korrespondent.net Open in urlscan Pro
2606:4700::6812:1eb6 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Submission: On August 16 via manual (August 16th 2022, 1:05:51 pm UTC) from IE — Scanned from DE

Summary HTTP 965 Redirects Links 21 Behaviour Indicators

Summary

This website contacted 118 IPs in 16 countries across 91 domains to perform 965 HTTP transactions. The main IP is 2606:4700::6812:1eb6, located in United States and belongs to CLOUDFLARENET, US. The main domain is korrespondent.net. The Cisco Umbrella rank of the primary domain is 201181.
TLS certificate: Issued by E1 on July 14th 2022. Valid for: 3 months.

This is the only time korrespondent.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
12	2606:4700::68... 2606:4700::6812:1eb6	13335 (CLOUDFLAR...) (CLOUDFLARENET)
27	193.29.200.151 193.29.200.151	197203 (UMHAS) (UMHAS)
2	2a00:1450:400... 2a00:1450:4001:831::2008	15169 (GOOGLE) (GOOGLE)
1	91.198.36.26 91.198.36.26	43405 (DIGITAL-V...) (DIGITAL-VENTURES)
10	2a03:90c0:41:... 2a03:90c0:41:2801::254	199524 (GCORE) (GCORE)
15	193.29.200.157 193.29.200.157	197203 (UMHAS) (UMHAS)
6	2001:67c:4e8:... 2001:67c:4e8:f004::9	62041 (TELEGRAM) (TELEGRAM)
1	193.29.200.140 193.29.200.140	197203 (UMHAS) (UMHAS)
15	104.19.136.78 104.19.136.78	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	193.29.200.142 193.29.200.142	197203 (UMHAS) (UMHAS)
1	104.18.2.81 104.18.2.81	13335 (CLOUDFLAR...) (CLOUDFLARENET)
26	78.159.118.240 78.159.118.240	28753 (LEASEWEB-...) (LEASEWEB-DE-FRA-10)
3	2a00:1450:400... 2a00:1450:4001:812::200e	15169 (GOOGLE) (GOOGLE)
36	190.2.151.10 190.2.151.10	49981 (WORLDSTREAM) (WORLDSTREAM)
1 4	146.59.10.80 146.59.10.80	16276 (OVH) (OVH)
8	91.198.36.35 91.198.36.35	43405 (DIGITAL-V...) (DIGITAL-VENTURES)
12	136.243.84.74 136.243.84.74	24940 (HETZNER-AS) (HETZNER-AS)
2	2a00:1450:400... 2a00:1450:400c:c08::9b	15169 (GOOGLE) (GOOGLE)
4	2606:4700::68... 2606:4700::6810:7baf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
29	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
1 5	2620:116:800d... 2620:116:800d:21:b314:a0ef:ab7c:d546	16509 (AMAZON-02) (AMAZON-02)
5	167.71.9.19 167.71.9.19	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
3 11	2a00:1450:400... 2a00:1450:4001:810::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
11	2a00:1450:400... 2a00:1450:400e:80c::200a	15169 (GOOGLE) (GOOGLE)
4	146.0.227.110 146.0.227.110	29066 (VELIANET-...) (VELIANET-AS velia.net Internetdienste GmbH)
1 23	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
1	51.89.9.252 51.89.9.252	16276 (OVH) (OVH)
38	172.217.16.194 172.217.16.194	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
1	146.59.30.104 146.59.30.104	16276 (OVH) (OVH)
5	2a00:1450:400... 2a00:1450:4001:829::2001	15169 (GOOGLE) (GOOGLE)
7	104.19.132.78 104.19.132.78	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	185.119.59.4 185.119.59.4	9123 (TIMEWEB-AS) (TIMEWEB-AS)
1	147.75.85.234 147.75.85.234	54825 (PACKET) (PACKET)
1	2a00:1450:400... 2a00:1450:4001:802::2006	15169 (GOOGLE) (GOOGLE)
39	2a00:1450:400... 2a00:1450:4001:806::2001	15169 (GOOGLE) (GOOGLE)
1	2a02:2638:1::2 2a02:2638:1::2	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a02:2638:1::4 2a02:2638:1::4	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
14	2a00:1450:400... 2a00:1450:4001:809::2003	15169 (GOOGLE) (GOOGLE)
20	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
19	2a02:2638:1::3 2a02:2638:1::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	178.250.2.148 178.250.2.148	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2600:9000:21f... 2600:9000:21f3:5a00:1e:a43d:b640:93a1	16509 (AMAZON-02) (AMAZON-02)
1	23.47.208.212 23.47.208.212	16625 (AKAMAI-AS) (AKAMAI-AS)
6	178.250.0.139 178.250.0.139	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2	178.250.0.162 178.250.0.162	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
13	168.119.79.238 168.119.79.238	24940 (HETZNER-AS) (HETZNER-AS)
8 16	2a02:2638:1::13 2a02:2638:1::13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
9	178.250.0.157 178.250.0.157	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2a02:6b8:a::a 2a02:6b8:a::a	208722 (GLOBAL_DC) (GLOBAL_DC)
3	18.66.23.213 18.66.23.213	16509 (AMAZON-02) (AMAZON-02)
1	95.163.52.67 95.163.52.67	47764 (MAILRU-AS...) (MAILRU-AS Mail.Ru)
1 5	2a02:6b8::1:119 2a02:6b8::1:119	208722 (GLOBAL_DC) (GLOBAL_DC)
1	2606:4700:440... 2606:4700:4400::ac40:9040	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	34.111.35.152 34.111.35.152	15169 (GOOGLE) (GOOGLE)
1	104.222.176.10 104.222.176.10	6762 (SEABONE-N...) (SEABONE-NET TELECOM ITALIA SPARKLE S.p.A.)
5	185.180.223.91 185.180.223.91	49981 (WORLDSTREAM) (WORLDSTREAM)
3	2a00:1450:400... 2a00:1450:400e:810::2003	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:3c::a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:16::9	15169 (GOOGLE) (GOOGLE)
1	2a02:6b8::16b 2a02:6b8::16b	208722 (GLOBAL_DC) (GLOBAL_DC)
1	151.101.193.229 151.101.193.229	54113 (FASTLY) (FASTLY)
1	188.42.196.115 188.42.196.115	7979 (SERVERS-COM) (SERVERS-COM)
1	2a00:1148:db0... 2a00:1148:db00::17	47764 (MAILRU-AS...) (MAILRU-AS Mail.Ru)
16	178.250.2.131 178.250.2.131	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	159.69.59.100 159.69.59.100	24940 (HETZNER-AS) (HETZNER-AS)
45	185.83.142.19 185.83.142.19	29990 (ASN-APPNEX) (ASN-APPNEX)
1	185.184.8.90 185.184.8.90	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
1	2a02:6b8:20::215 2a02:6b8:20::215	208722 (GLOBAL_DC) (GLOBAL_DC)
2	2a00:1450:400... 2a00:1450:400c:c08::8a	15169 (GOOGLE) (GOOGLE)
16	13.224.189.79 13.224.189.79	16509 (AMAZON-02) (AMAZON-02)
15	104.26.10.25 104.26.10.25	13335 (CLOUDFLAR...) (CLOUDFLARENET)
35	37.157.4.28 37.157.4.28	198622 (ADFORM) (ADFORM)
6 29	104.18.18.126 104.18.18.126	13335 (CLOUDFLAR...) (CLOUDFLARENET)
22	72.251.249.14 72.251.249.14	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
15	185.86.138.121 185.86.138.121	201081 (SMARTADSE...) (SMARTADSERVER)
23	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
15	2602:803:c004... 2602:803:c004:200::141	26667 (RUBICONPR...) (RUBICONPROJECT)
6	94.130.160.79 94.130.160.79	24940 (HETZNER-AS) (HETZNER-AS)
21	151.101.65.108 151.101.65.108	54113 (FASTLY) (FASTLY)
27	185.89.210.122 185.89.210.122	29990 (ASN-APPNEX) (ASN-APPNEX)
1	23.35.236.188 23.35.236.188	16625 (AKAMAI-AS) (AKAMAI-AS)
8 42	138.201.84.245 138.201.84.245	24940 (HETZNER-AS) (HETZNER-AS)
2	34.95.69.49 34.95.69.49	15169 (GOOGLE) (GOOGLE)
12	88.99.70.21 88.99.70.21	24940 (HETZNER-AS) (HETZNER-AS)
2	37.157.2.247 37.157.2.247	198622 (ADFORM) (ADFORM)
6 12	92.123.17.141 92.123.17.141	16625 (AKAMAI-AS) (AKAMAI-AS)
6	185.85.15.31 185.85.15.31	200107 (KL-EXT) (KL-EXT)
8	35.246.207.21 35.246.207.21	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
7	23.35.236.247 23.35.236.247	16625 (AKAMAI-AS) (AKAMAI-AS)
14	104.109.78.125 104.109.78.125	16625 (AKAMAI-AS) (AKAMAI-AS)
7 13	52.46.143.56 52.46.143.56	16509 (AMAZON-02) (AMAZON-02)
2 3	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
6 13	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
4 4	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1288:f03... 2a00:1288:f03d:1fa::4000	10310 (YAHOO-1) (YAHOO-1)
2 3	52.95.118.179 52.95.118.179	16509 (AMAZON-02) (AMAZON-02)
5 24	104.18.19.126 104.18.19.126	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
2	141.226.228.48 141.226.228.48	200478 (TABOOLA-AS) (TABOOLA-AS)
1 1	2606:4700::68... 2606:4700::6813:ac6c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	66.155.71.150 66.155.71.150	13768 (COGECO-PEER1) (COGECO-PEER1)
2 2	34.205.21.143 34.205.21.143	14618 (AMAZON-AES) (AMAZON-AES)
7	2606:4700::68... 2606:4700::6812:c4c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 4	169.50.137.184 169.50.137.184	36351 (SOFTLAYER) (SOFTLAYER)
1 1	34.239.50.221 34.239.50.221	14618 (AMAZON-AES) (AMAZON-AES)
2	52.49.126.217 52.49.126.217	16509 (AMAZON-02) (AMAZON-02)
1 1	52.205.37.96 52.205.37.96	14618 (AMAZON-AES) (AMAZON-AES)
1 1	52.18.233.217 52.18.233.217	16509 (AMAZON-02) (AMAZON-02)
2	185.89.210.46 185.89.210.46	29990 (ASN-APPNEX) (ASN-APPNEX)
2	192.132.33.46 192.132.33.46	18568 (BIDTELLECT) (BIDTELLECT)
1	2a05:d018:d29... 2a05:d018:d29:3601:2eab:9250:340e:ef2b	16509 (AMAZON-02) (AMAZON-02)
2 2	103.229.205.243 103.229.205.243	30419 (MEDIAMATH...) (MEDIAMATH-INC)
2 2	52.212.196.36 52.212.196.36	16509 (AMAZON-02) (AMAZON-02)
1 1	50.31.142.127 50.31.142.127	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
1	72.251.241.204 72.251.241.204	32475 (SINGLEHOP...) (SINGLEHOP-LLC)
1	169.197.150.8 169.197.150.8	398989 (DEEPINTENT) (DEEPINTENT)
2 2	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (AMOBEE) (AMOBEE)
1 1	23.23.202.74 23.23.202.74	14618 (AMAZON-AES) (AMAZON-AES)
1	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
1	151.101.194.49 151.101.194.49	54113 (FASTLY) (FASTLY)
1 1	2a02:fa8:8806... 2a02:fa8:8806:16::1370	41041 (VCLK-EU-SE) (VCLK-EU-SE)
2 3	92.123.21.100 92.123.21.100	16625 (AKAMAI-AS) (AKAMAI-AS)
1	54.160.109.218 54.160.109.218	14618 (AMAZON-AES) (AMAZON-AES)
1	142.250.74.194 142.250.74.194	15169 (GOOGLE) (GOOGLE)
965	118

12 2606:4700::6812:1eb6 (United States)

ASN13335 (CLOUDFLARENET, US)

korrespondent.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 193.29.200.151 (Ukraine)

ASN197203 (UMHAS, UA)

csskor.ill.in.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
jskor.ill.in.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
id.korrespondent.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.198.36.26 (Ukraine)

ASN43405 (DIGITAL-VENTURES, UA)
PTR: i1.i.ua

i.holder.com.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a03:90c0:41:2801::254 (Frankfurt am Main, Germany)

ASN199524 (GCORE, LU)

cdn.admixer.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 193.29.200.157 (Ukraine)

ASN197203 (UMHAS, UA)

kor.ill.in.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2001:67c:4e8:f004::9 (Virgin Islands (British))

ASN62041 (TELEGRAM, VG)

telegram.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
t.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.29.200.140 (Ukraine)

ASN197203 (UMHAS, UA)

ui.ill.in.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 104.19.136.78 (None, )

ASN13335 (CLOUDFLARENET, US)

jsc.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
servicer.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 193.29.200.142 (Ukraine)

ASN197203 (UMHAS, UA)

exchange.informer.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.2.81 (None, )

ASN13335 (CLOUDFLARENET, US)

r.i.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 78.159.118.240 (Germany)

ASN28753 (LEASEWEB-DE-FRA-10, DE)
PTR: hosted-by.leaseweb.com

cdn.umh.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
z.cdn.umh.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

36 190.2.151.10 (Naaldwijk, Netherlands)

ASN49981 (WORLDSTREAM, NL)
PTR: 190-2-151-10.hosted-by-worldstream.net

ad.mox.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 146.59.10.80 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ip80.ip-146-59-10.eu

gaua.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 91.198.36.35 (Ukraine)

ASN43405 (DIGITAL-VENTURES, UA)

h.holder.com.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 136.243.84.74 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.74.84.243.136.clients.your-server.de

go.rcvlink.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
st11.rcvlink.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c08::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6810:7baf (United States)

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2620:116:800d:21:b314:a0ef:ab7c:d546 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 167.71.9.19 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)

bgstats.mox.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:810::2004 (Frankfurt am Main, Germany) 3 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:400e:80c::200a (Ireland)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 146.0.227.110 (Ascension Island)

ASN29066 (VELIANET-AS velia.net Internetdienste GmbH, DE)

inv-nets.admixer.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.89.9.252 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ip252.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

38 172.217.16.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s65-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.59.30.104 (France)

ASN16276 (OVH, FR)
PTR: ip104.ip-146-59-30.eu

ls.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:829::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

aad76d0bec8e37c4236218635c06b50b.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
007c3a8bc11f45e050582ea5902a5eb0.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
2d404526208c1999cf8967291396cc8a.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
4727df7502fc5e8b0b921b1f5d01cbac.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 104.19.132.78 (None, )

ASN13335 (CLOUDFLARENET, US)

s-img.mgid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.119.59.4 (St Petersburg, Russian Federation)

ASN9123 (TIMEWEB-AS, RU)
PTR: 353757-ce44784.tmweb.ru

0.code.cotsta.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 147.75.85.234 (Schiphol, Netherlands)

ASN54825 (PACKET, US)

prebid.a-mo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

39 2a00:1450:4001:806::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:1::2 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.nl.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:1::4 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a02:2638:1::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.2.148 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.nl.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:21f3:5a00:1e:a43d:b640:93a1 (United States)

ASN16509 (AMAZON-02, US)

secure-gl.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.47.208.212 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a23-47-208-212.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 178.250.0.139 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: pix.par.vip.prod.criteo.com

pix.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.0.162 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 168.119.79.238 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.238.79.119.168.clients.your-server.de

t.cotsta.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
a.cotsta.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a02:2638:1::13 (France) 8 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 178.250.0.157 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:6b8:a::a (Moscow, Russian Federation)

ASN208722 (GLOBAL_DC, FI)

yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.66.23.213 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-23-213.vie50.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.163.52.67 (Russian Federation)

ASN47764 (MAILRU-AS Mail.Ru, RU)
PTR: top-fwz1.mail.ru

top-fwz1.mail.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a02:6b8::1:119 (Moscow, Russian Federation) 1 redirects

ASN208722 (GLOBAL_DC, FI)

mc.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mc.yandex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:9040 (United States)

ASN13335 (CLOUDFLARENET, US)

cl.imghosts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.111.35.152 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 152.35.111.34.bc.googleusercontent.com

cdn4.telegram-cdn.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.222.176.10 (United Kingdom)

ASN6762 (SEABONE-NET TELECOM ITALIA SPARKLE S.p.A., IT)

oauth.tg.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.180.223.91 (Naaldwijk, Netherlands)

ASN49981 (WORLDSTREAM, NL)
PTR: 185-180-223-91.hosted-by-worldstream.net

cdn.mox.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400e:810::2003 (Ireland)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:3c::a (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

rr5---sn-4g5e6nzl.googlevideo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:16::9 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

rr4---sn-4g5ednd7.googlevideo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:6b8::16b (Moscow, Russian Federation)

ASN208722 (GLOBAL_DC, FI)

matchid.adfox.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.193.229 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.42.196.115 (Luxembourg)

ASN7979 (SERVERS-COM, US)

ads.betweendigital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1148:db00::17 (Russian Federation)

ASN47764 (MAILRU-AS Mail.Ru, RU)

ad.mail.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 178.250.2.131 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
PTR: bidder.am5.vip.prod.criteo.com

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 159.69.59.100 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.100.59.69.159.clients.your-server.de

ssp.otm-r.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

45 185.83.142.19 (Amsterdam, Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.184.8.90 (Amsterdam, Netherlands)

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-90.rtbhouse.net

prebid-eu.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:6b8:20::215 (Moscow, Russian Federation)

ASN208722 (GLOBAL_DC, FI)

yastatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c08::8a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

s.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 13.224.189.79 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-79.fra2.r.cloudfront.net

mediawoot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 104.26.10.25 (United States)

ASN13335 (CLOUDFLARENET, US)

hb.adpone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

35 37.157.4.28 (Denmark)

ASN198622 (ADFORM, DK)

adx.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 104.18.18.126 (None, ) 6 redirects

ASN13335 (CLOUDFLARENET, US)

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
r.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 72.251.249.14 (Amsterdam, Netherlands)

ASN32475 (SINGLEHOP-LLC, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 185.86.138.121 (France)

ASN201081 (SMARTADSERVER, FR)

prg.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

adpone-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2602:803:c004:200::141 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 94.130.160.79 (Karlsruhe, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.79.160.130.94.clients.your-server.de

tm.ad-srv.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 151.101.65.108 (United States)

ASN54113 (FASTLY, US)

cdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 185.89.210.122 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ams3-ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.35.236.188 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-236-188.deploy.static.akamaitechnologies.com

acdn.adnxs-simple.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

42 138.201.84.245 (Germany) 8 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.245.84.201.138.clients.your-server.de

ad.ad-srv.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ad25.ad-srv.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.95.69.49 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 49.69.95.34.bc.googleusercontent.com

i.clean.gg	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 88.99.70.21 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.21.70.99.88.clients.your-server.de

cdn.contentspread.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.2.247 (Denmark)

ASN198622 (ADFORM, DK)

s1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 92.123.17.141 (Vienna, Austria) 6 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a92-123-17-141.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.85.15.31 (Germany)

ASN200107 (KL-EXT, CH)

media.kaspersky.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 35.246.207.21 (Frankfurt am Main, Germany)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 21.207.246.35.bc.googleusercontent.com

rock.aimmm.live	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
event.aimmm.live	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 23.35.236.247 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-236-247.deploy.static.akamaitechnologies.com

js-sec.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 104.109.78.125 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-109-78-125.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 52.46.143.56 (Ashburn, United States) 7 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 69.173.144.165 (Frankfurt am Main, Germany) 2 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 142.250.186.130 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 69.173.144.138 (Frankfurt am Main, Germany) 4 redirects

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:f03d:1fa::4000 (United Kingdom)

ASN10310 (YAHOO-1, US)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.95.118.179 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

aax-eu.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 104.18.19.126 (None, ) 5 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 141.226.228.48 (Netherlands)

ASN200478 (TABOOLA-AS, IL)

sync.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:ac6c (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

csync.loopme.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 66.155.71.150 (Portsmouth, United Kingdom)

ASN13768 (COGECO-PEER1, CA)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.205.21.143 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-205-21-143.compute-1.amazonaws.com

s.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700::6812:c4c (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.indexww.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 169.50.137.184 (United States) 2 redirects

ASN36351 (SOFTLAYER, US)
PTR: b8.89.32a9.ip4.static.sl-reverse.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.239.50.221 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-239-50-221.compute-1.amazonaws.com

sync.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.49.126.217 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-49-126-217.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.205.37.96 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-205-37-96.compute-1.amazonaws.com

beacon.lynx.cognitivlabs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.18.233.217 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-18-233-217.eu-west-1.compute.amazonaws.com

d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.89.210.46 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.132.33.46 (United States)

ASN18568 (BIDTELLECT, US)
PTR: 46.bidtellect.com

bttrack.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:d29:3601:2eab:9250:340e:ef2b (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 103.229.205.243 (Singapore) 2 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.212.196.36 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-212-196-36.eu-west-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 50.31.142.127 (Lincolnwood, United States) 1 redirects

ASN22075 (AS-OUTBRAIN, US)
PTR: chi.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 72.251.241.204 (Amsterdam, Netherlands)

ASN32475 (SINGLEHOP-LLC, US)

cm.adgrx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 169.197.150.8 (United States)

ASN398989 (DEEPINTENT, US)
PTR: g.deepintent.com

match.deepintent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:678:cb4:bbbb::11 (United Kingdom) 2 redirects

ASN56396 (AMOBEE, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.23.202.74 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-23-23-202-74.compute-1.amazonaws.com

nep.advangelists.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.126.56.137 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.194.49 (United States)

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:16::1370 (Singapore) 1 redirects

ASN41041 (VCLK-EU-SE, US)

casale-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 92.123.21.100 (Vienna, Austria) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a92-123-21-100.deploy.static.akamaitechnologies.com

px.owneriq.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.160.109.218 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-160-109-218.compute-1.amazonaws.com

