f7::5c7b:e031 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.225.138.77 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-225-138-77.compute-1.amazonaws.com

swscene.spingo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 46.105.202.39 (France)

ASN16276 (OVH, FR)

u.heatmap.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.214.172.53 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-214-172-53.compute-1.amazonaws.com

jadserve.postrelease.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.196.20.13 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-196-20-13.eu-central-1.compute.amazonaws.com

ads.adaptv.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.98.75 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-75.fra50.r.cloudfront.net

cloud.siteencore.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:216:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.98.63 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-63.fra50.r.cloudfront.net

d16twqtnxc0kgx.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.66.248.54 (United States)

ASN16509 (AMAZON-02, US)

calendarapi-cdn.spingo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:28d::19fd (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.8 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 142.250.185.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.186.65 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f1.1e100.net

4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.23.104.191 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-23-23-104-191.compute-1.amazonaws.com

loggingapi.spingo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

35 142.250.186.33 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f1.1e100.net

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c07::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:810::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.34 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 216.58.212.162 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2.18.234.21 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.252.172.38 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
68	googlesyndication.com pagead2.googlesyndication.com 4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com tpc.googlesyndication.com	772 KB
52	newscyclecloud.com dur-duweb.newscyclecloud.com	669 KB
28	doubleclick.net 3 redirects securepubads.g.doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net googleads4.g.doubleclick.net cm.g.doubleclick.net	206 KB
11	typekit.net use.typekit.net p.typekit.net	350 KB
10	google.com 1 redirects adservice.google.com www.google.com	4 KB
6	googletagservices.com www.googletagservices.com	209 KB
5	google.de adservice.google.de www.google.de	1 KB
4	casalemedia.com 2 redirects dsum-sec.casalemedia.com	4 KB
4	spingo.com swscene.spingo.com calendarapi-cdn.spingo.com loggingapi.spingo.com	4 KB
3	adnxs.com 2 redirects ib.adnxs.com	3 KB
3	twitter.com platform.twitter.com syndication.twitter.com	133 KB
3	google-analytics.com www.google-analytics.com	20 KB
2	2mdn.net s0.2mdn.net	71 KB
2	cloudfront.net d16twqtnxc0kgx.cloudfront.net	24 KB
2	facebook.net connect.facebook.net	85 KB
2	heatmap.it u.heatmap.it	12 KB
2	jsdelivr.net cdn.jsdelivr.net	10 KB
2	durangoherald.com old.durangoherald.com assets.durangoherald.com	40 KB
2	siteencore.com www.siteencore.com cloud.siteencore.com	110 KB
2	postrelease.com a.postrelease.com jadserve.postrelease.com	114 KB
2	castfire.com static.castfire.com
1	facebook.com www.facebook.com
1	advertising.com ads.adaptv.advertising.com	326 B
1	github.io kenwheeler.github.io	2 KB
1	googleapis.com ajax.googleapis.com	7 KB
1	adap.tv redir.adap.tv	32 KB
1	jwpsrv.com jwpsrv.com	41 KB
0	ballantinecms.com Failed ballantinecms.com Failed
0	cotrip.org Failed i.cotrip.org Failed
0	Failed function sub() { [native code] }. Failed
0	bdmedia.com Failed saxoconnect.bdmedia.com Failed
220	31

	Domain	Requested by
52	dur-duweb.newscyclecloud.com	dur-duweb.newscyclecloud.com
35	tpc.googlesyndication.com	4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com dur-duweb.newscyclecloud.com tpc.googlesyndication.com pagead2.googlesyndication.com
27	pagead2.googlesyndication.com	dur-duweb.newscyclecloud.com 4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com www.googletagservices.com www.google.com
15	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net dur-duweb.newscyclecloud.com 4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com
10	use.typekit.net	dur-duweb.newscyclecloud.com
6	googleads.g.doubleclick.net	4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com pagead2.googlesyndication.com
6	www.google.com	1 redirects dur-duweb.newscyclecloud.com 4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com tpc.googlesyndication.com
6	4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
6	www.googletagservices.com	dur-duweb.newscyclecloud.com 4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net
4	adservice.google.com	securepubads.g.doubleclick.net pagead2.googlesyndication.com
4	adservice.google.de	securepubads.g.doubleclick.net pagead2.googlesyndication.com
3	ib.adnxs.com	2 redirects googleads.g.doubleclick.net
3	www.google-analytics.com	dur-duweb.newscyclecloud.com www.google-analytics.com
2	googleads4.g.doubleclick.net	dur-duweb.newscyclecloud.com
2	s0.2mdn.net	tpc.googlesyndication.com dur-duweb.newscyclecloud.com
2	calendarapi-cdn.spingo.com	d16twqtnxc0kgx.cloudfront.net
2	platform.twitter.com	dur-duweb.newscyclecloud.com platform.twitter.com
2	d16twqtnxc0kgx.cloudfront.net	swscene.spingo.com dur-duweb.newscyclecloud.com
2	connect.facebook.net	dur-duweb.newscyclecloud.com connect.facebook.net
2	u.heatmap.it	dur-duweb.newscyclecloud.com u.heatmap.it
2	cdn.jsdelivr.net	dur-duweb.newscyclecloud.com
2	static.castfire.com	dur-duweb.newscyclecloud.com
1	www.google.de	dur-duweb.newscyclecloud.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	loggingapi.spingo.com	dur-duweb.newscyclecloud.com
1	syndication.twitter.com	platform.twitter.com
1	www.facebook.com	connect.facebook.net
1	p.typekit.net	dur-duweb.newscyclecloud.com
1	cloud.siteencore.com	dur-duweb.newscyclecloud.com
1	ads.adaptv.advertising.com	redir.adap.tv
1	jadserve.postrelease.com	a.postrelease.com
1	swscene.spingo.com	dur-duweb.newscyclecloud.com
1	assets.durangoherald.com	dur-duweb.newscyclecloud.com
1	kenwheeler.github.io	dur-duweb.newscyclecloud.com
1	old.durangoherald.com	dur-duweb.newscyclecloud.com
1	ajax.googleapis.com	dur-duweb.newscyclecloud.com
1	www.siteencore.com	dur-duweb.newscyclecloud.com
1	redir.adap.tv	dur-duweb.newscyclecloud.com
1	a.postrelease.com	dur-duweb.newscyclecloud.com
1	jwpsrv.com	dur-duweb.newscyclecloud.com
0	ballantinecms.com Failed	dur-duweb.newscyclecloud.com
0	i.cotrip.org Failed	dur-duweb.newscyclecloud.com
0	Failed	dur-duweb.newscyclecloud.com
0	saxoconnect.bdmedia.com Failed	dur-duweb.newscyclecloud.com
220	46

This site contains links to these domains. Also see Links.

Domain
e-herald.net
thecloudscout.com
obituaries.durangoherald.com
www.durangoherald.com
swscene.com
marketplace.durangoherald.com
shop.fourcornersmarketplace.com
secure.ballantinecommunications.net
facebook.com
durangoherald.secondstreetapp.com
www.durangocoupons.com
loggingapi.spingo.com
www.spingo.com
www.the-journal.com
www.pinerivertimes.com
www.4cornerstv.com
www.4flagtv.com
www.swscene.com
www.adventurepro.us
www.dgomag.com
www.thecloudscout.com
www.doradomagazine.com
fourcornersexpos.com
forms.bdmedia.com
issuu.com
splash.durangoherald.com
www.bcimedia.com
www.directoryplus.com
thedurangoheraldsmallpress.com
www.fourcornersschoolpubs.com
www.twitter.com
www.instagram.com
www.tellzea.com
ch.tbe.taleo.net

Subject Issuer	Validity	Valid
*.postrelease.com Amazon	`2021-01-28` - `2022-02-25`	a year	crt.sh
use.typekit.net DigiCert TLS RSA SHA256 2020 CA1	`2021-08-16` - `2022-08-16`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-08-22` - `2021-11-20`	3 months	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2021-10-20` - `2022-10-19`	a year	crt.sh
*.typekit.net DigiCert TLS RSA SHA256 2020 CA1	`2021-07-16` - `2022-07-21`	a year	crt.sh
syndication.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-10-18` - `2022-01-10`	3 months	crt.sh

This page contains 22 frames:

Primary Page: http://dur-duweb.newscyclecloud.com/
Frame ID: 674CB428419B6E5F05D033786CAF9546
Requests: 114 HTTP requests in this frame

Frame: http://cloud.siteencore.com/stcz4.zbma.20161107.v.147s5.79.2.34.zbma
Frame ID: B312CF02C9CEF20802D0599803724E9B
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.a53eecb4584348a2ad32ec2ae21f6eae.html?origin=http%3A%2F%2Fdur-duweb.newscyclecloud.com
Frame ID: 74CBB735E5B554C7FA5C409471C654A0
Requests: 2 HTTP requests in this frame

Frame: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 5A15FA3ADD303DAC3C8C24D72B9B3092
Requests: 1 HTTP requests in this frame

Frame: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: F44E264839D97FDD54BC98123990D9CE
Requests: 14 HTTP requests in this frame

Frame: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 045D7F9331CEC801C18055D9538E35DB
Requests: 13 HTTP requests in this frame

Frame: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 916794FEEBD1743415CC3BE5477BCB72
Requests: 14 HTTP requests in this frame

Frame: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: C010546B6E8078EA3163A2100826395A
Requests: 7 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4289431202364580801/index.html
Frame ID: 37477AEA455AE4F95A0ACF3551A81B98
Requests: 21 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 8EB1B1E4EB0B82FFBBF13A8389A0690E
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6055882063795349&output=html&h=90&slotname=BCI_DY&adk=1517024827&adf=816031633&pi=t.ma~as.BCI_DY&w=728&url=http%3A%2F%2Fdur-duweb.newscyclecloud.com%2F&ea=0&flash=0&wgl=1&dt=1636744809500&bpp=13&bdt=525&idt=126&shv=r20211109&mjsv=m202111080101&ptt=5&saldr=sa&correlator=6712519527488&frm=24&ife=3&pv=2&ga_vid=674232541.1636744810&ga_sid=1636744810&ga_hid=1584498997&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=1744970882&scr_x=-12245933&scr_y=-12245933&oid=2&pvsid=2840323797180521&pem=225&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=1.g9ng64d60m3y&fsb=1&dtd=138
Frame ID: 43F921414120B962A7BB73F15C5C7DC4
Requests: 1 HTTP requests in this frame

Frame: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 01946C9707D0CD38C19907E65007FA27
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6055882063795349&output=html&h=250&slotname=BCI_DY&adk=3886492872&adf=816031634&pi=t.ma~as.BCI_DY&w=300&url=http%3A%2F%2Fdur-duweb.newscyclecloud.com%2F&ea=0&flash=0&wgl=1&dt=1636744809541&bpp=8&bdt=560&idt=136&shv=r20211109&mjsv=m202111080101&ptt=5&saldr=sa&correlator=7598945570058&frm=24&ife=3&pv=2&ga_vid=500294176.1636744810&ga_sid=1636744810&ga_hid=204513253&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=989491807&scr_x=-12245933&scr_y=-12245933&oid=2&pvsid=1487082189739998&pem=225&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=1.4kbib3223d1o&fsb=1&dtd=142
Frame ID: 641F7DC65ADDB6EA9957CB94E1E09B4F
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6055882063795349&output=html&h=600&slotname=BCI_DY&adk=798550295&adf=816031635&pi=t.ma~as.BCI_DY&w=300&url=http%3A%2F%2Fdur-duweb.newscyclecloud.com%2F&ea=0&flash=0&wgl=1&dt=1636744809553&bpp=5&bdt=424&idt=136&shv=r20211109&mjsv=m202111080101&ptt=5&saldr=sa&correlator=6274439325480&frm=24&ife=3&pv=2&ga_vid=1256659371.1636744810&ga_sid=1636744810&ga_hid=752998240&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=600&ifk=989368503&scr_x=-12245933&scr_y=-12245933&eid=31062423%2C31063685%2C31063182&oid=2&pvsid=3368660646053794&pem=225&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=1.8pr004jfaqkh&fsb=1&dtd=140
Frame ID: 4334949DF03B4469625AC281AE0A57E1
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO-t7QIQhsvvAhj3g9W6ATAB&v=APEucNUlT1FjkTEgQDuuDPfY6tPoFnm33mDMCaqnbYsRnGmPLUU81hA1RqP2-0-CNedX8le0c7iQxTDAsz9EfM8jJeSoD2-axTW-6zOdUohvi-buTEV143AADRee5ji5ljYk3J2OUPYCnzmQxSnHFbrNeOclG6IiMtwIjeLyiwvJsHng8ayPfwY
Frame ID: 8C9F5B0D1FD45C16328C86E86F5EC99D
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 94D8709E64D7AFB343F62704547D0F10
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 2714EB5533A41DE8528EADB2512B1248
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 3A0B75B9FF643D8C299109977713E042
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 21FBFD786AF5010CB41DEDFAB41DD19E
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 3BFE2F79D61A0D72585EA481A5CCB899
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: 9492C299D0841771E6E8A828FA807883
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 0BF7FCB55C8AF64B468188E0051A3AF0
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

The Durango Herald | Durango's source for breaking news, weather, sports, local events and entertainment - frontpage

Page Statistics

220
Requests

59 %
HTTPS

34 %
IPv6

31
Domains

46
Subdomains

42
IPs

5
Countries

2915 kB
Transfer

6339 kB
Size

19
Cookies

41 Outgoing links

These are links going to different origins than the main page.

URL: http://e-herald.net/
Title: HERALD

Search URL Search Domain Scan URL

URL: http://thecloudscout.com/?referrer=durango-herald

Search URL Search Domain Scan URL

URL: http://obituaries.durangoherald.com/obituaries/durangoherald/
Title: Obituaries

Search URL Search Domain Scan URL

URL: http://www.durangoherald.com/section/newsstand
Title: Newsstand

Search URL Search Domain Scan URL

URL: http://swscene.com/
Title: Events

Search URL Search Domain Scan URL

URL: http://marketplace.durangoherald.com/searchresults.aspx?p=8727
Title: Classifieds

Search URL Search Domain Scan URL

URL: http://shop.fourcornersmarketplace.com/durango-co
Title: Marketplace

Search URL Search Domain Scan URL

URL: https://secure.ballantinecommunications.net/clickshare/authenticateUserSubscription.do?CSAuthReq=1&CSLoginOnly=true&CSTargetURL=http%253A%252F%252Fdur-duweb.newscyclecloud.com%252Fapps%252Fpbcs.dll%252Ffrontpage
Title: Log in

Search URL Search Domain Scan URL

URL: https://secure.ballantinecommunications.net/clickshare/subscriptionCenter.do?CSAuthReq=1&CSAccessKey=SpFTDhttp%253A%252F%252Fdur-duweb.newscyclecloud.com%252Fapps%252Fpbcs.dll%252Ffrontpage
Title: Sign up

Search URL Search Domain Scan URL

URL: http://facebook.com/thedurangoherald/
Title: Follow us on Facebook

Search URL Search Domain Scan URL

URL: http://durangoherald.secondstreetapp.com/l/2016-Best-Of-Durango-and-LaPlata-County

Search URL Search Domain Scan URL

URL: http://www.durangocoupons.com/

Search URL Search Domain Scan URL

URL: http://loggingapi.spingo.com/v1/link?url=http%3A%2F%2Fwww.spingo.com%2Fsubmit%3FAffiliateID%3D574&id=574&className=calendar&checkpoint=referred

Search URL Search Domain Scan URL

URL: http://www.spingo.com/submit?AffiliateID=574
Title: Add Events

Search URL Search Domain Scan URL

URL: http://www.durangoherald.com/
Title: Durango Herald

Search URL Search Domain Scan URL

URL: http://www.the-journal.com/
Title: The Journal

Search URL Search Domain Scan URL

URL: http://www.pinerivertimes.com/
Title: Pine River Times

Search URL Search Domain Scan URL

URL: http://www.4cornerstv.com/
Title: 4CornersTV

Search URL Search Domain Scan URL

URL: http://www.4flagtv.com/
Title: 4FlagTV

Search URL Search Domain Scan URL

URL: http://www.swscene.com/
Title: Southwest Scene!

Search URL Search Domain Scan URL

URL: http://www.adventurepro.us/
Title: Adventure Pro

Search URL Search Domain Scan URL

URL: http://www.dgomag.com/
Title: DGO

Search URL Search Domain Scan URL

URL: http://www.thecloudscout.com/
Title: Cloud Scout

Search URL Search Domain Scan URL

URL: http://www.doradomagazine.com/
Title: Dorado

Search URL Search Domain Scan URL

URL: http://fourcornersexpos.com/
Title: Four Corners Expos

Search URL Search Domain Scan URL

URL: http://forms.bdmedia.com/index.php?template=lettersToTheEditorDH&wrapper=html
Title: Write the Editor

Search URL Search Domain Scan URL

URL: https://issuu.com/durangoherald/docs/reg_pages_2016/1?e=1376808/39970966
Title: Real Estate Guide

Search URL Search Domain Scan URL

URL: http://issuu.com/durangoherald/docs/durango_living_holiday_2015/1?e=1376808/31733737
Title: Durango Living

Search URL Search Domain Scan URL

URL: http://issuu.com/durangoherald/docs/2015_sw_winter_guide/1?e=1376808/31728924
Title: Winter Guide

Search URL Search Domain Scan URL

URL: http://splash.durangoherald.com/flavor-of-durango/
Title: Flavor of Durango

Search URL Search Domain Scan URL

URL: http://www.bcimedia.com/
Title: BCI Media Services

Search URL Search Domain Scan URL

URL: http://www.directoryplus.com/
Title: Directory Plus

Search URL Search Domain Scan URL

URL: http://thedurangoheraldsmallpress.com/
Title: Small Press

Search URL Search Domain Scan URL

URL: http://shop.fourcornersmarketplace.com/durango-co/
Title: Print Ads

Search URL Search Domain Scan URL

URL: http://www.fourcornersschoolpubs.com/durango-high-school-papers/special-sections
Title: School Publications

Search URL Search Domain Scan URL

URL: http://www.twitter.com/durangoherald
Title: Follow us on Twitter

Search URL Search Domain Scan URL

URL: http://facebook.com/thedurangoherald
Title: Like us on Facebook

Search URL Search Domain Scan URL

URL: https://www.instagram.com/durango_herald
Title: Follow us on Instagram

Search URL Search Domain Scan URL

URL: http://www.tellzea.com/
Title: Tellzea

Search URL Search Domain Scan URL

URL: https://secure.ballantinecommunications.net/clickshare/subscriptionCenter.do?CSAuthReq=1
Title: Subscribe

Search URL Search Domain Scan URL

URL: http://ch.tbe.taleo.net/CH18/ats/careers/jobSearch.jsp?org=DURANGOHERALD&cws=1
Title: Careers @ Durango Herald

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 42

http://cdn.jsdelivr.net/jquery.slick/1.5.0/slick.min.js HTTP 307
https://cdn.jsdelivr.net/jquery.slick/1.5.0/slick.min.js

Request Chain 43

http://cdn.jsdelivr.net/jquery.slick/1.5.0/slick.css HTTP 307
https://cdn.jsdelivr.net/jquery.slick/1.5.0/slick.css

Request Chain 57

http://www.google-analytics.com/analytics.js HTTP 307
https://www.google-analytics.com/analytics.js

Request Chain 60

http://connect.facebook.net/en_US/all.js HTTP 307
https://connect.facebook.net/en_US/all.js

Request Chain 172

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 173

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJNOtECn8mtR3c-HjMQa6LQ&google_cver=1

Request Chain 174

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YY6.apoc4TO.69DfqLGPWgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJNOtECn8mtR3c-HjMQa6LQ&google_cver=1&google_hm=2

Request Chain 175

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEG_trDdjqlKpBYtk-Ho2QtU&google_cver=1

Request Chain 176

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTM4MjAzNzg4MjE2OTc1Mjk5NQ%3D%3D

220 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
dur-duweb.newscyclecloud.com/ 45 KB
17 KB 767ms
602ms Document
text/html 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: e7d56b41a49f683298db62f31029968db08d7365caf547a8b982849d6d848084

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Cache-Control: no-cache, no-store, max-age=0, must-revalidate, proxy-revalidate
Content-Encoding: gzip
Content-Type: text/html; charset=iso-8859-1
Date: Fri, 12 Nov 2021 19:19:56 GMT
Expires: Fri, 12 Nov 2021 19:19:57 GMT
Last-Modified: Fri, 12 Nov 2021 19:19:57 GMT
ServedBy: NC1-D-WEB-10.DIGUSVA1.LOC
Server: Microsoft-IIS/7.5
Vary: Accept-Encoding
X-Actual-URL: NC1-D-WEB-10, (/apps/pbcs.dll/frontpage)
X-FORWARDED-FOR: 185.213.155.164
X-Handled-By: NC1-D-WEB-10, Rewrite on site N/A
X-Original-Request: /
X-Passed-To: NC1-D-WEB-10, URL Rewrite on site N/A (2021-11-12 14:19:57:317)
X-Passed-To-BeforeDispatch: NC1-D-WEB-10, on site DU (2021-11-12 14:19:57:317)
X-Passed-To-DLL: NC1-D-WEB-10, (2021-11-12 14:19:57:317)
X-Passed-To-PostProcessResponse: NC1-D-WEB-10, on site DU (2021-11-12 14:19:57:817)
X-Powered-By: ASP.NET
X-Returned-From: NC1-D-WEB-10(2021-11-12 14:19:57:817)
X-Returned-From-BeforeDispatch: NC1-D-WEB-10, on site DU (2021-11-12 14:19:57:349)
X-Returned-From-DLL: NC1-D-WEB-10 (2021-11-12 14:19:57:817)
X-Returned-From-PostProcessResponse: NC1-D-WEB-10, on site DU (2021-11-12 14:19:57:817)
Content-Length: 16231
Connection: keep-alive

GET
H/1.1 200
OK jquery-1.7.2.min.js Show response
dur-duweb.newscyclecloud.com/js/ 93 KB
42 KB 245ms
244ms Script
application/x-javascript 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: http://dur-duweb.newscyclecloud.com/js/jquery-1.7.2.min.js
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 0fb170f24675c84f8228ad6b61d69bf6705030949cc2fec316b3a006eab282f8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:57 GMT
Content-Encoding: gzip
ETag: "0e92b6fa854cd1:0"
Last-Modified: Wed, 27 Jun 2012 21:04:26 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/x-javascript
ServedBy: NC1-D-WEB-07.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 42686

GET
H/1.1 200
OK cookiesearchparams.js Show response
dur-duweb.newscyclecloud.com/apps/ 4 KB
2 KB 340ms
131ms Script
application/x-javascript 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: http://dur-duweb.newscyclecloud.com/apps/cookiesearchparams.js
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: e3eec8eb27c5cb6a31c0dc36f8e4858510c26310da7f85df7384fa11cf88dfa8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:58 GMT
Content-Encoding: gzip
ETag: "0d7f55bc72ca1:0"
Last-Modified: Tue, 01 Dec 2009 19:27:34 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/x-javascript
ServedBy: NC1-D-WEB-08.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1600

GET
H/1.1 200
OK jquery.autofill.js Show response
dur-duweb.newscyclecloud.com/js/ 651 B
852 B 560ms
351ms Script
application/x-javascript 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: http://dur-duweb.newscyclecloud.com/js/jquery.autofill.js
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 1bde0f44ed637575df9465fc203acba04608a5204d0421e6df02089c0b9cb1a0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:57 GMT
Content-Encoding: gzip
ETag: "024e0cae5ceca1:0"
Last-Modified: Mon, 29 Mar 2010 02:16:08 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: X-Forwarded-URI,Accept-Encoding
Content-Type: application/x-javascript
ServedBy: NC1-D-WEB-09.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 467

GET
H/1.1 200
OK hoverIntent.js Show response
dur-duweb.newscyclecloud.com/js/ 3 KB
2 KB 318ms
107ms Script
application/x-javascript 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: http://dur-duweb.newscyclecloud.com/js/hoverIntent.js
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 719875309a034313c742edfa43b78177ba49971a941b961ca9dd360eab569c8e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:58 GMT
Content-Encoding: gzip
ETag: "0f7aec9e5ceca1:0"
Last-Modified: Mon, 29 Mar 2010 02:16:06 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/x-javascript
ServedBy: NC1-D-WEB-10.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1522