rtb.adentifi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.74.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
95	adnxs.com ib.adnxs.com — Cisco Umbrella Rank: 238 cdn.adnxs.com — Cisco Umbrella Rank: 1351 ams3-ib.adnxs.com — Cisco Umbrella Rank: 5884 acdn.adnxs.com — Cisco Umbrella Rank: 584 secure.adnxs.com — Cisco Umbrella Rank: 462	548 KB
73	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 124 aad76d0bec8e37c4236218635c06b50b.safeframe.googlesyndication.com 007c3a8bc11f45e050582ea5902a5eb0.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 160 2d404526208c1999cf8967291396cc8a.safeframe.googlesyndication.com 4727df7502fc5e8b0b921b1f5d01cbac.safeframe.googlesyndication.com	1 MB
68	doubleclick.net 7 redirects stats.g.doubleclick.net — Cisco Umbrella Rank: 118 googleads.g.doubleclick.net — Cisco Umbrella Rank: 55 securepubads.g.doubleclick.net — Cisco Umbrella Rank: 222 pubads.g.doubleclick.net — Cisco Umbrella Rank: 489 cm.g.doubleclick.net — Cisco Umbrella Rank: 208	749 KB
53	casalemedia.com 11 redirects htlb.casalemedia.com — Cisco Umbrella Rank: 560 ssum-sec.casalemedia.com — Cisco Umbrella Rank: 453 r.casalemedia.com — Cisco Umbrella Rank: 713 dsum-sec.casalemedia.com — Cisco Umbrella Rank: 530 dsum.casalemedia.com — Cisco Umbrella Rank: 1258	40 KB
48	ad-srv.net 8 redirects tm.ad-srv.net — Cisco Umbrella Rank: 86086 ad.ad-srv.net — Cisco Umbrella Rank: 35520 ad25.ad-srv.net — Cisco Umbrella Rank: 241451	50 KB
46	mox.tv ad.mox.tv — Cisco Umbrella Rank: 41870 bgstats.mox.tv — Cisco Umbrella Rank: 52912 cdn.mox.tv — Cisco Umbrella Rank: 66304	1 MB
44	criteo.com 8 redirects rtb.nl.eu.criteo.com — Cisco Umbrella Rank: 11084 ads.eu.criteo.com — Cisco Umbrella Rank: 7034 cat.nl.eu.criteo.com — Cisco Umbrella Rank: 9488 gum.criteo.com — Cisco Umbrella Rank: 401 mug.criteo.com — Cisco Umbrella Rank: 2755 bidder.criteo.com — Cisco Umbrella Rank: 732	113 KB
39	ill.in.ua csskor.ill.in.ua — Cisco Umbrella Rank: 320056 jskor.ill.in.ua — Cisco Umbrella Rank: 312266 kor.ill.in.ua — Cisco Umbrella Rank: 307278 ui.ill.in.ua — Cisco Umbrella Rank: 369678	732 KB
37	adform.net adx.adform.net — Cisco Umbrella Rank: 3659 track.adform.net — Cisco Umbrella Rank: 3990 s1.adform.net — Cisco Umbrella Rank: 8958	42 KB
36	rubiconproject.com 6 redirects fastlane.rubiconproject.com — Cisco Umbrella Rank: 528 eus.rubiconproject.com — Cisco Umbrella Rank: 588 pixel.rubiconproject.com — Cisco Umbrella Rank: 326 token.rubiconproject.com — Cisco Umbrella Rank: 707	90 KB
27	criteo.net static.criteo.net — Cisco Umbrella Rank: 627 pix.eu.criteo.net — Cisco Umbrella Rank: 7159 csm.eu.criteo.net — Cisco Umbrella Rank: 7456	366 KB
26	umh.ua cdn.umh.ua — Cisco Umbrella Rank: 242073 z.cdn.umh.ua — Cisco Umbrella Rank: 259207	76 KB
23	openx.net adpone-d.openx.net — Cisco Umbrella Rank: 16062 u.openx.net — Cisco Umbrella Rank: 719	3 KB
22	lijit.com ap.lijit.com — Cisco Umbrella Rank: 679	11 KB
22	mgid.com jsc.mgid.com — Cisco Umbrella Rank: 6761 c.mgid.com — Cisco Umbrella Rank: 4384 cdn.mgid.com — Cisco Umbrella Rank: 8752 servicer.mgid.com — Cisco Umbrella Rank: 6791 s-img.mgid.com — Cisco Umbrella Rank: 3908 cm.mgid.com — Cisco Umbrella Rank: 2222	359 KB
20	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 374	433 KB
19	amazon-adsystem.com 9 redirects c.amazon-adsystem.com — Cisco Umbrella Rank: 323 s.amazon-adsystem.com — Cisco Umbrella Rank: 288 aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 1264	56 KB
18	google.com 3 redirects www.google.com — Cisco Umbrella Rank: 10 adservice.google.com — Cisco Umbrella Rank: 98	3 KB
17	gstatic.com fonts.gstatic.com csi.gstatic.com	223 KB
16	mediawoot.com mediawoot.com — Cisco Umbrella Rank: 869022	54 KB
16	korrespondent.net korrespondent.net — Cisco Umbrella Rank: 201181 id.korrespondent.net — Cisco Umbrella Rank: 325644	59 KB
15	smartadserver.com prg.smartadserver.com — Cisco Umbrella Rank: 1522	6 KB
15	adpone.com hb.adpone.com — Cisco Umbrella Rank: 18616	2 MB
15	cotsta.ru 0.code.cotsta.ru — Cisco Umbrella Rank: 309576 t.cotsta.ru — Cisco Umbrella Rank: 344299 a.cotsta.ru — Cisco Umbrella Rank: 362911	203 KB
14	indexww.com js-sec.indexww.com — Cisco Umbrella Rank: 592 cdn.indexww.com — Cisco Umbrella Rank: 1470	13 KB
14	admixer.net cdn.admixer.net — Cisco Umbrella Rank: 41533 inv-nets.admixer.net — Cisco Umbrella Rank: 2584	199 KB
12	awin1.com 6 redirects www.awin1.com — Cisco Umbrella Rank: 14571	7 KB
12	contentspread.net cdn.contentspread.net — Cisco Umbrella Rank: 58235	13 KB
12	rcvlink.com go.rcvlink.com — Cisco Umbrella Rank: 61158 st11.rcvlink.com — Cisco Umbrella Rank: 104000	85 KB
11	googleapis.com imasdk.googleapis.com — Cisco Umbrella Rank: 448 fonts.googleapis.com — Cisco Umbrella Rank: 67	819 KB
9	google.de www.google.de — Cisco Umbrella Rank: 5596 adservice.google.de — Cisco Umbrella Rank: 8117	2 KB
9	holder.com.ua i.holder.com.ua — Cisco Umbrella Rank: 288763 h.holder.com.ua — Cisco Umbrella Rank: 265484	5 KB
8	aimmm.live rock.aimmm.live — Cisco Umbrella Rank: 740042 event.aimmm.live — Cisco Umbrella Rank: 751769	243 KB
6	kaspersky.com media.kaspersky.com — Cisco Umbrella Rank: 145846	480 KB
6	informer.ua exchange.informer.ua — Cisco Umbrella Rank: 637579	34 KB
5	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 381	1 KB
5	quantserve.com 1 redirects pixel.quantserve.com — Cisco Umbrella Rank: 465	1 KB
5	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 187	186 KB
5	gemius.pl 1 redirects gaua.hit.gemius.pl — Cisco Umbrella Rank: 53429 ls.hit.gemius.pl — Cisco Umbrella Rank: 12163	19 KB
4	simpli.fi 2 redirects um.simpli.fi — Cisco Umbrella Rank: 826	2 KB
4	yandex.com 1 redirects mc.yandex.com — Cisco Umbrella Rank: 10493	2 KB
4	telegram-cdn.org cdn4.telegram-cdn.org — Cisco Umbrella Rank: 34559	215 KB
4	unpkg.com unpkg.com — Cisco Umbrella Rank: 878	85 KB
4	telegram.org telegram.org — Cisco Umbrella Rank: 9917	56 KB
3	owneriq.net 2 redirects px.owneriq.net — Cisco Umbrella Rank: 988	1 KB
3	sitescout.com pixel-sync.sitescout.com — Cisco Umbrella Rank: 597	573 B
3	yahoo.com ads.yahoo.com — Cisco Umbrella Rank: 2334 pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 474 ups.analytics.yahoo.com — Cisco Umbrella Rank: 277	1 KB
3	yandex.ru yandex.ru — Cisco Umbrella Rank: 1316 mc.yandex.ru — Cisco Umbrella Rank: 3617 matchid.adfox.yandex.ru — Cisco Umbrella Rank: 30393	103 KB
3	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 862 www.googleadservices.com — Cisco Umbrella Rank: 125	879 B
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 52	20 KB
2	turn.com 2 redirects ad.turn.com — Cisco Umbrella Rank: 791	850 B
2	bidr.io 2 redirects match.prod.bidr.io — Cisco Umbrella Rank: 494	1 KB
2	mathtag.com 2 redirects sync.mathtag.com — Cisco Umbrella Rank: 484	1 KB
2	bttrack.com bttrack.com — Cisco Umbrella Rank: 736	760 B
2	demdex.net dpm.demdex.net — Cisco Umbrella Rank: 188
2	company-target.com 2 redirects s.company-target.com — Cisco Umbrella Rank: 4196	797 B
2	taboola.com sync.taboola.com — Cisco Umbrella Rank: 933	197 B
2	clean.gg i.clean.gg — Cisco Umbrella Rank: 1370	15 B
2	youtube.com s.youtube.com — Cisco Umbrella Rank: 692
2	googlevideo.com 1 redirects rr5---sn-4g5e6nzl.googlevideo.com — Cisco Umbrella Rank: 92472 rr4---sn-4g5ednd7.googlevideo.com — Cisco Umbrella Rank: 111897	3 MB
2	mail.ru top-fwz1.mail.ru — Cisco Umbrella Rank: 10445 ad.mail.ru — Cisco Umbrella Rank: 11502	11 KB
2	t.me t.me — Cisco Umbrella Rank: 12646	5 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 94	85 KB
1	adentifi.com rtb.adentifi.com — Cisco Umbrella Rank: 1251	35 B
1	dotomi.com 1 redirects casale-match.dotomi.com — Cisco Umbrella Rank: 3082	187 B
1	everesttech.net sync-tm.everesttech.net — Cisco Umbrella Rank: 623	177 B
1	advangelists.com 1 redirects nep.advangelists.com — Cisco Umbrella Rank: 2373	232 B
1	deepintent.com match.deepintent.com — Cisco Umbrella Rank: 903	44 B
1	adgrx.com cm.adgrx.com — Cisco Umbrella Rank: 1488	408 B
1	zemanta.com 1 redirects b1sync.zemanta.com — Cisco Umbrella Rank: 551	317 B
1	adroll.com 1 redirects d.adroll.com — Cisco Umbrella Rank: 1521	112 B
1	cognitivlabs.com 1 redirects beacon.lynx.cognitivlabs.com — Cisco Umbrella Rank: 1445	380 B
1	stackadapt.com 1 redirects sync.srv.stackadapt.com — Cisco Umbrella Rank: 749	578 B
1	loopme.me 1 redirects csync.loopme.me — Cisco Umbrella Rank: 929	432 B
1	linkedin.com px.ads.linkedin.com — Cisco Umbrella Rank: 361	706 B
1	rlcdn.com id.rlcdn.com — Cisco Umbrella Rank: 611	98 B
1	adnxs-simple.com acdn.adnxs-simple.com — Cisco Umbrella Rank: 2633	42 KB
1	yastatic.net yastatic.net — Cisco Umbrella Rank: 6424	10 KB
1	creativecdn.com prebid-eu.creativecdn.com — Cisco Umbrella Rank: 5951	179 B
1	otm-r.com ssp.otm-r.com — Cisco Umbrella Rank: 125865	303 B
1	betweendigital.com ads.betweendigital.com — Cisco Umbrella Rank: 2045	220 B
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 423	1 KB
1	tg.dev oauth.tg.dev — Cisco Umbrella Rank: 73553	6 KB
1	imghosts.com cl.imghosts.com — Cisco Umbrella Rank: 15034	256 KB
1	pubmatic.com ads.pubmatic.com — Cisco Umbrella Rank: 496	67 KB
1	imrworldwide.com secure-gl.imrworldwide.com — Cisco Umbrella Rank: 1464	686 B
1	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 289	17 KB
1	a-mo.net prebid.a-mo.net — Cisco Umbrella Rank: 1237	278 B
1	onetag-sys.com onetag-sys.com — Cisco Umbrella Rank: 792
1	i.ua r.i.ua — Cisco Umbrella Rank: 167556	1 KB
0	invamia.com Failed ad.invamia.com Failed
965	91

	Domain	Requested by
45	ib.adnxs.com	0.code.cotsta.ru hb.adpone.com acdn.adnxs.com r.casalemedia.com
39	tpc.googlesyndication.com	googleads.g.doubleclick.net securepubads.g.doubleclick.net korrespondent.net tpc.googlesyndication.com aad76d0bec8e37c4236218635c06b50b.safeframe.googlesyndication.com cdn.ampproject.org imasdk.googleapis.com pagead2.googlesyndication.com
36	ad.mox.tv	z.cdn.umh.ua ad.mox.tv korrespondent.net imasdk.googleapis.com
30	adx.adform.net	hb.adpone.com
29	pagead2.googlesyndication.com	ad.mox.tv z.cdn.umh.ua pagead2.googlesyndication.com securepubads.g.doubleclick.net tpc.googlesyndication.com korrespondent.net www.googletagservices.com 0.code.cotsta.ru
28	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net korrespondent.net mediawoot.com
27	ams3-ib.adnxs.com	hb.adpone.com mediawoot.com cdn.adnxs.com acdn.adnxs-simple.com
24	dsum-sec.casalemedia.com	5 redirects r.casalemedia.com ssum-sec.casalemedia.com
22	ad25.ad-srv.net	ad.ad-srv.net
22	ap.lijit.com	hb.adpone.com
21	z.cdn.umh.ua	cdn.umh.ua
20	ad.ad-srv.net	8 redirects tm.ad-srv.net ad.ad-srv.net
20	cdn.ampproject.org	securepubads.g.doubleclick.net
19	static.criteo.net	ads.eu.criteo.com 0.code.cotsta.ru static.criteo.net hb.adpone.com
17	googleads.g.doubleclick.net	1 redirects pagead2.googlesyndication.com googleads.g.doubleclick.net korrespondent.net aad76d0bec8e37c4236218635c06b50b.safeframe.googlesyndication.com
16	mediawoot.com	korrespondent.net mediawoot.com
16	bidder.criteo.com	0.code.cotsta.ru hb.adpone.com
16	gum.criteo.com	8 redirects static.criteo.net
15	fastlane.rubiconproject.com	hb.adpone.com
15	adpone-d.openx.net	hb.adpone.com
15	prg.smartadserver.com	hb.adpone.com
15	htlb.casalemedia.com	hb.adpone.com
15	hb.adpone.com	mediawoot.com
15	kor.ill.in.ua	korrespondent.net
14	eus.rubiconproject.com	hb.adpone.com eus.rubiconproject.com
14	acdn.adnxs.com	mediawoot.com hb.adpone.com
14	fonts.gstatic.com	korrespondent.net fonts.googleapis.com ad.mox.tv
13	cm.g.doubleclick.net	6 redirects korrespondent.net r.casalemedia.com
13	s.amazon-adsystem.com	7 redirects korrespondent.net r.casalemedia.com
12	www.awin1.com	6 redirects ad.ad-srv.net
12	cdn.contentspread.net	ad.ad-srv.net
12	t.cotsta.ru	0.code.cotsta.ru
12	csskor.ill.in.ua	korrespondent.net csskor.ill.in.ua
12	korrespondent.net	korrespondent.net jskor.ill.in.ua
11	www.google.com	3 redirects korrespondent.net tpc.googlesyndication.com aad76d0bec8e37c4236218635c06b50b.safeframe.googlesyndication.com
11	jskor.ill.in.ua	korrespondent.net
10	cdn.admixer.net	korrespondent.net cdn.admixer.net
9	mug.criteo.com	korrespondent.net
9	go.rcvlink.com	z.cdn.umh.ua go.rcvlink.com korrespondent.net
8	u.openx.net	hb.adpone.com korrespondent.net
8	pubads.g.doubleclick.net	imasdk.googleapis.com korrespondent.net
8	h.holder.com.ua	i.holder.com.ua
7	cdn.indexww.com	r.casalemedia.com ssum-sec.casalemedia.com
7	ssum-sec.casalemedia.com	6 redirects js-sec.indexww.com
7	js-sec.indexww.com	hb.adpone.com
7	cdn.adnxs.com	hb.adpone.com
7	s-img.mgid.com	korrespondent.net
7	adservice.google.com	pagead2.googlesyndication.com securepubads.g.doubleclick.net
7	adservice.google.de	pagead2.googlesyndication.com securepubads.g.doubleclick.net
6	r.casalemedia.com	js-sec.indexww.com
6	rock.aimmm.live	acdn.adnxs-simple.com rock.aimmm.live mediawoot.com korrespondent.net
6	media.kaspersky.com	ad.ad-srv.net
6	tm.ad-srv.net	korrespondent.net
6	pix.eu.criteo.net	ads.eu.criteo.com
6	imasdk.googleapis.com	ad.mox.tv imasdk.googleapis.com korrespondent.net
6	exchange.informer.ua	korrespondent.net exchange.informer.ua
6	jsc.mgid.com	korrespondent.net jsc.mgid.com z.cdn.umh.ua
5	match.adsrvr.org	r.casalemedia.com
5	track.adform.net	acdn.adnxs-simple.com s1.adform.net
5	cdn.mox.tv	korrespondent.net
5	fonts.googleapis.com	securepubads.g.doubleclick.net tpc.googlesyndication.com t.me telegram.org
5	bgstats.mox.tv	korrespondent.net
5	pixel.quantserve.com	1 redirects korrespondent.net ad.mox.tv
5	www.googletagservices.com	ad.mox.tv googleads.g.doubleclick.net aad76d0bec8e37c4236218635c06b50b.safeframe.googlesyndication.com securepubads.g.doubleclick.net
5	cdn.umh.ua	korrespondent.net cdn.umh.ua
4	um.simpli.fi	2 redirects r.casalemedia.com
4	token.rubiconproject.com	4 redirects
4	mc.yandex.com	1 redirects korrespondent.net mc.yandex.ru
4	cdn4.telegram-cdn.org	t.me
4	inv-nets.admixer.net	cdn.admixer.net ad.mox.tv imasdk.googleapis.com
4	unpkg.com	ad.mox.tv
4	gaua.hit.gemius.pl	1 redirects korrespondent.net gaua.hit.gemius.pl
4	telegram.org	korrespondent.net t.me
4	id.korrespondent.net	korrespondent.net jskor.ill.in.ua id.korrespondent.net
3	px.owneriq.net	2 redirects ssum-sec.casalemedia.com
3	pixel-sync.sitescout.com	r.casalemedia.com
3	aax-eu.amazon-adsystem.com	2 redirects korrespondent.net
3	pixel.rubiconproject.com	2 redirects korrespondent.net
3	csi.gstatic.com	imasdk.googleapis.com
3	c.amazon-adsystem.com	korrespondent.net c.amazon-adsystem.com
3	st11.rcvlink.com	korrespondent.net
3	servicer.mgid.com	jsc.mgid.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com korrespondent.net
2	ad.turn.com	2 redirects
2	match.prod.bidr.io	2 redirects
2	sync.mathtag.com	2 redirects
2	bttrack.com	r.casalemedia.com
2	secure.adnxs.com	r.casalemedia.com
2	dpm.demdex.net	r.casalemedia.com
2	s.company-target.com	2 redirects
2	sync.taboola.com	r.casalemedia.com
2	event.aimmm.live	mediawoot.com rock.aimmm.live
2	s1.adform.net	acdn.adnxs-simple.com
2	i.clean.gg	acdn.adnxs-simple.com
2	s.youtube.com	korrespondent.net
2	csm.eu.criteo.net	ads.eu.criteo.com
2	cm.mgid.com	jsc.mgid.com
2	0.code.cotsta.ru	ad.mox.tv korrespondent.net
2	aad76d0bec8e37c4236218635c06b50b.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	partner.googleadservices.com	pagead2.googlesyndication.com
2	cdn.mgid.com	korrespondent.net
2	c.mgid.com	jsc.mgid.com
2	www.google.de	korrespondent.net
2	stats.g.doubleclick.net	www.google-analytics.com
2	t.me	telegram.org t.me
2	www.googletagmanager.com	korrespondent.net
1	www.googleadservices.com	korrespondent.net
1	rtb.adentifi.com	ssum-sec.casalemedia.com
1	dsum.casalemedia.com	ssum-sec.casalemedia.com
1	casale-match.dotomi.com	1 redirects
1	sync-tm.everesttech.net	ssum-sec.casalemedia.com
1	ups.analytics.yahoo.com	ssum-sec.casalemedia.com
1	nep.advangelists.com	1 redirects
1	match.deepintent.com	r.casalemedia.com
1	cm.adgrx.com	r.casalemedia.com
1	b1sync.zemanta.com	1 redirects
1	pr-bh.ybp.yahoo.com	r.casalemedia.com
1	d.adroll.com	1 redirects
1	beacon.lynx.cognitivlabs.com	1 redirects
1	sync.srv.stackadapt.com	1 redirects
1	csync.loopme.me	1 redirects
1	ads.yahoo.com	korrespondent.net
1	px.ads.linkedin.com	korrespondent.net
1	id.rlcdn.com	korrespondent.net
1	acdn.adnxs-simple.com	hb.adpone.com
1	4727df7502fc5e8b0b921b1f5d01cbac.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	2d404526208c1999cf8967291396cc8a.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	yastatic.net	yandex.ru
1	prebid-eu.creativecdn.com	0.code.cotsta.ru
1	ssp.otm-r.com	0.code.cotsta.ru
1	ad.mail.ru	0.code.cotsta.ru
1	ads.betweendigital.com	0.code.cotsta.ru
1	cdn.jsdelivr.net	0.code.cotsta.ru
1	matchid.adfox.yandex.ru	yandex.ru
1	rr4---sn-4g5ednd7.googlevideo.com	korrespondent.net
1	rr5---sn-4g5e6nzl.googlevideo.com	1 redirects
1	oauth.tg.dev	t.me
1	cl.imghosts.com	korrespondent.net
1	mc.yandex.ru	korrespondent.net
1	top-fwz1.mail.ru	korrespondent.net
1	yandex.ru	korrespondent.net
1	a.cotsta.ru	0.code.cotsta.ru
1	ads.pubmatic.com	jsc.mgid.com
1	secure-gl.imrworldwide.com	ads.eu.criteo.com
1	cat.nl.eu.criteo.com	ads.eu.criteo.com
1	ads.eu.criteo.com	googleads.g.doubleclick.net
1	rtb.nl.eu.criteo.com	googleads.g.doubleclick.net
1	s0.2mdn.net	imasdk.googleapis.com
1	007c3a8bc11f45e050582ea5902a5eb0.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	prebid.a-mo.net	ad.mox.tv
1	ls.hit.gemius.pl	gaua.hit.gemius.pl
1	onetag-sys.com	korrespondent.net
1	r.i.ua	korrespondent.net
1	ui.ill.in.ua	korrespondent.net
1	i.holder.com.ua	korrespondent.net
0	ad.invamia.com Failed	korrespondent.net
965	156

This site contains links to these domains. Also see Links.

Domain
ua.korrespondent.net
uasp.korrespondent.net
market.umh.ua
blogs.korrespondent.net
pay.korrespondent.net
games.korrespondent.net
files.korrespondent.net
mediadim.com.ua
mox.tv
t.me
news.google.com
clck.mgid.com
subscribe.korrespondent.net
www.facebook.com
twitter.com

Subject Issuer	Validity	Valid
*.korrespondent.net E1	`2022-07-14` - `2022-10-12`	3 months	crt.sh
*.ill.in.ua Sectigo RSA Domain Validation Secure Server CA	`2021-09-25` - `2022-09-25`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-08-01` - `2022-10-24`	3 months	crt.sh
holder.com.ua R3	`2022-08-07` - `2022-11-05`	3 months	crt.sh
*.admixer.net Sectigo RSA Domain Validation Secure Server CA	`2022-06-08` - `2023-06-21`	a year	crt.sh
*.telegram.org Go Daddy Secure Certificate Authority - G2	`2021-09-10` - `2022-10-09`	a year	crt.sh
*.kp.ua R3	`2022-07-11` - `2022-10-09`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-05-11` - `2023-05-11`	a year	crt.sh
exchange.informer.ua R3	`2022-07-20` - `2022-10-18`	3 months	crt.sh
i.ua R3	`2022-06-07` - `2022-09-05`	3 months	crt.sh
cdn.umh.ua R3	`2022-08-08` - `2022-11-06`	3 months	crt.sh
*.t.me Go Daddy Secure Certificate Authority - G2	`2021-10-06` - `2022-11-07`	a year	crt.sh
ad.mox.tv R3	`2022-07-29` - `2022-10-27`	3 months	crt.sh
*.hit.gemius.pl Sectigo ECC Domain Validation Secure Server CA	`2021-09-08` - `2022-09-25`	a year	crt.sh
*.rcvlink.com Thawte RSA CA 2018	`2021-10-01` - `2022-10-01`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-08-01` - `2022-10-24`	3 months	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
bgstats.mox.tv R3	`2022-07-29` - `2022-10-27`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
*.onetag-sys.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-10` - `2023-01-03`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
0.code.cotsta.ru R3	`2022-06-28` - `2022-09-26`	3 months	crt.sh
*.a-mo.net R3	`2022-07-04` - `2022-10-02`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
*.nl.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-08-02` - `2022-11-01`	3 months	crt.sh
*.eu.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-08-03` - `2022-11-05`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2022-07-18` - `2022-10-10`	3 months	crt.sh
*.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-06-21` - `2022-09-23`	3 months	crt.sh
*.imrworldwide.com DigiCert TLS RSA SHA256 2020 CA1	`2022-01-04` - `2023-02-03`	a year	crt.sh
*.pubmatic.com DigiCert SHA2 Secure Server CA	`2022-02-04` - `2023-02-03`	a year	crt.sh
*.eu.criteo.net DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-06-12` - `2022-09-12`	3 months	crt.sh
*.cotsta.ru GlobalSign RSA OV SSL CA 2018	`2022-04-08` - `2023-05-10`	a year	crt.sh
*.xn--d1acpjx3f.xn--p1ai GlobalSign ECC OV SSL CA 2018	`2022-03-04` - `2022-09-01`	6 months	crt.sh
c.amazon-adsystem.com Amazon	`2022-05-09` - `2023-04-18`	a year	crt.sh
*.mail.ru GeoTrust ECC CA 2018	`2021-10-15` - `2022-11-15`	a year	crt.sh
mc.yandex.ru GlobalSign ECC OV SSL CA 2018	`2022-05-21` - `2022-10-31`	5 months	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-06-15` - `2022-09-18`	3 months	crt.sh
cdn4.telegram-cdn.org GTS CA 1D4	`2022-06-24` - `2022-09-22`	3 months	crt.sh
*.tg.dev Go Daddy Secure Certificate Authority - G2	`2022-04-08` - `2023-05-10`	a year	crt.sh
cdn.mox.tv R3	`2022-05-30` - `2022-08-28`	3 months	crt.sh
matchid.adfox.yandex.ru GlobalSign RSA OV SSL CA 2018	`2022-07-18` - `2023-01-10`	6 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2022 Q1	`2022-03-21` - `2023-04-22`	a year	crt.sh
*.ads.betweendigital.com Sectigo RSA Domain Validation Secure Server CA	`2021-12-15` - `2023-01-15`	a year	crt.sh
*.otm-r.com AlphaSSL CA - SHA256 - G2	`2022-05-27` - `2023-06-28`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
*.creativecdn.com RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2022-03-17` - `2023-04-12`	a year	crt.sh
*.yastatic-net.ru GlobalSign ECC OV SSL CA 2018	`2022-04-01` - `2022-09-29`	6 months	crt.sh
mediawoot.com Amazon	`2022-07-29` - `2023-08-27`	a year	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2021-09-06` - `2022-10-07`	a year	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2022-06-27` - `2023-06-05`	a year	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-25` - `2023-01-25`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-08` - `2023-04-04`	a year	crt.sh
ad-srv.net R3	`2022-08-04` - `2022-11-02`	3 months	crt.sh
cdn.adnxs.com GeoTrust TLS RSA CA G1	`2022-03-11` - `2023-04-11`	a year	crt.sh
i.clean.gg GTS CA 1D4	`2022-08-07` - `2022-11-05`	3 months	crt.sh
contentspread.net R3	`2022-08-05` - `2022-11-03`	3 months	crt.sh
www.awin1.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-04-18` - `2023-04-19`	a year	crt.sh
rock.aimmm.live R3	`2022-07-14` - `2022-10-12`	3 months	crt.sh
event.aimmm.live R3	`2022-07-14` - `2022-10-12`	3 months	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-12-12` - `2022-12-13`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-03` - `2023-02-25`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2022-03-31` - `2023-05-02`	a year	crt.sh
*.taboola.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-11-28` - `2022-12-29`	a year	crt.sh
*.sitescout.com GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1	`2021-12-15` - `2023-01-15`	a year	crt.sh
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2021-10-19` - `2022-11-19`	a year	crt.sh
*.bttrack.com Sectigo RSA Domain Validation Secure Server CA	`2022-03-21` - `2023-04-20`	a year	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-06-14` - `2022-12-07`	6 months	crt.sh
public1.adgear.com Sectigo RSA Domain Validation Secure Server CA	`2022-03-01` - `2023-03-28`	a year	crt.sh
*.deepintent.com Go Daddy Secure Certificate Authority - G2	`2022-05-02` - `2023-06-03`	a year	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2022-06-07` - `2022-11-30`	6 months	crt.sh
*.everesttech.net GlobalSign Atlas R3 DV TLS CA 2022 Q1	`2022-02-03` - `2023-03-07`	a year	crt.sh
adentifi.com Amazon	`2022-08-05` - `2023-09-03`	a year	crt.sh

This page contains 138 frames:

Primary Page: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Frame ID: 45B239CA0B08D2F41C22D9A0460FF765
Requests: 212 HTTP requests in this frame

Frame: https://exchange.informer.ua/informer/stat/?s=dengi&l=5&t=dengiKorr
Frame ID: 190FF39C6CAA0E55775691512DEDB2AC
Requests: 6 HTTP requests in this frame

Frame: https://t.me/operativnoZSU/36424?embed=1
Frame ID: EB7210A8E71E26E47FD26F3DEE92AF7D
Requests: 19 HTTP requests in this frame

Frame: https://go.rcvlink.com/static/main.js
Frame ID: 895E240F08C675B6B566000215E3C209
Requests: 2 HTTP requests in this frame

Frame: https://cdn.umh.ua/libs/vast/vast-player/contentroll.html?advMediaId=zone_1392847469_vqYbOzVnIXir&ADTAG=https://z.cdn.umh.ua/load?o=v&z=1392847469&u=7be2aa7549820401&sr=1600x1200&cw=1600&ch=1200&hc=4&pl=3&mi=4&me=8.00&df=64&bh=2&tl=906&n=2797753744&url=korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&vc=Intel%20Iris%20OpenGL%20Engine&zyx=637049293
Frame ID: 536A416A691F7F638CB144D34C79275F
Requests: 3 HTTP requests in this frame

Frame: https://cdn.umh.ua/libs/vast/vast-player/contentroll.html?advMediaId=zone_1179888271_MEKSfIllJRsQ&ADTAG=https://z.cdn.umh.ua/load?o=v&z=1179888271&u=7be2aa7549820401&sr=1600x1200&cw=1600&ch=1200&hc=4&pl=3&mi=4&me=8.00&df=64&bh=2&tl=906&n=2797753744&url=korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&vc=Intel%20Iris%20OpenGL%20Engine&zyx=637049293
Frame ID: E56A223B3199A7401725168B14CAE670
Requests: 3 HTTP requests in this frame

Frame: https://cdn.admixer.net/scripts3/48427/c.html?b=48427
Frame ID: 391CFF71E07BD6AB92E680B4C7A48400
Requests: 1 HTTP requests in this frame

Frame: https://cdn.admixer.net/scripts3/48427/c.html?b=48427
Frame ID: EAA62A9FA457A896709A8F90E7AB0663
Requests: 1 HTTP requests in this frame

Frame: https://ad.mox.tv/mox/mwayss_invocation.min.js?pzoneid=6798&height=250&width=300&tld=korrespondent.net&ctype=div
Frame ID: EBAAF53EB6A93B9ACE4EE6B636B968FA
Requests: 28 HTTP requests in this frame

Frame: https://go.rcvlink.com/static/iframe.htm
Frame ID: 8E7E31C9B4AAE82E33FAB6B92C21F1F4
Requests: 6 HTTP requests in this frame

Frame: https://go.rcvlink.com/static/iframe.htm
Frame ID: 45C8C35B181704F7C906DC9B43334EEF
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220811/r20190131/zrt_lookup.html
Frame ID: FF37176EE8E39C150BC9D49F6259D2CF
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=46218987a9da2b5
Frame ID: 3984869AE83B3EC56538EA76D38AC0E4
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3755662197386269&output=html&adk=1812271804&adf=3025194257&lmt=1660655130&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&ea=0&pra=5&wgl=1&easpf=1&easpi=1&easai=1&asntp=0&asntpv=0&asntpl=0&asntpm=0&asntpc=300&asna=5&asnd=5&asnp=5&asns=5&asmat=-1&asptt=-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660655130599&bpp=3&bdt=1037&idt=136&shv=r20220811&mjsv=m202208090101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2419754494839&frm=20&pv=2&ga_vid=2006371786.1660655130&ga_sid=1660655131&ga_hid=351416207&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068486%2C31068789%2C44769306%2C31068881&oid=2&pvsid=4159801157072913&tmod=163380397&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=155
Frame ID: F3A0BDA9B766B0544DD7B48EACBC2A5A
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3755662197386269&output=html&h=90&slotname=6218171218&adk=3638426950&adf=2457552020&pi=t.ma~as.6218171218&w=728&lmt=1660655130&psa=0&format=728x90&url=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660655130602&bpp=1&bdt=1040&idt=160&shv=r20220811&mjsv=m202208090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2419754494839&frm=20&pv=1&ga_vid=2006371786.1660655130&ga_sid=1660655131&ga_hid=351416207&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=10&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068486%2C31068789%2C44769306%2C31068881&oid=2&pvsid=4159801157072913&tmod=163380397&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CpeE%7C&abl=NS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=uScTbWiw03&p=https%3A//korrespondent.net&dtd=167
Frame ID: D9AB5068668FE76FE047E4992C6C7D84
Requests: 8 HTTP requests in this frame

Frame: https://ls.hit.gemius.pl/lsget.html
Frame ID: D707C33B07B8CFE89E48C4C6FD98954E
Requests: 1 HTTP requests in this frame

Frame: https://aad76d0bec8e37c4236218635c06b50b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: AFB44BECDEE91F0C5F3FEFDFB65CF67B
Requests: 1 HTTP requests in this frame

Frame: https://0.code.cotsta.ru/dist/a.min.js
Frame ID: 3FAB35DFD97E133A42812FCC8460B20B
Requests: 49 HTTP requests in this frame

Frame: https://007c3a8bc11f45e050582ea5902a5eb0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: E6979B48073152073F777A840DAC48A8
Requests: 1 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.525.0_en.html
Frame ID: 095F3B05E8C90059F324FF02421DF9D6
Requests: 37 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=YvuWGgANibkITwIOAAuK3Qo7vZPSqYqDzojZtQ&u=%7CLc54TrZYb0Pomubk4zjimG2KXH%2BHywyuj9a7b88Apr0%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNy44cDHK1QYNdJ71gdyCWvylMYxXMLCj4fODidRdwMR55tQ-B9hy0g1QCKGju0TMFa1bhOsc0-qHI0q5s3rBU2JaNXDxHM41bHrALWacGMF-IvHGHkW0PTFwaWKbpxliJNEwp9STjpWKNH66E1CHAMrcQ2j8kyBcM8iFG1GHiupiH_v71jj-kj8vtB6oNSp5NRaKH9hiQTxYQtRASBP17yD2C4dJ-l93HGD-bhOgoKOcjpm5vJw8nO-UmtnG0sTRkaitzww9CwLxbVmkPygl7LYe_HEueOvJ1QT7YcvQ5c41bbsTTLTQ0lJodtdv7cJQhyC_BfP69-lb2LIXZ9Myn1DFtIMzHyZjIhddaxCPdBRhQow3As7hucsJ4czDUwQ6aT23TjvLc_zbgESEUJ29pYL3wLz8PVc8i5ix89KITNbrVYPx-6zjNxmWWedmk9kznmeFbxy1d4S8&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCn0G5Gpb7YrmTNo6EvPIP3ZWumAzJntKxXNWdkfdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTM3NTU2NjIxOTczODYyNjmgAdW20uoDyAEJqQLrBVo97AmxPqgDAaoEnAJP0E0aqRP3bLdlCrBf-zAXylx5qTbHXcYTBpgsNJIY7dKp3S10lOArPTk-ErwyrKC44yzkav41TAS4QZ63HYuDSnr5kLksfX9LsLZqugDUcDTZeJoX9onmXykguqijVO2wRa_IEEeX0QKths6eid2FG0lIKOWSZm0KBIjJ5brjRz9e030Dy9OLpTEQROCDdBgrfxu9QjnTLQ6YoBVx2sy_xAujNh7-llEQ_0vBB9fVCzNRt024ESChGElkIlEAR_I7piAIwQ4NPS9t6_5dZJzeaPwwOl1WbGo7v9mNQ67vj_gCQPQaw0U50qF_MB-hnG4pmQv5bjqytNB8eL7MCMtao2fzcDK6cClV73_cU4PTi0Mbd6d-1ttjE_n-5IAGrfmcm8mIzNaFAaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAcBABMgLrAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1rV8Gh6P4in6IA2EuDDJt8mBnUGA%26client%3Dca-pub-3755662197386269%26adurl%3D
Frame ID: C32FE0AE58B4CBF3479F275F7352C63E
Requests: 18 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012208081650000/amp4ads-v0.mjs
Frame ID: A7A663BAC8565B6421425821DCBFF016
Requests: 16 HTTP requests in this frame

Frame: https://cm.mgid.com/i-noref.js?cbuster=1660655131519797400375
Frame ID: 7190E0C33B7EA3C5F92483478F647262
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: F0098DB9459DD3CB96630AF6D9DAA7B0
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 08AA991D4A70E4ED0945A3E27CE150CD
Requests: 2 HTTP requests in this frame

Frame: https://aad76d0bec8e37c4236218635c06b50b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: EF00AB8C141C21B79BABDC31B54AEF80
Requests: 9 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012208081650000/amp4ads-v0.mjs
Frame ID: F48573C294E385298BAACF1134A371F0
Requests: 18 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/86352550399540132/index.html
Frame ID: 7FF39ED6CF044F42385CFF69CD1CBC31
Requests: 11 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012208081650000/amp4ads-v0.mjs
Frame ID: FB26E8731B53A3B03678799C78DB066C
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 00CD695E34839E6E7E4B8231521110C2
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8610050614645263&output=html&adk=1812271804&adf=3407270560&plat=1%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660655132776&bpp=4&bdt=1613&idt=84&shv=r20220811&mjsv=m202208150101&ptt=9&saldr=aa&cookie=ID%3D7d1d3a232bbb798f%3AT%3D1660655130%3AS%3DALNI_MaRb-A0QJAXYI5Y5wkNt4HWivBT2w&nras=1&correlator=2419754494839&frm=23&ife=1&pv=2&ga_vid=2006371786.1660655130&ga_sid=1660655133&ga_hid=1450592146&ga_fc=1&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=300&ish=250&ifk=1191222534&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068487%2C31068965%2C44764002&oid=2&pvsid=4265567016599518&tmod=1431816359&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32772&bc=31&ifi=1&uci=1.kc6m2i7jzmeb&btvi=1&fsb=1&dtd=104
Frame ID: 8C7FB0963F679912815C8FB12D75BD96
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/hhrtBw21.html
Frame ID: 5E5B085E153C5859A72908FF7A3F0AF3
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 799E92F60E8171FD85255EB81A1D0846
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: A9E1390787E94A2589F655BD6B05577B
Requests: 2 HTTP requests in this frame

Frame: https://2d404526208c1999cf8967291396cc8a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2
Frame ID: 66454E770F64ABCFA3B90E6E884CAE62
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsum2Hm20zByaTBDpdPwGyXo48i1jwBgsy-_Qc9iS-xvmtvFgMc8OTmURN0TFSpOyaZawZng_1JLqmPkr3gICw0_1q0LjDZ12_b4J3NPOZ-GNeyP8xxBn8gesy0SasMeB3PnPW4zsIgMAM-qNQWSkJXGOZ4_u7pRoc06vkGCOgr8hJpjnVi_E4tSk3PAc5zalK_1IDXg5yL7f32NUoaN6THQAG6EYdJ_j43ORnEQGaXHy_bMigCEjK_Kf_VMZwUaSNQ-XbKkwjb21s_O8UE9mORMw-iAJKnM9-k4OOpQuZaeUvLfkIae9zdWDL7rfC6111rpvT3z5_EfO_FulzayObcVyk2xJPwSu4nfZLr871SxTcx6FrzJGBayKTc&sai=AMfl-YTucTn9SPuxFtzXflXyrRakQerDjFT0W-5yEioN2E3-dhRzhWjTNqPW23kCFTy27yySY6y6FQAQgXhS1VQzQcK6qBpgWnJQjSH6CS-V_YxYCAWyTUGb_1wgd1hJnA&sig=Cg0ArKJSzAeF_T-h3vQjEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: 8FFC18AE3D9AA1C79BBE97DCEF7B438B
Requests: 6 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.525.0_en.html
Frame ID: DDF117CA55D981136DCFB1F7DE15E282
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: 1A958240491F5EACC9040CFCC00EBD2B
Requests: 19 HTTP requests in this frame

Frame: https://mediawoot.com/r/p.html?f=qhnmckig&e=1518846443599
Frame ID: B13188A8C9F16F15FAFA010587391309
Requests: 12 HTTP requests in this frame

Frame: https://mediawoot.com/r/p.html?f=yvmanyrg&e=1518846443599
Frame ID: 1C51C4F54ACF4338D2ECF3EAB66DE850
Requests: 12 HTTP requests in this frame

Frame: https://mediawoot.com/r/p.html?f=wsfijg&e=1518846443599
Frame ID: 437788FD720A6058A6836B4C64992C46
Requests: 10 HTTP requests in this frame

Frame: https://mediawoot.com/r/p.html?f=luzlkxf&e=1518846443599
Frame ID: EA4DB09D356380A405FE7557B7DF4758
Requests: 11 HTTP requests in this frame

Frame: https://mediawoot.com/r/p.html?f=zxmhozdtyy&e=1518846443599
Frame ID: B7E465AF16DFBA3AF460D62F06B47F96
Requests: 10 HTTP requests in this frame

Frame: https://mediawoot.com/r/p.html?f=mylhifuyj&e=1518846443599
Frame ID: 1BB0E0EC32D4E09A87F510C90A3A045D
Requests: 11 HTTP requests in this frame

Frame: https://mediawoot.com/r/p.html?f=erxcabou&e=1518846443599
Frame ID: D017CEE6048FEFE3FB6C014B0D068D72
Requests: 10 HTTP requests in this frame

Frame: https://mediawoot.com/r/p.html?f=mbbobmskc&e=1518846443599
Frame ID: B593BB6BCCA31B4B60B42E7ACD8FB4E8
Requests: 10 HTTP requests in this frame

Frame: https://mediawoot.com/r/p.html?f=gmyjtldt&e=1518846443599
Frame ID: 289970BC036C19DF892B15E5C42CFFDD
Requests: 11 HTTP requests in this frame

Frame: https://mediawoot.com/r/p.html?f=heahfpe&e=1518846443599
Frame ID: 7C3C9C6832F1916D67CCCD1D35C978DC
Requests: 10 HTTP requests in this frame

Frame: https://mediawoot.com/r/p.html?f=deznrj&e=1518846443599
Frame ID: 034E09E00656603977DF81B24284C67D
Requests: 10 HTTP requests in this frame

Frame: https://mediawoot.com/r/p.html?f=zckvaaxfk&e=1518846443599
Frame ID: 4B7A5268A622ADA67A88875DBE55799F
Requests: 11 HTTP requests in this frame

Frame: https://mediawoot.com/r/p.html?f=votimejzv&e=1518846443599
Frame ID: EACAA84E28375D5DBA55C0E7160D719F
Requests: 10 HTTP requests in this frame

Frame: https://mediawoot.com/r/p.html?f=avonrza&e=1518846443599
Frame ID: 8A724C1F11C3B61E1C87EFE4BBFD9B07
Requests: 11 HTTP requests in this frame

Frame: https://tm.ad-srv.net/tm/a/container/html/75d02d930b.html?liuid=fd208cb733&cguid=f52ab6ea57&click=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3Fmu8def8TlD-By_7R6qmKPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUP9Z4kkc6no0Kw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgAViUgiQAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521MBeghwjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjA0M0CGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDQz%2Fbn%3D96624%2Fclickenc%3D&eVS=10264&eVR=https%3A%2F%2Fkorrespondent.net%2F&rnd=2006781265
Frame ID: F05B95D9F24EF7F5B81779414179F129
Requests: 6 HTTP requests in this frame

Frame: https://tm.ad-srv.net/tm/a/container/html/75d02d930b.html?liuid=fd208cb733&cguid=f52ab6ea57&click=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3Fmu8def8TlD-By_7R6qmKPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUP0VJlOaZGFkzw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgABSXRbAAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521Khf4hQjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjAwMUCGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDAx%2Fbn%3D96382%2Fclickenc%3D&eVS=10264&eVR=https%3A%2F%2Fkorrespondent.net%2F&rnd=387137574
Frame ID: 395BB8195D6DC6FE028E626CD4F3D52B
Requests: 6 HTTP requests in this frame

Frame: https://tm.ad-srv.net/tm/a/container/html/75d02d930b.html?liuid=fd208cb733&cguid=f52ab6ea57&click=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3Fmu8def8TlD-By_7R6qmKPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUPyZXAqiBMUdhw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgAQSROKgAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521NRf9iAjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjAzOUCGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDM5%2Fbn%3D96578%2Fclickenc%3D&eVS=10264&eVR=https%3A%2F%2Fkorrespondent.net%2F&rnd=1185122883
Frame ID: 8D0EB2BD6B257BFEFD807129CA9BE7B8
Requests: 6 HTTP requests in this frame

Frame: https://tm.ad-srv.net/tm/a/container/html/75d02d930b.html?liuid=fd208cb733&cguid=f52ab6ea57&click=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3FywHhN4T7kj8mIw4ZcDWJPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUP3DWELS0rZcdw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgAdSLiIgAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521MBedhwjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjAxNkCGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDE2%2Fbn%3D96473%2Fclickenc%3D&eVS=10264&eVR=https%3A%2F%2Fkorrespondent.net%2F&rnd=1808871071
Frame ID: EAC69CBC20F822A13435A75ECDC39217
Requests: 6 HTTP requests in this frame

Frame: https://4727df7502fc5e8b0b921b1f5d01cbac.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=4
Frame ID: E886E3B8139AF8B2BEF469FE59DE4C9D
Requests: 1 HTTP requests in this frame

Frame: https://tm.ad-srv.net/tm/a/container/html/75d02d930b.html?liuid=fd208cb733&cguid=f52ab6ea57&click=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3FywHhN4T7kj8mIw4ZcDWJPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUP1vdUX_lDYVcw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgAMSKnDAAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521MhcqiAjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjEwOECGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MTA4%2Fbn%3D96930%2Fclickenc%3D&eVS=10264&eVR=https%3A%2F%2Fkorrespondent.net%2F&rnd=2118300996
Frame ID: 575287E08CE17825D703A63351FFD08E
Requests: 6 HTTP requests in this frame

Frame: https://acdn.adnxs-simple.com/strikeforce/script.js
Frame ID: 7844A1F3EC904CB330E96721159098A1
Requests: 16 HTTP requests in this frame

Frame: https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dyvmanyrg%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3Fmu8def8TlD-By_7R6qmKPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUP9Z4kkc6no0Kw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgAViUgiQAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521MBeghwjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjA0M0CGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDQz%2Fbn%3D96624%2Fclickenc%3D&uidRedirect=1
Frame ID: ECB52DBACFBE4D25F46DAC341A103340
Requests: 5 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=1821409
Frame ID: DA8BCFACF5138868BE49AA85A7F418FC
Requests: 3 HTTP requests in this frame

Frame: https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dluzlkxf%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3FywHhN4T7kj8mIw4ZcDWJPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUP3DWELS0rZcdw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgAdSLiIgAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521MBedhwjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjAxNkCGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDE2%2Fbn%3D96473%2Fclickenc%3D&uidRedirect=1
Frame ID: 240CB9438344AD8C4CC80E4258A774EB
Requests: 5 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=1821409
Frame ID: F4DA2C13E8E1A56123B5B66EF0D93DE5
Requests: 3 HTTP requests in this frame

Frame: https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dmylhifuyj%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3Fmu8def8TlD-By_7R6qmKPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUPyZXAqiBMUdhw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgAQSROKgAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521NRf9iAjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjAzOUCGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDM5%2Fbn%3D96578%2Fclickenc%3D&uidRedirect=1
Frame ID: 99FA62BCDD52B47F417600CB5F6E15F2
Requests: 5 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=1821409
Frame ID: A8F8EB83176FCB359798F381218CB0E3
Requests: 3 HTTP requests in this frame

Frame: https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dqhnmckig%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3Fmu8def8TlD-By_7R6qmKPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUP0VJlOaZGFkzw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgABSXRbAAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521Khf4hQjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjAwMUCGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDAx%2Fbn%3D96382%2Fclickenc%3D&uidRedirect=1
Frame ID: 93E34439983DE6C7E83DB6771E8845BC
Requests: 5 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=1821409
Frame ID: 02A9FF7FE5D4F356F90B5707F3CEB726
Requests: 3 HTTP requests in this frame

Frame: https://tm.ad-srv.net/tm/a/container/html/75d02d930b.html?liuid=fd208cb733&cguid=f52ab6ea57&click=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3Fmu8def8TlD-By_7R6qmKPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUPxjQBsbXN2Niw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgARyVegQAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521MBejhwjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjA3MECGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDcw%2Fbn%3D96742%2Fclickenc%3D&eVS=10264&eVR=https%3A%2F%2Fkorrespondent.net%2F&rnd=1800529018
Frame ID: 094253C295FBFA29AD8DE9DFCFCE40BA
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 9AF5D3B584528AB31812BF4673D859DA
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 3512A43088DE573EDA581204AC678345
Requests: 2 HTTP requests in this frame

Frame: https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dgmyjtldt%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3FywHhN4T7kj8mIw4ZcDWJPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUP1vdUX_lDYVcw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgAMSKnDAAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521MhcqiAjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjEwOECGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MTA4%2Fbn%3D96930%2Fclickenc%3D
Frame ID: 43082C3C339BDFA4C49B274FDD2A70C6
Requests: 5 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=1821409
Frame ID: 5DF3F1D347ECB9C3FDE4ED1F48CC1239
Requests: 3 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012208081650000/amp4ads-v0.mjs
Frame ID: 40399CE9CD9C362CAA86AC27D0A4A518
Requests: 14 HTTP requests in this frame

Frame: https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=61a5d4f56c48fdD3MUNnI6FYA1LGZkZGfjPQA1DoEIgfbf00lZwpdZ3oGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=39020200079871301467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fp5ca3cup5eyc2o6%3Ftprde%3D&uidRedirect=1
Frame ID: 6BDF587EA0E38E8F0197CC1C216D4E94
Requests: 6 HTTP requests in this frame

Frame: https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=b42e0c11bdb9nURHeQtJyh0FGA2RGZmRYfjDGA0JHIYAXlBadXAaoGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=44045500079871201467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fp9a21ezln8dufjv%3Ftprde%3D&uidRedirect=1
Frame ID: 56DE999FC8FE4F04B9889D5AE2FF1933
Requests: 6 HTTP requests in this frame

Frame: https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=488d7e08bb01jEPSHZNbIcYg0HwAkRmZkPYZ0HQgSI1FabXmYkpYeloGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=99284700079871401467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fp8kzgvxbse3un4j%3Ftprde%3D&uidRedirect=1
Frame ID: D0FDEF1A78D37A23049623BBB72355C0
Requests: 6 HTTP requests in this frame

Frame: https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Davonrza%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3Fmu8def8TlD-By_7R6qmKPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUPxjQBsbXN2Niw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgARyVegQAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521MBejhwjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjA3MECGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDcw%2Fbn%3D96742%2Fclickenc%3D
Frame ID: D8513B57E59EE742962AF78C0E070A47
Requests: 4 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=1821409
Frame ID: A446D6A72CD79E0E63A8B187FE5EC40A
Requests: 3 HTTP requests in this frame

Frame: https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=4f3fcc6aa457NUPAKYNbIcYg0HwAkRmZkPYZ0HQgSI1FUmfGB38lbjoGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=19324500079871501467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fp0oa8z4rhgh6fd1%3Ftprde%3D&uidRedirect=1
Frame ID: B0C41DB60CF76140015C977A21758645
Requests: 6 HTTP requests in this frame

Frame: https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=bb6af1fb8a2cDBP18YNbIcYg0HwAkRmZkPYZ0HQgSI1XOypXWeXmA9oGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=16056800079871901467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fpj71dd9a07d8amk%3Ftprde%3D
Frame ID: BD67A5EDAA83EC6FF76588126648C89C
Requests: 6 HTTP requests in this frame

Frame: https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=24e4676e7329YUR4cQtJyh0FGA2RGZmRYfjDGA0JHIYEdXXi8YYkoGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=82720000079872201467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fpaqc04gfxa9rla6%3Ftprde%3D
Frame ID: 00502AF7DECC7A9B9A7928D79110DC0D
Requests: 5 HTTP requests in this frame

Frame: https://www.awin1.com/cshow.php?s=2519519&v=14098&q=379074&r=559379&pv=1&pref1=24397500079872301649441012053025
Frame ID: 8BE71B8C1669AFB91F77EB29F7D350A2
Requests: 1 HTTP requests in this frame

Frame: https://www.awin1.com/cshow.php?s=2519519&v=14098&q=379074&r=559379&pv=1&pref1=52487000079872401649441012053025
Frame ID: DEA0B24CE6DEC82AB61A5C72C3A93F23
Requests: 1 HTTP requests in this frame

Frame: https://www.awin1.com/cshow.php?s=2519519&v=14098&q=379074&r=559379&pv=1&pref1=25212000079872501649441012053025
Frame ID: 22CED954FA722D464713351C59EE30B1
Requests: 1 HTTP requests in this frame

Frame: https://www.awin1.com/cshow.php?s=2519519&v=14098&q=379074&r=559379&pv=1&pref1=40559400079872701649441012053025
Frame ID: 165251E7EAB4CE89114193CFC69782F9
Requests: 1 HTTP requests in this frame

Frame: https://www.awin1.com/cshow.php?s=2519519&v=14098&q=379074&r=559379&pv=1&pref1=97672800079872801649441012053025
Frame ID: AE464F353301A83A17915EFAD060D8B5
Requests: 1 HTTP requests in this frame

Frame: https://www.awin1.com/cshow.php?s=2519519&v=14098&q=379074&r=559379&pv=1&pref1=11565500079872901649441012053025
Frame ID: 4C45AEDC376C19C748C61E244E32FF46
Requests: 1 HTTP requests in this frame

Frame: https://rock.aimmm.live/ac.dc?dv21&dv91&clickstart=https%3A//track.adform.net/C/%3Fbn%3D56522822%3Bcrtbwp%3D0.001468-aSZ8vQ1skFbgS6c1PsWr31SY5KfK0X-a0%3Bcrtbdata%3Dr4mjpOpmxotnsaseszv2DPN21W3o9jwO_X7a0d4jQamh4_SVuZ1wZM576b23k3iDv_8QB0OX4Fz5k_K52ZP9K8Uw76OH3MpZX_W3fRtZZ-NikuIl-lO9NARPRKp7X9VUvkaogUZy2g23SN2zfbA3sxmo6_hx9OmR-yKoBwErk4n-CpQUQ-J09gW7rP5bRJFCKvSlVgyr4PELLhhadhf4SDb_119wm4vvzOJ1K38rCGThQW6FXjSrzw2%3Badfibeg%3D0%3Bcdata%3D2Pg0_CXpfTuTcD65XEY3PgU9UDv16a4l1BZLVwvmeD9yxWeF9tD9XVAHUyGVomQMsZbYGFZvI2xNBAXGUYRdwsHzWJ8iG5IJY8ubVsNPRzrrygPkIxxfk0srhEkluTSFZtIYRC-JbGXEW-tO8UbYsnTAIT4W6WreQeEimShqzcc1%3B%3BCREFURL%3Dhttps%253a%252f%252fkorrespondent.net%3BC%3D1%3Bcpdir%3D&dv2=1361&dv3=1818&as=af&dv4=16606551354108
Frame ID: 8DCCE2ABA52AADC3F393417E805C6AF2
Requests: 6 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=1821409
Frame ID: CB71691FE6A6AB14B4E068CAAC6E4CAC
Requests: 3 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 152ECAEBFBAF62052895D2E940F8097E
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 7E21B91D2DC9915B79648211A3A6C8E1
Requests: 3 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 2D87CC063A39D275FC5472476330085E
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 228AB99BFB4E464637E2351B5D371AD7
Requests: 10 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13406526
Frame ID: CB6335A464457960B4871429D36C873E
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 66BEEF12EBF77619AD0413463CDCED6C
Requests: 2 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13406526
Frame ID: D8AE5980CEBCA73285AB658B329B8EF9
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: BFF5CC7B3BB2AC4BA11D56C755A42E22
Requests: 3 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: ECC4DC105954929FE5530EEC41D1A405
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 4B1403CAF895981F0311791C800C3DC9
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 8F13C24CD48684FF3B3CEC046AB742BF
Requests: 2 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13406526
Frame ID: 518C8118FE79B22BDA019555485AB84E
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 2DA3990A3BDAA266E4629F6037C10DB9
Requests: 3 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 4F87FC6A38F27C0CE71FB843BB9800C3
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: F0E5C499FCE3ED08433281CFA1AE3585
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 774DF4ACAFF284D0BB49C6DD90A632CB
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: ABC78BF1E0942F25E1A268DFC5858376
Requests: 2 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: A0B899EDF8A2F331B7C115871D256A5D
Requests: 3 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13406526
Frame ID: 7739CB7E7F664624961FDDE46378A57E
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 29B02EE92AF1B2A8FF0A51BB8FD1070C
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 86E0B91351BDF44804166C9C7BF88A9F
Requests: 2 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 7AAB7DD2EED0F620BD5A289FEE4A6ECA
Requests: 3 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 9EF50DBBE4455B70456FC8C5CE5A8AB8
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13406526
Frame ID: CC3D5B7C79DAEA87507AD99E27E11685
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 98067DB3EE72FA80501583A790F09338
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 61C102F9BA1DE030E454BE85DD3D8089
Requests: 3 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13406526
Frame ID: C7B7D2F3AAA0A762DAD6D4E1D38EAA1A
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: F42509B81F68D3F97B88667BA56C6E83
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: CF5F571EDAF1B24FF20A14A30D27CF50
Requests: 2 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: A3136128018FCAF3DF4B252EF77DD11A
Requests: 1 HTTP requests in this frame

Frame: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Frame ID: D76A1F959F297C3440ED829D648D471E
Requests: 10 HTTP requests in this frame

Frame: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Frame ID: 9351CDBE3F1B55EEBFC361A87570AC27
Requests: 10 HTTP requests in this frame

Frame: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Frame ID: 3792D0BCCB4016D1004638AD030611B1
Requests: 10 HTTP requests in this frame

Frame: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Frame ID: F5C1A413F13051FB01E8E75F4AD79769
Requests: 10 HTTP requests in this frame

Frame: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Frame ID: 24AC91D1494FEA21A44A961520011D00
Requests: 10 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon?informer=13406526
Frame ID: 4D59585629E533E8BB5368065AB6FBF9
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 691CCB23E8AC720CE882E2A344BC04CC
Requests: 3 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: E158ACF92E894A3A46C5ACE3728AD419
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 40FB7461DE041D957D628CD5EA6F3DCC
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 65B60F34458A3B602770DAE7EF83E04C
Requests: 2 HTTP requests in this frame

Frame: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Frame ID: 8A0A551F7C944D0EC17F45546D360AEA
Requests: 10 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Frame ID: 75D6503704A21602AF648EDF2CB272A5
Requests: 10 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=korrespondent.net
Frame ID: 08D100AEEC3989D02002CDDCB3293B24
Requests: 2 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=korrespondent.net
Frame ID: 4CF12BB8EAAF87D4B4B2402D0FA98DCD
Requests: 2 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=korrespondent.net
Frame ID: F0F2C02777F118AAF8C68FDF55E3A969
Requests: 2 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=korrespondent.net
Frame ID: 6768866F5E572174C2F4D3B8466AB0E7
Requests: 2 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=korrespondent.net
Frame ID: 007128058EF33FCED0A454A0600CFC33
Requests: 2 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=korrespondent.net
Frame ID: 87470C6E0425B60FE6B90A629E1CF370
Requests: 2 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=korrespondent.net
Frame ID: DB6915D916BB08020045B736D7D17D26
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

ВСУ уничтожили базу ЧВК Вагнера в Попасной - Korrespondent.net

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Gemius (Analytics) Expand

Overall confidence: 100%
Detected patterns

hit\.gemius\.pl/xgemius\.js
hit\.gemius\.pl
xgemius\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

/prebid\.js
adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Yandex.Metrika (Analytics) Expand

Overall confidence: 100%
Detected patterns

mc\.yandex\.ru/metrika/(?:tag|watch)\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery-ui.*\.js

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

965
Requests

93 %
HTTPS

34 %
IPv6

91
Domains

156
Subdomains

118
IPs

16
Countries

14512 kB
Transfer

30909 kB
Size

159
Cookies

21 Outgoing links

These are links going to different origins than the main page.