GET
H/1.1 200
OK superfish.js Show response
dur-duweb.newscyclecloud.com/js/ 4 KB
2 KB 425ms
106ms Script
application/x-javascript 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: http://dur-duweb.newscyclecloud.com/js/superfish.js
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 3e9fb74061133f9dc6c809fb777bdcdc8e02b6812ad5bf39aad5f6c69f1b96dd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:57 GMT
Content-Encoding: gzip
ETag: "024e0cae5ceca1:0"
Last-Modified: Mon, 29 Mar 2010 02:16:08 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/x-javascript
ServedBy: NC1-D-WEB-02.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1834

GET
H/1.1 200
OK jquery.popupWindow.js Show response
dur-duweb.newscyclecloud.com/js/ 3 KB
2 KB 428ms
109ms Script
application/x-javascript 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: http://dur-duweb.newscyclecloud.com/js/jquery.popupWindow.js
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: e317e34fba987390b66960f22fd11a37bdd5b43786c395d3acf13b88094c86e4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:57 GMT
Content-Encoding: gzip
ETag: "01dc6cf4b7cb1:0"
Last-Modified: Tue, 08 Jun 2010 20:47:30 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: X-Forwarded-URI,Accept-Encoding
Content-Type: application/x-javascript
ServedBy: NC1-D-WEB-03.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1193

GET
H/1.1 200
OK jquery.colorbox.js Show response
dur-duweb.newscyclecloud.com/js/ 25 KB
10 KB 434ms
104ms Script
application/x-javascript 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: http://dur-duweb.newscyclecloud.com/js/jquery.colorbox.js
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: ae9b8da4897b481925da3f3a6d48d1c049808c9f1e538ee8a19fd9ac46d7a932

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:57 GMT
Content-Encoding: gzip
ETag: "08c287ae310cc1:0"
Last-Modified: Thu, 12 May 2011 20:30:48 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/x-javascript
ServedBy: NC1-D-WEB-07.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 9615

GET
H/1.1 200
OK ukeeRPMVEeOVXSIACyaB8g.js Show response
jwpsrv.com/library/ 126 KB
41 KB 241ms
224ms Script
text/javascript 143.204.93.201
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://jwpsrv.com/library/ukeeRPMVEeOVXSIACyaB8g.js
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 143.204.93.201 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-93-201.fra50.r.cloudfront.net
Software: openresty /
Resource Hash: 168a0c314db489cc1f15b8ca73275650e5e27cf2c8c511aefa7868b4e4099f93

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:20:05 GMT
Content-Encoding: gzip
Server: openresty
X-Amz-Cf-Pop: FRA50-C1
X-Cache: Miss from cloudfront
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=150, max-stale=180
Connection: keep-alive
Content-Length: 41130
Via: 1.1 32e4d419823b7f8df8417a8b18c9602d.cloudfront.net (CloudFront)
X-Amz-Cf-Id: Hnypel4xs4MOYctXTEhbhpfAtxBGFWiGoFGCr6Phl6mX6K3sMC1m2Q==
Expires: Fri, 12 Nov 2021 19:22:35 GMT

GET
H/1.1 404
Not Found html5ify.min.js
static.castfire.com/media/js/ 0
0 51ms
7ms Script
text/html 93.184.221.133
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: http://static.castfire.com/media/js/html5ify.min.js
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 93.184.221.133 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/8F6A) /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:20:05 GMT
Server: ECAcc (frc/8F6A)
Content-Length: 345
Content-Type: text/html

GET
H/1.1 200
OK jquery-ui-1.8.4.min.js Show response
dur-duweb.newscyclecloud.com/js/ 190 KB
66 KB 531ms
193ms Script
application/x-javascript 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: http://dur-duweb.newscyclecloud.com/js/jquery-ui-1.8.4.min.js
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 6f314cddfb613bf4c4b72860f7a4b7b0af921d932a8756b0d47d0ec74fbf158f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:58 GMT
Content-Encoding: gzip
ETag: "5c458af6a7bd01:0"
Last-Modified: Mon, 20 Apr 2015 13:05:32 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/x-javascript
transfer-encoding: chunked
ServedBy: NC1-D-WEB-10.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes

GET
H/1.1 200
OK jquery-ui-1.8.4.css
dur-duweb.newscyclecloud.com/css/ 33 KB
8 KB 205ms
114ms Stylesheet
text/css 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: http://dur-duweb.newscyclecloud.com/css/jquery-ui-1.8.4.css
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 645ac128d6bcc94646670dba3b76a1a8cb57b19dafd8c87db007fd35cfdfde88

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:57 GMT
Content-Encoding: gzip
ETag: "c56e3f23455d01:0"
Last-Modified: Mon, 02 Mar 2015 22:05:08 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: X-Forwarded-URI,Accept-Encoding
Content-Type: text/css
ServedBy: NC1-D-WEB-03.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7959

GET
H/1.1 200
OK jquery.dataTables.min.js Show response
dur-duweb.newscyclecloud.com/js/ 80 KB
35 KB 488ms
146ms Script
application/x-javascript 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: http://dur-duweb.newscyclecloud.com/js/jquery.dataTables.min.js
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 91623c35ac63b14976f5a713ab3c5037e6efccc5c0a0a36f545feeae26f4daa9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:57 GMT
Content-Encoding: gzip
ETag: "6d219b5c52bd11:0"
Last-Modified: Mon, 30 Nov 2015 23:20:31 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/x-javascript
ServedBy: NC1-D-WEB-05.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 35616

GET
H/1.1 200
OK jquery.dataTables.min.css
dur-duweb.newscyclecloud.com/css/ 13 KB
3 KB 208ms
111ms Stylesheet
text/css 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: http://dur-duweb.newscyclecloud.com/css/jquery.dataTables.min.css
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 36216a0843be5d085fbf0124ed93e264541b2fcb07ac84f7213e60ec771009a3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:57 GMT
Content-Encoding: gzip
ETag: "ae8b22b5c52bd11:0"
Last-Modified: Mon, 30 Nov 2015 23:20:31 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: text/css
ServedBy: NC1-D-WEB-02.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2659

GET
H/1.1 200
OK pollMiniAjax.js Show response
dur-duweb.newscyclecloud.com/js/ 4 KB
2 KB 532ms
108ms Script
application/x-javascript 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: http://dur-duweb.newscyclecloud.com/js/pollMiniAjax.js
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 58293773b2f2e825420428c333c0c01549db844be011979206c9537cbcf572c7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:57 GMT
Content-Encoding: gzip
ETag: "804a7fff26ecb1:0"
Last-Modified: Mon, 18 Oct 2010 18:33:45 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/x-javascript
ServedBy: NC1-D-WEB-04.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1591

GET
H/1.1 200
OK load.js Show response
a.postrelease.com/serve/ 387 KB
113 KB 159ms
26ms Script
application/x-javascript 92.123.224.73
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: http://a.postrelease.com/serve/load.js?async=true
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 92.123.224.73 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a92-123-224-73.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 52033a45d4b0d8b944c2359a9371d1793a42c0fde1c93010621a91ec5b4091f8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
Date: Fri, 12 Nov 2021 19:20:05 GMT
Content-Encoding: gzip
Last-Modified: Wed, 10 Nov 2021 22:16:08 GMT
Server: AmazonS3
x-amz-request-id: DZ0PGJGA5RBNZ1M8
ETag: "8ee26b08433f01c219bc35b48c582345"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: public, max-age=3600
Transfer-Encoding: chunked
Connection: keep-alive, Transfer-Encoding
Accept-Ranges: bytes
x-amz-id-2: gT6IIQmuQWeEx0Wg1kWpjf3PFSTqCCvVNX2eWth+J0MIrak3waxbsQIIWvX+VJOuvQ+eKyXLXpw=

GET
H/1.1 200
OK bdm.js Show response
dur-duweb.newscyclecloud.com/js/ 13 KB
5 KB 537ms
111ms Script
application/x-javascript 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: http://dur-duweb.newscyclecloud.com/js/bdm.js?rnd=441
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 0a059015d0940a9582b7c0c4f0324f18572ba1ebd51751b67499de3f3e0db69d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:58 GMT
Content-Encoding: gzip
ETag: "1872297e1f3ad21:0"
Last-Modified: Wed, 09 Nov 2016 00:23:28 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/x-javascript
ServedBy: NC1-D-WEB-08.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4981

GET
H/1.1 200
OK bdm-forms.js Show response
dur-duweb.newscyclecloud.com/js/ 3 KB
2 KB 529ms
96ms Script
application/x-javascript 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: http://dur-duweb.newscyclecloud.com/js/bdm-forms.js?rnd=441
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 4a83d5ed833020af93cbe1f4240760fede4221f7764eb8f74c9aa06022f08753

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:57 GMT
Content-Encoding: gzip
ETag: "05c950391fcd1:0"
Last-Modified: Fri, 20 Apr 2012 21:05:28 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/x-javascript
ServedBy: NC1-D-WEB-02.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1349

GET
H/1.1 200
OK bdm-user-forms.js Show response
dur-duweb.newscyclecloud.com/js/ 4 KB
2 KB 594ms
106ms Script
application/x-javascript 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: http://dur-duweb.newscyclecloud.com/js/bdm-user-forms.js?rnd=441
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 0225d5158fcc6d376b5a08195c75510f5a16afb0df5e5c61f6c204b0ff47bcaa

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:57 GMT
Content-Encoding: gzip
ETag: "fb67ed46461ce1:0"
Last-Modified: Tue, 04 Jun 2013 20:48:13 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/x-javascript
ServedBy: NC1-D-WEB-07.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1711

GET
H/1.1 200
OK bdm-events.js Show response
dur-duweb.newscyclecloud.com/js/ 1 KB
1 KB 633ms
103ms Script
application/x-javascript 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: http://dur-duweb.newscyclecloud.com/js/bdm-events.js?rnd=441
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 91ad6b22ff92b513ea8333ea2d1e9a29aa3fc64e88e52dd4f8b471f55f87d19d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:57 GMT
Content-Encoding: gzip
ETag: "029cc2d2340cd1:0"
Last-Modified: Fri, 01 Jun 2012 18:20:10 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/x-javascript
ServedBy: NC1-D-WEB-05.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 898

GET
H/1.1 200
OK jquery.galleria.js Show response
dur-duweb.newscyclecloud.com/js/ 16 KB
7 KB 646ms
115ms Script
application/x-javascript 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: http://dur-duweb.newscyclecloud.com/js/jquery.galleria.js
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 0c092881e4740726752c8d8e8beb471bac8ca0646232f50ab0ae21aa61d2dee3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:58 GMT
Content-Encoding: gzip
ETag: "0a088618b5ecb1:0"
Last-Modified: Mon, 27 Sep 2010 21:31:44 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/x-javascript
ServedBy: NC1-D-WEB-10.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6372

GET
H/1.1 200
OK jquery.flow.1.2.auto.js Show response
dur-duweb.newscyclecloud.com/js/ 7 KB
3 KB 646ms
109ms Script
application/x-javascript 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: http://dur-duweb.newscyclecloud.com/js/jquery.flow.1.2.auto.js
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: f0dd8a440c24e342920754366f258882783995002e5f18c9261beb78c6f07ffd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:57 GMT
Content-Encoding: gzip
ETag: "e0bf012924bd01:0"
Last-Modified: Wed, 18 Feb 2015 15:46:33 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/x-javascript
ServedBy: NC1-D-WEB-04.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2972

GET
H/1.1 200
OK bdm-gallery.js Show response
dur-duweb.newscyclecloud.com/js/ 4 KB
2 KB 663ms
107ms Script
application/x-javascript 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: http://dur-duweb.newscyclecloud.com/js/bdm-gallery.js?rnd=441
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: a3216f047121dd33608dc14de911e84d83a8309b66e2503264cef32ad182ea24

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:58 GMT
Content-Encoding: gzip
ETag: "0c8bbc8ed32cd1:0"
Last-Modified: Tue, 15 May 2012 22:55:12 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/x-javascript
ServedBy: NC1-D-WEB-08.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2075

GET
H/1.1 200
OK login.js Show response
dur-duweb.newscyclecloud.com/js/ 783 B
926 B 707ms
114ms Script
application/x-javascript 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: http://dur-duweb.newscyclecloud.com/js/login.js
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: fbad2fd92268af35297687b381f10958becbd8873280c1795ba45883ea0b8730

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:57 GMT
Content-Encoding: gzip
ETag: "80fb2a94da11cd1:0"
Last-Modified: Tue, 03 Apr 2012 20:44:35 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: X-Forwarded-URI,Accept-Encoding
Content-Type: application/x-javascript
ServedBy: NC1-D-WEB-09.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 540

GET 85a7234f100eadc65fe45bbb81414d35.js
saxoconnect.bdmedia.com/scripts/library/ 0
0

GET
H/1.1 200
OK lightintegration.js Show response
redir.adap.tv/redir/javascript/ 31 KB
32 KB 48ms
10ms Script
text/plain 192.229.221.28
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: http://redir.adap.tv/redir/javascript/lightintegration.js
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 192.229.221.28 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/8E95) /
Resource Hash: 1e15f65bcef05f2ea9f54e051da9bf7e6fc9eb00a669905c9ed33f4fd7ba26f7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:20:05 GMT
NEL: {"report_to": "default", "max_age": 604800, "include_subdomains": true, "failure_fraction": 1.0, "success_fraction": 0.01}
Age: 114134
X-Cache: HIT
x-amz-replication-status: COMPLETED
Content-Length: 31633
x-amz-id-2: NO9BWgDkSkfju0LUULZawKQt7SGFtRVOrjNdY8ttuCtpT06T3kbwwkvvuK3rT+v0DP0h9xoNmZw=
Last-Modified: Wed, 13 Sep 2017 23:08:44 GMT
Server: ECAcc (frc/8E95)
x-amz-meta-s3cmd-attrs: uid:1000/gname:adaptv/uname:adaptv/gid:1000/mode:33188/mtime:1505344053/atime:1505344249/md5:1de3d0b5f3cbe8b1e87e274f129ac0e7/ctime:1505344249
Etag: "1de3d0b5f3cbe8b1e87e274f129ac0e7"
Report-To: {"group": "default", "max_age":604800, "endpoints":[{"url":"https://report.vdms.com/","priority":1 }, {"url":"https://nelcollector.sre.ecsvc.net/report","priority":2 }]}
Content-Type: text/plain
x-amz-version-id: XGOCJEPvmrIOhn2ZV_.qAlIiRmN7Rqa0
Accept-Ranges: bytes
x-amz-request-id: KKV9ZCPJM24FNY5S

GET
H/1.1 200
OK stcz4.zbma Show response
www.siteencore.com/tf/DurangoHerald/ 4 KB
4 KB 243ms
102ms Script
application/x-javascript 34.206.9.165
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: http://www.siteencore.com/tf/DurangoHerald/stcz4.zbma
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 34.206.9.165 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-206-9-165.compute-1.amazonaws.com
Software: nginx/1.4.6 (Ubuntu) /
Resource Hash: f8d80773e26f7e338418619527449819466c6a518e61214e6bc96d77454cf6fd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:22:51 GMT
Last-Modified: Thu, 07 Dec 2017 22:33:34 GMT
Server: nginx/1.4.6 (Ubuntu)
ETag: "5a29c1be-e19"
Content-Type: application/x-javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3609

GET
H/1.1 200
OK ads.js Show response
dur-duweb.newscyclecloud.com/js/ 24 B
509 B 731ms
99ms Script
application/x-javascript 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: http://dur-duweb.newscyclecloud.com/js/ads.js
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 150d187c489a5d66d4fd7f5f26a9d2ba5ecbf219a69b7ccc20a09c833759d99b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:57 GMT
Content-Encoding: gzip
ETag: "cc881d49e8bd11:0"
Last-Modified: Thu, 31 Mar 2016 22:38:16 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/x-javascript
ServedBy: NC1-D-WEB-07.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 140

GET
H/1.1 200
OK colorbox.css
dur-duweb.newscyclecloud.com/css/ 3 KB
1 KB 202ms
108ms Stylesheet
text/css 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: http://dur-duweb.newscyclecloud.com/css/colorbox.css?rnd=441
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: af420049ff613c31f6ac344f88e45145461e0f9c2499f0db6991885b77e4a70f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:58 GMT
Content-Encoding: gzip
ETag: "80688eefb06cc1:0"
Last-Modified: Fri, 29 Apr 2011 21:03:49 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: text/css
ServedBy: NC1-D-WEB-08.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1157

GET
H/1.1 200
OK reset.css
dur-duweb.newscyclecloud.com/css/ 1 KB
1 KB 199ms
105ms Stylesheet
text/css 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: http://dur-duweb.newscyclecloud.com/css/reset.css?rnd=441
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 368318833e84364ebd710d4eb0313149b90e181626df1928dd8182aab20641f3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:57 GMT
Content-Encoding: gzip
ETag: "03b42a7a171cb1:0"
Last-Modified: Fri, 22 Oct 2010 04:29:02 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: X-Forwarded-URI,Accept-Encoding
Content-Type: text/css
ServedBy: NC1-D-WEB-09.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 876

GET
H/1.1 200
OK text.css
dur-duweb.newscyclecloud.com/css/ 4 KB
2 KB 202ms
108ms Stylesheet
text/css 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: http://dur-duweb.newscyclecloud.com/css/text.css?rnd=441
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: b0d5fe922eb2472fb8c35d3c25a881830750aa1e4d1f334f2117b477e0695754

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:58 GMT
Content-Encoding: gzip
ETag: "80742b84a23ccb1:0"
Last-Modified: Sun, 15 Aug 2010 17:51:41 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: text/css
ServedBy: NC1-D-WEB-10.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1746

GET
H/1.1 200
OK 960.css
dur-duweb.newscyclecloud.com/css/ 10 KB
2 KB 313ms
113ms Stylesheet
text/css 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: http://dur-duweb.newscyclecloud.com/css/960.css?rnd=441
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: f1e54c56783174762eeed203776eec37dd3a8152821a39fc0e633e44d4abfe9a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:57 GMT
Content-Encoding: gzip
ETag: "0a0de09bd0cc1:0"
Last-Modified: Wed, 11 Jan 2012 19:55:44 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: text/css
ServedBy: NC1-D-WEB-05.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1887

GET
H/1.1 200
OK main.css
dur-duweb.newscyclecloud.com/css/ 53 KB
16 KB 324ms
123ms Stylesheet
text/css 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: http://dur-duweb.newscyclecloud.com/css/main.css?rnd=441
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 5f1df4bdbc5f5e3a6147cf12543a44499ed93907225f4772bfc449ca8e835021

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:57 GMT
Content-Encoding: gzip
ETag: "627efea728bd11:0"
Last-Modified: Thu, 31 Mar 2016 17:29:45 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: text/css
ServedBy: NC1-D-WEB-04.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 15739

GET
H/1.1 200
OK jquery-ui.css
ajax.googleapis.com/ajax/libs/jqueryui/1.8.23/themes/blitzer/ 32 KB
7 KB 409ms
370ms Stylesheet
text/css 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.23/themes/blitzer/jquery-ui.css

Requested by

Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/

Protocol

HTTP/1.1

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

27396778425406184b9c4e2886f41d80222612aae5aee50598911e2d629cf664

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:20:05 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 5979
X-XSS-Protection: 0
Last-Modified: Tue, 03 Mar 2020 19:15:00 GMT
Server: sffe
Vary: Accept-Encoding
Report-To: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
Content-Type: text/css; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="hosted-libraries-pushers"
Expires: Sat, 12 Nov 2022 19:20:05 GMT

GET
H/1.1 200
OK go-grey.png
dur-duweb.newscyclecloud.com/images/ 681 B
1011 B 115ms
113ms Image
image/png 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://dur-duweb.newscyclecloud.com/images/go-grey.png
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 83b0b1e5f4a5f1892a170e90b8ef7d16a154ab192735e813f92a30f553315a06

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:58 GMT
ETag: "0abf9634335cd1:0"
Last-Modified: Fri, 18 May 2012 22:13:02 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: X-Forwarded-URI
Content-Type: image/png
ServedBy: NC1-D-WEB-08.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 681

GET getWeatherIcon failed executing with the following error:Error on line 16 position 1: An error occurred in the secure channel support
/ 0
0

GET
H/1.1 200
OK iron-horse-background.jpg
dur-duweb.newscyclecloud.com/images/ 89 KB
89 KB 144ms
143ms Image
image/jpeg 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://dur-duweb.newscyclecloud.com/images/iron-horse-background.jpg
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: d6bd50d06f0830b028a87fe509bfb8f5fea134a397b8108c3937639cba19bf58

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:58 GMT
ETag: "9ed9d0bcfb7d11:0"
Last-Modified: Thu, 26 May 2016 05:30:39 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: X-Forwarded-URI
Content-Type: image/jpeg
ServedBy: NC1-D-WEB-10.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 90939

GET
H/1.1 200
OK beforeafter.jpg
dur-duweb.newscyclecloud.com/assets/before_after/AnimasRiverMineWaste/ 270 KB
270 KB 216ms
216ms Image
image/jpeg 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://dur-duweb.newscyclecloud.com/assets/before_after/AnimasRiverMineWaste/beforeafter.jpg
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: e7992c970220941e0494d9a80abfe73f017b6fc051f79a1c677950ce49741a48

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:57 GMT
ETag: "1d203630115ed11:0"
Last-Modified: Tue, 02 Feb 2016 23:26:48 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: X-Forwarded-URI
Content-Type: image/jpeg
ServedBy: NC1-D-WEB-09.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 276021

GET
H/1.1 200
OK DHcam1.jpg
old.durangoherald.com/shared-miscellaneous/webcams/DHcams/ 32 KB
32 KB 348ms
179ms Image
image/jpeg 69.39.6.197
CEDAR-NETWORKS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://old.durangoherald.com/shared-miscellaneous/webcams/DHcams/DHcam1.jpg
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 69.39.6.197 Durango, United States, ASN21803 (CEDAR-NETWORKS, US),
Reverse DNS: 197-006-039-069.cedarnetworks.com
Software: Microsoft-IIS/6.0 / ASP.NET
Resource Hash: e6e9974a2598d003b6a3249c78c9b8a1b7185004d57081ac46d0fa35191e8140

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:20:30 GMT
Last-Modified: Mon, 20 Feb 2017 18:39:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
ETag: "caf49b3a88bd21:695c"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 32650

GET camera
i.cotrip.org/dimages/ws/ 0
0

GET
H/1.1 200
OK foundation-icons.css
dur-duweb.newscyclecloud.com/css/ 19 KB
5 KB 109ms
109ms Stylesheet
text/css 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: http://dur-duweb.newscyclecloud.com/css/foundation-icons.css
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: c640e6e1c7c8d0c4ec4f5b3fd68739bc7907e41463a7b7c480b0c9945713f4f7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:57 GMT
Content-Encoding: gzip
ETag: "5942e0144eb0d01:0"
Last-Modified: Fri, 26 Jun 2015 20:24:19 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: text/css
ServedBy: NC1-D-WEB-05.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4831

GET
H2

200

slick.min.js Show response
cdn.jsdelivr.net/jquery.slick/1.5.0/
Redirect Chain

http://cdn.jsdelivr.net/jquery.slick/1.5.0/slick.min.js
https://cdn.jsdelivr.net/jquery.slick/1.5.0/slick.min.js

36 KB
10 KB

39ms
21ms

Script
application/javascript

2606:4700::6810:5514
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/jquery.slick/1.5.0/slick.min.js

Requested by

Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/

Protocol

Server

2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f295ebe06fc74dd639fc1d926abdea188a4c960b17266e73da205d034ac37f0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 19:20:06 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1549986
x-cache: HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-served-by: cache-fra19123-FRA
timing-allow-origin: *
server: cloudflare
etag: W/"8f1d-IT+QFeYwKrSVBRlke6pKSL0BtcQ"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 6ad21da17cfa701c-FRA