URL: https://ua.korrespondent.net/
Title: УКР

Search URL Search Domain Scan URL

URL: https://uasp.korrespondent.net/
Title: СПЕЦПРОЕКТЫ

Search URL Search Domain Scan URL

URL: http://market.umh.ua/catalog/korrespondent
Title: ПОДПИСКА

Search URL Search Domain Scan URL

URL: https://blogs.korrespondent.net/Default.aspx?page_id=118&lang=ua
Title: БЛОГИ ЧИТАТЕЛЕЙ

Search URL Search Domain Scan URL

URL: https://pay.korrespondent.net/
Title: Денежные переводы

Search URL Search Domain Scan URL

URL: http://games.korrespondent.net/
Title: Игры

Search URL Search Domain Scan URL

URL: http://files.korrespondent.net/
Title: ДОСЬЕ

Search URL Search Domain Scan URL

URL: https://mediadim.com.ua/donate
Title: Помочь корреспонденту

Search URL Search Domain Scan URL

URL: https://ua.korrespondent.net/ukraine/4505652-zsu-znyschyly-bazu-pvk-vahnera-u-popasnii
Title: Читать новость на украинском

Search URL Search Domain Scan URL

URL: https://mox.tv/

Search URL Search Domain Scan URL

URL: https://t.me/korrespondentnet
Title: https://t.me/korrespondentnet

Search URL Search Domain Scan URL

URL: https://news.google.com/publications/CAAqLQgKIidDQklTRndnTWFoTUtFV3R2Y25KbGMzQnZibVJsYm5RdWJtVjBLQUFQAQ?hl=ru&gl=UA&ceid=UA%3Aru
Title: Читайте Korrespondent.net в Google News

Search URL Search Domain Scan URL

URL: https://clck.mgid.com/ghits/12581120/i/83672/0/pp/1/1?h=sYQVJSKmZZQCyjoamQdnfqMjexg2clYgDBC-kZfAanto2BFaphdJSy8Tn8Z3a9pdZhrkcw_l_ALLm16FTt7PNg**&rid=1b93d80f-1d64-11ed-a246-e43d1a2a04aa&tt=Direct&att=3&afrd=8&iv=11&ct=1&gdpr=1&st=120

Search URL Search Domain Scan URL

URL: https://clck.mgid.com/ghits/12581090/i/83672/0/pp/2/1?h=sYQVJSKmZZQCyjoamQdnfhf7qTbHRGKJ4yIkhYMurKuVueM0atpBvnzqRfFNS7-5Mibjo9FSwm_BnFglMbf1zw**&rid=1b93d80f-1d64-11ed-a246-e43d1a2a04aa&tt=Direct&att=3&afrd=8&iv=11&ct=1&gdpr=1&st=120

Search URL Search Domain Scan URL

URL: https://clck.mgid.com/ghits/12581140/i/83672/0/pp/3/1?h=sYQVJSKmZZQCyjoamQdnfoN9CI3vo-gA8huRKLEhB_LVmN1cg5KiWUV5Dvw-aNCVuAayOri3TpdLqyECqhVBpw**&rid=1b93d80f-1d64-11ed-a246-e43d1a2a04aa&tt=Direct&att=3&afrd=8&iv=11&ct=1&gdpr=1&st=120

Search URL Search Domain Scan URL

URL: https://clck.mgid.com/ghits/13780812/i/132819/0/pp/1/1?h=sYQVJSKmZZQCyjoamQdnfppFA0oar3L-wvA6ioN7hLfMInY96pvCOscjb6l7ehtxefDYBZSjfm6VNx6NPR2JWg**&rid=1ba5f000-1d64-11ed-b832-e43d1a2a53a0&tt=Direct&att=3&afrd=8&iv=11&ct=1&gdpr=1&st=120

Search URL Search Domain Scan URL

URL: https://clck.mgid.com/ghits/13780801/i/132819/0/pp/2/1?h=sYQVJSKmZZQCyjoamQdnfrGU82RAofiA3mpH1TM-DakLW8i6BDh2tqU-pBinZU-RneusLQ2l4CRfWKUbBMROhA**&rid=1ba5f000-1d64-11ed-b832-e43d1a2a53a0&tt=Direct&att=3&afrd=8&iv=11&ct=1&gdpr=1&st=120

Search URL Search Domain Scan URL

URL: https://clck.mgid.com/ghits/13780794/i/132819/0/pp/3/1?h=sYQVJSKmZZQCyjoamQdnfpQtGAjrbt5DMQW_pUiX529aMk_MXOx_RaYSXPTll9ohh4wD2wFiAgOGYCstdZH-3Q**&rid=1ba5f000-1d64-11ed-b832-e43d1a2a53a0&tt=Direct&att=3&afrd=8&iv=11&ct=1&gdpr=1&st=120

Search URL Search Domain Scan URL

URL: http://subscribe.korrespondent.net/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/korrespondent.net
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/korrespondent
Title: Twitter

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 115

https://x.bidswitch.net/sync?ssp=prodoohmox&user_id=eb6718de-e878-4354-bdc2-2720b7ae6d50&gdpr=0&gdpr_consent= HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=prodoohmox&user_id=eb6718de-e878-4354-bdc2-2720b7ae6d50&gdpr=0&gdpr_consent= HTTP 302
https://sync.mathtag.com/sync/img?mt_exid=46&redir=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D80%26user_id%3D%5BUUID%5D%26expires%3D30%26ssp%3Dprodoohmox%26bsw_param%3Dad1f481a-c69d-4a57-831b-33e7fddbf07f&gdpr=0&gdpr_consent= HTTP 302
https://x.bidswitch.net/sync?dsp_id=80&user_id=661f62fb-961b-4500-92f9-12a388ac2c6f&expires=30&ssp=prodoohmox&bsw_param=ad1f481a-c69d-4a57-831b-33e7fddbf07f&gdpr=0&gdpr_consent= HTTP 302
https://ad.mox.tv/delivery/sync?userid=ad1f481a-c69d-4a57-831b-33e7fddbf07f HTTP 302
https://ad.mediawayss.com/delivery/sync?userid=ad1f481a-c69d-4a57-831b-33e7fddbf07f&inner_redirect=1&inner_uuid=eb6718de-e878-4354-bdc2-2720b7ae6d50&redirect_host_list=YWQub3V0c3RyZWFtLnRvZGF5LGFkLmFkb3B4Lm5ldCxhZC5pbnZhbWlhLmNvbSxhZC52aWR2ZXJ0by5pbyxhZC52aWR2ZXIudG8= HTTP 302
https://ad.outstream.today/delivery/sync?userid=ad1f481a-c69d-4a57-831b-33e7fddbf07f&inner_redirect=1&inner_uuid=eb6718de-e878-4354-bdc2-2720b7ae6d50&redirect_host_list=YWQuYWRvcHgubmV0LGFkLmludmFtaWEuY29tLGFkLnZpZHZlcnRvLmlvLGFkLnZpZHZlci50bw== HTTP 302
https://ad.adopx.net/delivery/sync?userid=ad1f481a-c69d-4a57-831b-33e7fddbf07f&inner_redirect=1&inner_uuid=eb6718de-e878-4354-bdc2-2720b7ae6d50&redirect_host_list=YWQuaW52YW1pYS5jb20sYWQudmlkdmVydG8uaW8sYWQudmlkdmVyLnRv HTTP 302
https://ad.invamia.com/delivery/sync?userid=ad1f481a-c69d-4a57-831b-33e7fddbf07f&inner_redirect=1&inner_uuid=eb6718de-e878-4354-bdc2-2720b7ae6d50&redirect_host_list=YWQudmlkdmVydG8uaW8sYWQudmlkdmVyLnRv

Request Chain 163

https://x.bidswitch.net/sync?ssp=prodoohmox&user_id=eb6718de-e878-4354-bdc2-2720b7ae6d50&gdpr=0&gdpr_consent= HTTP 302
https://ads.betweendigital.com/match?bidder_id=43092&gdpr=0&consent=&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dprodoohmox%26expires%3D30%26user_group%3D%24%7BUSER_GROUP%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://ads.betweendigital.com/match?bidder_id=43092&gdpr=0&consent=&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dprodoohmox%26expires%3D30%26user_group%3D%24%7BUSER_GROUP%7D%26gdpr%3D0%26gdpr_consent%3D&crf=1 HTTP 302
https://x.bidswitch.net/sync?dsp_id=429&user_id=556cf06d-c475-52e4-a0a4-b5c3c25f23d8&ssp=prodoohmox&expires=30&user_group=1&gdpr=0&gdpr_consent= HTTP 302
https://ad.mox.tv/delivery/sync?userid=ad1f481a-c69d-4a57-831b-33e7fddbf07f HTTP 302
https://ad.mediawayss.com/delivery/sync?userid=ad1f481a-c69d-4a57-831b-33e7fddbf07f&inner_redirect=1&inner_uuid=eb6718de-e878-4354-bdc2-2720b7ae6d50&redirect_host_list=YWQub3V0c3RyZWFtLnRvZGF5LGFkLmFkb3B4Lm5ldCxhZC5pbnZhbWlhLmNvbSxhZC52aWR2ZXJ0by5pbyxhZC52aWR2ZXIudG8= HTTP 302
https://ad.outstream.today/delivery/sync?userid=ad1f481a-c69d-4a57-831b-33e7fddbf07f&inner_redirect=1&inner_uuid=eb6718de-e878-4354-bdc2-2720b7ae6d50&redirect_host_list=YWQuYWRvcHgubmV0LGFkLmludmFtaWEuY29tLGFkLnZpZHZlcnRvLmlvLGFkLnZpZHZlci50bw== HTTP 302
https://ad.adopx.net/delivery/sync?userid=ad1f481a-c69d-4a57-831b-33e7fddbf07f&inner_redirect=1&inner_uuid=eb6718de-e878-4354-bdc2-2720b7ae6d50&redirect_host_list=YWQuaW52YW1pYS5jb20sYWQudmlkdmVydG8uaW8sYWQudmlkdmVyLnRv HTTP 302
https://ad.invamia.com/delivery/sync?userid=ad1f481a-c69d-4a57-831b-33e7fddbf07f&inner_redirect=1&inner_uuid=eb6718de-e878-4354-bdc2-2720b7ae6d50&redirect_host_list=YWQudmlkdmVydG8uaW8sYWQudmlkdmVyLnRv

Request Chain 191

https://x.bidswitch.net/sync?ssp=prodoohmox&user_id=eb6718de-e878-4354-bdc2-2720b7ae6d50&gdpr=0&gdpr_consent= HTTP 302
https://ads.betweendigital.com/match?bidder_id=43092&gdpr=0&consent=&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dprodoohmox%26expires%3D30%26user_group%3D%24%7BUSER_GROUP%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://ads.betweendigital.com/match?bidder_id=43092&gdpr=0&consent=&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dprodoohmox%26expires%3D30%26user_group%3D%24%7BUSER_GROUP%7D%26gdpr%3D0%26gdpr_consent%3D&crf=1 HTTP 302
https://x.bidswitch.net/sync?dsp_id=429&user_id=556cf06d-c475-52e4-a0a4-b5c3c25f23d8&ssp=prodoohmox&expires=30&user_group=1&gdpr=0&gdpr_consent= HTTP 302
https://ad.mox.tv/delivery/sync?userid=ad1f481a-c69d-4a57-831b-33e7fddbf07f HTTP 302
https://ad.mediawayss.com/delivery/sync?userid=ad1f481a-c69d-4a57-831b-33e7fddbf07f&inner_redirect=1&inner_uuid=eb6718de-e878-4354-bdc2-2720b7ae6d50&redirect_host_list=YWQub3V0c3RyZWFtLnRvZGF5LGFkLmFkb3B4Lm5ldCxhZC5pbnZhbWlhLmNvbSxhZC52aWR2ZXJ0by5pbyxhZC52aWR2ZXIudG8= HTTP 302
https://ad.outstream.today/delivery/sync?userid=ad1f481a-c69d-4a57-831b-33e7fddbf07f&inner_redirect=1&inner_uuid=eb6718de-e878-4354-bdc2-2720b7ae6d50&redirect_host_list=YWQuYWRvcHgubmV0LGFkLmludmFtaWEuY29tLGFkLnZpZHZlcnRvLmlvLGFkLnZpZHZlci50bw== HTTP 302
https://ad.adopx.net/delivery/sync?userid=ad1f481a-c69d-4a57-831b-33e7fddbf07f&inner_redirect=1&inner_uuid=eb6718de-e878-4354-bdc2-2720b7ae6d50&redirect_host_list=YWQuaW52YW1pYS5jb20sYWQudmlkdmVydG8uaW8sYWQudmlkdmVyLnRv HTTP 302
https://ad.invamia.com/delivery/sync?userid=ad1f481a-c69d-4a57-831b-33e7fddbf07f&inner_redirect=1&inner_uuid=eb6718de-e878-4354-bdc2-2720b7ae6d50&redirect_host_list=YWQudmlkdmVydG8uaW8sYWQudmlkdmVyLnRv

Request Chain 238

https://gaua.hit.gemius.pl/_1660655131292/rexdot.js?l=100&id=1w.q9md1vyi0RfOuiXz46WZVLVTZsxt2XTSMzkxvvoz.x7&et=view&hsrc=1&initsonar=1&extra=&inner=_ver%3D328&eventid=0&fr=1&tz=0&fv=-&href=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&ref=&screen=1600x1200r1000&col=24&window=1600x1200&vis=1&lsdata=P1OHIpzeOwrk1_RDBCJ_tDOonYOs8SLBjdUCh8lEG3X.87poK2f21sPM19PtD_kQ9PYdAXwYdr_Srs0BQOYYiPhI7WXu/RvKpaugvPDRJb/&ltime=391&fpdata=-TURNEDOFF HTTP 301
https://gaua.hit.gemius.pl/__/_1660655131292/rexdot.js?l=100&id=1w.q9md1vyi0RfOuiXz46WZVLVTZsxt2XTSMzkxvvoz.x7&et=view&hsrc=1&initsonar=1&extra=&inner=_ver%3D328&eventid=0&fr=1&tz=0&fv=-&href=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&ref=&screen=1600x1200r1000&col=24&window=1600x1200&vis=1&lsdata=P1OHIpzeOwrk1_RDBCJ_tDOonYOs8SLBjdUCh8lEG3X.87poK2f21sPM19PtD_kQ9PYdAXwYdr_Srs0BQOYYiPhI7WXu/RvKpaugvPDRJb/&ltime=391&fpdata=-TURNEDOFF

Request Chain 317

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 349

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fkorrespondent.net%2F&domain=korrespondent.net&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=cLl-BHxEdjh4T3ZuZ3c3eWJKS3BySnZwZGVLdVVPcVgwYkRIOTRQSDdqektERFJuQytXdjJaN2JBcHRIUFFnRDkwRzNxYllXZFRISXh4NnV0SkhOMGlEMkdHTkdhdCtLR2FWWjRYMDVOT3BoYUk0bFVQUGk0UGplVzY5bFJnZm9BMjkxL2h6NlowajRjaWtxRTZ2SmVlTWFvQ2E1MGVqOFdkVHhYRnQyR0tobUh2SGE4eS9uc2tmSHlUeUEreXpyYzV2UWlwWE4relllbEVoSktGaW1nd0k3Y0Zjd2MxUVIrNzBtMjE4RjVWcHdQMmowPXw&cppv=2

Request Chain 359

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 395

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 396

https://rr5---sn-4g5e6nzl.googlevideo.com/videoplayback?expire=1660683932&ei=HJb7YpOpCYOJxgKirKh4&ip=193.27.14.10&id=3ed0f943d73edb30&itag=22&source=youtube&requiressl=yes&mh=6i&mm=31&mn=sn-4g5e6nzl&ms=au&mv=m&mvi=5&pl=26&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=39.288&lmt=1630704983284524&mt=1660654646&txp=5311224&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRgIhAJH8DhauUAbYfvQn_34EZnD4H7LYy29nekgEXydMRt9bAiEAxFYiZrbMfiYL_OWmI2l805z6xKnBz7YiRQtKJgxqY4A=&lsparams=mh,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRQIhAIlGtXidrLPeoX10ASNySgM0Jp6v2qw_yLO28IoTzUcUAiAZXBL6COtvztiN9MgzKnnFeV4oGAV7qWigZZz0Zh2dew==&cpn=GIag2j7ROo_Tb9iO HTTP 302
https://rr4---sn-4g5ednd7.googlevideo.com/videoplayback?expire=1660683932&ei=HJb7YpOpCYOJxgKirKh4&ip=193.27.14.10&id=3ed0f943d73edb30&itag=22&source=youtube&requiressl=yes&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=39.288&lmt=1630704983284524&txp=5311224&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRgIhAJH8DhauUAbYfvQn_34EZnD4H7LYy29nekgEXydMRt9bAiEAxFYiZrbMfiYL_OWmI2l805z6xKnBz7YiRQtKJgxqY4A=&cpn=GIag2j7ROo_Tb9iO&redirect_counter=1&rm=sn-4g5ed776&req_id=34eb26302fd836e2&cms_redirect=yes&cmsv=e&ipbypass=yes&mh=6i&mip=2001:ac8:20:301::201e&mm=31&mn=sn-4g5ednd7&ms=au&mt=1660654862&mv=m&mvi=4&pl=53&lsparams=ipbypass,mh,mip,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRgIhAKTOFiFjrJnk4aUYJDk4zm48Xyu7qL8Oi1116lga74V9AiEAwF3elk-N7XkVJJ40TcAmGddiLUv6v9sV2iN_jRoloXQ%3D

Request Chain 403

https://mc.yandex.com/watch/61684903?wmode=7&page-url=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Anlzej4hetqp77kpsc2e48%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A870%3Acn%3A1%3Adp%3A0%3Als%3A393081872149%3Ahid%3A958686927%3Az%3A0%3Ai%3A20220816130532%3Aet%3A1660655133%3Ac%3A1%3Arn%3A534516308%3Arqn%3A1%3Au%3A1660655133195433051%3Aw%3A300x250%3As%3A1600x1200x24%3Ask%3A1%3Aifr%3A1%3Acpf%3A1%3Antf%3A1%3Ans%3A1660655131164%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C5%2C0%2C5%2C5%2C0%2C5%3Awv%3A2%3Aco%3A0%3Arqnl%3A1%3Ast%3A1660655133%3At%3A&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)rqnl(1)ti(2) HTTP 302
https://mc.yandex.com/watch/61684903/1?wmode=7&page-url=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Anlzej4hetqp77kpsc2e48%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A870%3Acn%3A1%3Adp%3A0%3Als%3A393081872149%3Ahid%3A958686927%3Az%3A0%3Ai%3A20220816130532%3Aet%3A1660655133%3Ac%3A1%3Arn%3A534516308%3Arqn%3A1%3Au%3A1660655133195433051%3Aw%3A300x250%3As%3A1600x1200x24%3Ask%3A1%3Aifr%3A1%3Acpf%3A1%3Antf%3A1%3Ans%3A1660655131164%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C5%2C0%2C5%2C5%2C0%2C5%3Awv%3A2%3Aco%3A0%3Arqnl%3A1%3Ast%3A1660655133%3At%3A&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29rqnl%281%29ti%282%29

Request Chain 673

https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dyvmanyrg%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3Fmu8def8TlD-By_7R6qmKPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUP9Z4kkc6no0Kw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgAViUgiQAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521MBeghwjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjA0M0CGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDQz%2Fbn%3D96624%2Fclickenc%3D HTTP 302
https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dyvmanyrg%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3Fmu8def8TlD-By_7R6qmKPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUP9Z4kkc6no0Kw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgAViUgiQAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521MBeghwjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjA0M0CGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDQz%2Fbn%3D96624%2Fclickenc%3D&uidRedirect=1

Request Chain 676

https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dluzlkxf%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3FywHhN4T7kj8mIw4ZcDWJPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUP3DWELS0rZcdw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgAdSLiIgAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521MBedhwjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjAxNkCGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDE2%2Fbn%3D96473%2Fclickenc%3D HTTP 302
https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dluzlkxf%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3FywHhN4T7kj8mIw4ZcDWJPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUP3DWELS0rZcdw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgAdSLiIgAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521MBedhwjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjAxNkCGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDE2%2Fbn%3D96473%2Fclickenc%3D&uidRedirect=1

Request Chain 679

https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dmylhifuyj%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3Fmu8def8TlD-By_7R6qmKPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUPyZXAqiBMUdhw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgAQSROKgAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521NRf9iAjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjAzOUCGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDM5%2Fbn%3D96578%2Fclickenc%3D HTTP 302
https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dmylhifuyj%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3Fmu8def8TlD-By_7R6qmKPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUPyZXAqiBMUdhw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgAQSROKgAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521NRf9iAjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjAzOUCGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDM5%2Fbn%3D96578%2Fclickenc%3D&uidRedirect=1

Request Chain 682

https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dqhnmckig%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3Fmu8def8TlD-By_7R6qmKPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUP0VJlOaZGFkzw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgABSXRbAAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521Khf4hQjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjAwMUCGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDAx%2Fbn%3D96382%2Fclickenc%3D HTTP 302
https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dqhnmckig%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3Fmu8def8TlD-By_7R6qmKPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUP0VJlOaZGFkzw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgABSXRbAAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521Khf4hQjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjAwMUCGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDAx%2Fbn%3D96382%2Fclickenc%3D&uidRedirect=1

Request Chain 720

https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=61a5d4f56c48fdD3MUNnI6FYA1LGZkZGfjPQA1DoEIgfbf00lZwpdZ3oGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=39020200079871301467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fp5ca3cup5eyc2o6%3Ftprde%3D HTTP 302
https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=61a5d4f56c48fdD3MUNnI6FYA1LGZkZGfjPQA1DoEIgfbf00lZwpdZ3oGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=39020200079871301467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fp5ca3cup5eyc2o6%3Ftprde%3D&uidRedirect=1

Request Chain 725

https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=b42e0c11bdb9nURHeQtJyh0FGA2RGZmRYfjDGA0JHIYAXlBadXAaoGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=44045500079871201467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fp9a21ezln8dufjv%3Ftprde%3D HTTP 302
https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=b42e0c11bdb9nURHeQtJyh0FGA2RGZmRYfjDGA0JHIYAXlBadXAaoGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=44045500079871201467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fp9a21ezln8dufjv%3Ftprde%3D&uidRedirect=1

Request Chain 729

https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=488d7e08bb01jEPSHZNbIcYg0HwAkRmZkPYZ0HQgSI1FabXmYkpYeloGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=99284700079871401467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fp8kzgvxbse3un4j%3Ftprde%3D HTTP 302
https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=488d7e08bb01jEPSHZNbIcYg0HwAkRmZkPYZ0HQgSI1FabXmYkpYeloGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=99284700079871401467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fp8kzgvxbse3un4j%3Ftprde%3D&uidRedirect=1

Request Chain 739

https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=4f3fcc6aa457NUPAKYNbIcYg0HwAkRmZkPYZ0HQgSI1FUmfGB38lbjoGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=19324500079871501467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fp0oa8z4rhgh6fd1%3Ftprde%3D HTTP 302
https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=4f3fcc6aa457NUPAKYNbIcYg0HwAkRmZkPYZ0HQgSI1FUmfGB38lbjoGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=19324500079871501467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fp0oa8z4rhgh6fd1%3Ftprde%3D&uidRedirect=1

Request Chain 753

https://www.awin1.com/cshow.php?s=2519519&v=14098&q=379074&r=559379&pv=0&pref1=24397500079872301649441012053025 HTTP 302
https://media.kaspersky.com/de/affiliates/evergreen-kis-300x250.jpg

Request Chain 760

https://www.awin1.com/cshow.php?s=2519519&v=14098&q=379074&r=559379&pv=0&pref1=52487000079872401649441012053025 HTTP 302
https://media.kaspersky.com/de/affiliates/evergreen-kis-300x250.jpg

Request Chain 761

https://www.awin1.com/cshow.php?s=2519519&v=14098&q=379074&r=559379&pv=0&pref1=25212000079872501649441012053025 HTTP 302
https://media.kaspersky.com/de/affiliates/evergreen-kis-300x250.jpg

Request Chain 772

https://www.awin1.com/cshow.php?s=2519519&v=14098&q=379074&r=559379&pv=0&pref1=40559400079872701649441012053025 HTTP 302
https://media.kaspersky.com/de/affiliates/evergreen-kis-300x250.jpg

Request Chain 778

https://www.awin1.com/cshow.php?s=2519519&v=14098&q=379074&r=559379&pv=0&pref1=97672800079872801649441012053025 HTTP 302
https://media.kaspersky.com/de/affiliates/evergreen-kis-300x250.jpg

Request Chain 783

https://www.awin1.com/cshow.php?s=2519519&v=14098&q=379074&r=559379&pv=0&pref1=11565500079872901649441012053025 HTTP 302
https://media.kaspersky.com/de/affiliates/evergreen-kis-300x250.jpg

Request Chain 867

https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F HTTP 302
https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Request Chain 868

https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F HTTP 302
https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Request Chain 871

https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F HTTP 302
https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Request Chain 874

https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F HTTP 302
https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Request Chain 875

https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F HTTP 302
https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Request Chain 882

https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F HTTP 302
https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Request Chain 883

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id= HTTP 302
https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t HTTP 302
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=WJ2smhv6TDeFXk8N9IZMOA&rk=usync-na HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=WJ2smhv6TDeFXk8N9IZMOA

Request Chain 884

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEMpZQy1lnN6CRRADSLN6yTw&google_cver=1

Request Chain 886

https://token.rubiconproject.com/token?pid=36584 HTTP 302
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L6W76UJ5-26-B83N

Request Chain 887

https://token.rubiconproject.com/token?pid=26594 HTTP 302
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L6W76UJ5-26-B83N&sigv=1&esig=2~46c7b366bb2c3e951f3e98f93a8d8fd6216fc88e

Request Chain 888

https://token.rubiconproject.com/token?pid=25470 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDZXNzZVSjUtMjYtQjgzTg==

Request Chain 889

https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=ZjA4MGU2YmE3NDA5NzllZmRhYzMwZDY3ZTdiNWUzZTNiMTcwY2Q2NA

Request Chain 890

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id= HTTP 302
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t HTTP 302
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=tIIWAQ7FQeaQgMm6YZwk4A&rk=usync-other HTTP 302
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=tIIWAQ7FQeaQgMm6YZwk4A

Request Chain 895

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YvuWIb4Ni5Ixzz26htiDoAAABLIAAAIB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YvuWIb4Ni5Ixzz26htiDoAAABLIAAAIB&dcc=t

Request Chain 896

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YvuWIf7lsxcWdNTum-tKHQAA HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEFVuKJ4I4FnEDg4sU0Ft2PY&google_cver=1&gdpr=1

Request Chain 899

https://csync.loopme.me/?redirect=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D24%26external_user_id%3D%7Bviewer_token%7D&us_privacy=&gdpr=1&gdpr_consent= HTTP 307
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=24&external_user_id=9f0e1a55-879d-4459-afbb-46b09f03cbae&us_privacy=null&gdpr_consent=null&gdpr=1