Redirect headers

Location: https://cdn.jsdelivr.net/jquery.slick/1.5.0/slick.min.js
Non-Authoritative-Reason: HSTS

GET
H2

200

slick.css
cdn.jsdelivr.net/jquery.slick/1.5.0/
Redirect Chain

http://cdn.jsdelivr.net/jquery.slick/1.5.0/slick.css
https://cdn.jsdelivr.net/jquery.slick/1.5.0/slick.css

2 KB
649 B

40ms
21ms

Stylesheet
text/css

2606:4700::6810:5514
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/jquery.slick/1.5.0/slick.css

Requested by

Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/

Protocol

Server

2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f173fbde897c4b5e403c91d99bfc6d671efea799450ca3b11c0d1bcce2ddfc1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 19:20:06 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1439170
x-cache: HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-served-by: cache-fra19157-FRA
timing-allow-origin: *
server: cloudflare
etag: W/"6b6-brkb+yUj1kJ370u2mrU3uhS+CFQ"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 6ad21da17cff701c-FRA

Redirect headers

Location: https://cdn.jsdelivr.net/jquery.slick/1.5.0/slick.css
Non-Authoritative-Reason: HSTS

GET
H/1.1 200
OK slick-theme.css
kenwheeler.github.io/slick/slick/ 3 KB
2 KB 21ms
6ms Stylesheet
text/css 2606:50c0:8002::153
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: http://kenwheeler.github.io/slick/slick/slick-theme.css
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 2606:50c0:8002::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: GitHub.com /
Resource Hash: 7adaf08052c6a6a0f8a0d0055b4f191fd07389fe41c972b69573472b2ecb406a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

X-Fastly-Request-ID: 083de88a8f780cb500d755fd60ac0d4dead7ce8e
Date: Fri, 12 Nov 2021 19:20:06 GMT
Content-Encoding: gzip
Age: 429
X-Cache: HIT
Connection: keep-alive
Content-Length: 882
X-Served-By: cache-hhn4044-HHN
Access-Control-Allow-Origin: *
Last-Modified: Mon, 02 Jul 2018 12:58:42 GMT
Server: GitHub.com
X-GitHub-Request-Id: 8102:C11D:597744:5C58EE:618E606A
X-Timer: S1636744807.580228,VS0,VE1
ETag: W/"5b3a2182-c49"
Vary: Accept-Encoding
Content-Type: text/css; charset=utf-8
Via: 1.1 varnish
expires: Fri, 12 Nov 2021 12:45:40 GMT
Cache-Control: max-age=600
permissions-policy: interest-cohort=()
Accept-Ranges: bytes
x-origin-cache: HIT
x-proxy-cache: HIT
X-Cache-Hits: 1

GET
H/1.1 200
OK iqi1swr.js Show response
use.typekit.net/ 19 KB
7 KB 254ms
224ms Script
text/javascript 2a02:26f0:f7::5c7b:e031
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

http://use.typekit.net/iqi1swr.js

Requested by

Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/

Protocol

HTTP/1.1

Server

2a02:26f0:f7::5c7b:e031 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

nginx /

Resource Hash

120ad65e31c55027b6eaf370fbd1c98bb20ca17ce227864063035a69d57bc51b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains;
Content-Encoding: gzip
Server: nginx
Date: Fri, 12 Nov 2021 19:20:06 GMT
Vary: Accept-Encoding
Content-Type: text/javascript;charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=600, stale-while-revalidate=604800
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 6980

GET
H/1.1 200
OK 4ctv_widget.css
dur-duweb.newscyclecloud.com/css/ 4 KB
2 KB 212ms
209ms Stylesheet
text/css 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: http://dur-duweb.newscyclecloud.com/css/4ctv_widget.css
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: ae97400f85b27259d17854cdb9960f8ae2b28e4c33fc88d09e0faa2e03bf511c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:58 GMT
Content-Encoding: gzip
ETag: "38c225e448b4d01:0"
Last-Modified: Wed, 01 Jul 2015 21:57:15 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: text/css
ServedBy: NC1-D-WEB-04.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1566

GET
H/1.1 200
OK 4CTV-inner-logo.png
dur-duweb.newscyclecloud.com/images/ 18 KB
18 KB 107ms
106ms Image
image/png 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://dur-duweb.newscyclecloud.com/images/4CTV-inner-logo.png
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 72945af625c6f8b1b0b839a0ff5fdc4da7173df87fcbcb53057723ee5e002db2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:58 GMT
ETag: "ce80afb64eb0d01:0"
Last-Modified: Fri, 26 Jun 2015 20:28:51 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: X-Forwarded-URI
Content-Type: image/png
ServedBy: NC1-D-WEB-02.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 17929

GET
H/1.1 200
OK facebook-icon14px.png
dur-duweb.newscyclecloud.com/img/ 522 B
853 B 110ms
109ms Image
image/png 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://dur-duweb.newscyclecloud.com/img/facebook-icon14px.png
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 1330e3149726142cdf7cb1df2ea22987da67b3bc4de49aa709f03c31612efcda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:59 GMT
ETag: "801167d59195cc1:0"
Last-Modified: Fri, 28 Oct 2011 16:51:27 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: X-Forwarded-URI
Content-Type: image/png
ServedBy: NC1-D-WEB-10.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 522

GET
H/1.1 200
OK best-of-pencil-banner-Durango.png
dur-duweb.newscyclecloud.com/images/ 4 KB
4 KB 112ms
112ms Image
image/png 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://dur-duweb.newscyclecloud.com/images/best-of-pencil-banner-Durango.png
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: cd519d1666c451d960684af1de16ec035252cce88ebbf58a186bd5059f6e3d99

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:58 GMT
ETag: "2e5665dda6f7d01:0"
Last-Modified: Fri, 25 Sep 2015 15:28:44 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: X-Forwarded-URI
Content-Type: image/png
ServedBy: NC1-D-WEB-04.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4169

GET
H/1.1 200
OK durango-coupons-rightrail.jpg
assets.durangoherald.com/images/ 7 KB
7 KB 325ms
164ms Image
image/jpeg 69.39.6.197
CEDAR-NETWORKS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://assets.durangoherald.com/images/durango-coupons-rightrail.jpg
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 69.39.6.197 Durango, United States, ASN21803 (CEDAR-NETWORKS, US),
Reverse DNS: 197-006-039-069.cedarnetworks.com
Software: Microsoft-IIS/6.0 / ASP.NET
Resource Hash: b6e54c70c9d47551a433f3971313bc3b39fae8cd557435243a809089131f8076

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:20:30 GMT
Last-Modified: Mon, 11 Apr 2016 15:57:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
ETag: "348974e9a94d11:695c"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 7369

GET
H/1.1 200
OK list-widget.js Show response
swscene.spingo.com/ 1 KB
2 KB 233ms
114ms Script
application/javascript 54.225.138.77
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: http://swscene.spingo.com/list-widget.js
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 54.225.138.77 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-225-138-77.compute-1.amazonaws.com
Software: nginx/1.2.9 /
Resource Hash: 584a48422f231d9f054a6bac282e662060475e940eedbceec149ab970666b938

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:20:06 GMT
Last-Modified: Tue, 01 Dec 2020 08:26:29 GMT
Server: nginx/1.2.9
x-amz-request-id: 79502Z1G2B3G7E1D
ETag: "04c5774fee9474c89b79e88f8bb5c6fe"
Content-Type: application/javascript; charset=UTF-8
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1516
x-amz-id-2: GD/XJCvVFQXGnErtmFY1SJMdJWos9AQx4vZBz/tvBo5FXAEdkDcQZ7S+iLUXBcWJb4YmbFqY2VM=

GET
H/1.1 200
OK footer-logo.png
dur-duweb.newscyclecloud.com/images/ 5 KB
5 KB 98ms
98ms Image
image/png 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://dur-duweb.newscyclecloud.com/images/footer-logo.png
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: ff2e4ebe015aaf4a72708a0d63d03230951e87e7566d01b4b98df4ecbdf979b8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:58 GMT
ETag: "07ec8624335cd1:0"
Last-Modified: Fri, 18 May 2012 22:13:00 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: X-Forwarded-URI
Content-Type: image/png
ServedBy: NC1-D-WEB-07.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5030

GET
H/1.1 404
Not Found html5ify.min.js
static.castfire.com/media/js/ 0
0 7ms
7ms Script
text/html 93.184.221.133
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: http://static.castfire.com/media/js/html5ify.min.js
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 93.184.221.133 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (frc/8F6A) /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:20:06 GMT
Server: ECAcc (frc/8F6A)
Content-Length: 345
Content-Type: text/html

GET
H/1.1 200
OK log.js Show response
u.heatmap.it/ 27 KB
11 KB 56ms
9ms Script
application/x-javascript 46.105.202.39
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://u.heatmap.it/log.js
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 46.105.202.39 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: /
Resource Hash: 79c79d9039382cd34e2e9aa463f85c160d3890c688941fc6837cc2cf81919643

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Wed, 10 Nov 2021 01:10:15 GMT
content-encoding: gzip
x-cacheable: Matched cache
x-iplb-instance: 42308
x-cdn-pop: sbg
content-length: 10998
x-request-id: 992084519
last-modified: Mon, 22 Jun 2020 07:05:45 GMT
x-iplb-request-id: B9D59BA4:E40E_2E69CA27:0050_618EBE66_5D68A:2C58
etag: "5ef05849-6b2c"
vary: Accept-Encoding
content-type: application/x-javascript; charset=UTF-8
cache-control: max-age=3600
x-cdn-pop-ip: 137.74.120.0/27
accept-ranges: bytes
expires: Wed, 10 Nov 2021 02:10:18 GMT

GET
H2 200 t Show response
jadserve.postrelease.com/ 115 B
538 B 305ms
99ms Script
text/javascript 18.214.172.53
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://jadserve.postrelease.com/t?ntv_url=http%3A%2F%2Fdur-duweb.newscyclecloud.com%2F&ntv_mvi
Requested by: Host: a.postrelease.com
URL: http://a.postrelease.com/serve/load.js?async=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.214.172.53 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-214-172-53.compute-1.amazonaws.com
Software: nginx/1.12.1 /
Resource Hash: 3055597f43adef2648996efac659bd63f616b0d1937f6e774ae3ac8fe35fb195

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Nov 2021 19:20:06 GMT
content-encoding: gzip
server: nginx/1.12.1
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type: text/javascript;charset=UTF-8
content-length: 122
expires: Mon, 1 Jan 1990 12:00:00 GMT

GET
H/1.1 200
OK gpt.js Show response
www.googletagservices.com/tag/js/ 78 KB
27 KB 460ms
171ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/

Protocol

HTTP/1.1

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

751dd87c9271b92c100ad8b5f5b0b26063b083e0382a5c1331aa20e8f1d2aac0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:20:07 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: sffe
ETag: "1042 / 77 of 1000 / last-modified: 1636718758"
Vary: Accept-Encoding
Report-To: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
Content-Type: text/javascript
Cache-Control: private, max-age=900, stale-while-revalidate=3600
Timing-Allow-Origin: *
Content-Length: 26911
X-XSS-Protection: 0
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="ads-gpt-scs"
Expires: Fri, 12 Nov 2021 19:20:07 GMT

GET
H2

200

analytics.js Show response
www.google-analytics.com/
Redirect Chain

http://www.google-analytics.com/analytics.js
https://www.google-analytics.com/analytics.js

49 KB
20 KB

753ms
38ms

Script
text/javascript

2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/

Protocol

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 4773
date: Fri, 12 Nov 2021 18:00:34 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: clear
content-length: 20006
expires: Fri, 12 Nov 2021 20:00:34 GMT

Redirect headers

Location: https://www.google-analytics.com/analytics.js
Non-Authoritative-Reason: HSTS

GET
H/1.1 200
OK cookie Show response
ads.adaptv.advertising.com/ 0
326 B 174ms
10ms Script
text/html 18.196.20.13
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://ads.adaptv.advertising.com/cookie?pageUrl=http://dur-duweb.newscyclecloud.com/&isTop=true&callback=1
Requested by: Host: redir.adap.tv
URL: http://redir.adap.tv/redir/javascript/lightintegration.js
Protocol: HTTP/1.1
Server: 18.196.20.13 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-196-20-13.eu-central-1.compute.amazonaws.com
Software: adaptv/1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

server: adaptv/1.0
Connection: keep-alive
Content-Length: 0
content-type: text/html

GET
H/1.1 200
OK stcz4.zbma.20161107.v.147s5.79.2.34.zbma Show response
cloud.siteencore.com/ Frame B312 106 KB
106 KB 52ms
19ms Script
application/javascript 143.204.98.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://cloud.siteencore.com/stcz4.zbma.20161107.v.147s5.79.2.34.zbma
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 143.204.98.75 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-75.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a168b7993deb72df871d7ed29cdf905792e57e97b9e980030a41dd9ce5e778fc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 10:24:03 GMT
Via: 1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
Last-Modified: Thu, 07 Dec 2017 00:05:07 GMT
Server: AmazonS3
Age: 32164
ETag: "4de04128191a6c1672a48bb3049ddaaa"
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Connection: keep-alive
X-Amz-Cf-Pop: FRA50-C1
Content-Length: 108388
X-Amz-Cf-Id: o9kyXjuf38XFpTTTL0n0wBdq0xLB_cS9arsT99sn8RPVarQ1H6t-IA==

GET
H2

200

all.js Show response
connect.facebook.net/en_US/
Redirect Chain

http://connect.facebook.net/en_US/all.js
https://connect.facebook.net/en_US/all.js

3 KB
2 KB

23ms
7ms

Script
application/x-javascript

2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js

Requested by

Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/

Protocol

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9cee1ceadb494e1aee6ffcfdea545521ea4fca8920f924413dafa7dafbf3a96a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: CDr7J9RuIohzGwXt43b0MA==
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 1685
x-fb-rlafr: 0
x-fb-debug: VlWIixpr1vnTMyNa6Cww2BNubrRAsteEFnRqlFpKHxhIcd4RHc3KFbPOsaSvhBq3I+RIFN6XD61QFv6dw2M+lQ==
x-fb-trip-id: 686109401
x-fb-content-md5: 25c2fe9b071bd066c24c80432802e2a3
x-frame-options: DENY
date: Fri, 12 Nov 2021 19:20:06 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "bd6c299d18637ca8e4e3938fd77eaaf0"
timing-allow-origin: *
expires: Fri, 12 Nov 2021 19:23:31 GMT

Redirect headers

Location: https://connect.facebook.net/en_US/all.js
Non-Authoritative-Reason: HSTS

GET
H/1.1 200
OK eherald.gif
dur-duweb.newscyclecloud.com/images/ 298 B
629 B 242ms
172ms Image
image/gif 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://dur-duweb.newscyclecloud.com/images/eherald.gif
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 3fddf663f988659c1a34f4a73f45eced639a62a55931b2e26fc7cf96d7fdaa22

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:58 GMT
ETag: "80aa56ac71f6cc1:0"
Last-Modified: Tue, 28 Feb 2012 23:35:37 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: X-Forwarded-URI
Content-Type: image/gif
ServedBy: NC1-D-WEB-08.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 298

GET
H/1.1 200
OK masthead.jpg
dur-duweb.newscyclecloud.com/img/ 2 KB
2 KB 217ms
217ms Image
image/jpeg 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://dur-duweb.newscyclecloud.com/img/masthead.jpg
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/css/main.css?rnd=441
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 1089e0224995fbc1ccd17dd5e1dc345d795261ef9f65e6450fb18db1fa409458

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/css/main.css?rnd=441
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:57 GMT
ETag: "066c8bcfeeccc1:0"
Last-Modified: Thu, 16 Feb 2012 23:00:12 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: X-Forwarded-URI
Content-Type: image/jpeg
ServedBy: NC1-D-WEB-07.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2106

GET
H/1.1 200
OK logo.png
dur-duweb.newscyclecloud.com/img/ 13 KB
13 KB 165ms
104ms Image
image/png 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://dur-duweb.newscyclecloud.com/img/logo.png
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/css/main.css?rnd=441
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: cf24c097581fff63c5ad70a1443f91f8915cd6da90edd6646bf79ee035966958

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/css/main.css?rnd=441
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:58 GMT
ETag: "804458fac068cc1:0"
Last-Modified: Thu, 01 Sep 2011 16:05:33 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: X-Forwarded-URI
Content-Type: image/png
ServedBy: NC1-D-WEB-05.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 13391

GET
H/1.1 200
OK nav-bkgd.jpg
dur-duweb.newscyclecloud.com/img/ 1 KB
2 KB 253ms
108ms Image
image/jpeg 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://dur-duweb.newscyclecloud.com/img/nav-bkgd.jpg
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/css/main.css?rnd=441
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 907b775ac1ab5b2a366a01ab015999d63c258e0090b62d7bd854af91ed7b6c87

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/css/main.css?rnd=441
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:58 GMT
ETag: "80841ff2fbeccc1:0"
Last-Modified: Thu, 16 Feb 2012 22:40:13 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: X-Forwarded-URI
Content-Type: image/jpeg
ServedBy: NC1-D-WEB-02.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1501

GET
H/1.1 200
OK white-bar.png
dur-duweb.newscyclecloud.com/img/ 139 B
470 B 245ms
100ms Image
image/png 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://dur-duweb.newscyclecloud.com/img/white-bar.png
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/css/main.css?rnd=441
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 6b413c8600b56e58e81d71a649f7d648b8963f0ed9c23a384b42e53405ee5156

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/css/main.css?rnd=441
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:58 GMT
ETag: "80c2b8f58cfbca1:0"
Last-Modified: Mon, 24 May 2010 22:03:37 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: X-Forwarded-URI
Content-Type: image/png
ServedBy: NC1-D-WEB-10.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 139

GET
H/1.1 200
OK spike.png
dur-duweb.newscyclecloud.com/img/ 120 B
450 B 254ms
107ms Image
image/png 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://dur-duweb.newscyclecloud.com/img/spike.png
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/css/main.css?rnd=441
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: b34861d158459eee0258aa4c8156586864dd1f0a26572f3727a4d08f3fdcf5de

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/css/main.css?rnd=441
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:59 GMT
ETag: "80ef4f08cfbca1:0"
Last-Modified: Mon, 24 May 2010 22:03:29 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: X-Forwarded-URI
Content-Type: image/png
ServedBy: NC1-D-WEB-08.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 120

GET
H/1.1 200
OK grey-spike.png
dur-duweb.newscyclecloud.com/img/ 120 B
449 B 199ms
109ms Image
image/png 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://dur-duweb.newscyclecloud.com/img/grey-spike.png
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/css/main.css?rnd=441
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 8b523b96faa88c883411b4f3ead7ef7599a612edcdcb30c00135ecb5bea98ade

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/css/main.css?rnd=441
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:58 GMT
ETag: "03d3e88cfbca1:0"
Last-Modified: Mon, 24 May 2010 22:03:14 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: X-Forwarded-URI
Content-Type: image/png
ServedBy: NC1-D-WEB-04.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 120

GET
H/1.1 200
OK tab-gradient.png
dur-duweb.newscyclecloud.com/img/ 148 B
479 B 227ms
111ms Image
image/png 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://dur-duweb.newscyclecloud.com/img/tab-gradient.png
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/css/main.css?rnd=441
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 4a12cbd7e716f29a1557c7fb3adf5e9441b51f81f2b368c59f1a84154cf9a9ff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/css/main.css?rnd=441
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:58 GMT
ETag: "803b25f28cfbca1:0"
Last-Modified: Mon, 24 May 2010 22:03:31 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: X-Forwarded-URI
Content-Type: image/png
ServedBy: NC1-D-WEB-05.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 148

GET
H/1.1 200
OK box-gradient.png
dur-duweb.newscyclecloud.com/img/ 137 B
468 B 238ms
98ms Image
image/png 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://dur-duweb.newscyclecloud.com/img/box-gradient.png
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/css/main.css?rnd=441
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 95747a03f1d7164cb3cede026e2288ad6be764c712c68e90357339fea4e5e708

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/css/main.css?rnd=441
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:58 GMT
ETag: "8011b0dc8cfbca1:0"
Last-Modified: Mon, 24 May 2010 22:02:55 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: X-Forwarded-URI
Content-Type: image/png
ServedBy: NC1-D-WEB-07.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 137

OPTIONS widget_slider
ballantinecms.com/api/sites/4ctv/ Frame 0
0

GET
H2 200 l
use.typekit.net/af/357d3c/00000000000000000001743c/27/ 27 KB
27 KB 57ms
34ms Font
application/font-woff2 2a02:26f0:f7::5c7b:e031
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/357d3c/00000000000000000001743c/27/l?subset_id=1&fvd=n4&v=3
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f7::5c7b:e031 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 4c72da2a624cda680b49f11ed2df9d2c41b3bae5cec1b588c8cf20028d2ee423

Request headers

Referer: http://dur-duweb.newscyclecloud.com/
Origin: http://dur-duweb.newscyclecloud.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 19:20:07 GMT
server: nginx
etag: "9a0680c7d4de5dab865329f4f60b334fc016010a"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 27284

GET
H2 200 l
use.typekit.net/af/8b7d27/00000000000000000001743d/27/ 28 KB
28 KB 67ms
45ms Font
application/font-woff2 2a02:26f0:f7::5c7b:e031
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/8b7d27/00000000000000000001743d/27/l?subset_id=1&fvd=n5&v=3
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f7::5c7b:e031 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 15f1e7673264ad055f7e542d82e7fcb5ff8062de7fd8b8572cf82e496e89c836

Request headers

Referer: http://dur-duweb.newscyclecloud.com/
Origin: http://dur-duweb.newscyclecloud.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 19:20:07 GMT
server: nginx
etag: "3302733bc23e08ad12a63bfbd59731adf53af4e4"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 28300

GET
H2 200 l
use.typekit.net/af/8d1d7e/00000000000000000001743e/27/ 27 KB
28 KB 78ms
55ms Font
application/font-woff2 2a02:26f0:f7::5c7b:e031
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/8d1d7e/00000000000000000001743e/27/l?subset_id=1&fvd=n6&v=3
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f7::5c7b:e031 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: d4053012287fb6f47416c3eb03ba4b89aef0fc57771e65526f9134e8e5e80344

Request headers

Referer: http://dur-duweb.newscyclecloud.com/
Origin: http://dur-duweb.newscyclecloud.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 19:20:07 GMT
server: nginx
etag: "b17e1875075bbc4ff05d268ba941c04ab536f01d"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 28020

GET
H2 200 l
use.typekit.net/af/279af5/00000000000000000001743f/27/ 27 KB
28 KB 64ms
41ms Font
application/font-woff2 2a02:26f0:f7::5c7b:e031
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/279af5/00000000000000000001743f/27/l?subset_id=1&fvd=n7&v=3
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f7::5c7b:e031 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: b0660ea41deed57b71e57788d47091bd05e6853c51d0bbb867fdb1fbe5526877

Request headers

Referer: http://dur-duweb.newscyclecloud.com/
Origin: http://dur-duweb.newscyclecloud.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 19:20:07 GMT
server: nginx
etag: "555bec07b4fddb532a139f26beb0dfe4cf42a30d"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 28044

GET
H2 200 l
use.typekit.net/af/2cd6bf/00000000000000000001008f/27/ 41 KB
42 KB 30ms
8ms Font
application/font-woff2 2a02:26f0:f7::5c7b:e031
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/2cd6bf/00000000000000000001008f/27/l?subset_id=2&fvd=n5&v=3
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f7::5c7b:e031 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 5e621780ac394f3839adb9f93d62c36bc51d432e4d8f7bfe7822d2951fdf7c4f

Request headers

Referer: http://dur-duweb.newscyclecloud.com/
Origin: http://dur-duweb.newscyclecloud.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 19:20:06 GMT
server: nginx
etag: "87868ea7533b245fa343d5fd2e370ee0daee1db8"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 42376

GET
H2 200 l
use.typekit.net/af/309dfe/000000000000000000010091/27/ 39 KB
40 KB 31ms
9ms Font
application/font-woff2 2a02:26f0:f7::5c7b:e031
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/309dfe/000000000000000000010091/27/l?subset_id=2&fvd=n7&v=3
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f7::5c7b:e031 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: d37e4ca1e1902ac258dedafe9e7ee1bc8e7ac887a3d2f0babc143dede00dfd32

Request headers

Referer: http://dur-duweb.newscyclecloud.com/
Origin: http://dur-duweb.newscyclecloud.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 19:20:06 GMT
server: nginx
etag: "78f589bb61056c7dc2c42601e2fd59aa96941141"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 40336

GET
H2 200 l
use.typekit.net/af/9b05f3/000000000000000000013365/27/ 46 KB
46 KB 42ms
20ms Font
application/font-woff2 2a02:26f0:f7::5c7b:e031
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/9b05f3/000000000000000000013365/27/l?subset_id=2&fvd=n4&v=3
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f7::5c7b:e031 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: ee3fde9fdf61686caeb22b22b988373b456a4aaa90ebf6eb1b01d1143754d311

Request headers

Referer: http://dur-duweb.newscyclecloud.com/
Origin: http://dur-duweb.newscyclecloud.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 19:20:06 GMT
server: nginx
etag: "0ffa5e8c8eb076cc21ede9987250dfa4f2af4438"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 46644

GET
H2 200 l
use.typekit.net/af/ae4f6c/000000000000000000010096/27/ 67 KB
67 KB 36ms
14ms Font
application/font-woff2 2a02:26f0:f7::5c7b:e031
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/ae4f6c/000000000000000000010096/27/l?subset_id=2&fvd=n3&v=3
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f7::5c7b:e031 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 98305cffbf19855e4f15bedafe9ab8d46b785986db849b30ea7e72eef99696de

Request headers

Referer: http://dur-duweb.newscyclecloud.com/
Origin: http://dur-duweb.newscyclecloud.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 19:20:06 GMT
server: nginx
etag: "dcb4afde1e053f9caf987fd66290b8eca72ab6f0"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 68520

GET
H2 200 l
use.typekit.net/af/0c71d1/000000000000000000010097/27/ 37 KB
38 KB 41ms
20ms Font
application/font-woff2 2a02:26f0:f7::5c7b:e031
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/0c71d1/000000000000000000010097/27/l?subset_id=2&fvd=n8&v=3
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f7::5c7b:e031 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 23522fe51dd2af37245895fed60c86f6ae87f3988bb99062c1f74993d63e507b

Request headers

Referer: http://dur-duweb.newscyclecloud.com/
Origin: http://dur-duweb.newscyclecloud.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 19:20:06 GMT
server: nginx
etag: "f035af916cfbad65f6cf5dc8492e4da3f97aac22"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 38208

GET widget_slider
ballantinecms.com/api/sites/4ctv/ 0
0

GET
H/1.1 200
OK list-widget.js Show response
d16twqtnxc0kgx.cloudfront.net/apps/list-widget/v1.5.1/ 59 KB
19 KB 24ms
7ms Script
application/javascript 143.204.98.63
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://d16twqtnxc0kgx.cloudfront.net/apps/list-widget/v1.5.1/list-widget.js
Requested by: Host: swscene.spingo.com
URL: http://swscene.spingo.com/list-widget.js
Protocol: HTTP/1.1
Server: 143.204.98.63 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-63.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8b710ba46e924edf33e14b0d9939b9bd2bea8b867b69ebf6799e91dd40372f4d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:14:48 GMT
Content-Encoding: gzip
Last-Modified: Wed, 04 Jan 2017 17:06:55 GMT
Server: AmazonS3
Age: 333
ETag: "8e7b9348f8e30e49e29e5b944301986e"
X-Cache: Hit from cloudfront
Content-Type: application/javascript; charset=utf-8
Via: 1.1 9c7c26f5beeb09381cea450ea3581b37.cloudfront.net (CloudFront)
Connection: keep-alive
X-Amz-Cf-Pop: FRA50-C1
Accept-Ranges: bytes
Content-Length: 19148
X-Amz-Cf-Id: gNovwqqkuge5AbuAHwkW-CX-y1L6d1mH0pfgfS5k8TFliPuFl2T_dg==

GET
H/1.1 204
No Content dur-duweb.newscyclecloud.com.js Show response
u.heatmap.it/conf/ 0
364 B 31ms
31ms Script
text/javascript 46.105.202.39
OVH

General

Check archive.org

Show headers Download Go to

Full URL: http://u.heatmap.it/conf/dur-duweb.newscyclecloud.com.js
Requested by: Host: u.heatmap.it
URL: http://u.heatmap.it/log.js
Protocol: HTTP/1.1
Server: 46.105.202.39 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 19:20:07 GMT
x-cacheable: Cacheable
x-cdn-pop-ip: 137.74.120.0/27
x-iplb-instance: 42308
content-type: text/javascript;charset=UTF-8
cache-control: max-age=60
x-cdn-pop: sbg
x-iplb-request-id: B9D59BA4:E40E_2E69CA27:0050_618EBE66_5D68B:2C58
x-request-id: 977962089
expires: Fri, 12 Nov 2021 19:25:08 GMT

GET
H/1.1 200
OK footer-lines-2.png
dur-duweb.newscyclecloud.com/img/ 2 KB
2 KB 338ms
337ms Image
image/png 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://dur-duweb.newscyclecloud.com/img/footer-lines-2.png
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/css/main.css?rnd=441
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: bcb5431c77bae2bcbd629ef3f272b5a3d0831b4a4a6b19f3edcbbcf3250500b5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/css/main.css?rnd=441
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:59 GMT
ETag: "8eb85b67d42d11:0"
Last-Modified: Tue, 29 Dec 2015 21:13:07 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: X-Forwarded-URI
Content-Type: image/png
ServedBy: NC1-D-WEB-08.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2004

GET
H/1.1 200
OK footer-spike.png
dur-duweb.newscyclecloud.com/img/ 114 B
444 B 248ms
105ms Image
image/png 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://dur-duweb.newscyclecloud.com/img/footer-spike.png
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/css/main.css?rnd=441
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 7d2e278c41892bc6ad6350c95c63a92c2e4da89271c37086e8dd1cb32999de3e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/css/main.css?rnd=441
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:58 GMT
ETag: "010d2e68cfbca1:0"
Last-Modified: Mon, 24 May 2010 22:03:12 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: X-Forwarded-URI
Content-Type: image/png
ServedBy: NC1-D-WEB-02.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 114

GET
H/1.1 200
OK controls.png
dur-duweb.newscyclecloud.com/images/colorbox/ 2 KB
2 KB 180ms
104ms Image
image/png 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://dur-duweb.newscyclecloud.com/images/colorbox/controls.png
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/css/colorbox.css?rnd=441
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: dd66392b830be1152442db4ba9818b44a4f22adfc11571f1c5c6400c6b73ed85

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/css/colorbox.css?rnd=441
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:59 GMT
ETag: "02d1ae7df5cc1:0"
Last-Modified: Thu, 28 Apr 2011 20:07:30 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: X-Forwarded-URI
Content-Type: image/png
ServedBy: NC1-D-WEB-10.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2033

GET
H/1.1 200
OK border.png
dur-duweb.newscyclecloud.com/images/colorbox/ 163 B
492 B 154ms
105ms Image
image/png 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://dur-duweb.newscyclecloud.com/images/colorbox/border.png
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/css/colorbox.css?rnd=441
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 6d7a1c311e234b25bdde3c3563aad9dfdccb7c076dcc37bfc908d31ebe0bb307

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/css/colorbox.css?rnd=441
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:58 GMT
ETag: "02d1ae7df5cc1:0"
Last-Modified: Thu, 28 Apr 2011 20:07:30 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: X-Forwarded-URI
Content-Type: image/png
ServedBy: NC1-D-WEB-01.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 163

GET
H/1.1 200
OK loading_background.png
dur-duweb.newscyclecloud.com/images/colorbox/ 166 B
496 B 128ms
109ms Image
image/png 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://dur-duweb.newscyclecloud.com/images/colorbox/loading_background.png
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/css/colorbox.css?rnd=441
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 9e076334a5467b74c691321c411b4a8dd2a916c39d78a103b5d538bd0a0d6a82

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/css/colorbox.css?rnd=441
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:58 GMT
ETag: "80f0e3e8df5cc1:0"
Last-Modified: Thu, 28 Apr 2011 20:07:33 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: X-Forwarded-URI
Content-Type: image/png
ServedBy: NC1-D-WEB-02.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 166

GET
H/1.1 200
OK loading.gif
dur-duweb.newscyclecloud.com/images/colorbox/ 9 KB
10 KB 188ms
109ms Image
image/gif 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://dur-duweb.newscyclecloud.com/images/colorbox/loading.gif
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/css/colorbox.css?rnd=441
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 34ef55242fc24c94f0790902c09601d228e9074bf7a1f88c4de6a39b40ce38fa

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/css/colorbox.css?rnd=441
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:58 GMT
ETag: "05a4be8df5cc1:0"
Last-Modified: Thu, 28 Apr 2011 20:07:32 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: X-Forwarded-URI
Content-Type: image/gif
ServedBy: NC1-D-WEB-04.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 9427

GET
H/1.1 200
OK active-arrow.png
dur-duweb.newscyclecloud.com/img/ 193 B
523 B 223ms
105ms Image
image/png 3.210.172.4
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://dur-duweb.newscyclecloud.com/img/active-arrow.png
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/css/main.css?rnd=441
Protocol: HTTP/1.1
Server: 3.210.172.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-210-172-4.compute-1.amazonaws.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: f44a6911676267d9db08bfcfedbd63024781a23103bf7e188bebc6a7b020428a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/css/main.css?rnd=441
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:19:58 GMT
ETag: "0c752d78cfbca1:0"
Last-Modified: Mon, 24 May 2010 22:02:46 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Vary: X-Forwarded-URI
Content-Type: image/png
ServedBy: NC1-D-WEB-07.DIGUSVA1.LOC
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 193

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 96 KB
29 KB 13ms
6ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: http://platform.twitter.com/widgets.js
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67F2) /
Resource Hash: 00a57617df99ac957720b7332f9d15449def3ebe11169d68f12c47a3cde5168d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:20:07 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Age: 550
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Content-Length: 29104
x-tw-cdn: VZ
Last-Modified: Mon, 18 Oct 2021 18:33:56 GMT
Server: ECS (frb/67F2)
Etag: "a709ab1b2c0d5d5e7c19895f6e1dcbfd+gzip"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800

GET
H3 200 all.js Show response
connect.facebook.net/en_US/ 291 KB
82 KB 18ms
8ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js?hash=0eb39ed37c291b2bd6d1e2c3f71fab34

Requested by

Host: connect.facebook.net
URL: http://connect.facebook.net/en_US/all.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

97ddad76427c59b3c8a09b0d6f4e3bdacddcf3184641f300c78ba3c4f4c5d806

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: http://dur-duweb.newscyclecloud.com/
Origin: http://dur-duweb.newscyclecloud.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: VHeI+jdKgLFKlyHaJjM7Lg==
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 84354
x-fb-rlafr: 0
x-fb-debug: nc41ldBhwJ7z9M2OomsfxAPvffHNk1qw426muZ9T+a3nDJoqQcxIIRXwKLx5Ao7iWK3mEPDAPr+MlRpTbalcUA==
x-fb-content-md5: 49a26bbcf17fa9b2299de0ee5b2bb067
x-frame-options: DENY
date: Fri, 12 Nov 2021 19:20:07 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "62860e097113c9f404bb9103a3d1318c"
timing-allow-origin: *
priority: u=3,i
expires: Sat, 12 Nov 2022 18:56:16 GMT

GET
H/1.1 401
Unauthorized premier Show response
calendarapi-cdn.spingo.com/v1/events/ 77 B
693 B 278ms
220ms XHR
application/json 18.66.248.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://calendarapi-cdn.spingo.com/v1/events/premier?auth_token=cc7e11b6282ddae6f711d9e072a94d588916d2d31d92751e503cc2b9b93891d7
Requested by: Host: d16twqtnxc0kgx.cloudfront.net
URL: http://d16twqtnxc0kgx.cloudfront.net/apps/list-widget/v1.5.1/list-widget.js
Protocol: HTTP/1.1
Server: 18.66.248.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Jetty(9.0.4.v20130625) /
Resource Hash: d87d2b56fa7ad3f30e7843d682b04350adf1d06f65dfef545ab58896c0d3e4a0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:20:07 GMT
Via: 1.1 cd8cc1ff175a63c59feeb56bb3687767.cloudfront.net (CloudFront)
WWW-Authenticate: SpingoAPI realm=SpingoAuth
Server: Jetty(9.0.4.v20130625)
X-Amz-Cf-Pop: DUS51-P1
Access-Control-Allow-Methods: GET, OPTIONS
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=60
Access-Control-Allow-Credentials: true
X-Cache: Error from cloudfront
Connection: keep-alive
Content-Length: 77
X-Amz-Cf-Id: BVkP2vWtEAL2Yr8GlBGadTJwN1PgDkFF_dv0hHoStC5KdjNht7yBMQ==
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK add-event-2014-12-03.png
d16twqtnxc0kgx.cloudfront.net/widgets/sponsorship-images/ 4 KB
5 KB 8ms
8ms Image
image/png 143.204.98.63
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://d16twqtnxc0kgx.cloudfront.net/widgets/sponsorship-images/add-event-2014-12-03.png
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 143.204.98.63 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-63.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 16ab47ba9139686bb9595cc5b5337e14cd50a672e152eb02287b205afb6ec6fe

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 04:16:33 GMT
Via: 1.1 9c7c26f5beeb09381cea450ea3581b37.cloudfront.net (CloudFront)
Last-Modified: Wed, 03 Dec 2014 22:02:42 GMT
Server: AmazonS3
Age: 54215
ETag: "e27195738587f1e08b1fa46c4104a61f"
X-Cache: Hit from cloudfront
Content-Type: image/png
Connection: keep-alive
X-Amz-Cf-Pop: FRA50-C1
Accept-Ranges: bytes
Content-Length: 4146
X-Amz-Cf-Id: J_EN5KFi6TcYLJOA0ktqPcYFcaPXx6HgSq7J01g1Uxzx1cSP-bZK1A==

GET
DATA 200
OK truncated
/ 76 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3286ec297eefd523775a6d818e4a640436fe31926f1f302e7478247a1d1c6f36

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 401
Unauthorized events Show response
calendarapi-cdn.spingo.com/v1/ 77 B
693 B 255ms
218ms XHR
application/json 18.66.248.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://calendarapi-cdn.spingo.com/v1/events?auth_token=cc7e11b6282ddae6f711d9e072a94d588916d2d31d92751e503cc2b9b93891d7&limit=25&date=2021-11-12T19:20
Requested by: Host: d16twqtnxc0kgx.cloudfront.net
URL: http://d16twqtnxc0kgx.cloudfront.net/apps/list-widget/v1.5.1/list-widget.js
Protocol: HTTP/1.1
Server: 18.66.248.54 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Jetty(9.0.4.v20130625) /
Resource Hash: d87d2b56fa7ad3f30e7843d682b04350adf1d06f65dfef545ab58896c0d3e4a0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:20:07 GMT
Via: 1.1 cd8cc1ff175a63c59feeb56bb3687767.cloudfront.net (CloudFront)
WWW-Authenticate: SpingoAPI realm=SpingoAuth
Server: Jetty(9.0.4.v20130625)
X-Amz-Cf-Pop: DUS51-P1
Access-Control-Allow-Methods: GET, OPTIONS
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=60
Access-Control-Allow-Credentials: true
X-Cache: Error from cloudfront
Connection: keep-alive
Content-Length: 77
X-Amz-Cf-Id: 5M7_g0cIGYK3uak8FiFIev2QaBXk5I9LXLCyIrZU4z2L-pJr1I7vEA==
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK widget_iframe.a53eecb4584348a2ad32ec2ae21f6eae.html Show response
platform.twitter.com/widgets/ Frame 74CB 319 KB
103 KB 28ms
7ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.a53eecb4584348a2ad32ec2ae21f6eae.html?origin=http%3A%2F%2Fdur-duweb.newscyclecloud.com
Requested by: Host: platform.twitter.com
URL: http://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67D4) /
Resource Hash: c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 223635
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Fri, 12 Nov 2021 19:20:07 GMT
Etag: "8321d7cf58d70200c1423dfa0bca40f6+gzip"
Last-Modified: Mon, 18 Oct 2021 18:32:00 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/67D4)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 105433

GET
H2 200 p.gif
p.typekit.net/ 35 B
214 B 35ms
7ms Image
image/gif 2a02:26f0:6c00:28d::19fd
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.typekit.net/p.gif?s=1&k=iqi1swr&ht=tk&h=dur-duweb.newscyclecloud.com&f=10441.10442.10443.10444.10879.10881.10884.10886.10887&a=965393&js=1.20.0&app=typekit&e=js&_=1636744807084
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:28d::19fd Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: nginx /
Resource Hash: 9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 19:20:07 GMT
last-modified: Wed, 02 Sep 2020 03:58:21 GMT
server: nginx
etag: "5f4f185d-23"
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 35

GET
H2 200 status
www.facebook.com/x/oauth/ 0
0 42ms
26ms Fetch
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/x/oauth/status?client_id=263076300371367&input_token&origin=1&redirect_uri=http%3A%2F%2Fdur-duweb.newscyclecloud.com%2F&sdk=joey&wants_cookie_data=true

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js?hash=0eb39ed37c291b2bd6d1e2c3f71fab34

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.vrich619.com *.fbcdn.net *.paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 0
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: c+wdpNXY4ZZhDowyLupk0uRr+xKKde7HNVgqQmb9zRXjEJpRRaaq1b+34sI4ihBz1nB9Iin94WYfWuORSlgfww==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
fb-s: unknown
cache-control: private, no-cache, no-store, must-revalidate
date: Fri, 12 Nov 2021 19:20:07 GMT
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://dur-duweb.newscyclecloud.com
access-control-expose-headers: fb-s
fb-error-description: "This endpoint may only be called from an HTTPS Origin."
access-control-allow-credentials: true
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 settings Show response
syndication.twitter.com/ Frame 74CB 232 B
447 B 135ms
113ms Fetch
application/json 104.244.42.8
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=720f2d1dda3b6d155a44bada38ac4e39c707d5b7

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.a53eecb4584348a2ad32ec2ae21f6eae.html?origin=http%3A%2F%2Fdur-duweb.newscyclecloud.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.8 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

726906ee6ce6dfe1b6e35ddad151196c50277e31520de30e916e9cd9affc0ef3

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

x-response-time: 106
date: Fri, 12 Nov 2021 19:20:06 GMT
content-encoding: gzip
last-modified: Fri, 12 Nov 2021 19:20:07 GMT
server: tsa_o
vary: Origin
strict-transport-security: max-age=631138519
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
x-connection-hash: a0a1bf4ffe0e3328e1ae65396c32721ec20480a832187a490be8d8bc380b6f8a
content-length: 166

GET
H2 200 pubads_impl_2021110901.js Show response
securepubads.g.doubleclick.net/gpt/ 344 KB
116 KB 144ms
47ms Script
text/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021110901.js

Requested by

Host: www.googletagservices.com
URL: http://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

sffe /

Resource Hash

290cb5d09439fb608eeeb01483d09a76d15f0056e3ff581a1a3d645f5ce9fb21

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 19:20:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: clear
content-length: 118212
x-xss-protection: 0
last-modified: Tue, 09 Nov 2021 09:34:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 12 Nov 2021 19:20:07 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 453 B
708 B 152ms
56ms XHR
application/json 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=dur-duweb.newscyclecloud.com

Requested by

Host: www.googletagservices.com
URL: http://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

9f113286a24c7cc4b59953f40de8d821c76a2a68323af12002e64f0c6bca035f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 12 Nov 2021 19:20:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: clear
content-length: 196
x-xss-protection: 0
expires: Fri, 12 Nov 2021 19:20:07 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
121 B 1369ms
124ms Image
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_not_reserved&pvsid=2111069857418313&vrg=2021110901&nw_id=3200696&nslots=6&eid=31063182&pub_url=http%3A%2F%2Fdur-duweb.newscyclecloud.com%2F&inViewport=false&depth=0

Requested by

Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Nov 2021 19:20:09 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: clear
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
165 B 1981ms
49ms Script
application/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=dur-duweb.newscyclecloud.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021110901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 12 Nov 2021 19:20:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: clear
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
424 B 1929ms
49ms Script
application/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=dur-duweb.newscyclecloud.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021110901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 12 Nov 2021 19:20:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: clear
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 18 KB
9 KB 362ms
362ms XHR
text/plain 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2111069857418313&correlator=938251617250208&output=ldjh&impl=fifs&eid=31063182&vrg=2021110901&ptt=17&sc=0&sfv=1-0-38&ecs=20211112&iu_parts=3200696%2Cdh_0_frontpage_728x90_top&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90%7C970x90&cookie_enabled=1&bc=23&abxe=1&lmt=1636744797&dt=1636744808148&dlt=1636744805655&idt=2461&frm=20&biw=1600&bih=1200&oid=2&adxs=436&adys=28&adks=1579513112&ucis=1&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fdur-duweb.newscyclecloud.com%2F&vis=1&scr_x=0&scr_y=0&psz=970x0&msz=970x0&ga_vid=1404806910.1636744808&ga_sid=1636744808&ga_hid=1523558550&ga_fc=false&fws=4&ohw=1600&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021110901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

60dafb5d7df7a220c8f389beb0462fe36de129816755574d79d59c77a8fb9bb7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 19:20:08 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: clear
content-length: 8527
x-xss-protection: 0
google-lineitem-id: 5626954265
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138340464101
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://dur-duweb.newscyclecloud.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 461 B
760 B 359ms
359ms XHR
text/plain 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2111069857418313&correlator=938251617250208&output=ldjh&impl=fifs&eid=31063182&vrg=2021110901&ptt=17&sc=0&sfv=1-0-38&ecs=20211112&iu_parts=3200696%2Cdh_0_weathersponsor_88x31&enc_prev_ius=%2F0%2F1&prev_iu_szs=88x31&cookie_enabled=1&bc=23&abxe=1&lmt=1636744797&dt=1636744808152&dlt=1636744805655&idt=2461&frm=20&biw=1600&bih=1200&oid=2&adxs=1181&adys=80&adks=1673145166&ucis=2&ifi=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fdur-duweb.newscyclecloud.com%2F&vis=1&scr_x=0&scr_y=0&psz=88x-1&msz=88x-1&ga_vid=1404806910.1636744808&ga_sid=1636744808&ga_hid=1523558550&ga_fc=false&fws=4&ohw=960&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021110901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