Request Chain 901

https://s.company-target.com/s/ix?cm_dsp_id=18&us_privacy=&gdpr=1&gdpr_consent= HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=18&expiration=1676552738&external_user_id=a5a2b5bd-6a0c-443d-af21-895923bd36e9

Request Chain 903

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YvuWIUBIcrYP1SO89p2MwQAABJQAAAIB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YvuWIUBIcrYP1SO89p2MwQAABJQAAAIB&dcc=t

Request Chain 906

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YvuWIf7lsxcWdNTum-tKHQAA HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEFVuKJ4I4FnEDg4sU0Ft2PY&google_cver=1&gdpr=1

Request Chain 907

https://um.simpli.fi/pm_match?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=$UID&gdpr=1 HTTP 302
https://um.simpli.fi/no_match_opted_out

Request Chain 909

https://sync.srv.stackadapt.com/sync?nid=68&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=123&external_user_id=t1_dwN0cQD59TwSgYl63QsEbDgo

Request Chain 912

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YvuWIWhdEcXKNUAsPdUQCgAABLoAAAAB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YvuWIWhdEcXKNUAsPdUQCgAABLoAAAAB&dcc=t

Request Chain 913

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YvuWIf7lsxcWdNTum-tKHQAA HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEFVuKJ4I4FnEDg4sU0Ft2PY&google_cver=1&gdpr=1

Request Chain 918

https://beacon.lynx.cognitivlabs.com/ix.gif HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=8&external_user_id=c4cd75d5-2d97-4fee-9cd4-2f0c6c07bc9b&expiration=1692191138

Request Chain 922

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YvuWIdASdaKEXHVnQ0DVLQAABIcAAAAB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YvuWIdASdaKEXHVnQ0DVLQAABIcAAAAB&dcc=t

Request Chain 923

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YvuWIf7lsxcWdNTum-tKHQAA HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEFVuKJ4I4FnEDg4sU0Ft2PY&google_cver=1&gdpr=1

Request Chain 925

https://d.adroll.com/cm/index/ssp?gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=105&external_user_id=0

Request Chain 926

https://s.company-target.com/s/ix?cm_dsp_id=18&us_privacy=&gdpr=1&gdpr_consent= HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=18&expiration=1676552738&external_user_id=acd2c2b5-39d5-4390-90dc-61c526374588

Request Chain 932

https://sync.mathtag.com/sync/img?mt_exid=15&redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D3%26external_user_id%3D%5BMM_UUID%5D&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=661f62fb-961b-4500-92f9-12a388ac2c6f&gdpr=1&gdpr_consent=

Request Chain 933

https://match.prod.bidr.io/cookie-sync/ie?gdpr=1 HTTP 303
https://match.prod.bidr.io/cookie-sync/ie?gdpr=1&_bee_ppp=1 HTTP 303
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AADvkk7F9ywAAA6L_n_dxQ&expiration=1661864738&gdpr=1

Request Chain 934

https://b1sync.zemanta.com/usersync/index/?us_privacy=&gdpr=1&gdpr_consent= HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=&gdpr=1

Request Chain 937

https://um.simpli.fi/pm_match?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=$UID&gdpr=1 HTTP 302
https://um.simpli.fi/no_match_opted_out

Request Chain 941

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YvuWIf7lsxcWdNTum-tKHQAA HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEFVuKJ4I4FnEDg4sU0Ft2PY&google_cver=1&gdpr=1

Request Chain 942

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YvuWIf7lsxcWdNTum_tKHQAABL0AAAIB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YvuWIf7lsxcWdNTum_tKHQAABL0AAAIB&dcc=t

Request Chain 945

https://ad.turn.com/r/cs?pid=21&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=8064572279461375662

Request Chain 946

https://nep.advangelists.com/xp/user-sync?acctid=405&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D195%26external_user_id%3D%7BPARTNER_VISITOR_ID%7D%0A HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-705f501a-e4ce-4cb4-83b7-ab60eca6d970

Request Chain 948

https://ad.turn.com/r/cs?pid=21&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=4157699602717470382

Request Chain 951

https://casale-match.dotomi.com/match/bounce/current?networkId=19998&version=1&gdpr=1 HTTP 302
https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1660741538&gdpr=1

Request Chain 952

https://sync.mathtag.com/sync/img?mt_exid=15&redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D3%26external_user_id%3D%5BMM_UUID%5D&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=661f62fb-961b-4500-92f9-12a388ac2c6f&gdpr=1&gdpr_consent=

Request Chain 953

https://px.owneriq.net/eucm/p/cc?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D31%26external_user_id%3D(OIQ_UUID) HTTP 302
https://px.owneriq.net/ecc?redir=https%3a%2f%2fdsum-sec.casalemedia.com%2fcrum%3fcm_dsp_id%3d31%26external_user_id%3dQ7139415381670211962&uid=Q7139415381670211962&ref=%2Feucm%2Fp%2Fcc HTTP 302
https://px.owneriq.net/noop?ct=image%2Fgif

Request Chain 954

https://pixel.quantserve.com/pixel/p-Z8PuJEk6U7Hyq.gif?idmatch=0&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&&external_user_id=pSkpXaotfl6-LH5dqi1iXfJ9eQy-en1Z8igB9jty

Request Chain 969

https://googleads.g.doubleclick.net/aclk?sa=l&ai=CZJiSG5b7YrGEOqaSxwLuoLPwDPPj3-Brjdjd75cQsJAfEAEggM_UfGCVgoCAlAegAYjmoKoByAEFqQKtlUR5CQmxPuACAKgDAZgEAKoE9AJP0Eio67Fpm--beKCV4g3ptflHHH0GAf4SN5Gl9MZJn-sRukinQkE58h0Qk1Zzh5vc_rcFD4AX3MGTmMufTAcVvpvczCz8WUAezKsgU5W_rPbybyFvayPp5HWb2yR6ufQVzU8zuTG8oIyYbHqLCWcMk7xZN593uNqXhOGE1PPkjLZFwn4TYKA9HSYgrOpOfGxh0Hv72vVDecQ-fy8yahvrRgG3pyoOGyZDyfH9qYUBu89k9hBPQ1rBQDOTT0RbEuhk60OyxQQ9lFJ5uPtdjfhTpx7gi1dlj1vh_W6BnCHC0DV2iSUgkLuQhenNedQGHJextWqLNv3AsUt6zZ1LqIyQ5Sl78WldLVQzEYbRrCBLyqc8cxgfxoXvp5W1BmCSR2P9E-bM-aRf44m7-tmfLHrs0t9W-oYdw6HbSHlkMvmenOkrHXciY0xKnuVUx9jBGVI7ihkPtkXMmOeCCWGvdW2qZBNwuoOCwIjQGUuLnu4ANdL2RebABMW8irv8A-AEAYgF5NamtkGSBQgIAxADGAFQAaAGVIAH4Jnf1QKoB47OG6gHk9gbqAec3BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwGoCAHSCBEIgOGAEBABGB0yAqoCOgKAQPIIG2FkeC1zdWJzeW4tMjk2MDA2MzU0MDIxMjcyOLEJRpEBiQk4epGACgOYCwHICwHQCw64DAHYEwzQFQHiFgIIAfgWAYAXAQ&num=1&sig=AOD64_219_Jj9xo2M_ktFpzBjgqQuxgkvA&client=ca-pub-5855149998903976&uach_m=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=https://www.loewenanteil.com/collections/bio-fertiggerichte%3Futm_source%3Dyoutube%26utm_medium%3Dcpc%26utm_campaign%3D136489115205%26utm_content%3D616162344916&ctype=110&label=video_10s_engaged_view&ad_mt=10219&acvw=sv%3D932%26cb%3Dima%26nas%3D1%26sdk%3Dh%26p%3D1146,330,1489,940%26p0%3D1146,330,1489,940%26p1%3D1146,330,1489,940%26tos%3D0,0,0,0,10283%26mtos%3D0,0,0,0,10283%26amtos%3D0,0,0,0,0%26mtos1%3D0,0,10018%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26a0%3D0%26a1%3D0%26ft%3D0%26at%3D0%26as%3D0%26vpt%3D10283%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D2784%26pst%3D450%26dur%3D39241%26vmtime%3D10219%26is%3D274%26i0%3D274%26i1%3D274%26cs%3D4370%26c%3D0.15%26c0%3D0.15%26c1%3D0.15%26mc%3D0.15%26nc%3D0.15%26mv%3D0%26nv%3D0%26qmt%3D0,0,0,0,265%26qnc%3D0.15%26qmv%3D0%26qnv%3D0%26lte%3D0.15%26ces%26femt%3D1134%26femvt%3D0%26emc%3D52%26emuc%3D0%26emb%3D0,0,0,0,51%26avms%3Dexc%26qi%3D646087803%26psm%3D-2147481601%26psv%3D0%26psfv%3D0%26psa%3D0%26ptlt%3D12012%26pngs%3D9,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,10283%26ss0%3D0.01%26ss1%3D0.01&gv=atos%3D0,0,0,0,0%26avt%3D0%26ss%3D0.01%26t%3D1660655132404 HTTP 302
https://www.googleadservices.com/pagead/aclk?sa=L&ai=CdNiQG5b7YrGEOqaSxwLuoLPwDPPj3-Brjdjd75cQsJAfEAEggM_UfGCVgoCAlAegAYjmoKoByAEFqQKtlUR5CQmxPuACAKgDAZgEAKoE9AJP0Eio67Fpm--beKCV4g3ptflHHH0GAf4SN5Gl9MZJn-sRukinQkE58h0Qk1Zzh5vc_rcFD4AX3MGTmMufTAcVvpvczCz8WUAezKsgU5W_rPbybyFvayPp5HWb2yR6ufQVzU8zuTG8oIyYbHqLCWcMk7xZN593uNqXhOGE1PPkjLZFwn4TYKA9HSYgrOpOfGxh0Hv72vVDecQ-fy8yahvrRgG3pyoOGyZDyfH9qYUBu89k9hBPQ1rBQDOTT0RbEuhk60OyxQQ9lFJ5uPtdjfhTpx7gi1dlj1vh_W6BnCHC0DV2iSUgkLuQhenNedQGHJextWqLNv3AsUt6zZ1LqIyQ5Sl78WldLVQzEYbRrCBLyqc8cxgfxoXvp5W1BmCSR2P9E-bM-aRf44m7-tmfLHrs0t9W-oYdw6HbSHlkMvmenOkrHXciY0xKnuVUx9jBGVI7ihkPtkXMmOeCCWGvdW2qZBNwuoOCwIjQGUuLnu4ANdL2RebABMW8irv8A-AEAYgF5NamtkGSBQgIAxADGAFQAcAFbqAGVIAH4Jnf1QKoB47OG6gHk9gbqAec3BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwGoCAHSCBEIgOGAEBABGB0yAqoCOgKAQPIIG2FkeC1zdWJzeW4tMjk2MDA2MzU0MDIxMjcyOJoJO2h0dHBzOi8vd3d3LmxvZXdlbmFudGVpbC5jb20vY29sbGVjdGlvbnMvYmlvLWZlcnRpZ2dlcmljaHRlsQlGkQGJCTh6kYAKA5gLAcgLAdALDrgMAdgTDNAVAeIWAggB-BYBgBcB&num=1&client=ca-pub-5855149998903976&ctype=110&label=video_10s_engaged_view&ad_mt=10219&acvw=sv%3D932%26cb%3Dima%26nas%3D1%26sdk%3Dh%26p%3D1146,330,1489,940%26p0%3D1146,330,1489,940%26p1%3D1146,330,1489,940%26tos%3D0,0,0,0,10283%26mtos%3D0,0,0,0,10283%26amtos%3D0,0,0,0,0%26mtos1%3D0,0,10018%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26a0%3D0%26a1%3D0%26ft%3D0%26at%3D0%26as%3D0%26vpt%3D10283%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D2784%26pst%3D450%26dur%3D39241%26vmtime%3D10219%26is%3D274%26i0%3D274%26i1%3D274%26cs%3D4370%26c%3D0.15%26c0%3D0.15%26c1%3D0.15%26mc%3D0.15%26nc%3D0.15%26mv%3D0%26nv%3D0%26qmt%3D0,0,0,0,265%26qnc%3D0.15%26qmv%3D0%26qnv%3D0%26lte%3D0.15%26ces%26femt%3D1134%26femvt%3D0%26emc%3D52%26emuc%3D0%26emb%3D0,0,0,0,51%26avms%3Dexc%26qi%3D646087803%26psm%3D-2147481601%26psv%3D0%26psfv%3D0%26psa%3D0%26ptlt%3D12012%26pngs%3D9,14,15s%26veid%3Dxdi:0,amp:0%26ssb%3D0,0,0,0,0,0,0,0,0,0,10283%26ss0%3D0.01%26ss1%3D0.01&gv=atos%3D0,0,0,0,0%26avt%3D0%26ss%3D0.01%26t%3D1660655132404&cid=CAQSKQCsnQUx9-oArqyINdtv9_6G32F4a3kgPxBHkC1l-6gN9QrxuFDY1bHZ&dblrd=1&val=ChAyMjc2MmM5N2Y1Y2QwMDUzEJus7pcGGgjTfneVuxeIbyABKAE&sig=AOD64_2vswS0ZKMRwk_LyWS3CiOr2PA6iw&adurl=https://www.loewenanteil.com/collections/bio-fertiggerichte%3Futm_source%3Dyoutube%26utm_medium%3Dcpc%26utm_campaign%3D136489115205%26utm_content%3D616162344916

Request Chain 987

https://gum.criteo.com/sid/json?origin=publishertag&domain=mediawoot.com&sn=ChromeSyncframe&so=0&topUrl=korrespondent.net&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=K5gLpHw0dnNRQ2VrQVBhUFhmSlZkRWxrbmJoNit5aXVZOW93M1plTll5K3dUcEJHWlBtaGVERkpneFFuUEZaZmxtak1Ia25vRTYwbFc0N3FldzJvTFRIS1RONmZrNmZkMHJnMHoyelEvMll1RTlwNFdjTzJSN0JENXA0WUlna1FyYmw1VGtJY1NEeE9qY3g5SWd4VFpmL0ZFRHdwRC9pb2RPVVRUWkdFdHVXVDVMellEVnpGNVJnd0Z1VjI0S3ZrcUZDT0p5SlpYOHN2b0pTQUpVWlhFM1hTL20zTEI2cnB1Q0xOWXRvb3JlcG1QWjlNaHB1OUhoeGExWjFRblh2dGNTY0VUa1Z2U3lTR0dDdkwxM3pJbytCNlF4TTdlTkdTeGFTdnJzTnk5Zmp4amkzbz18&cppv=2

Request Chain 988

https://gum.criteo.com/sid/json?origin=publishertag&domain=mediawoot.com&sn=ChromeSyncframe&so=0&topUrl=korrespondent.net&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=AuSp63xmaGRGbHZtL0NIQjRjTk9yZmx1TUdYcHYvdWFHR01ZeEpjN3FSVjFCenBXUzZxanJhUHI0QjdZb21UbkhQZDdIMzQ2SFROSGtjbjk5cXpBVlUya1lGZmFBbmpMbTlOVnRtNFRIbWpaOE1MMGowZmlNQklja3p4MTdUZnFGbjJTc295dU5OaHNuOXFvQWxTQ2FGMmd5TlRHV01GdGs2V0hkMGM0eUVPUlR1ejFoeUdmWFJGbzlrUlNpR2NFU0dGZ2MyV29VUk42eGNOZ0VFeDF2S3FRSnNBVWY2bWFoeUVOa0gwRkttNU9McWZkZ1Y5R1VuczdJamNLS2tFK3ZvODNnNWpuZlBNVVQ0Y3lvb0tEUlVyOEF2WnN2RzJZWFcyYTQrdHZJTTdOUkVzYz18&cppv=2

Request Chain 989

https://gum.criteo.com/sid/json?origin=publishertag&domain=mediawoot.com&sn=ChromeSyncframe&so=0&topUrl=korrespondent.net&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=Lhya4XwzZE4xaWJkU1hOd2lqWHZob0VWa1JXSEZYMWlMMkR2d2YyVFNqZHZpa0MwQW5GckV4UE5OeUhsWS85YVlqMm9mQUcvb3lOT3VKZEpySTYrUDBkcXpFM3hRakNLdUxPdmZkOTRjL0VvQndtMTVmT2JNK1VpODg4V0FpcmtsQlFIVkpCWFZGU3JVL3cwT05ReTFmR0JaN3ZmbSt6YkNZQWxDeHRHODZtR2dGYXE3RkFhY0tCd0tRbnk1Rm9QWEY4eHF4UGY2NUJDTFpUT21WL3VUdkhpb0hBTnlqMlRFdkpic2NvaFZuTWN2UEcrVHV0ZElGRnhpQ3hLWWh4MEFKM2hZNldNNTVJRXhLVTkrN3EwaG81b2hPbkwvQnBidDU3a25aMHpKRWVmS3VwND18&cppv=2

Request Chain 990

https://gum.criteo.com/sid/json?origin=publishertag&domain=mediawoot.com&sn=ChromeSyncframe&so=0&topUrl=korrespondent.net&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=4vv9IHx2L0h6VUNYM0JqcFZGM3VoTmdOZUoxK0NjSmlud1QxVUZONm1CRnRKbEVWekNRNE9zNnVsZjIvblk4NFZUN05KdFF2RnkvaGVtZmJheHBZK29XN1owVE96dlh2Rm11Z3hPZDg0a09LRGtJZ0k0RlhzTFlpaU5udzR2Ukd3dUlDTVpvUzBPV1V6Q042bjA0QnRtcWdpMHVYZWx2N1RSV2NJVmsrWDFJaXBLZUhtSGM5SXpiblBTQlpKS3EvL2doSGhPYzNXQnp0cVlXemhXeXJ0REVjdWQrQVdWdjc5S0NKdmN5eUhFakNZRElqZXFRa3lucjlRdE1UblVhbmVWNkR5bDlGakltRkxYYmIydDRsMWFHTjF1T2JLMnhKYUcwcmtQY20wb1BaODFsRT18&cppv=2

Request Chain 991

https://gum.criteo.com/sid/json?origin=publishertag&domain=mediawoot.com&sn=ChromeSyncframe&so=0&topUrl=korrespondent.net&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=UeS3fXw5cm5LL2I3Y0x4bnlocU1zSXQvS3JQV01JWWprK0VvWWY3WDl0ZU1JWFpuNTVwSlhPSlRKRFYzbWpMSCtHQjRpSVpvT1RBd2RndzEwWk5OdWo1RVZ2Y0pxdWNIbjJKUnlZanppeWhCS0FHaUMzYVM4VXNrTHlJNWhnUTZpck9NcHR5V2M1YVZnZUh2SElldUNPaXIwS3NDanJwMUdVZEtFYlIzQTV2T1daVnBrdTM2OGNKNzFFNGFwQTU4NnB1MDd0SzZuT25yQWlYa05jU2JHUmJYYWlVQjVIb2pSUVA0TUpWYVNrK0p6TXpCOGlIcFpWR2tqeHdXZG5UVSt4dFdRMFlHL3JoMXl1eDIzNnl5empxYzBOY1oxZXRVeTdzdjRtQXZWcTBsRzQ3ND18&cppv=2

Request Chain 992

https://gum.criteo.com/sid/json?origin=publishertag&domain=mediawoot.com&sn=ChromeSyncframe&so=0&topUrl=korrespondent.net&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=reJ5b3xtdTJVM3dMbUtGOEVGTmpIZEZGbXdsYmtRcU5ZQ01LYnpzUUxMS3hzcUx3L0kzRmZ3ZFhocjFEZkJiVkw4c0FFUGU2NnpybXk3T2pRQTFBc0ViQittelFJcjUyWlhydnFGRS9ZK0RHMXFPa2hmWVVSRnZtNitxZHRHVHI0MlBaUXJ0aDJ3RVI0UmgvMklCWWxxSWl5a2VCSmdpeUtXaHcwL0hwN2E5UnVkV1lFVXdjemRMSTNrSk9PcE9yNERUTHFZbmszeVlKVGg3Y01hWU5pSEZIV0YrNkJmUCtFR3FoN1pkeWdnWkdaczdqUGtYOXE3cjF4am9qbzY2bDZWZXUza2ZobEtNcjk5SnNLOEo5cFR0Qk51cVMyQVVYK2pxc0Z5NEFEeDlGRlF4cz18&cppv=2

Request Chain 993

https://gum.criteo.com/sid/json?origin=publishertag&domain=mediawoot.com&sn=ChromeSyncframe&so=0&topUrl=korrespondent.net&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=7a4FTHx0WEgrczhEZGJhT2Fic2ZiVFB5TEY0QlZJVWxzanhIUG9Dd1VRVFptUEVseFpINjFWNlYxUm5tYWhEQnpMTXAvdXVpOGxsYzYrVE5uZXI5eW90bGRQWjFqbDBkWU5tSDRQMXgrVlR3ZldyblZzZlUwTlZpOWF6SFV4dUp6NkRSR1NCUnNzZmNCN1BueW9JVkhyRkM1cklWMGJMWXN0T1c4RUUyZ29ueFpSTzFUUmpNUXdhMUgrVTd3VFRtaEdLYjV6cisvbVJVUmxSRTZtTFB6Uzh4VmhwOTBwL0k4Y3lLckJ2UmJVdlJvbUFzS1JQVlBMVnIrd3ZxMlN3MlVrSW42UHNaY2lCTWJLc0IrNWg1Tm5YZDhleE1aRGROS1AreldrSmxNSFAwZWNJST18&cppv=2

965 HTTP transactions
31 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request 4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi Show response
korrespondent.net/ukraine/ 94 KB
20 KB 497ms
236ms Document
text/html 2606:4700::6812:1eb6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1eb6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: e569a6d27fe5bc6a02f55325fd428a8a813acbdfba76d01fbe907ae035cc68eb

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 73ba61beffc701e7-ZRH
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 16 Aug 2022 13:05:29 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: -1
pragma: no-cache
server: cloudflare
vary: Accept-Encoding
x-powered-by: ASP.NET

GET
H2 200 opensans-condbold-webfont.woff
csskor.ill.in.ua/fonts/ 49 KB
49 KB 146ms
45ms Font
font/x-woff 193.29.200.151
UMHAS

General

Check archive.org

Show headers Download Go to

Full URL: https://csskor.ill.in.ua/fonts/opensans-condbold-webfont.woff
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.29.200.151 , Ukraine, ASN197203 (UMHAS, UA),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 26dc9aca8f2ab8bbb58b5e9e5918988475e42f7cffad974698a71b2addc6ec5b

Request headers

Referer: https://korrespondent.net/
Origin: https://korrespondent.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
last-modified: Wed, 18 Dec 2013 10:08:55 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
etag: "7499fa28d9fbce1:0"
content-type: font/x-woff
access-control-allow-origin: *
cache-control: public, max-age=31536
accept-ranges: bytes
content-length: 49816

GET
H2 200 index.min.css
csskor.ill.in.ua/css/ 188 KB
30 KB 146ms
44ms Stylesheet
text/css 193.29.200.151
UMHAS

General

Check archive.org

Show headers Download Go to

Full URL: https://csskor.ill.in.ua/css/index.min.css?v=3.1.2
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.29.200.151 , Ukraine, ASN197203 (UMHAS, UA),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 3c914c5ec7768654dc4f35534b46d2da72708c4db16148a833ce1847b893f60a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
content-encoding: gzip
etag: "80b91c43f335d71:0"
last-modified: Tue, 20 Apr 2021 14:41:35 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: text/css
cache-control: no-cache,public, max-age=31536
accept-ranges: bytes
content-length: 30556

GET
H2 200 responsive.min.css
csskor.ill.in.ua/css/ 28 KB
5 KB 191ms
89ms Stylesheet
text/css 193.29.200.151
UMHAS

General

Check archive.org

Show headers Download Go to

Full URL: https://csskor.ill.in.ua/css/responsive.min.css?v=1.1.2
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.29.200.151 , Ukraine, ASN197203 (UMHAS, UA),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: eda53a126b9ad636ada21bc74b0e54c5dfa526083e7a876b17eb90061254d275

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
content-encoding: gzip
etag: "08f70dd1331d71:0"
last-modified: Wed, 14 Apr 2021 09:52:22 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: text/css
cache-control: no-cache,public, max-age=31536
accept-ranges: bytes
content-length: 5192

GET
H2 200 admin.css
csskor.ill.in.ua/css/ 3 KB
936 B 191ms
90ms Stylesheet
text/css 193.29.200.151
UMHAS

General

Check archive.org

Show headers Download Go to

Full URL: https://csskor.ill.in.ua/css/admin.css?v=1
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.29.200.151 , Ukraine, ASN197203 (UMHAS, UA),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: d2fbad9636c1fb1ddc3e083984f2b5d3a955a32fdb6247876aabee203958e7dc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
content-encoding: gzip
etag: "0dce73f2e70cf1:0"
last-modified: Thu, 15 May 2014 11:10:16 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: text/css
cache-control: no-cache,public, max-age=31536
accept-ranges: bytes
content-length: 855

GET
H2 200 adv.css
csskor.ill.in.ua/css/ 2 KB
603 B 192ms
92ms Stylesheet
text/css 193.29.200.151
UMHAS

General

Check archive.org

Show headers Download Go to

Full URL: https://csskor.ill.in.ua/css/adv.css?v=1
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.29.200.151 , Ukraine, ASN197203 (UMHAS, UA),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 2791dcb76821658dce3165022548a9d1032f4c99efe7acfaafdd6327cbd88129

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
content-encoding: gzip
etag: "0dce73f2e70cf1:0"
last-modified: Thu, 15 May 2014 11:10:16 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: text/css
cache-control: no-cache,public, max-age=31536
accept-ranges: bytes
content-length: 560

GET
H2 200 jquery-ui-1.9.2.custom.css
csskor.ill.in.ua/css/jq/ui/smoothness/ 31 KB
6 KB 192ms
91ms Stylesheet
text/css 193.29.200.151
UMHAS

General

Check archive.org

Show headers Download Go to

Full URL: https://csskor.ill.in.ua/css/jq/ui/smoothness/jquery-ui-1.9.2.custom.css
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.29.200.151 , Ukraine, ASN197203 (UMHAS, UA),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 1885450c0476075437b5f7356ec5dc33fa5179e850cc4dbf59c29f37744818f5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
content-encoding: gzip
etag: "066d961b32cf1:0"
last-modified: Tue, 25 Feb 2014 11:20:28 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: text/css
cache-control: no-cache,public, max-age=31536
accept-ranges: bytes
content-length: 6146

GET
H2 200 royalslider.min.css
csskor.ill.in.ua/css/ 12 KB
3 KB 192ms
92ms Stylesheet
text/css 193.29.200.151
UMHAS

General

Check archive.org

Show headers Download Go to

Full URL: https://csskor.ill.in.ua/css/royalslider.min.css?v=1
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.29.200.151 , Ukraine, ASN197203 (UMHAS, UA),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: bcab73e79e54f5f8b0cf77546f937aaf4aed60947fc1e4a7801813ed34728c4f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
content-encoding: gzip
etag: "0b82a90356dd41:0"
last-modified: Fri, 26 Oct 2018 14:09:52 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: text/css
cache-control: no-cache,public, max-age=31536
accept-ranges: bytes
content-length: 2594

GET
H2 200 elections.css
csskor.ill.in.ua/css/ 11 KB
3 KB 191ms
91ms Stylesheet
text/css 193.29.200.151
UMHAS

General

Check archive.org

Show headers Download Go to

Full URL: https://csskor.ill.in.ua/css/elections.css
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.29.200.151 , Ukraine, ASN197203 (UMHAS, UA),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: cefac0898ee1d19ff1fc498113e6f7b81a0f5a6e63b3ae72106cde5d0454bc01

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
content-encoding: gzip
etag: "0c5215929f2cf1:0"
last-modified: Mon, 27 Oct 2014 21:02:42 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: text/css
cache-control: no-cache,public, max-age=31536
accept-ranges: bytes
content-length: 2480

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 106 KB
41 KB 68ms
24ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-1609229-9

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9f03302392b687ec532ae8b9763be702d497443a372c532cca856300dcd7694d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41827
x-xss-protection: 0
last-modified: Tue, 16 Aug 2022 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 16 Aug 2022 13:05:29 GMT

GET
H2 200 jquery.min.js Show response
jskor.ill.in.ua/js/jq/ 125 KB
39 KB 154ms
45ms Script
application/javascript 193.29.200.151
UMHAS

General

Check archive.org

Show headers Download Go to

Full URL: https://jskor.ill.in.ua/js/jq/jquery.min.js
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.29.200.151 , Ukraine, ASN197203 (UMHAS, UA),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: cafe2ccc723f38d12406fdcc2b9777f7f89363a39bbd09c91bb75876f24141fe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
content-encoding: gzip
etag: "078642cb3efcf1:0"
last-modified: Fri, 24 Oct 2014 17:51:44 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript
cache-control: no-cache,public, max-age=31536
accept-ranges: bytes
content-length: 39559

GET
H2 200 jquery.lazyload.mini.js Show response
jskor.ill.in.ua/js/jq/ 4 KB
943 B 243ms
134ms Script
application/javascript 193.29.200.151
UMHAS

General

Check archive.org

Show headers Download Go to

Full URL: https://jskor.ill.in.ua/js/jq/jquery.lazyload.mini.js
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.29.200.151 , Ukraine, ASN197203 (UMHAS, UA),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 9ed325bb4e1bd9f76da8039c87602d63b91e6963d6bf830e62d938a1b90cd133

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
content-encoding: gzip
etag: "078642cb3efcf1:0"
last-modified: Fri, 24 Oct 2014 17:51:44 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript
cache-control: no-cache,public, max-age=31536
accept-ranges: bytes
content-length: 901

GET
H2 200 jquery.tmpl.min.js Show response
jskor.ill.in.ua/js/jq/ 6 KB
3 KB 245ms
136ms Script
application/javascript 193.29.200.151
UMHAS

General

Check archive.org

Show headers Download Go to

Full URL: https://jskor.ill.in.ua/js/jq/jquery.tmpl.min.js
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.29.200.151 , Ukraine, ASN197203 (UMHAS, UA),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: af6592d435a34ae2cbc384c908b2000e3a33f3c3d7bace1a84ba7880a8a80d9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
content-encoding: gzip
etag: "078642cb3efcf1:0"
last-modified: Fri, 24 Oct 2014 17:51:44 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript
cache-control: no-cache,public, max-age=31536
accept-ranges: bytes
content-length: 2804

GET
H2 200 scrollable.js Show response
jskor.ill.in.ua/js/jq/ 5 KB
2 KB 245ms
136ms Script
application/javascript 193.29.200.151
UMHAS

General

Check archive.org

Show headers Download Go to

Full URL: https://jskor.ill.in.ua/js/jq/scrollable.js
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.29.200.151 , Ukraine, ASN197203 (UMHAS, UA),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 3224cd51f4161d44547a1f5a57a5566582c3d6a690d2212af8a0a8739d0c8e0e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
content-encoding: gzip
etag: "0a5952db3efcf1:0"
last-modified: Fri, 24 Oct 2014 17:51:46 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript
cache-control: no-cache,public, max-age=31536
accept-ranges: bytes
content-length: 2214

GET
H2 200 socialCounters.js Show response
korrespondent.net/js/modules/ 6 KB
2 KB 148ms
145ms Script
application/javascript 2606:4700::6812:1eb6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://korrespondent.net/js/modules/socialCounters.js
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1eb6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 505b5bdf46f075f8599308ec070b555af15934723ef1791989cc7565c6dcc6f6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
content-encoding: gzip
etag: "4887108469dbd11:0"
cf-cache-status: HIT
last-modified: Mon, 11 Jul 2016 11:44:00 GMT
server: cloudflare
age: 309
x-powered-by: ASP.NET
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: no-cache,public, max-age=31536
accept-ranges: bytes
cf-ray: 73ba61c08acd01e7-ZRH
content-length: 1572

GET
H2 200 menu.js Show response
jskor.ill.in.ua/js/modules/ 9 KB
2 KB 245ms
137ms Script
application/javascript 193.29.200.151
UMHAS

General

Check archive.org

Show headers Download Go to

Full URL: https://jskor.ill.in.ua/js/modules/menu.js?v=2
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.29.200.151 , Ukraine, ASN197203 (UMHAS, UA),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: a58c45b495338481a91c73729bf3916ce6c7d8e9f0566c0e731a7a3da7dba81c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
content-encoding: gzip
etag: "0d2c62eb3efcf1:0"
last-modified: Fri, 24 Oct 2014 17:51:48 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript
cache-control: no-cache,public, max-age=31536
accept-ranges: bytes
content-length: 1610

GET
H2 200 profile.js Show response
id.korrespondent.net/js/ 6 KB
2 KB 230ms
70ms Script
application/javascript 193.29.200.151
UMHAS

General

Check archive.org

Show headers Download Go to

Full URL: https://id.korrespondent.net/js/profile.js?v=3
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.29.200.151 , Ukraine, ASN197203 (UMHAS, UA),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 214227a16b4ff571023cbfabe1a74a46b33fb30abbcd8d1a722ae12e3afeb794

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
content-encoding: gzip
etag: "805bc4c505fd41:0"
last-modified: Mon, 08 Oct 2018 21:45:59 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript
cache-control: no-cache
accept-ranges: bytes
content-length: 1803

GET
H2 200 common.min.js Show response
jskor.ill.in.ua/js/ 5 KB
2 KB 245ms
137ms Script
application/javascript 193.29.200.151
UMHAS

General

Check archive.org

Show headers Download Go to

Full URL: https://jskor.ill.in.ua/js/common.min.js?v=1.3.5
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.29.200.151 , Ukraine, ASN197203 (UMHAS, UA),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e2a6f172230a4dc6dd93dd0d161f14732522c0817bcb456c397a976a1205b4a0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
content-encoding: gzip
etag: "0406d49999ad81:0"
last-modified: Mon, 18 Jul 2022 11:26:56 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript
cache-control: no-cache,public, max-age=31536
accept-ranges: bytes
content-length: 1661

GET
H2 200 dropdown.min.js Show response
jskor.ill.in.ua/js/ 2 KB
942 B 242ms
134ms Script
application/javascript 193.29.200.151
UMHAS

General

Check archive.org

Show headers Download Go to

Full URL: https://jskor.ill.in.ua/js/dropdown.min.js
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.29.200.151 , Ukraine, ASN197203 (UMHAS, UA),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: d169a4b4bf7e00787e12931b5c2040d76f6995b3ba3f06050274b28644b47d86

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
content-encoding: gzip
etag: "078642cb3efcf1:0"
last-modified: Fri, 24 Oct 2014 17:51:44 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript
cache-control: no-cache,public, max-age=31536
accept-ranges: bytes
content-length: 900

GET
H2 200 select.min.js Show response
jskor.ill.in.ua/js/ 14 KB
4 KB 243ms
135ms Script
application/javascript 193.29.200.151
UMHAS

General

Check archive.org

Show headers Download Go to

Full URL: https://jskor.ill.in.ua/js/select.min.js
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.29.200.151 , Ukraine, ASN197203 (UMHAS, UA),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: c5cad78844631f748de4f5526652f08ae1504dce421b6e8dcd796af07e639ac5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
content-encoding: gzip
etag: "0d2c62eb3efcf1:0"
last-modified: Fri, 24 Oct 2014 17:51:48 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript
cache-control: no-cache,public, max-age=31536
accept-ranges: bytes
content-length: 4138

GET
H2 200 jquery.royalslider.min.js Show response
jskor.ill.in.ua/js/ 50 KB
16 KB 240ms
132ms Script
application/javascript 193.29.200.151
UMHAS

General

Check archive.org

Show headers Download Go to

Full URL: https://jskor.ill.in.ua/js/jquery.royalslider.min.js
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.29.200.151 , Ukraine, ASN197203 (UMHAS, UA),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: daa9c1c00563b973df8c5dad719b8670a599a9465ba9bbac4d222c586b538571

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
content-encoding: gzip
etag: "0d2c62eb3efcf1:0"
last-modified: Fri, 24 Oct 2014 17:51:48 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript
cache-control: no-cache,public, max-age=31536
accept-ranges: bytes
content-length: 16792

GET
H/1.1 200
OK holder.js Show response
i.holder.com.ua/t/ 9 KB
4 KB 183ms
48ms Script
application/x-javascript 91.198.36.26
DIGITAL-VENTURES

General

Check archive.org

Show headers Download Go to

Full URL: https://i.holder.com.ua/t/holder.js
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 91.198.36.26 , Ukraine, ASN43405 (DIGITAL-VENTURES, UA),
Reverse DNS: i1.i.ua
Software: nginx /
Resource Hash: 8fc4de112cb05f02f61d7856ee3b9ca6a8cd68ea5397520120c5183b99bffc17

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:29 GMT
Content-Encoding: gzip
Last-Modified: Tue, 25 Jul 2017 14:14:15 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=31536000
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=5
Expires: Wed, 16 Aug 2023 13:05:29 GMT

GET
H2 200 loader2.js Show response
cdn.admixer.net/scripts3/ 176 KB
55 KB 368ms
108ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/loader2.js
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: e4501d959d3638f5749d6687283f31f7fc48d9e37770520cd0f275b632eeb5b4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-id: fr5-up-gc34
date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
last-modified: Thu, 28 Jul 2022 13:08:58 GMT
server: nginx
etag: W/"62e28a6a-2c101"
x-cached-since: 2022-08-16T13:05:23+00:00
content-type: application/javascript
cache-control: max-age=600
cache: HIT
expires: Thu, 28 Jul 2022 13:20:16 GMT

GET
H2 200 branding.js Show response
jskor.ill.in.ua/js/ 7 KB
2 KB 245ms
137ms Script
application/javascript 193.29.200.151
UMHAS

General

Check archive.org

Show headers Download Go to

Full URL: https://jskor.ill.in.ua/js/branding.js?v=1
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.29.200.151 , Ukraine, ASN197203 (UMHAS, UA),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 898e180e28f0d79507e9383a6f58303043c24013cca819f7451381562f323093

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
content-encoding: gzip
etag: "cba71a6284dcd71:0"
last-modified: Thu, 18 Nov 2021 13:58:37 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript
cache-control: no-cache,public, max-age=31536
accept-ranges: bytes
content-length: 2209

GET
H2 200 hide-banners.js Show response
jskor.ill.in.ua/js/ 2 KB
727 B 240ms
133ms Script
application/javascript 193.29.200.151
UMHAS

General

Check archive.org

Show headers Download Go to

Full URL: https://jskor.ill.in.ua/js/hide-banners.js?v=1
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.29.200.151 , Ukraine, ASN197203 (UMHAS, UA),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: dd89c698f5518b8e74892fd52085772390a4cb078ff04939584650c0d3507c67

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
content-encoding: gzip
etag: "04941ac51d51:0"
last-modified: Tue, 13 Aug 2019 07:52:08 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript
cache-control: no-cache,public, max-age=31536
accept-ranges: bytes
content-length: 647

GET
H2 200 api.js Show response
korrespondent.net/cdn-cgi/bm/cv/669835187/ 35 KB
9 KB 132ms
129ms Script
text/javascript 2606:4700::6812:1eb6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://korrespondent.net/cdn-cgi/bm/cv/669835187/api.js

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1eb6 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0d3118e306c6a26f1d2efcb698984e6922c5e7e155c94a84760e36e5592a3c11

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=604800, public
cf-ray: 73ba61c21de201e7-ZRH

GET
H2 200 logo.png
korrespondent.net/i/ 5 KB
6 KB 139ms
136ms Image
image/png 2606:4700::6812:1eb6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://korrespondent.net/i/logo.png
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1eb6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: bc485c60c1e0395cf0c58a2a9bcc80550b8f289f5be78594484b3eeed36c37d9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
cf-cache-status: HIT
last-modified: Mon, 11 Jul 2016 11:44:00 GMT
server: cloudflare
age: 381
x-powered-by: ASP.NET
etag: "0c0d08369dbd11:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: no-cache,public, max-age=31536
accept-ranges: bytes
cf-ray: 73ba61c21de401e7-ZRH
content-length: 5600

GET
H2 200 2759842.jpg
kor.ill.in.ua/m/610x385/ 137 KB
138 KB 159ms
47ms Image
image/jpeg 193.29.200.157
UMHAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kor.ill.in.ua/m/610x385/2759842.jpg
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.29.200.157 , Ukraine, ASN197203 (UMHAS, UA),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: f933cfa0727ef780ffa4d6b4716949ced2d61e22fc17c2291db0e24ae2e5c44c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
last-modified: Sun, 14 Aug 2022 17:21:45 GMT
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
content-type: image/jpeg
cache-control: public
content-length: 140567
expires: Tue, 16 Aug 2022 13:17:22 GMT

GET
H2 200 telegram-widget.js Show response
telegram.org/js/ 19 KB
6 KB 76ms
22ms Script
application/javascript 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://telegram.org/js/telegram-widget.js?19

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

60c62e0e44a2b4a1116d28f8a69f20c108cc84b5c173060d134a6ec083e12240

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
content-encoding: gzip
last-modified: Thu, 14 Apr 2022 10:47:14 GMT
server: nginx/1.18.0
etag: W/"6257fbb2-4a0b"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
cache-control: max-age=345600
expires: Sat, 20 Aug 2022 13:05:29 GMT

GET
H2 200 2759841.jpg
kor.ill.in.ua/a/610x0/ 153 KB
154 KB 293ms
181ms Image
image/jpeg 193.29.200.157
UMHAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kor.ill.in.ua/a/610x0/2759841.jpg?v=637961045032893725
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.29.200.157 , Ukraine, ASN197203 (UMHAS, UA),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 06daf2dfc72a4d0dc7a5f85b01322346a374b732403f0b84fc592f5857699f36

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
cache-control: private
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
content-length: 157094
content-type: image/jpeg

GET
H2 200 ajax.gif
korrespondent.net/i/ 5 KB
5 KB 143ms
140ms Image
image/gif 2606:4700::6812:1eb6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://korrespondent.net/i/ajax.gif
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1eb6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: dd4fb84ef463207662efa03dbd05515afb3aee6a71fa7c5e56e7b0b13504a7b4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
cf-cache-status: HIT
last-modified: Mon, 11 Jul 2016 11:44:00 GMT
server: cloudflare
age: 1297
x-powered-by: ASP.NET
etag: "0c0d08369dbd11:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
cache-control: no-cache,public, max-age=31536
accept-ranges: bytes
cf-ray: 73ba61c21de701e7-ZRH
content-length: 5483

GET
H2 200 2760401.jpg
kor.ill.in.ua/m/140x90/ 9 KB
9 KB 292ms
180ms Image
image/jpeg 193.29.200.157
UMHAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kor.ill.in.ua/m/140x90/2760401.jpg
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.29.200.157 , Ukraine, ASN197203 (UMHAS, UA),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 62ca6744675a069c7c9631a60a0c6a354032008783bf71bead35b2f1bdd6b801

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
last-modified: Tue, 16 Aug 2022 12:57:14 GMT
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
content-type: image/jpeg
cache-control: public
content-length: 8711
expires: Tue, 16 Aug 2022 13:14:32 GMT

GET
H2 200 blank.gif
korrespondent.net/i/ 45 B
107 B 143ms
141ms Image
image/gif 2606:4700::6812:1eb6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://korrespondent.net/i/blank.gif
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1eb6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: f2688cfce6737668af724081900a94bfdcf6437cf8372189005178964e7d1831

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
cf-cache-status: HIT
last-modified: Mon, 11 Jul 2016 11:44:00 GMT
server: cloudflare
age: 1297
x-powered-by: ASP.NET
etag: "0c0d08369dbd11:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
cache-control: no-cache,public, max-age=31536
accept-ranges: bytes
cf-ray: 73ba61c21de901e7-ZRH
content-length: 45

GET
H2 200 2715997.jpg
kor.ill.in.ua/m/86x115/ 9 KB
9 KB 336ms
224ms Image
image/jpeg 193.29.200.157
UMHAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kor.ill.in.ua/m/86x115/2715997.jpg
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.29.200.157 , Ukraine, ASN197203 (UMHAS, UA),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: ee83c984c733b9c55a91f42e6cf39ba90c22bc0789296f4b7a5ec189ef24afbc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
last-modified: Sun, 27 Feb 2022 21:34:42 GMT
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
content-type: image/jpeg
cache-control: public
content-length: 8895
expires: Tue, 16 Aug 2022 13:14:39 GMT

GET
H/1.1 200
OK disclaimer.min.js Show response
ui.ill.in.ua/s/ 2 KB
2 KB 253ms
48ms Script
application/x-javascript 193.29.200.140
UMHAS

General

Check archive.org

Show headers Download Go to

Full URL: https://ui.ill.in.ua/s/disclaimer.min.js
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 193.29.200.140 , Ukraine, ASN197203 (UMHAS, UA),
Reverse DNS
Software: Microsoft-IIS/7.0 / ASP.NET
Resource Hash: 2356de1d2ca4b622f2949c68f0659a08d577e86204c4700c439132c5164d17ba

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:29 GMT
Content-Encoding: gzip
ETag: "d67f5a9ce421d51:0"
Last-Modified: Thu, 13 Jun 2019 12:36:23 GMT
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: public, max-age=31536
Accept-Ranges: bytes
Content-Length: 1352

GET
H2 200 korrespondent.net.1283487.js Show response
jsc.mgid.com/k/o/ 2 KB
2 KB 81ms
31ms Script
text/javascript 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://jsc.mgid.com/k/o/korrespondent.net.1283487.js
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 617fd637db344dc7b543476d489b9bf81c12d4c5e6cb4ee02d9977fe9fb9d600

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
content-encoding: br
cf-cache-status: HIT
age: 1829
cf-polished: origSize=2328
last-modified: Wed, 03 Aug 2022 08:31:14 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: XRA6TM62DYRZ36Y6
x-amz-id-2: dCoGTwOafr02Wum7OAxXq17egKIJtfarWWmp4ExtCfDVkRUTw4KF+J/xdqZqnyRbdTzcq3cMgOvtf388tVaHvg==
cf-bgj: minify
server: cloudflare
etag: W/"c28b5c87ad18494c6786e964a85f32f2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=10800
x-amz-version-id: ddAauP3h3HFL0wKXxMwtSBsIgSJaFmZf
cf-ray: 73ba61c1ce999a06-FRA
expires: Tue, 16 Aug 2022 16:05:29 GMT

GET
H2 200 icon-sprite.png
csskor.ill.in.ua/i/ 29 KB
29 KB 44ms
43ms Image
image/png 193.29.200.151
UMHAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://csskor.ill.in.ua/i/icon-sprite.png
Requested by: Host: csskor.ill.in.ua
URL: https://csskor.ill.in.ua/css/index.min.css?v=3.1.2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.29.200.151 , Ukraine, ASN197203 (UMHAS, UA),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 83ab5047e820c4c9edf0823374a8a31e0119fae38f345a88caa81b46184dfe5d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://csskor.ill.in.ua/css/index.min.css?v=3.1.2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
last-modified: Wed, 07 May 2014 14:11:34 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
etag: "0ef6440fe69cf1:0"
content-type: image/png
cache-control: no-cache,public, max-age=31536
accept-ranges: bytes
content-length: 29852

GET
H2 200 preloader.gif
csskor.ill.in.ua/i/ 6 KB
6 KB 46ms
45ms Image
image/gif 193.29.200.151
UMHAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://csskor.ill.in.ua/i/preloader.gif
Requested by: Host: csskor.ill.in.ua
URL: https://csskor.ill.in.ua/css/index.min.css?v=3.1.2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.29.200.151 , Ukraine, ASN197203 (UMHAS, UA),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 90102a5b0d498a0928a1923216a5e922fa4dd138a5c7ecad85c6f5b6cdd6bdab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://csskor.ill.in.ua/css/index.min.css?v=3.1.2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
last-modified: Wed, 07 May 2014 14:11:34 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
etag: "0ef6440fe69cf1:0"
content-type: image/gif
cache-control: public, max-age=31536
accept-ranges: bytes
content-length: 6154

GET
H2 200 2760371.jpg
kor.ill.in.ua/m/67x43/ 2 KB
2 KB 301ms
225ms Image
image/jpeg 193.29.200.157
UMHAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kor.ill.in.ua/m/67x43/2760371.jpg
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.29.200.157 , Ukraine, ASN197203 (UMHAS, UA),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: d5c1773b4aa0eb9501c3690028dd77bc5d822742a1dab3a4c3c3d760a51bba96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
last-modified: Tue, 16 Aug 2022 11:30:10 GMT
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
content-type: image/jpeg
cache-control: public
content-length: 1544
expires: Tue, 16 Aug 2022 13:14:42 GMT

GET
H2 200 2733862.jpg
kor.ill.in.ua/m/67x43/ 3 KB
3 KB 301ms
225ms Image
image/jpeg 193.29.200.157
UMHAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kor.ill.in.ua/m/67x43/2733862.jpg
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.29.200.157 , Ukraine, ASN197203 (UMHAS, UA),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: db17361b3018b3c415bda8202ac0fcb3789c127de4b22bacedbea176646e9fa2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
last-modified: Tue, 16 Aug 2022 04:52:02 GMT
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
content-type: image/jpeg
cache-control: public
content-length: 2741
expires: Tue, 16 Aug 2022 13:14:42 GMT

GET
H2 200 2760212.jpg
kor.ill.in.ua/m/67x43/ 3 KB
3 KB 206ms
205ms Image
image/jpeg 193.29.200.157
UMHAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kor.ill.in.ua/m/67x43/2760212.jpg
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.29.200.157 , Ukraine, ASN197203 (UMHAS, UA),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 557d793f1cd96cfe3a1ebfefa3bc0e1a82e9d56dad9180fb2b66961ae2a7d342

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
last-modified: Tue, 16 Aug 2022 03:17:09 GMT
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
content-type: image/jpeg
cache-control: public
content-length: 2907
expires: Tue, 16 Aug 2022 13:14:41 GMT

GET
H2 200 2760186.jpg
kor.ill.in.ua/m/67x43/ 2 KB
3 KB 206ms
206ms Image
image/jpeg 193.29.200.157
UMHAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kor.ill.in.ua/m/67x43/2760186.jpg
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.29.200.157 , Ukraine, ASN197203 (UMHAS, UA),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 09aab87d7e0214e4e7b6ec226d23891d1af75e928a72802f682bbe8ab61940dd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
last-modified: Mon, 15 Aug 2022 19:46:42 GMT
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
content-type: image/jpeg
cache-control: public
content-length: 2499
expires: Tue, 16 Aug 2022 13:14:41 GMT

GET
H2 200 2760163.jpg
kor.ill.in.ua/m/67x43/ 2 KB
2 KB 206ms
206ms Image
image/jpeg 193.29.200.157
UMHAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kor.ill.in.ua/m/67x43/2760163.jpg
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.29.200.157 , Ukraine, ASN197203 (UMHAS, UA),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 05377236ec3ad5083b3f1e1ad66fdb134bb93d14c15f7b13d6dad00454e72a3e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
last-modified: Mon, 15 Aug 2022 17:16:56 GMT
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
content-type: image/jpeg
cache-control: public
content-length: 2270
expires: Tue, 16 Aug 2022 13:14:38 GMT

GET
H2 200 / Show response
exchange.informer.ua/informer/stat/ Frame 190F 3 KB
2 KB 180ms
50ms Document
text/html 193.29.200.142
UMHAS

General

Check archive.org

Show headers Download Go to

Full URL: https://exchange.informer.ua/informer/stat/?s=dengi&l=5&t=dengiKorr
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 193.29.200.142 , Ukraine, ASN197203 (UMHAS, UA),
Reverse DNS
Software: nginx/1.12.2 / PHP/7.1.17
Resource Hash: 4e0fba9b503b0eaf6fd656be69b82620d020b73ed21db603c2d801ebd184b289

Request headers

Referer: https://korrespondent.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Tue, 16 Aug 2022 13:11:44 GMT
server: nginx/1.12.2
vary: Accept-Encoding
x-powered-by: PHP/7.1.17

GET
H2 200 preloader.gif
korrespondent.net/i/ 6 KB
6 KB 138ms
138ms Image
image/gif 2606:4700::6812:1eb6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://korrespondent.net/i/preloader.gif
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1eb6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 90102a5b0d498a0928a1923216a5e922fa4dd138a5c7ecad85c6f5b6cdd6bdab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
cf-cache-status: HIT
last-modified: Mon, 11 Jul 2016 11:44:00 GMT
server: cloudflare
age: 1443
x-powered-by: ASP.NET
etag: "0c0d08369dbd11:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
cache-control: no-cache,public, max-age=31536
accept-ranges: bytes
cf-ray: 73ba61c25e3001e7-ZRH
content-length: 6154

GET
H2 200 s
r.i.ua/ 824 B
1 KB 106ms
62ms Image
image/png 104.18.2.81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.i.ua/s?u1647&p4&n0.11812255749187028&c1&d24&w1600&h1200&r/korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.2.81 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 29b542fe49749ce376cfadb352f0fd9ead102896a5816569c6e6634be8c5eb87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:29 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p: policyref="http://i.i.ua/w3c/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
content-type: image/png
cache-control: no-cache, must-revalidate
cf-ray: 73ba61c1fbe48fe8-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: 0

GET
H2 200 e.js Show response
cdn.umh.ua/libs/ 6 KB
3 KB 96ms
21ms Script
application/javascript 78.159.118.240
LEASEWEB-DE-FRA-10

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.umh.ua/libs/e.js

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Security

TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305

Server

78.159.118.240 , Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE),

Reverse DNS

hosted-by.leaseweb.com

Software

nginx /

Resource Hash

4f980628109c4616e0c245be9b45aa44233f40ca4f396a58a9e298cf51744e43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
vary: Accept-Encoding
x-xss-protection: 1; mode=block;
last-modified: Tue, 01 Mar 2022 15:54:34 GMT
server: nginx
etag: W/"621e41ba-16f4"
access-control-max-age: 1728000
access-control-allow-methods: GET, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=86400
access-control-allow-credentials: true
access-control-allow-headers: X-PINGOTHER
expires: Wed, 17 Aug 2022 13:05:29 GMT

GET
H2 200 subscribe.png
csskor.ill.in.ua/i/ 4 KB
4 KB 46ms
46ms Image
image/png 193.29.200.151
UMHAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://csskor.ill.in.ua/i/subscribe.png
Requested by: Host: csskor.ill.in.ua
URL: https://csskor.ill.in.ua/css/index.min.css?v=3.1.2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.29.200.151 , Ukraine, ASN197203 (UMHAS, UA),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 84510fffe17fea544ae340bc9373b62106bfccc148f93e8ac4bbed045c64e9a2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://csskor.ill.in.ua/css/index.min.css?v=3.1.2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
last-modified: Wed, 07 May 2014 14:11:34 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
etag: "0ef6440fe69cf1:0"
content-type: image/png
cache-control: no-cache,public, max-age=31536
accept-ranges: bytes
content-length: 4138

GET
H2 200 36424 Show response
t.me/operativnoZSU/ Frame EB72 9 KB
5 KB 2316ms
2271ms Document
text/html 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://t.me/operativnoZSU/36424?embed=1

Requested by

Host: telegram.org
URL: https://telegram.org/js/telegram-widget.js?19

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

d3c427c2a90e6b6a991ae8e306d8cda6e7193028cb9cdfe1be592ec48472733d

Security Headers

Name	Value
Strict-Transport-Security	max-age=35768000

Request headers

Referer: https://korrespondent.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store
content-encoding: gzip
content-length: 4318
content-type: text/html; charset=utf-8
date: Tue, 16 Aug 2022 13:05:32 GMT
pragma: no-cache
server: nginx/1.18.0
strict-transport-security: max-age=35768000