98f7c5b0d8f5b5fe7b0f9e5e3d71d3cb10805f11e74514a4e95a5efd47244030

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 19:20:08 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: clear
content-length: 242
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://dur-duweb.newscyclecloud.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 18 KB
8 KB 922ms
921ms XHR
text/plain 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2111069857418313&correlator=938251617250208&output=ldjh&impl=fifs&eid=31063182&vrg=2021110901&ptt=17&sc=0&sfv=1-0-38&ecs=20211112&iu_parts=3200696%2Cdh_0_frontpage_300x250_top&enc_prev_ius=%2F0%2F1&prev_iu_szs=160x600%7C300x250%7C300x600&cookie_enabled=1&bc=23&abxe=1&lmt=1636744797&dt=1636744808153&dlt=1636744805655&idt=2461&frm=20&biw=1600&bih=1200&oid=2&adxs=970&adys=322&adks=3818390279&ucis=3&ifi=3&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fdur-duweb.newscyclecloud.com%2F&vis=1&scr_x=0&scr_y=0&psz=300x0&msz=300x0&ga_vid=1404806910.1636744808&ga_sid=1636744808&ga_hid=1523558550&ga_fc=false&fws=4&ohw=960&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021110901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

a3e460949b8696e9e8a3d20808c472326b7aeae350a842e9e15f6e7c01e3fa0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 19:20:09 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: clear
content-length: 8508
x-xss-protection: 0
google-lineitem-id: 5626954265
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138340526166
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://dur-duweb.newscyclecloud.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 18 KB
9 KB 644ms
644ms XHR
text/plain 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2111069857418313&correlator=938251617250208&output=ldjh&impl=fifs&eid=31063182&vrg=2021110901&ptt=17&sc=0&sfv=1-0-38&ecs=20211112&iu_parts=3200696%2Cdh_0_frontpage_300x250_bottom&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&cookie_enabled=1&bc=23&abxe=1&lmt=1636744797&dt=1636744808154&dlt=1636744805655&idt=2461&frm=20&biw=1600&bih=1200&oid=2&adxs=970&adys=775&adks=2240637772&ucis=4&ifi=4&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fdur-duweb.newscyclecloud.com%2F&vis=1&scr_x=0&scr_y=0&psz=300x0&msz=300x0&ga_vid=1404806910.1636744808&ga_sid=1636744808&ga_hid=1523558550&ga_fc=false&fws=4&ohw=960&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021110901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

bb4304a0132b71cb000bdb51a6c77f7a15a58fa151647a424b128e87be802180

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 19:20:08 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: clear
content-length: 8538
x-xss-protection: 0
google-lineitem-id: 5626954265
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138340464029
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://dur-duweb.newscyclecloud.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 57 KB
28 KB 1458ms
1458ms XHR
text/plain 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2111069857418313&correlator=938251617250208&output=ldjh&impl=fifs&eid=31063182&vrg=2021110901&ptt=17&sc=0&sfv=1-0-38&ecs=20211112&iu_parts=3200696%2Cdh_0_frontpage_728x90_bottom&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&cookie_enabled=1&bc=23&abxe=1&lmt=1636744797&dt=1636744808156&dlt=1636744805655&idt=2461&frm=20&biw=1600&bih=1200&oid=2&adxs=436&adys=1381&adks=3293871224&ucis=5&ifi=5&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fdur-duweb.newscyclecloud.com%2F&vis=1&scr_x=0&scr_y=0&psz=1600x11&msz=1600x0&ga_vid=1404806910.1636744808&ga_sid=1636744808&ga_hid=1523558550&ga_fc=false&fws=4&ohw=1600&btvi=1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021110901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

9f8a272ff3af4026fe0f483705220151e13b9371f2e25dd0c00f6b773ae0481e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 19:20:09 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: clear
content-length: 28100
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://dur-duweb.newscyclecloud.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 96 KB
32 KB 1186ms
1186ms XHR
text/plain 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2111069857418313&correlator=938251617250208&output=ldjh&impl=fifs&eid=31063182&vrg=2021110901&ptt=17&sc=0&sfv=1-0-38&ecs=20211112&iu_parts=3200696%2Cdh_0_home_off-page&enc_prev_ius=%2F0%2F1&prev_iu_szs=306x286%7C500x500%7C100x100%7C300x250%7C976x50&cookie_enabled=1&bc=23&abxe=1&lmt=1636744797&dt=1636744808157&dlt=1636744805655&idt=2461&frm=20&biw=1600&bih=1200&oid=2&adxs=0&adys=1839&adks=2358811805&ucis=6&ifi=6&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fdur-duweb.newscyclecloud.com%2F&vis=1&scr_x=0&scr_y=0&psz=1600x0&msz=1600x0&ga_vid=1404806910.1636744808&ga_sid=1636744808&ga_hid=1523558550&ga_fc=false&fws=0&ohw=0&btvi=2&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021110901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

4189fc9f7998a5e9225c0e82b776e24b7e989410340bb8414f2d769e2ade47fa

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4289431202364580801/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4289431202364580801/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CP_IucfFk_QCFQey3godgo8J2A&gqi=&layout=/sadbundle/%24csp%253Der3%24/4289431202364580801/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4289431202364580801/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4289431202364580801/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CP_IucfFk_QCFQey3godgo8J2A&gqi=&layout=/sadbundle/%24csp%253Der3%24/4289431202364580801/index.html
content-encoding: br
x-content-type-options: nosniff
google-creative-id: -1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: clear
content-length: 32383
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
date: Fri, 12 Nov 2021 19:20:09 GMT
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://dur-duweb.newscyclecloud.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 5A15 6 KB
3 KB 804ms
47ms Document
text/html 142.250.186.65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021110901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.65 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f1.1e100.net

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Fri, 12 Nov 2021 19:20:08 GMT
expires: Sat, 12 Nov 2022 19:20:08 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: clear

GET
H2 200 container.html Show response
4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame F44E 6 KB
3 KB 433ms
48ms Document
text/html 142.250.186.65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021110901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.65 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f1.1e100.net

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Fri, 12 Nov 2021 19:20:08 GMT
expires: Sat, 12 Nov 2022 19:20:08 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: clear

GET
H/1.1 200
OK batch.gif
loggingapi.spingo.com/v1/ 43 B
494 B 233ms
109ms Image
image/gif 23.23.104.191
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://loggingapi.spingo.com/v1/batch.gif?d=%7B%22sessionSeed%22%3A%221636744807029%22%2C%22now%22%3A%222021-11-12T19%3A20%3A08%2B0000%22%2C%22authToken%22%3A%22cc7e11b6282ddae6f711d9e072a94d588916d2d31d92751e503cc2b9b93891d7%22%2C%22actions%22%3A%5B%7B%22action%22%3A%22status%22%2C%22status%22%3A%22focus%22%2C%22time%22%3A%222021-11-12T19%3A20%3A07%2B0000%22%7D%2C%7B%22appName%22%3A%22list-widget%22%2C%22appVersion%22%3A%221.5.1%22%2C%22referrer%22%3A%22%22%2C%22action%22%3A%22init%22%2C%22time%22%3A%222021-11-12T19%3A20%3A07%2B0000%22%7D%2C%7B%22action%22%3A%22load%22%2C%22uri%22%3A%22%2Fevents%2F2021-11-12%2F0%22%2C%22params%22%3A%7B%22page%22%3A0%2C%22date%22%3A%222021-11-12%22%7D%2C%22entity%22%3A%7B%22className%22%3A%22calendar%22%2C%22id%22%3A574%7D%2C%22time%22%3A%222021-11-12T19%3A20%3A07%2B0000%22%7D%5D%2C%22appName%22%3A%22list-widget%22%7D
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: HTTP/1.1
Server: 23.23.104.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-23-104-191.compute-1.amazonaws.com
Software: spray-can/1.3.3 /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date: Fri, 12 Nov 2021 19:20:08 GMT
Server: spray-can/1.3.3
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type
Content-Length: 43

GET
H2 200 container.html Show response
4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 045D 6 KB
3 KB 159ms
51ms Document
text/html 142.250.186.65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021110901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.65 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f1.1e100.net

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Fri, 12 Nov 2021 19:20:08 GMT
expires: Sat, 12 Nov 2022 19:20:08 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: clear

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame F44E 22 KB
7 KB 423ms
41ms Script
text/javascript 142.250.186.33
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com
URL: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f1.1e100.net

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 09:00:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 37201
cross-origin-resource-policy: cross-origin
alt-svc: clear
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 12 Nov 2022 09:00:08 GMT

GET
H2 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame F44E 112 KB
40 KB 454ms
70ms Script
text/javascript 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: 4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com
URL: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

a03721c11ef8125ecb33fc4e4f1c7c82b58d4338dd326dbc79384284559e3015

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 19:20:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: clear
content-length: 40267
x-xss-protection: 0
server: cafe
etag: 16145889321532187786
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 12 Nov 2021 19:20:09 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F44E 119 KB
36 KB 1513ms
1129ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com
URL: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

sffe /

Resource Hash

8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 19:20:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: clear
content-length: 37119
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1636547677202025"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 12 Nov 2021 19:20:10 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 045D 22 KB
7 KB 425ms
43ms Script
text/javascript 142.250.186.33
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com
URL: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f1.1e100.net

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 09:00:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 37201
cross-origin-resource-policy: cross-origin
alt-svc: clear
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 12 Nov 2022 09:00:08 GMT

GET
H2 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame 045D 112 KB
39 KB 507ms
125ms Script
text/javascript 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: 4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com
URL: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

a03721c11ef8125ecb33fc4e4f1c7c82b58d4338dd326dbc79384284559e3015

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 19:20:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: clear
content-length: 40267
x-xss-protection: 0
server: cafe
etag: 16145889321532187786
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 12 Nov 2021 19:20:09 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 045D 119 KB
36 KB 1542ms
1158ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com
URL: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

sffe /

Resource Hash

8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 19:20:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: clear
content-length: 37119
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1636547677202025"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 12 Nov 2021 19:20:10 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
218 B 92ms
91ms XHR
text/plain 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1523558550&t=pageview&_s=1&dl=http%3A%2F%2Fdur-duweb.newscyclecloud.com%2F&ul=en-us&de=windows-1252&dt=The%20Durango%20Herald%20%7C%20Durango%27s%20source%20for%20breaking%20news%2C%20weather%2C%20sports%2C%20local%20events%20and%20entertainment%20-%20frontpage&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IAjAAEABAAAAAC~&jid=299368749&gjid=1941962756&cid=1404806910.1636744808&tid=UA-34252140-1&_gid=1821064808.1636744809&_r=1&_slc=1&z=391611126

Requested by

Host: www.google-analytics.com
URL: http://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://dur-duweb.newscyclecloud.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 12 Nov 2021 19:20:09 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://dur-duweb.newscyclecloud.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: clear
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
69 B 90ms
89ms XHR
text/plain 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1523558550&t=pageview&_s=1&dl=http%3A%2F%2Fdur-duweb.newscyclecloud.com%2F&ul=en-us&de=windows-1252&dt=The%20Durango%20Herald%20%7C%20Durango%27s%20source%20for%20breaking%20news%2C%20weather%2C%20sports%2C%20local%20events%20and%20entertainment%20-%20frontpage&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IAjAAEABAAAAAC~&jid=1630359905&gjid=1694702247&cid=1404806910.1636744808&tid=UA-44130506-1&_gid=1821064808.1636744809&_r=1&_slc=1&z=923941533

Requested by

Host: www.google-analytics.com
URL: http://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://dur-duweb.newscyclecloud.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 12 Nov 2021 19:20:09 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://dur-duweb.newscyclecloud.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: clear
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 9167 6 KB
3 KB 39ms
39ms Document
text/html 142.250.186.65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021110901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.65 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f1.1e100.net

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Fri, 12 Nov 2021 19:20:08 GMT
expires: Sat, 12 Nov 2022 19:20:08 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: clear

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 9167 22 KB
7 KB 314ms
77ms Script
text/javascript 142.250.186.33
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com
URL: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f1.1e100.net

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 09:00:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 37201
cross-origin-resource-policy: cross-origin
alt-svc: clear
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 12 Nov 2022 09:00:08 GMT

GET
H2 200 show_ads.js Show response
pagead2.googlesyndication.com/pagead/ Frame 9167 112 KB
39 KB 374ms
136ms Script
text/javascript 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/show_ads.js

Requested by

Host: 4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com
URL: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

a03721c11ef8125ecb33fc4e4f1c7c82b58d4338dd326dbc79384284559e3015

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 19:20:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: clear
content-length: 40267
x-xss-protection: 0
server: cafe
etag: 16145889321532187786
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 12 Nov 2021 19:20:09 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9167 119 KB
37 KB 1319ms
1080ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com
URL: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

sffe /

Resource Hash

8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 19:20:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: clear
content-length: 37119
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1636547677202025"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 12 Nov 2021 19:20:10 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
326 B 56ms
18ms XHR
text/plain 2a00:1450:400c:c07::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-34252140-1&cid=1404806910.1636744808&jid=299368749&gjid=1941962756&_gid=1821064808.1636744809&_u=IAjAAEAAAAAAAC~&z=33160648

Requested by

Host: www.google-analytics.com
URL: http://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://dur-duweb.newscyclecloud.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 12 Nov 2021 19:20:09 GMT
content-type: text/plain
access-control-allow-origin: http://dur-duweb.newscyclecloud.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: clear
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
324 B 1370ms
358ms Image
image/gif 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-34252140-1&cid=1404806910.1636744808&jid=299368749&_u=IAjAAEAAAAAAAC~&z=1345033796

Requested by

Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Nov 2021 19:20:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: clear
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
376 B 2119ms
399ms Image
image/gif 2a00:1450:4001:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-34252140-1&cid=1404806910.1636744808&jid=299368749&_u=IAjAAEAAAAAAAC~&z=1345033796

Requested by

Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Nov 2021 19:20:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: clear
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame C010 6 KB
3 KB 39ms
38ms Document
text/html 142.250.186.65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021110901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.65 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f1.1e100.net

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Fri, 12 Nov 2021 19:20:08 GMT
expires: Sat, 12 Nov 2022 19:20:08 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: clear

GET
H2 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4289431202364580801/ Frame 3747 3 KB
3 KB 41ms
40ms Document
text/html 142.250.186.33
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4289431202364580801/index.html

Requested by

Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f1.1e100.net

Software

sffe /

Resource Hash

78bd525dc317d47424279fbc7165201537c4bfe4c94c7f7c209a0685b6af281f

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
timing-allow-origin: *
content-length: 1306
date: Thu, 11 Nov 2021 12:32:07 GMT
expires: Fri, 11 Nov 2022 12:32:07 GMT
last-modified: Thu, 19 Aug 2021 14:10:37 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
age: 110882
cache-control: public, max-age=31536000
alt-svc: clear

GET
H2 200 adview
securepubads.g.doubleclick.net/pagead/ Frame C010 0
0 88ms
87ms Fetch
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CxriQab6OYb_wAofk-gaCn6bADfTN-4ZmjPSJqI8Nqb_ChIobEAEguPDsJGCV4pCCoAegAfTazJkDyAEJqQIjgJFptjKzPuACAKgDAcgDCKoEiQJP0DMPTkpTuGV6Veu1zpT1QW1L_yigKZvhG5T4X-ESmfaS9yONIa3cgvPhbBcGekqZEpQKiU7fhiigVhR9dVXcj9ujBySfT6Go719Xix7i0z3vjHy-wZq4MJETkJphBsIilEu_brnQoZvdQtUGMwBkI5Kb5JEECNWPEnz2GnODl-PMyjPz6tbXPrQhdLDNJ92KRZ2a9Ph967TOrUJfGhYzTz8WkGAXleNScI7qCBpH5dNP586izgqnKt7DakHFWd5mgDmHkQk_8WppBEWrs725Jtk3GqF32OBoN_BMwHg39YK38dBi3J5FU19XeaUAzCgdSKQxzaYBUfmO0fbp6yZ7peK9TGZWhT1MwAT9_r-IiQPgBAGSBQQIBBgBkgUECAUYBKAGLoAH9KSzZqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcA8gcEENLaEdIICQiI4YAQEAEYHYAKA8gLAdgTDNAVAZgWAYAXAbIXHgocCAASFHB1Yi00MDk2MDM1NTI4MjAyNjgzGNC8Dg&sigh=V_r0MpARPug&uach_m=[UACH]&template_id=419
Requested by: Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.186.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s06-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211109/r20110914/ Frame C010 19 KB
8 KB 41ms
40ms Script
text/javascript 142.250.186.33
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211109/r20110914/abg_lite_fy2019.js

Requested by

Host: 4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com
URL: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f1.1e100.net

Software

cafe /

Resource Hash

777750fd9d46194a2030dfa9a045e3890cbec3a8f38aa5c761b6e3cedfd8c72b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 19:20:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: clear
content-length: 7882
x-xss-protection: 0
server: cafe
etag: 2787528384799239804
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 26 Nov 2021 19:20:01 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211109/r20110914/client/ Frame C010 2 KB
1 KB 54ms
53ms Script
text/javascript 142.250.186.33
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211109/r20110914/client/window_focus_fy2019.js

Requested by

Host: 4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com
URL: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f1.1e100.net

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 19:17:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 169
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: clear
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 26 Nov 2021 19:17:20 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C010 119 KB
36 KB 1125ms
1125ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com
URL: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

sffe /

Resource Hash

8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 19:20:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: clear
content-length: 37119
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1636547677202025"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 12 Nov 2021 19:20:10 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211109/r20110914/client/ Frame C010 15 KB
6 KB 46ms
46ms Script
text/javascript 142.250.186.33
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211109/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com
URL: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f1.1e100.net

Software

cafe /

Resource Hash

ceca169c7b3aeb44dcdcbfd35d8fd24a85bc9a48b89ced5db336d54e16635a82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 19:20:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: clear
content-length: 6461
x-xss-protection: 0
server: cafe
etag: 16025856826866802794
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 26 Nov 2021 19:20:01 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame F44E 0
0 80ms
80ms Fetch
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst5MpWjyxYTv1WuG5GyB0jRTUFPsnijeiJsu59B_bSzl8iWA6B0w7M8pNaW8AZs23KID7tSCXRNQZIObu3EwBj-tfa4nSt0odyyYJ-NRn3Z4SIhLPE66PSjZrzDGcBZceXMUoFH-XCETFF0g388uof4cQ6LiR5-zp7AAdHXX2FUwJNfFiWwVWtWWqxIn4keRBA-GXEHu_RYhESsc5r8LqkveJ0qW4l69jBV0Bi-LM0KC2a98844KxlGKN6Ao8MPkIxYdypTr-leFLQ0rVATITDvi91o42h8B7gXAKkPD6BTQoqGFPJ3n9nN9nVtn1V4ijX29fBkf_pq4OH1sIBhIYxr81zuCQOT05Q52N-r19Iz&sai=AMfl-YRyI0nrMvbU3PZteuSUwHKoh6dM7vI7NBq34Qjo0zKz68XZs7geQFNF5g-K2j4D0SI8YIzasDGR8psh_NNierOk1TjxmYmcvFZZajiWW-nzsgAmD38VwDcJcZoevVw&sig=Cg0ArKJSzKzrYrhHU4PWEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com
URL: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 12 Nov 2021 19:20:09 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: clear
content-length: 0
x-xss-protection: 0
server: cafe
expires: Fri, 12 Nov 2021 19:20:09 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 045D 0
0 78ms
78ms Fetch
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuOnKVXEm-CwfeMTf3Uh_CLQiUBeXYZ_WXNdAB5_jXuWxPKp65cmRyxYj1e_J6pq0uAiWyNizqDaY8lYg_sI5nQ2yco1DaH0tpmTwBlgIG8ANW7hYr_99brJFgHmWnzaeayI4bZbXb50-puZQGlqICfvkDiYatZL0NuOrDOGKVrx_Tz3Gc7LmGYQ-LSsUQWNYQprZ9skQMov_Ui6zNXUSb4CoG9m5z6yKmA_oxlNYuBF5t2T7E7QPE6RCngjpcA5YEjVcc8h8qTQ4besYUKtgOBQdgSuaxE1jCR3LJH5aQvWSr9gPfeNClYYBISMR3HkiafyOgWdtuNNuhtoK0TfwHsvCXy8HOBmx3uSQuYdbDnzu_13eEPwcw&sai=AMfl-YSdG0tE-MVjOLoiaHX7YEJrqM-FCT-nFEIbM2JoMcpE-WlAEo5kfhJGWO_xkMJHH09H7cGjyYAPOD4wrtgyz1sQrbXea2F8CRSvdUBxs9IcWVEJwmlk2l7b0hSx1Hg&sig=Cg0ArKJSzOOx0DSMVsknEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com
URL: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 12 Nov 2021 19:20:09 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: clear
content-length: 0
x-xss-protection: 0
server: cafe
expires: Fri, 12 Nov 2021 19:20:09 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 9167 0
0 79ms
79ms Fetch
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssvXWlxCVGSaEZzSRs1N1WJ9ZmPyGoXtt8BE2SKVW64AfrS2SNw-k5Kchs-KSj_ZwvNaAS8WticoMjXILM7cLon7eLPoL8oC-G8usVPCEacKU6cBGy_wZl6eY--XMZLTjnQNRkUprSfrNwY3Q8kUqCgdr7WrxPaZ6YY1_WWPvTVduBRkXhxIKZ0Vc30TN_OXqR08nAsRFgAThF2WKCCKuwkoP_akPwT9gkeBvtsi4IOKRj6vyso0bpwxiNA9Ljai8dDlRQh-dHXiBsr_eOuBLee25MECHGWmzNfMcfP5nJy2VnIary2IhZKP_q4RsUfG_xbBT5lplJFy1HCemtVwUqSGrkgPAH0Hm6HXblrA2PhbPE&sai=AMfl-YQ4jXHXR0otwkQBCvgYSH3aPCRgfXCVEAw7EPQDO3MXFeSE6LjxScUramrLVN5K6n227qyi9OtoO5nPBysrOwc5e2453sjs5ydCgQnAcVkavePPuXRywMuUr4RxWZI&sig=Cg0ArKJSzDzUuCdvq_FNEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com
URL: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 12 Nov 2021 19:20:09 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: clear
content-length: 0
x-xss-protection: 0
server: cafe
expires: Fri, 12 Nov 2021 19:20:09 GMT

GET
H2 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame 3747 9 KB
3 KB 40ms
39ms Script
text/javascript 142.250.186.33
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4289431202364580801/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f1.1e100.net

Software

cafe /

Resource Hash

d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 13:42:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 20239
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: clear
content-length: 3271
x-xss-protection: 0
server: cafe
etag: 7483759447172721109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Sat, 13 Nov 2021 13:42:50 GMT

GET
H2 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 3747 26 KB
10 KB 42ms
41ms Script
text/javascript 142.250.186.33
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4289431202364580801/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f1.1e100.net

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 00:06:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 69249
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: clear
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Sat, 13 Nov 2021 00:06:00 GMT

GET
H2 200 createjs_2015.11.26_54e1c3722102182bb133912ad4442e19_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 3747 186 KB
48 KB 2400ms
1860ms Script
text/javascript 2a00:1450:4001:809::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/createjs_2015.11.26_54e1c3722102182bb133912ad4442e19_min.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4289431202364580801/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

575c82f23dbb9285df2f62c7c8121c65d89e8137713110a149067d695975215e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 19:20:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: clear
content-length: 49100
x-xss-protection: 0
last-modified: Wed, 16 Mar 2016 13:51:35 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 12 Nov 2021 19:20:10 GMT

GET
H2 200 300x250.js Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4289431202364580801/ Frame 3747 56 KB
8 KB 48ms
48ms Script
application/x-javascript 142.250.186.33
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4289431202364580801/300x250.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4289431202364580801/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f1.1e100.net

Software

sffe /

Resource Hash

4da3a779e79e6432ea996cd1a064704d26fe43421305b7795b87d21d3931a58d

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 20336
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: clear
content-length: 8583
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 14:10:37 GMT
server: sffe
date: Fri, 12 Nov 2021 13:41:13 GMT
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 12 Nov 2022 13:41:13 GMT

GET
H2 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 8EB1 143 B
301 B 581ms
40ms Document
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: 4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com
URL: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Fri, 12 Nov 2021 18:37:41 GMT
server: cafe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 2549
alt-svc: clear

GET
H2 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111080101/ Frame F44E 267 KB
96 KB 77ms
77ms Script
text/javascript 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111080101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-6055882063795349&plah=4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

d2d3e62be49a950029e24adea571c09bb20f4e208df3ba0e6f18ee613446f466

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 19:20:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: clear
content-length: 98309
x-xss-protection: 0
server: cafe
etag: 13474340241825499027
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 12 Nov 2021 19:20:09 GMT

GET
H2 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111080101/ Frame 045D 267 KB
96 KB 71ms
71ms Script
text/javascript 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

d2d3e62be49a950029e24adea571c09bb20f4e208df3ba0e6f18ee613446f466

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 19:20:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: clear
content-length: 98309
x-xss-protection: 0
server: cafe
etag: 13474340241825499027
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 12 Nov 2021 19:20:09 GMT