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 132ms
40ms Script
text/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-1609229-9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 210
date: Tue, 16 Aug 2022 13:02:00 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Tue, 16 Aug 2022 15:02:00 GMT

GET
H2 200 load Show response
z.cdn.umh.ua/ 1 KB
1 KB 36ms
21ms Script
application/javascript 78.159.118.240
LEASEWEB-DE-FRA-10

General

Check archive.org

Show headers Download Go to

Full URL: https://z.cdn.umh.ua/load?z=1261666467&div=zone_1261666467&cw=1600&ch=1200&sr=1600x1200&df=1&bh=2&tl=906&pl=3&mi=4&me=8&hc=4&n=1660655129967&url=korrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&vc=Intel%20Iris%20OpenGL%20Engine&ti=%D0%92%D0%A1%D0%A3%20%D1%83%D0%BD%D0%B8%D1%87%D1%82%D0%BE%D0%B6%D0%B8%D0%BB%D0%B8%20%D0%B1%D0%B0%D0%B7%D1%83%20%D0%A7%D0%92%D0%9A%20%D0%92%D0%B0%D0%B3%D0%BD%D0%B5%D1%80%D0%B0%20%D0%B2%20%D0%9F%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%BE%D0%B9%20-%20Korrespondent.net&zyx=3699735494
Requested by: Host: cdn.umh.ua
URL: https://cdn.umh.ua/libs/e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server: 78.159.118.240 , Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE),
Reverse DNS: hosted-by.leaseweb.com
Software: nginx /
Resource Hash: 34eb5999e14322bb62727d6ae5ff53b626b485e4d0d78ac9b550ab33f41f0043

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:29 GMT
content-encoding: gzip
server: nginx
p3p: policyref="/p3p.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
content-type: application/javascript; charset=utf-8
content-length: 811
expires: -1

GET
H2 200 mwayss_invocation.min.js Show response
ad.mox.tv/mox/ 29 KB
10 KB 87ms
25ms Script
application/javascript 190.2.151.10
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.mox.tv/mox/mwayss_invocation.min.js?pzoneid=1554&height=288&width=400&tld=korrespondent.net&ctype=div
Requested by: Host: z.cdn.umh.ua
URL: https://z.cdn.umh.ua/load?z=1261666467&div=zone_1261666467&cw=1600&ch=1200&sr=1600x1200&df=1&bh=2&tl=906&pl=3&mi=4&me=8&hc=4&n=1660655129967&url=korrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&vc=Intel%20Iris%20OpenGL%20Engine&ti=%D0%92%D0%A1%D0%A3%20%D1%83%D0%BD%D0%B8%D1%87%D1%82%D0%BE%D0%B6%D0%B8%D0%BB%D0%B8%20%D0%B1%D0%B0%D0%B7%D1%83%20%D0%A7%D0%92%D0%9A%20%D0%92%D0%B0%D0%B3%D0%BD%D0%B5%D1%80%D0%B0%20%D0%B2%20%D0%9F%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%BE%D0%B9%20-%20Korrespondent.net&zyx=3699735494
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 190.2.151.10 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 190-2-151-10.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 314349e78d72853d2c7b322d616e9a29b53957cf702ddc99766495fbb258d31d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
last-modified: Tue, 07 Dec 2021 16:48:38 GMT
server: nginx/1.14.0 (Ubuntu)
etag: W/"61af9066-72a8"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600, public, max-age=3600
expires: Tue, 16 Aug 2022 14:05:30 GMT

GET
H2 200 d98c6882751696763e78c5d4e3539667.jpg
exchange.informer.ua/assets/thumbnails/d9/ Frame 190F 7 KB
7 KB 45ms
44ms Image
image/jpeg 193.29.200.142
UMHAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://exchange.informer.ua/assets/thumbnails/d9/d98c6882751696763e78c5d4e3539667.jpg
Requested by: Host: exchange.informer.ua
URL: https://exchange.informer.ua/informer/stat/?s=dengi&l=5&t=dengiKorr
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 193.29.200.142 , Ukraine, ASN197203 (UMHAS, UA),
Reverse DNS
Software: nginx/1.12.2 /
Resource Hash: 55bbe6ef5de230a1e46c12e05d58b2f264824063fc4020432a55c5153f209628

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://exchange.informer.ua/informer/stat/?s=dengi&l=5&t=dengiKorr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:11:44 GMT
last-modified: Tue, 16 Aug 2022 12:31:02 GMT
server: nginx/1.12.2
accept-ranges: bytes
etag: "62fb8e06-1a90"
content-length: 6800
content-type: image/jpeg

GET
H2 200 7a44de1e17bba02abba1a768c632e392.jpg
exchange.informer.ua/assets/thumbnails/7a/ Frame 190F 7 KB
8 KB 89ms
88ms Image
image/jpeg 193.29.200.142
UMHAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://exchange.informer.ua/assets/thumbnails/7a/7a44de1e17bba02abba1a768c632e392.jpg
Requested by: Host: exchange.informer.ua
URL: https://exchange.informer.ua/informer/stat/?s=dengi&l=5&t=dengiKorr
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 193.29.200.142 , Ukraine, ASN197203 (UMHAS, UA),
Reverse DNS
Software: nginx/1.12.2 /
Resource Hash: c4db5cbaf04a87c209843af34b353cecaf13bf0a7901a22a71cdc4ee5c9312d4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://exchange.informer.ua/informer/stat/?s=dengi&l=5&t=dengiKorr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:11:44 GMT
last-modified: Tue, 16 Aug 2022 11:01:02 GMT
server: nginx/1.12.2
accept-ranges: bytes
etag: "62fb78ee-1daf"
content-length: 7599
content-type: image/jpeg

GET
H2 200 fc672dc7ee650973a6d03b89a22c57b4.jpg
exchange.informer.ua/assets/thumbnails/fc/ Frame 190F 6 KB
6 KB 89ms
87ms Image
image/jpeg 193.29.200.142
UMHAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://exchange.informer.ua/assets/thumbnails/fc/fc672dc7ee650973a6d03b89a22c57b4.jpg
Requested by: Host: exchange.informer.ua
URL: https://exchange.informer.ua/informer/stat/?s=dengi&l=5&t=dengiKorr
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 193.29.200.142 , Ukraine, ASN197203 (UMHAS, UA),
Reverse DNS
Software: nginx/1.12.2 /
Resource Hash: 1d3d386a784f333a27d84c16911274e0ee53be7fadca3228a5b1169b267f4535

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://exchange.informer.ua/informer/stat/?s=dengi&l=5&t=dengiKorr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:11:44 GMT
last-modified: Tue, 16 Aug 2022 09:31:02 GMT
server: nginx/1.12.2
accept-ranges: bytes
etag: "62fb63d6-1972"
content-length: 6514
content-type: image/jpeg

GET
H2 200 bf849e6c45d2abe8eddb348d1f73571d.jpg
exchange.informer.ua/assets/thumbnails/bf/ Frame 190F 6 KB
6 KB 89ms
88ms Image
image/jpeg 193.29.200.142
UMHAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://exchange.informer.ua/assets/thumbnails/bf/bf849e6c45d2abe8eddb348d1f73571d.jpg
Requested by: Host: exchange.informer.ua
URL: https://exchange.informer.ua/informer/stat/?s=dengi&l=5&t=dengiKorr
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 193.29.200.142 , Ukraine, ASN197203 (UMHAS, UA),
Reverse DNS
Software: nginx/1.12.2 /
Resource Hash: 338331253035f259d334bd9e5733ee9e1143212d62614b2f7da324ebdcf475bf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://exchange.informer.ua/informer/stat/?s=dengi&l=5&t=dengiKorr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:11:44 GMT
last-modified: Tue, 16 Aug 2022 10:31:02 GMT
server: nginx/1.12.2
accept-ranges: bytes
etag: "62fb71e6-170e"
content-length: 5902
content-type: image/jpeg

GET
H2 200 95a236e7d621f4d4035da6623a4caf2c.jpg
exchange.informer.ua/assets/thumbnails/95/ Frame 190F 6 KB
6 KB 89ms
88ms Image
image/jpeg 193.29.200.142
UMHAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://exchange.informer.ua/assets/thumbnails/95/95a236e7d621f4d4035da6623a4caf2c.jpg
Requested by: Host: exchange.informer.ua
URL: https://exchange.informer.ua/informer/stat/?s=dengi&l=5&t=dengiKorr
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 193.29.200.142 , Ukraine, ASN197203 (UMHAS, UA),
Reverse DNS
Software: nginx/1.12.2 /
Resource Hash: 691892749b8455d6ffeecfe0ad834dce865e25d46a84a6ac578c28c6d40919db

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://exchange.informer.ua/informer/stat/?s=dengi&l=5&t=dengiKorr
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:11:44 GMT
last-modified: Tue, 16 Aug 2022 11:51:02 GMT
server: nginx/1.12.2
accept-ranges: bytes
etag: "62fb84a6-1742"
content-length: 5954
content-type: image/jpeg

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
208 B 48ms
48ms XHR
text/plain 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=351416207&t=pageview&_s=1&dl=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&ul=en-us&de=UTF-8&dt=%D0%92%D0%A1%D0%A3%20%D1%83%D0%BD%D0%B8%D1%87%D1%82%D0%BE%D0%B6%D0%B8%D0%BB%D0%B8%20%D0%B1%D0%B0%D0%B7%D1%83%20%D0%A7%D0%92%D0%9A%20%D0%92%D0%B0%D0%B3%D0%BD%D0%B5%D1%80%D0%B0%20%D0%B2%20%D0%9F%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%BE%D0%B9%20-%20Korrespondent.net&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=954677258&gjid=1341308359&cid=2006371786.1660655130&tid=UA-1609229-9&_gid=614955147.1660655130&_r=1&gtm=2ou8f0&z=1790213801

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://korrespondent.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:30 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://korrespondent.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 113 KB
44 KB 26ms
25ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-P7KPL8

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

be8e12555437645bcc9465cedd23bfe9305ae461b3e1bcf8e8a1db8c9abc290e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44545
x-xss-protection: 0
last-modified: Tue, 16 Aug 2022 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 16 Aug 2022 13:05:30 GMT

GET
H2 200 load Show response
z.cdn.umh.ua/ 2 KB
1 KB 322ms
322ms Script
application/javascript 78.159.118.240
LEASEWEB-DE-FRA-10

General

Check archive.org

Show headers Download Go to

Full URL: https://z.cdn.umh.ua/load?z=1479810766&div=zone_1479810766&cw=1600&ch=1200&sr=1600x1200&df=1&bh=2&tl=906&pl=3&mi=4&me=8&hc=4&n=1660655129967&url=korrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&vc=Intel%20Iris%20OpenGL%20Engine&ti=%D0%92%D0%A1%D0%A3%20%D1%83%D0%BD%D0%B8%D1%87%D1%82%D0%BE%D0%B6%D0%B8%D0%BB%D0%B8%20%D0%B1%D0%B0%D0%B7%D1%83%20%D0%A7%D0%92%D0%9A%20%D0%92%D0%B0%D0%B3%D0%BD%D0%B5%D1%80%D0%B0%20%D0%B2%20%D0%9F%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%BE%D0%B9%20-%20Korrespondent.net&zyx=3699735494
Requested by: Host: cdn.umh.ua
URL: https://cdn.umh.ua/libs/e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server: 78.159.118.240 , Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE),
Reverse DNS: hosted-by.leaseweb.com
Software: nginx /
Resource Hash: 0de79bb0632474ad7dba57625f4f95d8ee0dae172bc5d446ae3dc7ab83eed2bd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
server: nginx
content-type: application/javascript; charset=utf-8
cache-control: no-cache, must-revalidate
content-length: 988
expires: -1

GET
H2 200 info.hit Show response
korrespondent.net/ 7 B
88 B 273ms
273ms XHR
text/html 2606:4700::6812:1eb6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://korrespondent.net/info.hit?id=4505652
Requested by: Host: jskor.ill.in.ua
URL: https://jskor.ill.in.ua/js/jq/jquery.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1eb6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: 74af5f69ef0af47c176f2e341b52afd35fd03aa72cbc5417d2822bf1d6e94da5

Request headers

Accept: */*
Referer: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
x-powered-by: ASP.NET
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html; charset=utf-8
cache-control: private
cf-ray: 73ba61c3c8e101e7-ZRH

GET
H2 200 langlink.hnd Show response
korrespondent.net/ 187 B
244 B 278ms
278ms XHR
text/html 2606:4700::6812:1eb6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://korrespondent.net/langlink.hnd?id=4505652
Requested by: Host: jskor.ill.in.ua
URL: https://jskor.ill.in.ua/js/jq/jquery.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1eb6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: dc31c040a9b3651300b1705eacad157ec6341684983ee6b8c6eb231bc0342cc0

Request headers

Accept: */*
Referer: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
x-powered-by: ASP.NET
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html; charset=utf-8
cache-control: private
cf-ray: 73ba61c3c8e501e7-ZRH

GET
H2 200 load Show response
z.cdn.umh.ua/ 42 B
169 B 21ms
21ms Script
text/plain 78.159.118.240
LEASEWEB-DE-FRA-10

General

Check archive.org

Show headers Download Go to

Full URL: https://z.cdn.umh.ua/load?z=2124420052&div=zone_2124420052&cw=1600&ch=1200&sr=1600x1200&df=1&bh=2&tl=906&pl=3&mi=4&me=8&hc=4&n=1660655129967&url=korrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&vc=Intel%20Iris%20OpenGL%20Engine&ti=%D0%92%D0%A1%D0%A3%20%D1%83%D0%BD%D0%B8%D1%87%D1%82%D0%BE%D0%B6%D0%B8%D0%BB%D0%B8%20%D0%B1%D0%B0%D0%B7%D1%83%20%D0%A7%D0%92%D0%9A%20%D0%92%D0%B0%D0%B3%D0%BD%D0%B5%D1%80%D0%B0%20%D0%B2%20%D0%9F%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%BE%D0%B9%20-%20Korrespondent.net&zyx=3699735494
Requested by: Host: cdn.umh.ua
URL: https://cdn.umh.ua/libs/e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server: 78.159.118.240 , Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE),
Reverse DNS: hosted-by.leaseweb.com
Software: nginx /
Resource Hash: 62a80dbf0cb2283c12d23ebb615edb7f6a391c7342aaeab9ae135616f92b94d4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:30 GMT
cache-control: no-cache, must-revalidate
server: nginx
content-type: text/plain; charset=utf-8
content-length: 42
expires: -1

GET
H2 200 load Show response
z.cdn.umh.ua/ 8 KB
4 KB 22ms
21ms Script
application/javascript 78.159.118.240
LEASEWEB-DE-FRA-10

General

Check archive.org

Show headers Download Go to

Full URL: https://z.cdn.umh.ua/load?z=1392847469&div=zone_1392847469&cw=1600&ch=1200&sr=1600x1200&df=1&bh=2&tl=906&pl=3&mi=4&me=8&hc=4&n=1660655129967&url=korrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&vc=Intel%20Iris%20OpenGL%20Engine&ti=%D0%92%D0%A1%D0%A3%20%D1%83%D0%BD%D0%B8%D1%87%D1%82%D0%BE%D0%B6%D0%B8%D0%BB%D0%B8%20%D0%B1%D0%B0%D0%B7%D1%83%20%D0%A7%D0%92%D0%9A%20%D0%92%D0%B0%D0%B3%D0%BD%D0%B5%D1%80%D0%B0%20%D0%B2%20%D0%9F%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%BE%D0%B9%20-%20Korrespondent.net&zyx=3699735494
Requested by: Host: cdn.umh.ua
URL: https://cdn.umh.ua/libs/e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server: 78.159.118.240 , Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE),
Reverse DNS: hosted-by.leaseweb.com
Software: nginx /
Resource Hash: d92fc46b6b46128683576769e83ae766ff19220233aacdd2f7a448962d9b25d9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
server: nginx
content-type: application/javascript; charset=utf-8
cache-control: no-cache, must-revalidate
content-length: 3930
expires: -1

GET
H2 200 load Show response
z.cdn.umh.ua/ 2 KB
1 KB 22ms
21ms Script
application/javascript 78.159.118.240
LEASEWEB-DE-FRA-10

General

Check archive.org

Show headers Download Go to

Full URL: https://z.cdn.umh.ua/load?z=2109517661&div=zone_2109517661&cw=1600&ch=1200&sr=1600x1200&df=1&bh=2&tl=906&pl=3&mi=4&me=8&hc=4&n=1660655129967&url=korrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&vc=Intel%20Iris%20OpenGL%20Engine&ti=%D0%92%D0%A1%D0%A3%20%D1%83%D0%BD%D0%B8%D1%87%D1%82%D0%BE%D0%B6%D0%B8%D0%BB%D0%B8%20%D0%B1%D0%B0%D0%B7%D1%83%20%D0%A7%D0%92%D0%9A%20%D0%92%D0%B0%D0%B3%D0%BD%D0%B5%D1%80%D0%B0%20%D0%B2%20%D0%9F%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%BE%D0%B9%20-%20Korrespondent.net&zyx=3699735494
Requested by: Host: cdn.umh.ua
URL: https://cdn.umh.ua/libs/e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server: 78.159.118.240 , Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE),
Reverse DNS: hosted-by.leaseweb.com
Software: nginx /
Resource Hash: 54631dd033499b15b6c56f7f45d68fe185240600f61b69fbbc9dcaf9424add2e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
server: nginx
content-type: application/javascript; charset=utf-8
cache-control: no-cache, must-revalidate
content-length: 1294
expires: -1

GET
H2 200 load Show response
z.cdn.umh.ua/ 8 KB
4 KB 41ms
41ms Script
application/javascript 78.159.118.240
LEASEWEB-DE-FRA-10

General

Check archive.org

Show headers Download Go to

Full URL: https://z.cdn.umh.ua/load?z=1179888271&div=zone_1179888271&cw=1600&ch=1200&sr=1600x1200&df=1&bh=2&tl=906&pl=3&mi=4&me=8&hc=4&n=1660655129967&url=korrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&vc=Intel%20Iris%20OpenGL%20Engine&ti=%D0%92%D0%A1%D0%A3%20%D1%83%D0%BD%D0%B8%D1%87%D1%82%D0%BE%D0%B6%D0%B8%D0%BB%D0%B8%20%D0%B1%D0%B0%D0%B7%D1%83%20%D0%A7%D0%92%D0%9A%20%D0%92%D0%B0%D0%B3%D0%BD%D0%B5%D1%80%D0%B0%20%D0%B2%20%D0%9F%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%BE%D0%B9%20-%20Korrespondent.net&zyx=3699735494
Requested by: Host: cdn.umh.ua
URL: https://cdn.umh.ua/libs/e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server: 78.159.118.240 , Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE),
Reverse DNS: hosted-by.leaseweb.com
Software: nginx /
Resource Hash: 4fc39fb95aafa02b64bab22379d66041db3106e9747ca17216961666b2adaaf2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
server: nginx
content-type: application/javascript; charset=utf-8
cache-control: no-cache, must-revalidate
content-length: 3905
expires: -1

GET
H2 204 load Show response
z.cdn.umh.ua/ 0
94 B 27ms
27ms Script
text/plain 78.159.118.240
LEASEWEB-DE-FRA-10

General

Check archive.org

Show headers Download Go to

Full URL: https://z.cdn.umh.ua/load?z=1298427590&div=zone_1298427590&cw=1600&ch=1200&sr=1600x1200&df=1&bh=2&tl=906&pl=3&mi=4&me=8&hc=4&n=1660655129967&url=korrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&vc=Intel%20Iris%20OpenGL%20Engine&ti=%D0%92%D0%A1%D0%A3%20%D1%83%D0%BD%D0%B8%D1%87%D1%82%D0%BE%D0%B6%D0%B8%D0%BB%D0%B8%20%D0%B1%D0%B0%D0%B7%D1%83%20%D0%A7%D0%92%D0%9A%20%D0%92%D0%B0%D0%B3%D0%BD%D0%B5%D1%80%D0%B0%20%D0%B2%20%D0%9F%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%BE%D0%B9%20-%20Korrespondent.net&zyx=3699735494
Requested by: Host: cdn.umh.ua
URL: https://cdn.umh.ua/libs/e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server: 78.159.118.240 , Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE),
Reverse DNS: hosted-by.leaseweb.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:30 GMT
cache-control: no-cache, must-revalidate
server: nginx
expires: -1

GET
H2 204 load Show response
z.cdn.umh.ua/ 0
94 B 27ms
24ms Script
text/plain 78.159.118.240
LEASEWEB-DE-FRA-10

General

Check archive.org

Show headers Download Go to

Full URL: https://z.cdn.umh.ua/load?z=1664245384&div=zone_1664245384&cw=1600&ch=1200&sr=1600x1200&df=1&bh=2&tl=906&pl=3&mi=4&me=8&hc=4&n=1660655129967&url=korrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&vc=Intel%20Iris%20OpenGL%20Engine&ti=%D0%92%D0%A1%D0%A3%20%D1%83%D0%BD%D0%B8%D1%87%D1%82%D0%BE%D0%B6%D0%B8%D0%BB%D0%B8%20%D0%B1%D0%B0%D0%B7%D1%83%20%D0%A7%D0%92%D0%9A%20%D0%92%D0%B0%D0%B3%D0%BD%D0%B5%D1%80%D0%B0%20%D0%B2%20%D0%9F%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%BE%D0%B9%20-%20Korrespondent.net&zyx=3699735494
Requested by: Host: cdn.umh.ua
URL: https://cdn.umh.ua/libs/e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server: 78.159.118.240 , Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE),
Reverse DNS: hosted-by.leaseweb.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:30 GMT
cache-control: no-cache, must-revalidate
server: nginx
expires: -1

GET
H2 204 load Show response
z.cdn.umh.ua/ 0
94 B 25ms
25ms Script
text/plain 78.159.118.240
LEASEWEB-DE-FRA-10

General

Check archive.org

Show headers Download Go to

Full URL: https://z.cdn.umh.ua/load?z=1907900247&div=zone_1907900247&cw=1600&ch=1200&sr=1600x1200&df=1&bh=2&tl=906&pl=3&mi=4&me=8&hc=4&n=1660655129967&url=korrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&vc=Intel%20Iris%20OpenGL%20Engine&ti=%D0%92%D0%A1%D0%A3%20%D1%83%D0%BD%D0%B8%D1%87%D1%82%D0%BE%D0%B6%D0%B8%D0%BB%D0%B8%20%D0%B1%D0%B0%D0%B7%D1%83%20%D0%A7%D0%92%D0%9A%20%D0%92%D0%B0%D0%B3%D0%BD%D0%B5%D1%80%D0%B0%20%D0%B2%20%D0%9F%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%BE%D0%B9%20-%20Korrespondent.net&zyx=3699735494
Requested by: Host: cdn.umh.ua
URL: https://cdn.umh.ua/libs/e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server: 78.159.118.240 , Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE),
Reverse DNS: hosted-by.leaseweb.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:30 GMT
cache-control: no-cache, must-revalidate
server: nginx
expires: -1

GET
H2 204 load Show response
z.cdn.umh.ua/ 0
94 B 24ms
24ms Script
text/plain 78.159.118.240
LEASEWEB-DE-FRA-10

General

Check archive.org

Show headers Download Go to

Full URL: https://z.cdn.umh.ua/load?z=2064876158&div=zone_2064876158&cw=1600&ch=1200&sr=1600x1200&df=1&bh=2&tl=906&pl=3&mi=4&me=8&hc=4&n=1660655129967&url=korrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&vc=Intel%20Iris%20OpenGL%20Engine&ti=%D0%92%D0%A1%D0%A3%20%D1%83%D0%BD%D0%B8%D1%87%D1%82%D0%BE%D0%B6%D0%B8%D0%BB%D0%B8%20%D0%B1%D0%B0%D0%B7%D1%83%20%D0%A7%D0%92%D0%9A%20%D0%92%D0%B0%D0%B3%D0%BD%D0%B5%D1%80%D0%B0%20%D0%B2%20%D0%9F%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%BE%D0%B9%20-%20Korrespondent.net&zyx=3699735494
Requested by: Host: cdn.umh.ua
URL: https://cdn.umh.ua/libs/e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server: 78.159.118.240 , Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE),
Reverse DNS: hosted-by.leaseweb.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:30 GMT
cache-control: no-cache, must-revalidate
server: nginx
expires: -1

GET
H2 204 load Show response
z.cdn.umh.ua/ 0
94 B 23ms
21ms Script
text/plain 78.159.118.240
LEASEWEB-DE-FRA-10

General

Check archive.org

Show headers Download Go to

Full URL: https://z.cdn.umh.ua/load?z=1508430322&div=zone_1508430322&cw=1600&ch=1200&sr=1600x1200&df=1&bh=2&tl=906&pl=3&mi=4&me=8&hc=4&n=1660655129967&url=korrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&vc=Intel%20Iris%20OpenGL%20Engine&ti=%D0%92%D0%A1%D0%A3%20%D1%83%D0%BD%D0%B8%D1%87%D1%82%D0%BE%D0%B6%D0%B8%D0%BB%D0%B8%20%D0%B1%D0%B0%D0%B7%D1%83%20%D0%A7%D0%92%D0%9A%20%D0%92%D0%B0%D0%B3%D0%BD%D0%B5%D1%80%D0%B0%20%D0%B2%20%D0%9F%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%BE%D0%B9%20-%20Korrespondent.net&zyx=3699735494
Requested by: Host: cdn.umh.ua
URL: https://cdn.umh.ua/libs/e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server: 78.159.118.240 , Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE),
Reverse DNS: hosted-by.leaseweb.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:30 GMT
cache-control: no-cache, must-revalidate
server: nginx
expires: -1

GET
H2 200 load Show response
z.cdn.umh.ua/ 1 KB
964 B 324ms
322ms Script
application/javascript 78.159.118.240
LEASEWEB-DE-FRA-10

General

Check archive.org

Show headers Download Go to

Full URL: https://z.cdn.umh.ua/load?z=1526170517&div=zone_1526170517&cw=1600&ch=1200&sr=1600x1200&df=1&bh=2&tl=906&pl=3&mi=4&me=8&hc=4&n=1660655129967&url=korrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&vc=Intel%20Iris%20OpenGL%20Engine&ti=%D0%92%D0%A1%D0%A3%20%D1%83%D0%BD%D0%B8%D1%87%D1%82%D0%BE%D0%B6%D0%B8%D0%BB%D0%B8%20%D0%B1%D0%B0%D0%B7%D1%83%20%D0%A7%D0%92%D0%9A%20%D0%92%D0%B0%D0%B3%D0%BD%D0%B5%D1%80%D0%B0%20%D0%B2%20%D0%9F%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%BE%D0%B9%20-%20Korrespondent.net&zyx=3699735494
Requested by: Host: cdn.umh.ua
URL: https://cdn.umh.ua/libs/e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server: 78.159.118.240 , Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE),
Reverse DNS: hosted-by.leaseweb.com
Software: nginx /
Resource Hash: 29597c28ac2ae57d20f32a7c336abd77e10714d0195f58125a4e6db8e6d740bb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
server: nginx
content-type: application/javascript; charset=utf-8
cache-control: no-cache, must-revalidate
content-length: 811
expires: -1

GET
H2 200 load Show response
z.cdn.umh.ua/ 2 KB
1014 B 24ms
22ms Script
application/javascript 78.159.118.240
LEASEWEB-DE-FRA-10