GET
H2 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111080101/ Frame 9167 267 KB
96 KB 95ms
95ms Script
text/javascript 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

d2d3e62be49a950029e24adea571c09bb20f4e208df3ba0e6f18ee613446f466

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 19:20:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: clear
content-length: 98309
x-xss-protection: 0
server: cafe
etag: 13474340241825499027
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 12 Nov 2021 19:20:09 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame F44E 107 B
424 B 482ms
48ms Script
application/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202111080101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-6055882063795349&plah=4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 12 Nov 2021 19:20:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: clear
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame F44E 107 B
165 B 448ms
66ms Script
application/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 12 Nov 2021 19:20:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: clear
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 43F9 603 B
109 B 523ms
139ms Document
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6055882063795349&output=html&h=90&slotname=BCI_DY&adk=1517024827&adf=816031633&pi=t.ma~as.BCI_DY&w=728&url=http%3A%2F%2Fdur-duweb.newscyclecloud.com%2F&ea=0&flash=0&wgl=1&dt=1636744809500&bpp=13&bdt=525&idt=126&shv=r20211109&mjsv=m202111080101&ptt=5&saldr=sa&correlator=6712519527488&frm=24&ife=3&pv=2&ga_vid=674232541.1636744810&ga_sid=1636744810&ga_hid=1584498997&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=728&ish=90&ifk=1744970882&scr_x=-12245933&scr_y=-12245933&oid=2&pvsid=2840323797180521&pem=225&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C728%2C90&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=1.g9ng64d60m3y&fsb=1&dtd=138

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 12 Nov 2021 19:20:10 GMT
server: cafe
content-length: 46
x-xss-protection: 0
alt-svc: clear

GET
H2 200 container.html Show response
4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 0194 6 KB
3 KB 44ms
43ms Document
text/html 142.250.186.65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021110901.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.65 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f1.1e100.net

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://dur-duweb.newscyclecloud.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Fri, 12 Nov 2021 19:20:08 GMT
expires: Sat, 12 Nov 2022 19:20:08 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: clear

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 045D 107 B
165 B 444ms
57ms Script
application/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 12 Nov 2021 19:20:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: clear
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 045D 107 B
165 B 410ms
76ms Script
application/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 12 Nov 2021 19:20:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: clear
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 641F 603 B
115 B 463ms
124ms Document
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6055882063795349&output=html&h=250&slotname=BCI_DY&adk=3886492872&adf=816031634&pi=t.ma~as.BCI_DY&w=300&url=http%3A%2F%2Fdur-duweb.newscyclecloud.com%2F&ea=0&flash=0&wgl=1&dt=1636744809541&bpp=8&bdt=560&idt=136&shv=r20211109&mjsv=m202111080101&ptt=5&saldr=sa&correlator=7598945570058&frm=24&ife=3&pv=2&ga_vid=500294176.1636744810&ga_sid=1636744810&ga_hid=204513253&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=250&ifk=989491807&scr_x=-12245933&scr_y=-12245933&oid=2&pvsid=1487082189739998&pem=225&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=1.4kbib3223d1o&fsb=1&dtd=142

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 12 Nov 2021 19:20:10 GMT
server: cafe
content-length: 46
x-xss-protection: 0
alt-svc: clear

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame 9167 107 B
165 B 443ms
67ms Script
application/javascript 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 12 Nov 2021 19:20:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: clear
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 9167 107 B
165 B 408ms
85ms Script
application/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 12 Nov 2021 19:20:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: clear
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 4334 603 B
109 B 475ms
147ms Document
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6055882063795349&output=html&h=600&slotname=BCI_DY&adk=798550295&adf=816031635&pi=t.ma~as.BCI_DY&w=300&url=http%3A%2F%2Fdur-duweb.newscyclecloud.com%2F&ea=0&flash=0&wgl=1&dt=1636744809553&bpp=5&bdt=424&idt=136&shv=r20211109&mjsv=m202111080101&ptt=5&saldr=sa&correlator=6274439325480&frm=24&ife=3&pv=2&ga_vid=1256659371.1636744810&ga_sid=1636744810&ga_hid=752998240&ga_fc=0&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=300&ish=600&ifk=989368503&scr_x=-12245933&scr_y=-12245933&eid=31062423%2C31063685%2C31063182&oid=2&pvsid=3368660646053794&pem=225&eae=2&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C600&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=1.8pr004jfaqkh&fsb=1&dtd=140

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Fri, 12 Nov 2021 19:20:10 GMT
server: cafe
content-length: 46
x-xss-protection: 0
alt-svc: clear

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 8C9F 624 B
634 B 373ms
52ms Document
text/html 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CO-t7QIQhsvvAhj3g9W6ATAB&v=APEucNUlT1FjkTEgQDuuDPfY6tPoFnm33mDMCaqnbYsRnGmPLUU81hA1RqP2-0-CNedX8le0c7iQxTDAsz9EfM8jJeSoD2-axTW-6zOdUohvi-buTEV143AADRee5ji5ljYk3J2OUPYCnzmQxSnHFbrNeOclG6IiMtwIjeLyiwvJsHng8ayPfwY

Requested by

Host: 4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com
URL: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Fri, 12 Nov 2021 19:20:10 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: clear
expires: Fri, 12 Nov 2021 19:20:10 GMT

GET
H2 200 abg_lite_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20211109/r20110914/ Frame 0194 19 KB
8 KB 39ms
38ms Script
text/javascript 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211109/r20110914/abg_lite_fy2019.js

Requested by

Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

777750fd9d46194a2030dfa9a045e3890cbec3a8f38aa5c761b6e3cedfd8c72b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 19:02:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1081
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: clear
content-length: 7882
x-xss-protection: 0
server: cafe
etag: 2787528384799239804
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 26 Nov 2021 19:02:08 GMT

GET
H2 200 6424296401878550550
s0.2mdn.net/simgad/ Frame 0194 23 KB
23 KB 743ms
431ms Image
image/png 2a00:1450:4001:809::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/6424296401878550550

Requested by

Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2513ee9fa8725dee813f60d6e977bc132e72298136858ccc15cfcafa0744473d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Thu, 11 Nov 2021 03:24:12 GMT
x-content-type-options: nosniff
age: 143758
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: clear
content-length: 23377
x-xss-protection: 0
last-modified: Wed, 10 Nov 2021 19:19:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 11 Nov 2022 03:24:12 GMT

GET
H2 200 omrhp_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20211109/r20110914/elements/html/ Frame 0194 6 KB
3 KB 37ms
37ms Script
text/javascript 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211109/r20110914/elements/html/omrhp_fy2019.js

Requested by

Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

2d0744b54be7eab148245653f8fad2e4a0e8875b886bcacbb2c70741872eda55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 19:19:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 51
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: clear
content-length: 2626
x-xss-protection: 0
server: cafe
etag: 8548655983161038638
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 26 Nov 2021 19:19:18 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 0194 0
446 B 185ms
85ms Ping
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvrmT8y5ZO_ofDoTrqwzsku4IuVXTMiWIhVk9gxeGWsFvjSi7GnTTVC08GFmZY2ZTFqdkCPEfmDMcGA5wAgQRQt_IeGbsqGEY6b3OR792oI3sL3Lc9ODIqkK5if9vongNoR_jSv2BAuX9JY31EsF964rTB8wxNUxuqwAo2yR_u4RSMqik6t01FA2mRA0Sg4XEIggoAoIbVNrg7M7OxPHFzl1pqJIVlafRYS0XiZ4jhUH9xLMyHNViw3xRD6Cq8dEC5aKWCCJb8mNkgSrX-hFGhOQvgqZtFV39GWyB5F0vfHfY43FoygLmrVWH3KnwfhzvgBksnbKe2cuUPbn3vCC3BjXTYuoGShqQZ2oetHQxI49mVALF5NmH7G6V9iDMDepjO5T9PPRPO4ZAjg06siOGYq3sfJw3qiqG6oh-XuqClQhJ0ahoRjh1hVTSmnA56VsxoT0uDo9bYnb1DhgyO0u1OiqApnj9BM4Ymfkkbtk23E3vIyNyFlR_zSCo8N57KFkEsjt0r9MoSdAve-SLZxxrlMJskVSuSWrzFIjujVvW7ctDMt6gKOedgP0HOGK8_-tD5nUR6QS9d2vVdpSXPX9_i7yP9s3P4OxdWU5WpTuvlGqS5boCGmrDYOaOyW2KI4-JHVetMUl3Y-f3iSNMGoyUmod38TuuInH4Ptx_zogAWZvSa_DPMZnnVBFzSNPkTk6k26BXKiiE0iQcDbVgf1Dc6VzgIGVOHrCbWVLJOu1gc0Qn_Fo4FqL4Z7O8uJbCJ35ykYAmLlZsFR2O8Ugz1CrHIPIVc_6XFEfTAdaguKtgovFi5dH1ygL249sk4fiqt3TR-1WUTQ-D0jj8NdQL4DJvZzq9DkJLQVZWwkWAopGyJfW-I5N8nVTk1VJZFr_VeJIZvCxt3E3D8AWSnAg_ZwN-H_vkZUF_KvHAbqxzl2VCqDLTob4fMZ9JR1Sru6l35VBSSKitby8roLZT8seL0eHp6wDMBgBP-V-0gGyrb7OiaC5AGWKFoqj7eA2mtxOZ5lrkIzFQ0IiNedTePVe7mrEx4TUvzVsRPWKl6QftaS-n7caLZPr1CuN-SeQnrydJSLsr4mJ4G7QW-iL0AIv7pI_FpmciCaFAMbTdzclr8GU-D7ugeb7X-l1i3LXfz-_OUe4N8-4VTT29wpLiH7-MhGU6x_8EmJO2iMVg47b0dlOw&sai=AMfl-YR0iKqBxULFF14G9GAZfkeoogcK7XVn6fR2dEAqFzFD66l3jMGIE2FTirjUX_UF2_jlrooaPPmk0pg0v2VCj_0XKbWlnmfcSPAHr0cuUiOIJQ21wqvXiyi3ZN5C_loBDEn3Zklkt6VyO7_OncZHgo1k7FvcheLQDHFiY0nsiWG7PiXdwL6QvBOhTNZknCrLOW6KUmxKsDlAyLG87LOvwlfowGj7uRj-A13NF3hPwEGnAnq_hPlTRGrktlbU1kt2g8olirmhIaB2NmtyAV-UmTSKYRbJ15UmJlLjHTo-EOqDKMkPrddynSL-CfHbimIEmNM8ZwMX-FAYh3MZmUWYtA1lgLPDzv8y2mg_nvqcqnPAxdRvNwXd28JutrEUktAIES4YWMXC7hiwc00&sig=Cg0ArKJSzCw_fAEPV_qbEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=0&cbvp=1&cstd=0&cisv=r20211109.03835&adurl=

Requested by

Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Fri, 12 Nov 2021 19:20:09 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: clear
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 0194 41 KB
15 KB 39ms
39ms Script
text/javascript 142.250.186.33
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f1.1e100.net

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 04:17:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 54138
cross-origin-resource-policy: cross-origin
alt-svc: clear
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Sat, 12 Nov 2022 04:17:51 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0194 42 B
110 B 77ms
76ms Image
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BxAZH6iFg0XuzV5LdEj60s1Ldx65Avhkz1qvOD_TKb3eyibUaw_QxVjCwQ2ZmfoStDdoLfS1YYP_FFF2jlie3CD17eopEk3sWP2BIjaluVP_cbhao

Requested by

Host: 4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com
URL: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Nov 2021 19:20:09 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: clear
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211109/r20110914/client/ Frame 0194 2 KB
1 KB 48ms
47ms Script
text/javascript 142.250.186.33
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211109/r20110914/client/window_focus_fy2019.js

Requested by

Host: 4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com
URL: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f1.1e100.net

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 19:17:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 169
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: clear
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 26 Nov 2021 19:17:20 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0194 119 KB
36 KB 863ms
862ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com
URL: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

sffe /

Resource Hash

8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 19:20:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: clear
content-length: 37119
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1636547677202025"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 12 Nov 2021 19:20:10 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211109/r20110914/client/ Frame 0194 15 KB
6 KB 48ms
47ms Script
text/javascript 142.250.186.33
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211109/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com
URL: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f1.1e100.net

Software

cafe /

Resource Hash

ceca169c7b3aeb44dcdcbfd35d8fd24a85bc9a48b89ced5db336d54e16635a82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 19:20:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: clear
content-length: 6461
x-xss-protection: 0
server: cafe
etag: 16025856826866802794
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 26 Nov 2021 19:20:01 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 0194 0
0 881ms
358ms Image
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRumtqH8c-lAVwDZzZNTX3Nq6piqOSETCfvofDIAn4QXPsA8snx2fCCIgU8Et_Q98puQhIis-aBiKiXg5riC4ninla3lw
Requested by: Host: 4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com
URL: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

GET
H2 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 94D8 22 KB
8 KB 39ms
38ms Document
text/html 142.250.186.33
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f1.1e100.net

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Wed, 10 Nov 2021 14:17:34 GMT
expires: Thu, 10 Nov 2022 14:17:34 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 190955
alt-svc: clear

GET
H2 200 lK7Pd7B-H_9yBaI_NSshU4OXimYezFu1HmFuNXULOe8.js Show response
pagead2.googlesyndication.com/bg/ Frame 94D8 35 KB
14 KB 36ms
36ms Script
text/javascript 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/lK7Pd7B-H_9yBaI_NSshU4OXimYezFu1HmFuNXULOe8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

sffe /

Resource Hash

94aecf77b07e1fff7205a23f352b215383978a661ecc5bb51e616e35750b39ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 09 Nov 2021 20:20:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 255575
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: clear
content-length: 13508
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 11:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 09 Nov 2022 20:20:34 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 94D8 0
56 B 71ms
71ms Image
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bpt1xab6OYbvVEsnrgAf2kLTIAgAAAAA4AeAEAg&bg=!3d6l3prNAAZQLpa_UC47ACkAdvg8WtkdqsjmLUJIJUbFypbN5B8R8gwMJUEaRYRh8NAWIOJdwdnboAIAAABVUgAAAAhoAQeZAxCGz4EQtqoY2ZNK29UMi-HoSZdzcHtzinxaA73vPWW9vngIdjlnzSxszzNDcEETEkWS1sHm6ULjtwj89RY4hxfWY7IlQ5emE1rEBmd_w0OSI7NLnx-8FwsZ2JsIdXTKuF3IEWcBiLG2mglZX1CMGV48F-eSWUl0EHToWabcJy9FTBeM7NgWZeoDJrYT3oBXjqUO3A1Uhg20p8V8dISWtkRCS_hGVMd0hjKsYrgn5NcZ9d-2Tme8MfZlLT8V8bFVL8htB0eGgjQQwgRyYpMv-8VBIh914asl4IBhoVEknDpz59ASI2duhE9ANb9pqDPaKFDeAEe1zXMk_eA1sNdIS4Q6tU2EFzQzi6HqGDpN1flX07N2cuVANpmf_8InBHI_kdiMto9QeU6ezg9ZLHezEFkJxS8MdchEtM8EyG2FP9WZphvKfG61J1uUAOLVOGjWEnfPcc8LXb_6r2wLCWrITipxl4ko13BbnFTKMmRDtVAjy5PIy0HZAPi5j5zkf7F5SjVU2fOapVdwFpNqIPhGyfnmN4y6NMWyGh4KJidN60DXdXRjze9k850PIXUD9KlCdpA0kHY8bKwHQJ3LN6I_jZ3__RXX9bOw1h5E2WETW5QNT9B_Y5nwWex3a4smuYvpWvuECk_qRlTGNOdQw7N3wmKXxpLSPhH6aKuJUdSqVOm5PE_7UCkAeQ_uG3oQnEeu-WTrd9oz0Kp4ZgelYCwAKtHnpyXHh3tiFgF2ykL0NbbMt51zaBPK0QMHL4sUlzuD3ebDfKQtQJ9BPjTh6XDKFQM-axyvOngvl6OPLsE0gSeP47eeM4KPh-Hu7POkOuVfNi7F01pa3cQs-bXlc6KkMP0A7ZWg1FOfdoBXBDOUG4BtYthH-zncTdgWqKkOyMEiqHvYCYr3LHtBnBg9kIXtHfgIDd06_jrZG4wAyiw8tSZGOqAL42Y5xk9d28s_OfUmQUt4gw8DdCLKNqrCx6Ok498P69Bv5Fm7I0NjFGn2LakPYix-kJnCLf2Ri7UUqdLwNAHxC_DbPFafgGFYk_2sG13K

Requested by

Host: 4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com
URL: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Nov 2021 19:20:09 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: clear
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 8EB1
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
146 B

95ms
95ms

Document
text/html

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: 4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com
URL: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Fri, 12 Nov 2021 19:20:10 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: clear
expires: Fri, 12 Nov 2021 19:20:10 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Fri, 12 Nov 2021 19:20:10 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: clear

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 8C9F
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJNOtECn8mtR3c-HjMQa6LQ&google_cver=1

43 B
894 B

14ms
13ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJNOtECn8mtR3c-HjMQa6LQ&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO-t7QIQhsvvAhj3g9W6ATAB&v=APEucNUlT1FjkTEgQDuuDPfY6tPoFnm33mDMCaqnbYsRnGmPLUU81hA1RqP2-0-CNedX8le0c7iQxTDAsz9EfM8jJeSoD2-axTW-6zOdUohvi-buTEV143AADRee5ji5ljYk3J2OUPYCnzmQxSnHFbrNeOclG6IiMtwIjeLyiwvJsHng8ayPfwY
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 12 Nov 2021 19:20:10 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 12 Nov 2021 19:20:10 GMT

Redirect headers

pragma: no-cache
date: Fri, 12 Nov 2021 19:20:10 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJNOtECn8mtR3c-HjMQa6LQ&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: clear
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 8C9F
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YY6.apoc4TO.69DfqLGPWgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJNOtECn8mtR3c-HjMQa6LQ&google_cver=1&google_hm=2

43 B
894 B

14ms
13ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJNOtECn8mtR3c-HjMQa6LQ&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO-t7QIQhsvvAhj3g9W6ATAB&v=APEucNUlT1FjkTEgQDuuDPfY6tPoFnm33mDMCaqnbYsRnGmPLUU81hA1RqP2-0-CNedX8le0c7iQxTDAsz9EfM8jJeSoD2-axTW-6zOdUohvi-buTEV143AADRee5ji5ljYk3J2OUPYCnzmQxSnHFbrNeOclG6IiMtwIjeLyiwvJsHng8ayPfwY
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 12 Nov 2021 19:20:10 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 12 Nov 2021 19:20:10 GMT

Redirect headers

pragma: no-cache
date: Fri, 12 Nov 2021 19:20:10 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJNOtECn8mtR3c-HjMQa6LQ&google_cver=1&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: clear
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 8C9F
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEG_trDdjqlKpBYtk-Ho2QtU&google_cver=1

43 B
1008 B

15ms
15ms

Image
image/gif

37.252.172.38
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEG_trDdjqlKpBYtk-Ho2QtU&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CO-t7QIQhsvvAhj3g9W6ATAB&v=APEucNUlT1FjkTEgQDuuDPfY6tPoFnm33mDMCaqnbYsRnGmPLUU81hA1RqP2-0-CNedX8le0c7iQxTDAsz9EfM8jJeSoD2-axTW-6zOdUohvi-buTEV143AADRee5ji5ljYk3J2OUPYCnzmQxSnHFbrNeOclG6IiMtwIjeLyiwvJsHng8ayPfwY

Protocol

HTTP/1.1

Server

37.252.172.38 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 12 Nov 2021 19:20:10 GMT
X-Proxy-Origin: 185.213.155.164; 185.213.155.164; 690.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 2c22eb29-1f2b-4def-9da7-26e560747a3b
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 12 Nov 2021 19:20:10 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEG_trDdjqlKpBYtk-Ho2QtU&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: clear
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 8C9F
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTM4MjAzNzg4MjE2OTc1Mjk5NQ%3D%3D

170 B
243 B

84ms
50ms

Image
image/png

216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTM4MjAzNzg4MjE2OTc1Mjk5NQ%3D%3D

Requested by

Protocol

Server

216.58.212.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Nov 2021 19:20:10 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: clear
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 12 Nov 2021 19:20:10 GMT
X-Proxy-Origin: 185.213.155.164; 185.213.155.164; 690.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: fe4c7d38-f53b-44a8-9a47-7b0f41f8a6b3
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTM4MjAzNzg4MjE2OTc1Mjk5NQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 9167 0
0 76ms
75ms Fetch
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst6yHGmakGwq-k4CGTSZV9p9cR_4IWOFkYMiyyGoUIX0kZWP54srNOi65_SMGScakuvbZeDYrcZ-P5FVHQXLYNSxHyKD4Y302qjPB7G8NkPlAZFMhS0jVQM_9E969NMOVC7ZPcjvTHThvPyqiBtSPcqUlMwZegC__iUjMpwn2OrLuYeZEdcaRfICr8oWiVIjT6cnBlnhwNILSGk4N6u2X7BbRZzzoA0mbUGa9KgzmL6Yvn-4FPdL6UHfXtPrWzzXsKs8WuoyTmBkEqb6KGMjMeOyZf37p3mz-pvAuJOwMBccG6GBU54mhZg6sSgwQ2WM-ZfN-PuTRIARoECgZu8v104JELgUug&sai=AMfl-YSDbfwYlf0ZTYeqtNAMSVYVlS--mQJfms4nrP7EsxWW5KueS9NA4OkOo93_JYtyVlFt5vmMrzp9P1UNldlNBq6Z3JZ99aeCMr3dpPxV3qVNyUmv85wKnJCmkx3jSBs&sig=Cg0ArKJSzNBIMklv_3ylEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 12 Nov 2021 19:20:10 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: clear
content-length: 0
x-xss-protection: 0
server: cafe
expires: Fri, 12 Nov 2021 19:20:10 GMT

GET
DATA 200
OK truncated
/ Frame 9167 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 062b3dcaa271c66cc428968a6fb0ff011b597e1e753b66732beb978d3c07a605

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 9167 12 KB
9 KB 475ms
91ms XHR
application/json 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20211109&st=env

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

5cc06ec48832d5f0ab39745a718d5ee753011b300a33190eaff1877a70d4b7f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 12 Nov 2021 19:20:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: clear
content-length: 9180
x-xss-protection: 0

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame F44E 0
0 79ms
79ms Fetch
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstdNstf9_YWUsmkPB0CfocuKjq8UwYgJsR96LsqHRjkpqkPr1ORxYjeiKzbkwTS17zsmyGNRljhmkSpNzC-m_HP6my5YQ9q07Xpco0gy48rUidyWNR9bG-nIxp5VKtBJDOPbIYOH13i4f4UN_mQkX9D7C1nokUWSlVizQbtdrtCASxRhkvF22hAOdq4dCHe4ol09Q_m7hvGPTpEWhEuHyULoRkM3mq4AJfLhWw4I5AiVM4Hi4rbftnp5THcKWe0zoplcGzJNCiTzH8SPOg06ryKf7GQhDM9PGVeYGSjiajvawh-oTiFsDKZ5s3kboaPQ1L_p8g03_ktcPkLt8RVR6xfBQMb&sai=AMfl-YQJybbWLPBDwLQbplgARjGUYePstGRIPf5SiDXwJee82ETHJ7fOd5j9Ax118ysBDpvOpQIgl9VktqClsHUOQ8pouRtSL0GlSYLyMjmV7Tm9LcbzSDFeY3wspxHO4w0&sig=Cg0ArKJSzFbNrKX1JukwEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 12 Nov 2021 19:20:10 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: clear
content-length: 0
x-xss-protection: 0
server: cafe
expires: Fri, 12 Nov 2021 19:20:10 GMT

GET
DATA 200
OK truncated
/ Frame F44E 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 68d0bee7cf7054b7f1fbbafe0cae007659e181c35160097823f10bc50514394b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame F44E 12 KB
9 KB 422ms
52ms XHR
application/json 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20211109&st=env

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

051b0f9ed9de0a21e8b479bddc7715a668cc81f17641782456fac2d59b1fef17

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 12 Nov 2021 19:20:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: clear
content-length: 9052
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame C010 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 76ba4e179e6af70330a56f849270683a9f0daf2d004c0c290de9033d1301c490

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 view
securepubads.g.doubleclick.net/pcs/ Frame 045D 0
0 72ms
72ms Fetch
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss1uli2ddd-5wJ5oA1Ol0G0FBj9pZ-x8m7W_-OpQ3iaKeLZ93DQDh_Fqc86XqEuPwb7ErQZmmUPe1QdVVqBSu2mgxIV0ArJoMA5CHhhlHQUAj-dmtrg0hVPRw95k52XFxkBDIwQEWqA1lOeQvdqpLrP4kzgXscoG5g7bSd_Yfuk_BanF5-9UUlKBztYsIBBPk_r52REeU9Qr8kO5s0G945JNvKXsVKaFuhQJBEgyQ7_mIit-4ZaN6bSIqXmKsF8AaLW1xpOIBJM8PWQIyHQVRrrPNvJJ91rBTg9v0UmwdlBZRuoKQO6GZHp8h-yyZs0pPpu9aj9ieNjqW4hXZIzNLNklWvo13qrGycVCRI&sai=AMfl-YTLdASBQ8XrML21Egbc3-27hFdOawsGIdlhARoTxvC3xLkXF_CEFiPl4g-jHVTzhS8Ug7TQE1jP8yOEVYHEk_C_oB4_CoV1PFh7XGCWxnf_wcL9Za7Huf7ZL_Dqpfw&sig=Cg0ArKJSzGeamyV6mVVxEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 12 Nov 2021 19:20:10 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: clear
content-length: 0
x-xss-protection: 0
server: cafe
expires: Fri, 12 Nov 2021 19:20:10 GMT

GET
DATA 200
OK truncated
/ Frame 045D 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f90e12aaf40fa94486f40767c896675e1a738a4b60dae8a0b7e6c17520c55074

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 045D 12 KB
9 KB 397ms
61ms XHR
application/json 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20211109&st=env

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

349fdcb88fd641415204e1908c66a60a5ce3a54479a7dadda20e8881c6a1e00f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 12 Nov 2021 19:20:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: clear
content-length: 9358
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 0194 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: edef74c550350e7edb4e115499a23d49fbc120e7d41e6b9f311147085de7b1d5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame F44E 17 KB
6 KB 49ms
48ms Script
text/javascript 142.250.186.33
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f1.1e100.net

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 19:20:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: clear
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Fri, 12 Nov 2021 19:20:11 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 045D 17 KB
6 KB 55ms
54ms Script
text/javascript 142.250.186.33
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f1.1e100.net

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 19:20:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: clear
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Fri, 12 Nov 2021 19:20:11 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 9167 17 KB
6 KB 61ms
61ms Script
text/javascript 142.250.186.33
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f1.1e100.net

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Fri, 12 Nov 2021 19:20:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: clear
content-length: 6467
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Fri, 12 Nov 2021 19:20:11 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 2714 12 KB
5 KB 40ms
39ms Document
text/html 142.250.186.33
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f1.1e100.net

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Fri, 12 Nov 2021 18:50:52 GMT
expires: Sat, 12 Nov 2022 18:50:52 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 1759
alt-svc: clear

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 3A0B 783 B
968 B 905ms
905ms Document
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

58a4de4236230e456099adac68d181d403a4a94f8a198b4f3568128e34405e4d

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-STG8ibpDZdF+sYWnsoMFSw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Fri, 12 Nov 2021 19:20:11 GMT
date: Fri, 12 Nov 2021 19:20:11 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-STG8ibpDZdF+sYWnsoMFSw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 511
server: GSE
alt-svc: clear

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 21FB 12 KB
5 KB 39ms
39ms Document
text/html 142.250.186.33
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f1.1e100.net

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Fri, 12 Nov 2021 18:50:52 GMT
expires: Sat, 12 Nov 2022 18:50:52 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 1759
alt-svc: clear

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 3BFE 783 B
745 B 4529ms
4529ms Document
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

606aac527c2fad807f6aaa434ec55830839cc4a007d1412e50fd70d6944f99fb

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-P0jB2BFfJU+Wzaq2+Ya59Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Fri, 12 Nov 2021 19:20:11 GMT
date: Fri, 12 Nov 2021 19:20:11 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-P0jB2BFfJU+Wzaq2+Ya59Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 515
server: GSE
alt-svc: clear

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame 9492 12 KB
5 KB 39ms
38ms Document
text/html 142.250.186.33
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f1.1e100.net

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5029
date: Fri, 12 Nov 2021 18:50:52 GMT
expires: Sat, 12 Nov 2022 18:50:52 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 1759
alt-svc: clear

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 0BF7 783 B
743 B 4791ms
4791ms Document
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

735719f0593a3eb2ac0c147032adfb9bcf9ec285514c2747ff89ed7d0d7b6620

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-VjSeJSOkBBCXIGL4ZSi4Fw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Fri, 12 Nov 2021 19:20:11 GMT
date: Fri, 12 Nov 2021 19:20:11 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-VjSeJSOkBBCXIGL4ZSi4Fw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: clear

GET
H2 200 lK7Pd7B-H_9yBaI_NSshU4OXimYezFu1HmFuNXULOe8.js Show response
pagead2.googlesyndication.com/bg/ Frame 2714 35 KB
13 KB 36ms
36ms Script
text/javascript 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/lK7Pd7B-H_9yBaI_NSshU4OXimYezFu1HmFuNXULOe8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

sffe /

Resource Hash

94aecf77b07e1fff7205a23f352b215383978a661ecc5bb51e616e35750b39ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 09 Nov 2021 20:20:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 255577
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: clear
content-length: 13508
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 11:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 09 Nov 2022 20:20:34 GMT

GET
H2 200 lK7Pd7B-H_9yBaI_NSshU4OXimYezFu1HmFuNXULOe8.js Show response
pagead2.googlesyndication.com/bg/ Frame 21FB 35 KB
13 KB 36ms
36ms Script
text/javascript 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/lK7Pd7B-H_9yBaI_NSshU4OXimYezFu1HmFuNXULOe8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

sffe /

Resource Hash

94aecf77b07e1fff7205a23f352b215383978a661ecc5bb51e616e35750b39ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 09 Nov 2021 20:20:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 255577
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: clear
content-length: 13508
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 11:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 09 Nov 2022 20:20:34 GMT

GET
H2 200 lK7Pd7B-H_9yBaI_NSshU4OXimYezFu1HmFuNXULOe8.js Show response
pagead2.googlesyndication.com/bg/ Frame 9492 35 KB
13 KB 37ms
36ms Script
text/javascript 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/lK7Pd7B-H_9yBaI_NSshU4OXimYezFu1HmFuNXULOe8.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

sffe /

Resource Hash

94aecf77b07e1fff7205a23f352b215383978a661ecc5bb51e616e35750b39ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date: Tue, 09 Nov 2021 20:20:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 255577
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: clear
content-length: 13508
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 11:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 09 Nov 2022 20:20:34 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F44E 0
56 B 79ms
79ms Image
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gda_r20211109&jk=2840323797180521&bg=!Li2lLWnNAAZQLpa_UC47ACkAdvg8WgW7gcSB0yZpSHvHkjOrVWb4eWIh_aVCp85eKLYcda14EdJRmAIAAACeUgAAABFoAQeZAwrmpouRbgVy_8sSvEN8zY3l8D91okfJElqprRMSGZoNnOlGuKVFLiokgzTzyzrIeM96643z4qWG3OKb1HeWJ7wxbrlL0YGom6ak_pN4vW4ap2jpG5FX91mKVkxAN80Filwe94my_LYbJmOgf_hTfSGvrC-0_Bt2nvT-tBEZSB2oPZoTrqJwGtivxosPdoobU7eIE1AAciLuMzofoH22hnH8G7wy1NfdAOxcnu5DUrbXOb7qhsxXwAtBOcwfbOokvqsLqYw260cTzcVbsdTkOZ2Wl8VtvmHNyzkVPhslc-IVZy5P2mgTzqyFHR2lWwEIT8kw1SXlMUMWg80r7hdmrfgswhhpd61APc0bU8wP4L5HYLBDU29PF0xv9-sQlDNx5ZdfkiGWIp8Z4sNsRjEzYyZrZKpu_32lFSgslMUHPQ6itUU0kjsVzuTQql40rZnmr3qsr_WWlE48k7iZciH9mXwTri192PojU_-7lH76G-Uq0YAKiXrtZdMqfOHIldlDSkZrGTHn4wVKAKo3rqOUgqOdrACxOS3jF7T6F-gp1gTWlDNS5WIsfw9YolM4hgeADbepn4vnqADArODJbxtC_QTedtdBKErnclxNDCesM1yJjZl1pRsbQLLMI2wC4IcL7aWB7FvMhm2I0SQDEc8Dt5aj6CE-J_yCwowS_PakQeG2TvGpBBHCuMoFFn1ReFG7nglz8gvTrLYEEkcPCRiZrORW-CiovdGZSaAXXh_P1EEsH7tMbunoGZSaUR7QxmMOj0jHIahy9AbBEALb_NDVNnA0iLIOSTqxUVRCFnVOg_koy4z_X4p_GzdHCBfYXCGwiZ99tPKFBG6K6Qo0gmX2YCiM6hswetu3aR0G5gtb2uj2yzJ5FlnfX-NV5xyb8heRXIfEhKqNhsdg8VsIzsSzl0vxiaVgd79rvcAfNJmVUK-J8DTp3lTIV-4SFlvs6oSIa0CfpoakzRa-iC83Pk-a5vGesr6IXvt2Vi45RUTY43NNRrJKK59E5ywoJvipWmkQwNi5L7YTDSVl7R2E

Requested by

Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Nov 2021 19:20:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: clear
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 045D 0
56 B 77ms
77ms Image
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gda_r20211109&jk=1487082189739998&bg=!ammlaS3NAAZQLpa_UC47ACkAdvg8Wr2KIIi14WbxIB5swRvLDmUBXiLKLco1Lq2ZP1lkg0MCGgSx8QIAAACEUgAAABBoAQeZAzLlwdI_Js7dy_UO9uf2IQQVDG0cdyoHRFZ8xmWobxGERfaTBt0raWu0kpU9W3LdPSAeRh9OUnR9r-fM_d4q2hl5ZskevVgLHcDJSUQOhrSpTcplA3D7UnUBlwEsQnoAlefoHR6okR2ZZOQ2fPrsDElawuWU4LpsNogCLUZ1D8572l4PLdu0WAPLqb6571L55wJOkGe7qpCV7f1L1v0l8HozLr69Vi-PAgLK4pYILQfmhCa_FwkSo1vz7sZDclPsU0jAgZyafYyGE8lOWnSYhuKNsLdqz8J5kA_iekslbj16SdKNfolGMl_XDL6YDI4llcD6bM-0xt-h4esNNCk4nrWoYC-UKhhRSQoNsgDoO0F5EgpUvcxOLJfESRAvz3CmH986XPL-o-o7-Lks8JDd0uwaC1kXXSa18nf6zcgxrv8sMm-7Wsgorew1l5-yh33_qN8giYO0x5-4rGOqabGHW0nFeiVUY7v2HJYqKAqVhOy4s1tiLa2as0vU6sTDy3CA6AwWp_ZRNlj_T4sxgVAOugz-mdF-8YXJpLHN534Snr2khq8JSVaSSOcvU4q2uZPLtS3ccXP0mh5O5eMXJZCsDsChVc8vs-nJeALcqIQTJXH_Gihbkr9-Q8KdND8bDBooxOW8tjcU6IGiFAtUuNBbQsDxyDL40c3aZGRT83IXReJyq-KRkJdLp-WKjRfo6tsJarPoltHtm3ceL9z2EusyGefZHXsESXnGUMg1OjwIqxqgg1nGwjkTBXktXR-acKV8YwLb8xTTgBehVfqa1IC4f5D4wHIkNZ-RTgKeEV-xkNe05d8INmarMNZ3FnMVO3_R1hw4tiWvoLn6ic_hZVieeIa18hRx3JTSsBm25ufjWTn-62uXktglevEUQvJ7MhTQIFcMUZxz3Y-9L8TObBZoVQVTMH3L7HgKC0suzIblCQ4pY6XI3VQYd8TGasu6EFUXP0C0T01itP02QAGiUHhGZYh544EVA216MJxIPJkXd3v1sjZoPSpah5L_zLHiSCXxpvcBF5CPxGZ2Vte6j95g7a7ShBmLS9qNOVZ4xYoPPksLrkAqlaLY73x8Fi4ac_nzakIkOQ

Requested by

Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Nov 2021 19:20:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: clear
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9167 0
56 B 79ms
79ms Image
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gda_r20211109&jk=3368660646053794&bg=!U1ClUBTNAAZQLpa_UC47ACkAdvg8WlBVcs1LYC_AOLly8ZcCl5QeQXHo18w0n9hMnbxKZ720StvWJgIAAACIUgAAAAZoAQcKABsoyqpSPrrfaofdp3dgElz6hghotmJGtFYQw82ZAwTvjYeQ-DFI4sqXqkgpxHgFH2VOCjFVe1rbNLj3j3yOfRiJIb_he9VDzz2P6luuFH4Ig_3g1u_gGLI2BLYT15oHMutXghqngZTJzQuyVJObYFfoKy6CPamNN-skSb-PbJWZ2MJf03lWUUfwzHNMJ2LeE-EPwyfKTuvpg1B-08IRDnIyNERfE45WnWN7mSdz7dqeEUpr8-qIKr0ykk1wEm1Mb7ZjdsJ9DVhBNyHb8JDT3f1Dw1ntSCYK8qPYws5DqvXT3jwMB3nbptQhlL3m14AOp9H1BWEtWIESBxHYIBSAuwV-R82m5tSQI_xp10RiJad5O01fahB374t8K0ux5M60qdNTHpabR0WUo0CrhLrC4NphhjmSCwdwFHoPK9J4yaTV5dPF9r3C9UU0wzLVrfHBXRK-5y7cPJ64jsefQOkp0mPC8jqRtqsS8hdvv9wXciRNV649F6IQQtAVkl0W1Kl7fRXDz1BDjLfng7g-TxBp1FJ8pAuP60OSGOoPFFel5ZQ955dXsgenVTrN-U5PUlojzxty10c4po7HOi9J53eYfTOf796vs_fyxpHYDTz_-zjKfyMTUjy2HqlHZyrQhBGLbZouC-fgDX8av1ytH5Oam0tOV_WXpUovCsS2oyMlreJDFOiRtrsBL3SGY7JDa1n_zL-rFLuGlzlfSVGrcLaa1HP0-_8fIsKPatgMiOntNzMi2cDe1YIBUaTvAIoWtuHPoX1pmb7_YtE0fvHSDdz4DVyWDK-iiZZyEBs7PM6Z9ov2ZJpQfwp3rcl2bm8lqc90DhdJq-LcpArOUOXzcFIMdmg3apegGsHVovijgHxdsWFIrjjf-cZAMaD7KsNVhWN_GOhWsG1B9Lv1PL4uoaxz0cR430LRZ0v2okx_Bg1HritDejhS1izY8m27eQTUrkWNH2_EKGi1KY7lBo3HSE6kxj54ICM5xcpnKNjmYOVp2-2wpjKkJMhIbt7S4G_da9usjp-vFJnWEIPfju7anR5U8ilThv7h1vgxHsaa10FmvAR8MRpF

Requested by

Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Nov 2021 19:20:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: clear
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 9167 42 B
174 B 75ms
75ms Fetch
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssITQwl9qhNMNdbnEGdUS5vvSvJX5IsUDEpBAG_HL57ImdbDD_Z8V37kepXMPimObf0VP4wcPClbzEorLHcfM9RfHYFhLt9UlRhkDH6VP5AD12Qu-Am&sig=Cg0ArKJSzE2xgIZCQtHdEAE&id=lidar2&mcvt=1000&p=412,970,1012,1270&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20211110&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=19&adk=3818390279&rs=4&la=0&cr=0&vs=4&r=v&rst=1636744809087&rpt=1479&isd=0&lsd=0&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Nov 2021 19:20:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: clear
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame F44E 42 B
108 B 77ms
77ms Fetch
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvSwn2Au6bwnvlBJvDX1316sfHQkmCgKrnr5Htuda1UQ6D1fRfsaGrbYN5-9u46AwyHsVYnBRDfYEIs636KxvhOmw-mj7Rx0t2QhfvVK7tXBS7NzgVz&sig=Cg0ArKJSzNYBM8F-6Qi3EAE&id=lidar2&mcvt=1000&p=28,436,118,1164&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20211110&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=19&adk=1579513112&rs=4&la=0&cr=0&vs=4&r=v&rst=1636744808534&rpt=2047&isd=0&lsd=0&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Nov 2021 19:20:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: clear
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 0194 0
60 B 78ms
78ms Ping
image/gif 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Fri, 12 Nov 2021 19:20:11 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: clear
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 3A0B 0
0 109ms
109ms Image
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gda_r20211109&jk=2840323797180521&rc=
Requested by: Host: www.google.com
URL: https://www.google.com/recaptcha/api2/aframe
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s51-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

GET
H2 200 CTA.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4289431202364580801/images/ Frame 3747 1 KB
1 KB 38ms
37ms Image
image/png 142.250.186.33
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4289431202364580801/images/CTA.png

Requested by

Host: 4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com
URL: https://4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f1.1e100.net

Software

sffe /

Resource Hash

2c2744fe747215e6a27c0eddb2b548eba36d35c5baa0a8b856ccf56a5c31d2ec

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 52416
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: clear
content-length: 1183
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 14:10:37 GMT
server: sffe
date: Fri, 12 Nov 2021 04:46:38 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 12 Nov 2022 04:46:38 GMT

GET
H2 200 CTA_blanc.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4289431202364580801/images/ Frame 3747 1 KB
1 KB 40ms
40ms Image
image/png 142.250.186.33
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4289431202364580801/images/CTA_blanc.png

Requested by

Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f1.1e100.net

Software

sffe /

Resource Hash

2eebf35211143c8364122917c63490e1f22a4ca895a8e50e1f3ab840943cbcec

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 105005
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: clear
content-length: 1183
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 14:10:37 GMT
server: sffe
date: Thu, 11 Nov 2021 14:10:09 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 11 Nov 2022 14:10:09 GMT

GET
H2 200 keyart.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4289431202364580801/images/ Frame 3747 26 KB
26 KB 38ms
38ms Image
image/jpeg 142.250.186.33
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4289431202364580801/images/keyart.jpg

Requested by

Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f1.1e100.net

Software

sffe /

Resource Hash

96df509716909d34da46ba6cb3070b1c2728ab80696b33c5b3b8e1de5c39aab9

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 452569
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: clear
content-length: 26327
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 14:10:37 GMT
server: sffe
date: Sun, 07 Nov 2021 13:37:25 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 07 Nov 2022 13:37:25 GMT

GET
H2 200 logo1.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4289431202364580801/images/ Frame 3747 1 KB
1 KB 39ms
39ms Image
image/png 142.250.186.33
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4289431202364580801/images/logo1.png

Requested by

Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f1.1e100.net

Software

sffe /

Resource Hash

93145f73267d49fb0755c373ac2ce47a9e39866da0bf529443810b769d8d6b68

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 333653
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: clear
content-length: 1121
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 14:10:37 GMT
server: sffe
date: Mon, 08 Nov 2021 22:39:21 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/content-ads-owners
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 08 Nov 2022 22:39:21 GMT

GET
H2 200 logo2.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4289431202364580801/images/ Frame 3747 1 KB
2 KB 37ms
37ms Image
image/png 142.250.186.33
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4289431202364580801/images/logo2.png

Requested by

Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f1.1e100.net

Software

sffe /

Resource Hash

e8a74579fb64e402c0bf5ff5ab4c91a522f812ce8c082588e95e08d21eecc45b

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 452569
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: clear
content-length: 1504
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 14:10:37 GMT
server: sffe
date: Sun, 07 Nov 2021 13:37:25 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 07 Nov 2022 13:37:25 GMT

GET
H2 200 tableau1.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4289431202364580801/images/ Frame 3747 21 KB
21 KB 41ms
41ms Image
image/png 142.250.186.33
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4289431202364580801/images/tableau1.png

Requested by

Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f1.1e100.net

Software

sffe /

Resource Hash

46b665aec587754215aca2c2e84218bef73ed2bb059fed084caef1df300a0008

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 140840
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: clear
content-length: 21091
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 14:10:37 GMT
server: sffe
date: Thu, 11 Nov 2021 04:12:54 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 11 Nov 2022 04:12:54 GMT

GET
H2 200 tableau2.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4289431202364580801/images/ Frame 3747 32 KB
32 KB 41ms
41ms Image
image/png 142.250.186.33
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4289431202364580801/images/tableau2.png

Requested by

Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f1.1e100.net

Software

sffe /

Resource Hash

bc8904cf494c040131cf5c61ed0ee8b3af200a356ea113a3e54a4d7c798159d3

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 62405
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: clear
content-length: 32960
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 14:10:37 GMT
server: sffe
date: Fri, 12 Nov 2021 02:00:10 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 12 Nov 2022 02:00:10 GMT

GET
H2 200 tableau3.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4289431202364580801/images/ Frame 3747 13 KB
13 KB 40ms
39ms Image
image/png 142.250.186.33
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4289431202364580801/images/tableau3.png

Requested by

Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f1.1e100.net

Software

sffe /

Resource Hash

1aeceef378724433f1a66549d593a39a79cf997c78cbde925187be550d58ee68

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 140841
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: clear
content-length: 13398
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 14:10:37 GMT
server: sffe
date: Thu, 11 Nov 2021 04:12:54 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 11 Nov 2022 04:12:54 GMT

GET
H2 200 tableau4.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4289431202364580801/images/ Frame 3747 23 KB
23 KB 39ms
39ms Image
image/png 142.250.186.33
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4289431202364580801/images/tableau4.png

Requested by

Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f1.1e100.net

Software

sffe /

Resource Hash

c80da8eb6e9150d66697643e8d59db022fd32060461f75d428bf63687c5b38de

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 333654
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: clear
content-length: 23527
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 14:10:37 GMT
server: sffe
date: Mon, 08 Nov 2021 22:39:21 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 08 Nov 2022 22:39:21 GMT

GET
H2 200 txt1_1.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4289431202364580801/images/ Frame 3747 476 B
584 B 37ms
37ms Image
image/png 142.250.186.33
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4289431202364580801/images/txt1_1.png

Requested by

Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f1.1e100.net

Software

sffe /

Resource Hash

7dd6350825500b6c6cd37e595e90cfbde94471edb412b60765d86b1e238aa6c8

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 52641
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: clear
content-length: 476
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 14:10:37 GMT
server: sffe
date: Fri, 12 Nov 2021 04:42:54 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 12 Nov 2022 04:42:54 GMT

GET
H2 200 txt1_2.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4289431202364580801/images/ Frame 3747 600 B
707 B 40ms
40ms Image
image/png 142.250.186.33
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4289431202364580801/images/txt1_2.png

Requested by

Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f1.1e100.net

Software

sffe /

Resource Hash

fa42c00f4e7bda83e89b338ec4aa0d511f6c0148264743615cca2477357dd08b

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 62982
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: clear
content-length: 600
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 14:10:37 GMT
server: sffe
date: Fri, 12 Nov 2021 01:50:33 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 12 Nov 2022 01:50:33 GMT

GET
H2 200 txt1_3.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4289431202364580801/images/ Frame 3747 873 B
953 B 39ms
39ms Image
image/png 142.250.186.33
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4289431202364580801/images/txt1_3.png

Requested by

Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f1.1e100.net

Software

sffe /

Resource Hash

65cb276688e651b73730817cf765a5ff0dcf7e6d4bfde56a300049a80bb531dc

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 62982
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: clear
content-length: 873
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 14:10:37 GMT
server: sffe
date: Fri, 12 Nov 2021 01:50:33 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 12 Nov 2022 01:50:33 GMT

GET
H2 200 txt2.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4289431202364580801/images/ Frame 3747 1 KB
1 KB 40ms
39ms Image
image/png 142.250.186.33
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4289431202364580801/images/txt2.png

Requested by

Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f1.1e100.net

Software

sffe /

Resource Hash

7aa0cbcb88af656c2d1c38409d4e76618fdef545d6612cf9689ff688fa7f5525

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 22045
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: clear
content-length: 1216
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 14:10:37 GMT
server: sffe
date: Fri, 12 Nov 2021 13:12:50 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 12 Nov 2022 13:12:50 GMT

GET
H2 200 txt3.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4289431202364580801/images/ Frame 3747 1 KB
1 KB 40ms
39ms Image
image/png 142.250.186.33
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4289431202364580801/images/txt3.png

Requested by

Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f1.1e100.net

Software

sffe /

Resource Hash

572e29bba4425be2b621a357ce43f5388bbc52f4e23ce145cc71a530ccc8ae7a

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 62982
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: clear
content-length: 1273
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 14:10:37 GMT
server: sffe
date: Fri, 12 Nov 2021 01:50:33 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 12 Nov 2022 01:50:33 GMT

GET
H2 200 txt4.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4289431202364580801/images/ Frame 3747 1 KB
1 KB 37ms
37ms Image
image/png 142.250.186.33
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4289431202364580801/images/txt4.png

Requested by

Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f1.1e100.net

Software

sffe /

Resource Hash

ac5b62e1eede76e411958a7768e2b6e18dd5b07968bd8e5eda42e73d81623ed8

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 452570
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: clear
content-length: 1362
x-xss-protection: 0
last-modified: Thu, 19 Aug 2021 14:10:37 GMT
server: sffe
date: Sun, 07 Nov 2021 13:37:25 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 07 Nov 2022 13:37:25 GMT

GET
H2 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 3BFE 0
0 90ms
90ms Image
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gda_r20211109&jk=1487082189739998&rc=
Requested by: Host: www.google.com
URL: https://www.google.com/recaptcha/api2/aframe
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s51-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

GET
H2 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 0BF7 0
0 91ms
90ms Image
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=224&li=gda_r20211109&jk=3368660646053794&rc=
Requested by: Host: www.google.com
URL: https://www.google.com/recaptcha/api2/aframe
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s51-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3747 0
56 B 74ms
74ms Image
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=html5-mon&a0=layout&f0=layout&s0=0&d0=5331.0000&a1=https&f1=layout_html&s1=0&d1=42.0000&i=496557039001&t=419&c=p&lp=%2Fsadbundle%2F%24csp%253Der3%24%2F4289431202364580801%2Findex.html&qqi=CP_IucfFk_QCFQey3godgo8J2A

Requested by

Host: dur-duweb.newscyclecloud.com
URL: http://dur-duweb.newscyclecloud.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Nov 2021 19:20:24 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: clear
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: saxoconnect.bdmedia.com
URL: http://saxoconnect.bdmedia.com/scripts/library/85a7234f100eadc65fe45bbb81414d35.js

Domain
URL: sosescript: getWeatherIcon failed executing with the following error:Error on line 16 position 1: An error occurred in the secure channel support

Domain: i.cotrip.org
URL: http://i.cotrip.org/dimages/ws/camera?imageURL=275

Domain: i.cotrip.org
URL: http://i.cotrip.org/dimages/ws/camera?imageURL=81

Domain: i.cotrip.org
URL: http://i.cotrip.org/dimages/ws/camera?imageURL=158

Domain: ballantinecms.com
URL: http://ballantinecms.com/api/sites/4ctv/widget_slider?show_tag_names=unleashed%2Cbehind-bars%2Cbreaking-point%2Ctrue-west%2Call-things-beer%2Cdurango%2Cfarmington&_=1636744806969

Domain: ballantinecms.com
URL: http://ballantinecms.com/api/sites/4ctv/widget_slider?show_tag_names=unleashed%2Cbehind-bars%2Cbreaking-point%2Ctrue-west%2Call-things-beer%2Cdurango%2Cfarmington&_=1636744806969

Verdicts & Comments Add Verdict or Comment

122 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

19 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
dur-duweb.newscyclecloud.com/	1970-01-20 07:24:15	Name: PBCSPERMUSERID Value: 273810644397333
dur-duweb.newscyclecloud.com/	1969-12-31 23:59:59	Name: PBCSSESSIONID Value: 273810644397333
dur-duweb.newscyclecloud.com/	1969-12-31 23:59:59	Name: ntvSession Value: {}
dur-duweb.newscyclecloud.com/	1969-12-31 23:59:59	Name: rwaSessionData Value: %7B%22refer%22%3A%22http%3A%2F%2Fdur-duweb.newscyclecloud.com%2F%22%2C%22taberU%22%3A%22%22%2C%22taberT%22%3A%22%22%2C%22taberR%22%3A0%2C%22tabU%22%3A%22%22%2C%22tabT%22%3A%22%22%2C%22tabR%22%3A0%2C%22firstU%22%3A%22%22%2C%22firstT%22%3A%22%22%2C%22clickN%22%3A0%2C%22tabS%22%3A1636744806954%2C%22tabE%22%3A0%2C%22tab%22%3A0%7D
.postrelease.com/	1970-01-20 07:24:40	Name: opt_out Value: 1
.newscyclecloud.com/	1970-01-20 16:10:16	Name: _ga Value: GA1.2.1404806910.1636744808
.newscyclecloud.com/	1970-01-19 22:40:31	Name: _gid Value: GA1.2.1821064808.1636744809
.newscyclecloud.com/	1970-01-19 22:39:04	Name: _gat Value: 1
.newscyclecloud.com/	1970-01-19 22:39:04	Name: _gat_bcirollup Value: 1
.doubleclick.net/	1970-01-20 08:00:40	Name: IDE Value: AHWqTUn75CMBrNSzfw4TJJV9sBpfwWdCfkhlrx23MasRZ6TTmZZtCuD8UN29R8QQFqU
.newscyclecloud.com/	1970-01-20 08:00:40	Name: __gads Value: ID=4186fb4abd744e0e-22c9567655cb0017:T=1636744808:S=ALNI_MYIIjPsMnpHnBZlwNqHhfTsbD7TLQ
.adnxs.com/	1970-01-20 00:48:40	Name: uuid2 Value: 5382037882169752995
.casalemedia.com/	1970-01-20 07:24:40	Name: CMID Value: YY6.apoc4TO.69DfqLGPWgAA
.casalemedia.com/	1970-01-20 00:48:40	Name: CMPS Value: 3269
.casalemedia.com/	1970-01-20 00:48:40	Name: CMPRO Value: 1101
.casalemedia.com/	1970-01-19 22:40:31	Name: CMST Value: YY6+amGOvmoA
.casalemedia.com/	1970-01-20 07:24:40	Name: CMRUM3 Value: 2d618ebe6a2760CAESEJNOtECn8mtR3c-HjMQa6LQ
.adnxs.com/	1970-01-20 00:48:40	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E?bpPYW9!]tbPl1M>e)ZlrFUfJ+tGXxoiLvFKs<qkEaKGea)<`ghqc2<=3[8/Kzb9e-XbpRzqF1`bb=<_$/q
.doubleclick.net/	1970-01-19 22:39:08	Name: DSID Value: NO_DATA

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: sosescript: getWeatherIcon failed executing with the following error:Error on line 16 position 1: An error occurred in the secure channel support Message: Failed to load resource: net::ERR_UNKNOWN_URL_SCHEME
network	error	URL: http://saxoconnect.bdmedia.com/scripts/library/85a7234f100eadc65fe45bbb81414d35.js Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: http://static.castfire.com/media/js/html5ify.min.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://static.castfire.com/media/js/html5ify.min.js Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://ballantinecms.com/api/sites/4ctv/widget_slider?show_tag_names=unleashed%2Cbehind-bars%2Cbreaking-point%2Ctrue-west%2Call-things-beer%2Cdurango%2Cfarmington&_=1636744806969 Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: http://calendarapi-cdn.spingo.com/v1/events?auth_token=cc7e11b6282ddae6f711d9e072a94d588916d2d31d92751e503cc2b9b93891d7&limit=25&date=2021-11-12T19:20 Message: Failed to load resource: the server responded with a status of 401 (Unauthorized)
network	error	URL: http://calendarapi-cdn.spingo.com/v1/events/premier?auth_token=cc7e11b6282ddae6f711d9e072a94d588916d2d31d92751e503cc2b9b93891d7 Message: Failed to load resource: the server responded with a status of 401 (Unauthorized)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.


4354e7476162442fd5e98939f97b92c7.safeframe.googlesyndication.com
a.postrelease.com
ads.adaptv.advertising.com
adservice.google.com
adservice.google.de
ajax.googleapis.com
assets.durangoherald.com
ballantinecms.com
calendarapi-cdn.spingo.com
cdn.jsdelivr.net
cloud.siteencore.com
cm.g.doubleclick.net
connect.facebook.net
d16twqtnxc0kgx.cloudfront.net
dsum-sec.casalemedia.com
dur-duweb.newscyclecloud.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
i.cotrip.org
ib.adnxs.com
jadserve.postrelease.com
jwpsrv.com
kenwheeler.github.io
loggingapi.spingo.com
old.durangoherald.com
p.typekit.net
pagead2.googlesyndication.com
platform.twitter.com
redir.adap.tv
s0.2mdn.net
saxoconnect.bdmedia.com
securepubads.g.doubleclick.net
static.castfire.com
stats.g.doubleclick.net
swscene.spingo.com
syndication.twitter.com
tpc.googlesyndication.com
u.heatmap.it
use.typekit.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagservices.com
www.siteencore.com

ballantinecms.com
i.cotrip.org
saxoconnect.bdmedia.com
104.244.42.8
142.250.184.194
142.250.185.162
142.250.185.194
142.250.185.66
142.250.186.33
142.250.186.34
142.250.186.65
142.250.186.98
143.204.93.201
143.204.98.63
143.204.98.75
18.196.20.13
18.214.172.53
18.66.248.54
192.229.221.28
2.18.234.21
216.58.212.162
23.23.104.191
2606:2800:234:59:254c:406:2366:268c
2606:4700::6810:5514
2606:50c0:8002::153
2a00:1450:4001:801::200a
2a00:1450:4001:803::2002
2a00:1450:4001:809::2006
2a00:1450:4001:80e::2003
2a00:1450:4001:80e::200e
2a00:1450:4001:810::2004
2a00:1450:400c:c07::9b
2a02:26f0:6c00:28d::19fd
2a02:26f0:f7::5c7b:e031
2a03:2880:f01c:216:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
3.210.172.4
34.206.9.165
37.252.172.38
46.105.202.39
54.225.138.77
69.39.6.197
92.123.224.73
93.184.221.133
00a57617df99ac957720b7332f9d15449def3ebe11169d68f12c47a3cde5168d
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
0225d5158fcc6d376b5a08195c75510f5a16afb0df5e5c61f6c204b0ff47bcaa
051b0f9ed9de0a21e8b479bddc7715a668cc81f17641782456fac2d59b1fef17
062b3dcaa271c66cc428968a6fb0ff011b597e1e753b66732beb978d3c07a605
0a059015d0940a9582b7c0c4f0324f18572ba1ebd51751b67499de3f3e0db69d
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5
0c092881e4740726752c8d8e8beb471bac8ca0646232f50ab0ae21aa61d2dee3
0fb170f24675c84f8228ad6b61d69bf6705030949cc2fec316b3a006eab282f8
1089e0224995fbc1ccd17dd5e1dc345d795261ef9f65e6450fb18db1fa409458
120ad65e31c55027b6eaf370fbd1c98bb20ca17ce227864063035a69d57bc51b
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1330e3149726142cdf7cb1df2ea22987da67b3bc4de49aa709f03c31612efcda
150d187c489a5d66d4fd7f5f26a9d2ba5ecbf219a69b7ccc20a09c833759d99b
15f1e7673264ad055f7e542d82e7fcb5ff8062de7fd8b8572cf82e496e89c836
168a0c314db489cc1f15b8ca73275650e5e27cf2c8c511aefa7868b4e4099f93
16ab47ba9139686bb9595cc5b5337e14cd50a672e152eb02287b205afb6ec6fe
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1aeceef378724433f1a66549d593a39a79cf997c78cbde925187be550d58ee68
1bde0f44ed637575df9465fc203acba04608a5204d0421e6df02089c0b9cb1a0
1e15f65bcef05f2ea9f54e051da9bf7e6fc9eb00a669905c9ed33f4fd7ba26f7
23522fe51dd2af37245895fed60c86f6ae87f3988bb99062c1f74993d63e507b
2513ee9fa8725dee813f60d6e977bc132e72298136858ccc15cfcafa0744473d
27396778425406184b9c4e2886f41d80222612aae5aee50598911e2d629cf664
290cb5d09439fb608eeeb01483d09a76d15f0056e3ff581a1a3d645f5ce9fb21
2c2744fe747215e6a27c0eddb2b548eba36d35c5baa0a8b856ccf56a5c31d2ec
2d0744b54be7eab148245653f8fad2e4a0e8875b886bcacbb2c70741872eda55
2eebf35211143c8364122917c63490e1f22a4ca895a8e50e1f3ab840943cbcec
3055597f43adef2648996efac659bd63f616b0d1937f6e774ae3ac8fe35fb195
3286ec297eefd523775a6d818e4a640436fe31926f1f302e7478247a1d1c6f36
349fdcb88fd641415204e1908c66a60a5ce3a54479a7dadda20e8881c6a1e00f
34ef55242fc24c94f0790902c09601d228e9074bf7a1f88c4de6a39b40ce38fa
36216a0843be5d085fbf0124ed93e264541b2fcb07ac84f7213e60ec771009a3
368318833e84364ebd710d4eb0313149b90e181626df1928dd8182aab20641f3
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
3e9fb74061133f9dc6c809fb777bdcdc8e02b6812ad5bf39aad5f6c69f1b96dd
3fddf663f988659c1a34f4a73f45eced639a62a55931b2e26fc7cf96d7fdaa22
4189fc9f7998a5e9225c0e82b776e24b7e989410340bb8414f2d769e2ade47fa
46b665aec587754215aca2c2e84218bef73ed2bb059fed084caef1df300a0008
4a12cbd7e716f29a1557c7fb3adf5e9441b51f81f2b368c59f1a84154cf9a9ff
4a83d5ed833020af93cbe1f4240760fede4221f7764eb8f74c9aa06022f08753
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c72da2a624cda680b49f11ed2df9d2c41b3bae5cec1b588c8cf20028d2ee423
4da3a779e79e6432ea996cd1a064704d26fe43421305b7795b87d21d3931a58d
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
52033a45d4b0d8b944c2359a9371d1793a42c0fde1c93010621a91ec5b4091f8
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
572e29bba4425be2b621a357ce43f5388bbc52f4e23ce145cc71a530ccc8ae7a
575c82f23dbb9285df2f62c7c8121c65d89e8137713110a149067d695975215e
58293773b2f2e825420428c333c0c01549db844be011979206c9537cbcf572c7
584a48422f231d9f054a6bac282e662060475e940eedbceec149ab970666b938
58a4de4236230e456099adac68d181d403a4a94f8a198b4f3568128e34405e4d
5cc06ec48832d5f0ab39745a718d5ee753011b300a33190eaff1877a70d4b7f0
5e621780ac394f3839adb9f93d62c36bc51d432e4d8f7bfe7822d2951fdf7c4f
5f1df4bdbc5f5e3a6147cf12543a44499ed93907225f4772bfc449ca8e835021
606aac527c2fad807f6aaa434ec55830839cc4a007d1412e50fd70d6944f99fb
60dafb5d7df7a220c8f389beb0462fe36de129816755574d79d59c77a8fb9bb7
645ac128d6bcc94646670dba3b76a1a8cb57b19dafd8c87db007fd35cfdfde88
65cb276688e651b73730817cf765a5ff0dcf7e6d4bfde56a300049a80bb531dc
68d0bee7cf7054b7f1fbbafe0cae007659e181c35160097823f10bc50514394b
6b413c8600b56e58e81d71a649f7d648b8963f0ed9c23a384b42e53405ee5156
6d7a1c311e234b25bdde3c3563aad9dfdccb7c076dcc37bfc908d31ebe0bb307
6f173fbde897c4b5e403c91d99bfc6d671efea799450ca3b11c0d1bcce2ddfc1
6f314cddfb613bf4c4b72860f7a4b7b0af921d932a8756b0d47d0ec74fbf158f
719875309a034313c742edfa43b78177ba49971a941b961ca9dd360eab569c8e
726906ee6ce6dfe1b6e35ddad151196c50277e31520de30e916e9cd9affc0ef3
72945af625c6f8b1b0b839a0ff5fdc4da7173df87fcbcb53057723ee5e002db2
735719f0593a3eb2ac0c147032adfb9bcf9ec285514c2747ff89ed7d0d7b6620
751dd87c9271b92c100ad8b5f5b0b26063b083e0382a5c1331aa20e8f1d2aac0
76ba4e179e6af70330a56f849270683a9f0daf2d004c0c290de9033d1301c490
777750fd9d46194a2030dfa9a045e3890cbec3a8f38aa5c761b6e3cedfd8c72b
78bd525dc317d47424279fbc7165201537c4bfe4c94c7f7c209a0685b6af281f
79c79d9039382cd34e2e9aa463f85c160d3890c688941fc6837cc2cf81919643
7aa0cbcb88af656c2d1c38409d4e76618fdef545d6612cf9689ff688fa7f5525
7adaf08052c6a6a0f8a0d0055b4f191fd07389fe41c972b69573472b2ecb406a
7d2e278c41892bc6ad6350c95c63a92c2e4da89271c37086e8dd1cb32999de3e
7dd6350825500b6c6cd37e595e90cfbde94471edb412b60765d86b1e238aa6c8
83b0b1e5f4a5f1892a170e90b8ef7d16a154ab192735e813f92a30f553315a06
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8aa335ad864ac08058c857f05f31cc4c1853a014859bd8ebff6d2a54e05813e8
8b523b96faa88c883411b4f3ead7ef7599a612edcdcb30c00135ecb5bea98ade
8b710ba46e924edf33e14b0d9939b9bd2bea8b867b69ebf6799e91dd40372f4d
907b775ac1ab5b2a366a01ab015999d63c258e0090b62d7bd854af91ed7b6c87
91623c35ac63b14976f5a713ab3c5037e6efccc5c0a0a36f545feeae26f4daa9
91ad6b22ff92b513ea8333ea2d1e9a29aa3fc64e88e52dd4f8b471f55f87d19d
93145f73267d49fb0755c373ac2ce47a9e39866da0bf529443810b769d8d6b68
94aecf77b07e1fff7205a23f352b215383978a661ecc5bb51e616e35750b39ef
95747a03f1d7164cb3cede026e2288ad6be764c712c68e90357339fea4e5e708
96df509716909d34da46ba6cb3070b1c2728ab80696b33c5b3b8e1de5c39aab9
97ddad76427c59b3c8a09b0d6f4e3bdacddcf3184641f300c78ba3c4f4c5d806
98305cffbf19855e4f15bedafe9ab8d46b785986db849b30ea7e72eef99696de
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
98f7c5b0d8f5b5fe7b0f9e5e3d71d3cb10805f11e74514a4e95a5efd47244030
9b9265c69a5cc295d1ab0d04e0273b3677db1a6216ce2ccf4efc8c277ed84b39
9cee1ceadb494e1aee6ffcfdea545521ea4fca8920f924413dafa7dafbf3a96a
9e076334a5467b74c691321c411b4a8dd2a916c39d78a103b5d538bd0a0d6a82
9f113286a24c7cc4b59953f40de8d821c76a2a68323af12002e64f0c6bca035f
9f8a272ff3af4026fe0f483705220151e13b9371f2e25dd0c00f6b773ae0481e
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a03721c11ef8125ecb33fc4e4f1c7c82b58d4338dd326dbc79384284559e3015
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a168b7993deb72df871d7ed29cdf905792e57e97b9e980030a41dd9ce5e778fc
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a3216f047121dd33608dc14de911e84d83a8309b66e2503264cef32ad182ea24
a3e460949b8696e9e8a3d20808c472326b7aeae350a842e9e15f6e7c01e3fa0f
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
ac5b62e1eede76e411958a7768e2b6e18dd5b07968bd8e5eda42e73d81623ed8
ae97400f85b27259d17854cdb9960f8ae2b28e4c33fc88d09e0faa2e03bf511c
ae9b8da4897b481925da3f3a6d48d1c049808c9f1e538ee8a19fd9ac46d7a932
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
af420049ff613c31f6ac344f88e45145461e0f9c2499f0db6991885b77e4a70f
b0660ea41deed57b71e57788d47091bd05e6853c51d0bbb867fdb1fbe5526877
b0d5fe922eb2472fb8c35d3c25a881830750aa1e4d1f334f2117b477e0695754
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b34861d158459eee0258aa4c8156586864dd1f0a26572f3727a4d08f3fdcf5de
b6e54c70c9d47551a433f3971313bc3b39fae8cd557435243a809089131f8076
bb4304a0132b71cb000bdb51a6c77f7a15a58fa151647a424b128e87be802180
bc8904cf494c040131cf5c61ed0ee8b3af200a356ea113a3e54a4d7c798159d3
bcb5431c77bae2bcbd629ef3f272b5a3d0831b4a4a6b19f3edcbbcf3250500b5
c640e6e1c7c8d0c4ec4f5b3fd68739bc7907e41463a7b7c480b0c9945713f4f7
c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e
c80da8eb6e9150d66697643e8d59db022fd32060461f75d428bf63687c5b38de
cd519d1666c451d960684af1de16ec035252cce88ebbf58a186bd5059f6e3d99
ceca169c7b3aeb44dcdcbfd35d8fd24a85bc9a48b89ced5db336d54e16635a82
cf24c097581fff63c5ad70a1443f91f8915cd6da90edd6646bf79ee035966958
d2d3e62be49a950029e24adea571c09bb20f4e208df3ba0e6f18ee613446f466
d37e4ca1e1902ac258dedafe9e7ee1bc8e7ac887a3d2f0babc143dede00dfd32
d4053012287fb6f47416c3eb03ba4b89aef0fc57771e65526f9134e8e5e80344
d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01
d6bd50d06f0830b028a87fe509bfb8f5fea134a397b8108c3937639cba19bf58
d87d2b56fa7ad3f30e7843d682b04350adf1d06f65dfef545ab58896c0d3e4a0
dd66392b830be1152442db4ba9818b44a4f22adfc11571f1c5c6400c6b73ed85
e317e34fba987390b66960f22fd11a37bdd5b43786c395d3acf13b88094c86e4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3eec8eb27c5cb6a31c0dc36f8e4858510c26310da7f85df7384fa11cf88dfa8
e6e9974a2598d003b6a3249c78c9b8a1b7185004d57081ac46d0fa35191e8140
e7992c970220941e0494d9a80abfe73f017b6fc051f79a1c677950ce49741a48
e7d56b41a49f683298db62f31029968db08d7365caf547a8b982849d6d848084
e8a74579fb64e402c0bf5ff5ab4c91a522f812ce8c082588e95e08d21eecc45b
edef74c550350e7edb4e115499a23d49fbc120e7d41e6b9f311147085de7b1d5
ee3fde9fdf61686caeb22b22b988373b456a4aaa90ebf6eb1b01d1143754d311
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0dd8a440c24e342920754366f258882783995002e5f18c9261beb78c6f07ffd
f1e54c56783174762eeed203776eec37dd3a8152821a39fc0e633e44d4abfe9a
f295ebe06fc74dd639fc1d926abdea188a4c960b17266e73da205d034ac37f0e
f44a6911676267d9db08bfcfedbd63024781a23103bf7e188bebc6a7b020428a
f8d80773e26f7e338418619527449819466c6a518e61214e6bc96d77454cf6fd
f90e12aaf40fa94486f40767c896675e1a738a4b60dae8a0b7e6c17520c55074
fa42c00f4e7bda83e89b338ec4aa0d511f6c0148264743615cca2477357dd08b
fbad2fd92268af35297687b381f10958becbd8873280c1795ba45883ea0b8730
ff2e4ebe015aaf4a72708a0d63d03230951e87e7566d01b4b98df4ecbdf979b8

dur-duweb.newscyclecloud.com Open in urlscan Pro 3.210.172.4 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

220 Requests

59 %HTTPS

34 %IPv6

31 Domains

46 Subdomains

42 IPs

5 Countries

2915 kBTransfer

6339 kBSize

19 Cookies

41 Outgoing links

Redirected requests

220 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

dur-duweb.newscyclecloud.com Open in urlscan Pro
3.210.172.4 Public Scan

Screenshot
Live screenshot

Full Image

220
Requests

59 %
HTTPS

34 %
IPv6

31
Domains

46
Subdomains

42
IPs

5
Countries

2915 kB
Transfer

6339 kB
Size

19
Cookies

220 HTTP transactions
6 data transactions