General

Check archive.org

Show headers Download Go to

Full URL: https://z.cdn.umh.ua/load?z=1836648724&div=zone_1836648724&cw=1600&ch=1200&sr=1600x1200&df=1&bh=2&tl=906&pl=3&mi=4&me=8&hc=4&n=1660655129967&url=korrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&vc=Intel%20Iris%20OpenGL%20Engine&ti=%D0%92%D0%A1%D0%A3%20%D1%83%D0%BD%D0%B8%D1%87%D1%82%D0%BE%D0%B6%D0%B8%D0%BB%D0%B8%20%D0%B1%D0%B0%D0%B7%D1%83%20%D0%A7%D0%92%D0%9A%20%D0%92%D0%B0%D0%B3%D0%BD%D0%B5%D1%80%D0%B0%20%D0%B2%20%D0%9F%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%BE%D0%B9%20-%20Korrespondent.net&zyx=3699735494
Requested by: Host: cdn.umh.ua
URL: https://cdn.umh.ua/libs/e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server: 78.159.118.240 , Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE),
Reverse DNS: hosted-by.leaseweb.com
Software: nginx /
Resource Hash: d67f7297f9094ed400ddbd49f19457ff4bb2d2fd3d29de62e3a6ab3c23c80243

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
server: nginx
content-type: application/javascript; charset=utf-8
cache-control: no-cache, must-revalidate
content-length: 861
expires: -1

GET
H2 200 load Show response
z.cdn.umh.ua/ 75 B
202 B 24ms
21ms Script
text/plain 78.159.118.240
LEASEWEB-DE-FRA-10

General

Check archive.org

Show headers Download Go to

Full URL: https://z.cdn.umh.ua/load?z=1624934371&div=zone_1624934371&cw=1600&ch=1200&sr=1600x1200&df=1&bh=2&tl=906&pl=3&mi=4&me=8&hc=4&n=1660655129967&url=korrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&vc=Intel%20Iris%20OpenGL%20Engine&ti=%D0%92%D0%A1%D0%A3%20%D1%83%D0%BD%D0%B8%D1%87%D1%82%D0%BE%D0%B6%D0%B8%D0%BB%D0%B8%20%D0%B1%D0%B0%D0%B7%D1%83%20%D0%A7%D0%92%D0%9A%20%D0%92%D0%B0%D0%B3%D0%BD%D0%B5%D1%80%D0%B0%20%D0%B2%20%D0%9F%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%BE%D0%B9%20-%20Korrespondent.net&zyx=3699735494
Requested by: Host: cdn.umh.ua
URL: https://cdn.umh.ua/libs/e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server: 78.159.118.240 , Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE),
Reverse DNS: hosted-by.leaseweb.com
Software: nginx /
Resource Hash: 97cb426b07a50b994eb79c3e0b49d747c69bbdaf5587f55fe6a8f6b5b2e08929

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:30 GMT
cache-control: no-cache, must-revalidate
server: nginx
content-type: text/plain; charset=utf-8
content-length: 75
expires: -1

GET
H2 200 load Show response
z.cdn.umh.ua/ 1 KB
866 B 25ms
22ms Script
application/javascript 78.159.118.240
LEASEWEB-DE-FRA-10

General

Check archive.org

Show headers Download Go to

Full URL: https://z.cdn.umh.ua/load?z=1849272440&div=zone_1849272440&cw=1600&ch=1200&sr=1600x1200&df=1&bh=2&tl=906&pl=3&mi=4&me=8&hc=4&n=1660655129967&url=korrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&vc=Intel%20Iris%20OpenGL%20Engine&ti=%D0%92%D0%A1%D0%A3%20%D1%83%D0%BD%D0%B8%D1%87%D1%82%D0%BE%D0%B6%D0%B8%D0%BB%D0%B8%20%D0%B1%D0%B0%D0%B7%D1%83%20%D0%A7%D0%92%D0%9A%20%D0%92%D0%B0%D0%B3%D0%BD%D0%B5%D1%80%D0%B0%20%D0%B2%20%D0%9F%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%BE%D0%B9%20-%20Korrespondent.net&zyx=3699735494
Requested by: Host: cdn.umh.ua
URL: https://cdn.umh.ua/libs/e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server: 78.159.118.240 , Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE),
Reverse DNS: hosted-by.leaseweb.com
Software: nginx /
Resource Hash: eb5e6f4d9029e9ddd8eea9dc0edd15a97c177a97d5fbfbbe6a3b1c3982b26b81

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
server: nginx
content-type: application/javascript; charset=utf-8
cache-control: no-cache, must-revalidate
content-length: 713
expires: -1

GET
H2 200 load Show response
z.cdn.umh.ua/ 2 KB
1 KB 22ms
21ms Script
application/javascript 78.159.118.240
LEASEWEB-DE-FRA-10

General

Check archive.org

Show headers Download Go to

Full URL: https://z.cdn.umh.ua/load?z=1988961805&div=zone_1988961805&cw=1600&ch=1200&sr=1600x1200&df=1&bh=2&tl=906&pl=3&mi=4&me=8&hc=4&n=1660655129967&url=korrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&vc=Intel%20Iris%20OpenGL%20Engine&ti=%D0%92%D0%A1%D0%A3%20%D1%83%D0%BD%D0%B8%D1%87%D1%82%D0%BE%D0%B6%D0%B8%D0%BB%D0%B8%20%D0%B1%D0%B0%D0%B7%D1%83%20%D0%A7%D0%92%D0%9A%20%D0%92%D0%B0%D0%B3%D0%BD%D0%B5%D1%80%D0%B0%20%D0%B2%20%D0%9F%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%BE%D0%B9%20-%20Korrespondent.net&zyx=3699735494
Requested by: Host: cdn.umh.ua
URL: https://cdn.umh.ua/libs/e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server: 78.159.118.240 , Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE),
Reverse DNS: hosted-by.leaseweb.com
Software: nginx /
Resource Hash: 02ec02a732ac442b5d2c49e87f9ec7cc9bd191eb0ad0f1fdd642f0bd14f6ceac

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
server: nginx
content-type: application/javascript; charset=utf-8
cache-control: no-cache, must-revalidate
content-length: 1323
expires: -1

GET
H2 200 load Show response
z.cdn.umh.ua/ 940 B
798 B 23ms
21ms Script
application/javascript 78.159.118.240
LEASEWEB-DE-FRA-10

General

Check archive.org

Show headers Download Go to

Full URL: https://z.cdn.umh.ua/load?z=1349281805&div=zone_1349281805&cw=1600&ch=1200&sr=1600x1200&df=1&bh=2&tl=906&pl=3&mi=4&me=8&hc=4&n=1660655129967&url=korrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&vc=Intel%20Iris%20OpenGL%20Engine&ti=%D0%92%D0%A1%D0%A3%20%D1%83%D0%BD%D0%B8%D1%87%D1%82%D0%BE%D0%B6%D0%B8%D0%BB%D0%B8%20%D0%B1%D0%B0%D0%B7%D1%83%20%D0%A7%D0%92%D0%9A%20%D0%92%D0%B0%D0%B3%D0%BD%D0%B5%D1%80%D0%B0%20%D0%B2%20%D0%9F%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%BE%D0%B9%20-%20Korrespondent.net&zyx=3699735494
Requested by: Host: cdn.umh.ua
URL: https://cdn.umh.ua/libs/e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server: 78.159.118.240 , Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE),
Reverse DNS: hosted-by.leaseweb.com
Software: nginx /
Resource Hash: 0e5cff02d02b67173a25c2eb3a24f143626ddd170df83526333570d8895ef3de

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
server: nginx
content-type: application/javascript; charset=utf-8
cache-control: no-cache, must-revalidate
content-length: 645
expires: -1

GET
H2 200 xgemius.js Show response
gaua.hit.gemius.pl/ 57 KB
15 KB 195ms
62ms Script
application/x-javascript 146.59.10.80
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gaua.hit.gemius.pl/xgemius.js
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 146.59.10.80 , France, ASN16276 (OVH, FR),
Reverse DNS: ip80.ip-146-59-10.eu
Software: GHC /
Resource Hash: ed5727c5f85ede091e2379abbb49dd4b1f7138e683f889a894ef4e62c7b3ba5d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
last-modified: Mon, 25 Jul 2022 11:52:01 GMT
server: GHC
vary: Accept-Encoding,Origin
p3p: CP="NOI DSP COR NID PSAo OUR IND"
cache-control: max-age=43200
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-type: application/x-javascript
content-length: 15187
expires: Wed, 17 Aug 2022 01:05:30 GMT

GET
H2 200 korrespondent.net.1283487.es6.js Show response
jsc.mgid.com/k/o/ 267 KB
76 KB 47ms
46ms Script
text/javascript 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://jsc.mgid.com/k/o/korrespondent.net.1283487.es6.js
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/k/o/korrespondent.net.1283487.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 52d82f5bfad5f569fefc9d64b3d333caf22e079ca63ab2b38fa8fd8ee2e20e85

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: br
cf-cache-status: HIT
age: 1832
cf-polished: origSize=272911
last-modified: Fri, 05 Aug 2022 08:07:51 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 0EFXHDHMH7GATV60
x-amz-id-2: 9ICsWGibqAlO+LZG6OKZ3vUFIyWYuCm2fRE8PnFIL1F2ICLe6raV1i1MLPLG2D/QlNgwHZXamqw=
cf-bgj: minify
server: cloudflare
etag: W/"89822aed1e93a7d81f349422c862f592"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=10800
x-amz-version-id: BZgEu8u1XKyHuWRqq6O8PgGFI8USJR1v
cf-ray: 73ba61c3388e9a06-FRA
expires: Tue, 16 Aug 2022 16:05:30 GMT

GET
H2 200 user.hnd Show response
id.korrespondent.net/aut/ 9 B
225 B 71ms
70ms Script
text/javascript 193.29.200.151
UMHAS

General

Check archive.org

Show headers Download Go to

Full URL: https://id.korrespondent.net/aut/user.hnd?_1660655130104=
Requested by: Host: jskor.ill.in.ua
URL: https://jskor.ill.in.ua/js/jq/jquery.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.29.200.151 , Ukraine, ASN197203 (UMHAS, UA),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: bc788950c34406808d0a6d40ee7d7a0a585a3cebcd266cb72b1a4a8a252f1331

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
content-encoding: gzip
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: private

GET
H2 200 weather.hnd Show response
korrespondent.net/widget/ 2 KB
793 B 143ms
143ms XHR
text/html 2606:4700::6812:1eb6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://korrespondent.net/widget/weather.hnd
Requested by: Host: jskor.ill.in.ua
URL: https://jskor.ill.in.ua/js/jq/jquery.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1eb6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: f965395f86784c8fc7922e30a9c62992cc6de3e87517e975ea3be9f8a2324c90

Request headers

Accept: */*
Referer: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 16 Aug 2022 13:04:32 GMT
server: cloudflare
age: 58
x-powered-by: ASP.NET
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html; charset=utf-8
cache-control: private
cf-ray: 73ba61c3d90101e7-ZRH

GET
H2 200 preloader_photo-gray.gif
csskor.ill.in.ua/i/ 6 KB
6 KB 44ms
43ms Image
image/gif 193.29.200.151
UMHAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://csskor.ill.in.ua/i/preloader_photo-gray.gif
Requested by: Host: csskor.ill.in.ua
URL: https://csskor.ill.in.ua/css/royalslider.min.css?v=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.29.200.151 , Ukraine, ASN197203 (UMHAS, UA),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: aa850796db9400b694644339634f8708ffd14e3ac9843972954dcb4571dcb939

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://csskor.ill.in.ua/css/royalslider.min.css?v=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
last-modified: Wed, 07 May 2014 14:11:34 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
etag: "0ef6440fe69cf1:0"
content-type: image/gif
cache-control: public, max-age=31536
accept-ranges: bytes
content-length: 5916

GET
H2 200 2760163.jpg
kor.ill.in.ua/m/300x155/ 33 KB
33 KB 47ms
45ms Image
image/jpeg 193.29.200.157
UMHAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kor.ill.in.ua/m/300x155/2760163.jpg
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.29.200.157 , Ukraine, ASN197203 (UMHAS, UA),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 5ece34e4ee693a3535e7bee487f34ec53f16334830ee4210239e95190524358e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
last-modified: Mon, 15 Aug 2022 17:16:56 GMT
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
content-type: image/jpeg
cache-control: public
content-length: 33991
expires: Tue, 16 Aug 2022 13:14:42 GMT

GET
H2 200 2723028.jpg
kor.ill.in.ua/m/300x155/ 46 KB
47 KB 48ms
46ms Image
image/jpeg 193.29.200.157
UMHAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kor.ill.in.ua/m/300x155/2723028.jpg
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.29.200.157 , Ukraine, ASN197203 (UMHAS, UA),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 42fd1410f61902cdec723e26a49910a423bacdfcdc38197543238f7f113c51f4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
last-modified: Mon, 15 Aug 2022 16:24:39 GMT
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
content-type: image/jpeg
cache-control: public
content-length: 47582
expires: Tue, 16 Aug 2022 13:14:42 GMT

GET
H2 200 2759305.jpg
kor.ill.in.ua/m/300x155/ 24 KB
24 KB 48ms
46ms Image
image/jpeg 193.29.200.157
UMHAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kor.ill.in.ua/m/300x155/2759305.jpg
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.29.200.157 , Ukraine, ASN197203 (UMHAS, UA),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: c9dffa2fc0c30836d2fedff6aa96598bd23d9ac8838813aa8c3dacc47f5c742f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
last-modified: Thu, 11 Aug 2022 16:40:49 GMT
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
content-type: image/jpeg
cache-control: public
content-length: 24629
expires: Tue, 16 Aug 2022 13:20:25 GMT

GET
H2 200 2758982.jpg
kor.ill.in.ua/m/300x155/ 8 KB
8 KB 48ms
47ms Image
image/jpeg 193.29.200.157
UMHAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kor.ill.in.ua/m/300x155/2758982.jpg
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.29.200.157 , Ukraine, ASN197203 (UMHAS, UA),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: e644bbeb7e4ae74c6f15f2f493265db82cebf38bdb060b7ec36f319a2706e697

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
last-modified: Wed, 10 Aug 2022 16:29:40 GMT
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
content-type: image/jpeg
cache-control: public
content-length: 8242
expires: Tue, 16 Aug 2022 13:14:41 GMT

GET
H2 200 2757653.jpg
kor.ill.in.ua/m/300x155/ 44 KB
44 KB 49ms
47ms Image
image/jpeg 193.29.200.157
UMHAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kor.ill.in.ua/m/300x155/2757653.jpg
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.29.200.157 , Ukraine, ASN197203 (UMHAS, UA),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: ff4e9a88d8a7ab1327d726d0f048451861f2402a2ac41eaa8e1dbea64e74af76

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
last-modified: Fri, 05 Aug 2022 20:36:19 GMT
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
content-type: image/jpeg
cache-control: public
content-length: 45073
expires: Tue, 16 Aug 2022 13:14:35 GMT

GET
H2 200 2757611.jpg
kor.ill.in.ua/m/300x155/ 39 KB
40 KB 85ms
84ms Image
image/jpeg 193.29.200.157
UMHAS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kor.ill.in.ua/m/300x155/2757611.jpg
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.29.200.157 , Ukraine, ASN197203 (UMHAS, UA),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: b85b7b90ac060a12f5d74536230388c245f191c36fe35d86e3105971b8d190ef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
last-modified: Fri, 05 Aug 2022 15:44:13 GMT
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
content-type: image/jpeg
cache-control: public
content-length: 40385
expires: Tue, 16 Aug 2022 13:14:40 GMT

GET
H/1.1 204
No Content s Show response
h.holder.com.ua/ 0
126 B 178ms
49ms Script
text/plain 91.198.36.35
DIGITAL-VENTURES

General

Check archive.org

Show headers Download Go to

Full URL: https://h.holder.com.ua/s?ta&b6100&c1&r70684074&dholder_300x30_0&hhttps%3A//korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Requested by: Host: i.holder.com.ua
URL: https://i.holder.com.ua/t/holder.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 91.198.36.35 , Ukraine, ASN43405 (DIGITAL-VENTURES, UA),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:30 GMT
Server: nginx
Connection: keep-alive
Keep-Alive: timeout=5

GET
H/1.1 204
No Content s Show response
h.holder.com.ua/ 0
126 B 178ms
50ms Script
text/plain 91.198.36.35
DIGITAL-VENTURES

General

Check archive.org

Show headers Download Go to

Full URL: https://h.holder.com.ua/s?ta&b8040&c1&r70684074&dholder_300x30_40&hhttps%3A//korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Requested by: Host: i.holder.com.ua
URL: https://i.holder.com.ua/t/holder.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 91.198.36.35 , Ukraine, ASN43405 (DIGITAL-VENTURES, UA),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:30 GMT
Server: nginx
Connection: keep-alive
Keep-Alive: timeout=5

GET
H/1.1 204
No Content s Show response
h.holder.com.ua/ 0
126 B 164ms
50ms Script
text/plain 91.198.36.35
DIGITAL-VENTURES

General

Check archive.org

Show headers Download Go to

Full URL: https://h.holder.com.ua/s?ta&b7725&c1&r70684074&dholder_300x250_25&hhttps%3A//korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Requested by: Host: i.holder.com.ua
URL: https://i.holder.com.ua/t/holder.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 91.198.36.35 , Ukraine, ASN43405 (DIGITAL-VENTURES, UA),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:30 GMT
Server: nginx
Connection: keep-alive
Keep-Alive: timeout=5

GET
H/1.1 204
No Content s Show response
h.holder.com.ua/ 0
126 B 164ms
50ms Script
text/plain 91.198.36.35
DIGITAL-VENTURES

General

Check archive.org

Show headers Download Go to

Full URL: https://h.holder.com.ua/s?ta&b7145&c1&r70684074&dholder_300x300_45&hhttps%3A//korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Requested by: Host: i.holder.com.ua
URL: https://i.holder.com.ua/t/holder.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 91.198.36.35 , Ukraine, ASN43405 (DIGITAL-VENTURES, UA),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:30 GMT
Server: nginx
Connection: keep-alive
Keep-Alive: timeout=5

GET
H/1.1 204
No Content s Show response
h.holder.com.ua/ 0
126 B 165ms
49ms Script
text/plain 91.198.36.35
DIGITAL-VENTURES

General

Check archive.org

Show headers Download Go to

Full URL: https://h.holder.com.ua/s?ta&b8350&c1&r70684074&dholder_300x300_50&hhttps%3A//korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Requested by: Host: i.holder.com.ua
URL: https://i.holder.com.ua/t/holder.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 91.198.36.35 , Ukraine, ASN43405 (DIGITAL-VENTURES, UA),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:30 GMT
Server: nginx
Connection: keep-alive
Keep-Alive: timeout=5

GET
H/1.1 204
No Content s Show response
h.holder.com.ua/ 0
126 B 584ms
455ms Script
text/plain 91.198.36.35
DIGITAL-VENTURES

General

Check archive.org

Show headers Download Go to

Full URL: https://h.holder.com.ua/s?ta&b8479&c1&r70684074&dholder_300x300_8479&hhttps%3A//korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Requested by: Host: i.holder.com.ua
URL: https://i.holder.com.ua/t/holder.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 91.198.36.35 , Ukraine, ASN43405 (DIGITAL-VENTURES, UA),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:30 GMT
Server: nginx
Connection: keep-alive
Keep-Alive: timeout=5

GET
H/1.1 204
No Content s Show response
h.holder.com.ua/ 0
126 B 50ms
49ms Script
text/plain 91.198.36.35
DIGITAL-VENTURES

General

Check archive.org

Show headers Download Go to

Full URL: https://h.holder.com.ua/s?ta&b2890&c1&r70684074&dholder_2890_ros&hhttps%3A//korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Requested by: Host: i.holder.com.ua
URL: https://i.holder.com.ua/t/holder.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 91.198.36.35 , Ukraine, ASN43405 (DIGITAL-VENTURES, UA),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:30 GMT
Server: nginx
Connection: keep-alive
Keep-Alive: timeout=5

GET
H2 200 impress Show response
ad.mox.tv/delivery/ 17 KB
9 KB 95ms
93ms XHR
application/json 190.2.151.10
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.mox.tv/delivery/impress?ctype=div&pzoneid=1554&height=288&width=400&tld=korrespondent.net&in_iframe=&position=btf&screen_width=1600&screen_height=1200&top_domain=korrespondent.net&top_url=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&domain=korrespondent.net&url=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&referrer=&async=1&uid=2760100827
Requested by: Host: ad.mox.tv
URL: https://ad.mox.tv/mox/mwayss_invocation.min.js?pzoneid=1554&height=288&width=400&tld=korrespondent.net&ctype=div
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 190.2.151.10 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 190-2-151-10.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 4ce066bb56fe45510d5f63bb23ba87757b994c33e2ad4ecf2c9310ceab2822a9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-origin: https://korrespondent.net
date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: application/json; charset=utf-8

GET
H2 200 main.js Show response
go.rcvlink.com/static/ Frame 895E 6 KB
3 KB 174ms
40ms Script
application/javascript 136.243.84.74
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://go.rcvlink.com/static/main.js
Requested by: Host: z.cdn.umh.ua
URL: https://z.cdn.umh.ua/load?z=2109517661&div=zone_2109517661&cw=1600&ch=1200&sr=1600x1200&df=1&bh=2&tl=906&pl=3&mi=4&me=8&hc=4&n=1660655129967&url=korrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&vc=Intel%20Iris%20OpenGL%20Engine&ti=%D0%92%D0%A1%D0%A3%20%D1%83%D0%BD%D0%B8%D1%87%D1%82%D0%BE%D0%B6%D0%B8%D0%BB%D0%B8%20%D0%B1%D0%B0%D0%B7%D1%83%20%D0%A7%D0%92%D0%9A%20%D0%92%D0%B0%D0%B3%D0%BD%D0%B5%D1%80%D0%B0%20%D0%B2%20%D0%9F%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%BE%D0%B9%20-%20Korrespondent.net&zyx=3699735494
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.84.74 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.74.84.243.136.clients.your-server.de
Software: nginx /
Resource Hash: d396df02b5d1618cfdcca3c3bb68241ce7ced903cd5d3a50604b51821bee86d8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
last-modified: Thu, 11 Aug 2022 17:40:48 GMT
server: nginx
etag: W/"62f53f20-1892"
content-type: application/javascript
cache-control: max-age=86400
expires: Wed, 17 Aug 2022 13:05:30 GMT

GET
H/1.1 204
No Content s Show response
h.holder.com.ua/ 0
126 B 49ms
49ms Script
text/plain 91.198.36.35
DIGITAL-VENTURES

General

Check archive.org

Show headers Download Go to

Full URL: https://h.holder.com.ua/s?ta&b5571&c1&r70684074&dholder2124420052&hhttps%3A//korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Requested by: Host: i.holder.com.ua
URL: https://i.holder.com.ua/t/holder.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 91.198.36.35 , Ukraine, ASN43405 (DIGITAL-VENTURES, UA),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:30 GMT
Server: nginx
Connection: keep-alive
Keep-Alive: timeout=5

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
443 B 93ms
33ms XHR
text/plain 2a00:1450:400c:c08::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-1609229-9&cid=2006371786.1660655130&jid=954677258&gjid=1341308359&_gid=614955147.1660655130&_u=YEBAAUAAAAAAAC~&z=362268869

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c08::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://korrespondent.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 16 Aug 2022 13:05:30 GMT
content-type: text/plain
access-control-allow-origin: https://korrespondent.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 contentroll.html Show response
cdn.umh.ua/libs/vast/vast-player/ Frame 536A 9 KB
4 KB 22ms
21ms Document
text/html 78.159.118.240
LEASEWEB-DE-FRA-10

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.umh.ua/libs/vast/vast-player/contentroll.html?advMediaId=zone_1392847469_vqYbOzVnIXir&ADTAG=https://z.cdn.umh.ua/load?o=v&z=1392847469&u=7be2aa7549820401&sr=1600x1200&cw=1600&ch=1200&hc=4&pl=3&mi=4&me=8.00&df=64&bh=2&tl=906&n=2797753744&url=korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&vc=Intel%20Iris%20OpenGL%20Engine&zyx=637049293

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Security

TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305

Server

78.159.118.240 , Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE),

Reverse DNS

hosted-by.leaseweb.com

Software

nginx /

Resource Hash

704b568dd905bd4ff56e44f9bcf43447eef6161576ffe7a59b984563ff52754b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block;

Request headers

Referer: https://korrespondent.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-PINGOTHER
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1728000
cache-control: max-age=86400
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 16 Aug 2022 13:05:30 GMT
etag: W/"6231ce5c-238d"
expires: Wed, 17 Aug 2022 13:05:30 GMT
last-modified: Wed, 16 Mar 2022 11:47:40 GMT
server: nginx
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block;

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
70 B 41ms
34ms XHR
text/plain 2a00:1450:400c:c08::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-1609229-30&cid=2006371786.1660655130&jid=1477493304&gjid=774032573&_gid=614955147.1660655130&_u=aGDAgUABAAAAAG~&z=676745660

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c08::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://korrespondent.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 16 Aug 2022 13:05:30 GMT
content-type: text/plain
access-control-allow-origin: https://korrespondent.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 42ms
41ms Image
image/gif 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=351416207&t=pageview&_s=1&dl=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&ul=en-us&de=UTF-8&dt=%D0%92%D0%A1%D0%A3%20%D1%83%D0%BD%D0%B8%D1%87%D1%82%D0%BE%D0%B6%D0%B8%D0%BB%D0%B8%20%D0%B1%D0%B0%D0%B7%D1%83%20%D0%A7%D0%92%D0%9A%20%D0%92%D0%B0%D0%B3%D0%BD%D0%B5%D1%80%D0%B0%20%D0%B2%20%D0%9F%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%BE%D0%B9%20-%20Korrespondent.net&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDAgUABAAAAAC~&jid=1477493304&gjid=774032573&cid=2006371786.1660655130&tid=UA-1609229-30&_gid=614955147.1660655130&gtm=2wg8f0P7KPL8&z=699906736

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 Aug 2022 22:55:46 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 50984
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 204 result Show response
korrespondent.net/cdn-cgi/bm/cv/ 0
305 B 140ms
140ms XHR
text/plain 2606:4700::6812:1eb6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://korrespondent.net/cdn-cgi/bm/cv/result?req_id=73ba61beffc701e7
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/cdn-cgi/bm/cv/669835187/api.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1eb6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
server: cloudflare
cf-ray: 73ba61c49a7101e7-ZRH
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding

GET
H2 200 contentroll.html Show response
cdn.umh.ua/libs/vast/vast-player/ Frame E56A 9 KB
4 KB 31ms
31ms Document
text/html 78.159.118.240
LEASEWEB-DE-FRA-10

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.umh.ua/libs/vast/vast-player/contentroll.html?advMediaId=zone_1179888271_MEKSfIllJRsQ&ADTAG=https://z.cdn.umh.ua/load?o=v&z=1179888271&u=7be2aa7549820401&sr=1600x1200&cw=1600&ch=1200&hc=4&pl=3&mi=4&me=8.00&df=64&bh=2&tl=906&n=2797753744&url=korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&vc=Intel%20Iris%20OpenGL%20Engine&zyx=637049293

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Security

TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305

Server

78.159.118.240 , Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE),

Reverse DNS

hosted-by.leaseweb.com

Software

nginx /

Resource Hash

704b568dd905bd4ff56e44f9bcf43447eef6161576ffe7a59b984563ff52754b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block;

Request headers

Referer: https://korrespondent.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-PINGOTHER
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1728000
cache-control: max-age=86400
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 16 Aug 2022 13:05:30 GMT
etag: W/"6231ce5c-238d"
expires: Wed, 17 Aug 2022 13:05:30 GMT
last-modified: Wed, 16 Mar 2022 11:47:40 GMT
server: nginx
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 1; mode=block;

GET
H2 200 mwayss_invocation.min.js Show response
ad.mox.tv/mox/ 29 KB
10 KB 29ms
29ms Script
application/javascript 190.2.151.10
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.mox.tv/mox/mwayss_invocation.min.js?pzoneid=6795&height=250&width=300&tld=korrespondent.net&ctype=iframe
Requested by: Host: z.cdn.umh.ua
URL: https://z.cdn.umh.ua/load?z=1836648724&div=zone_1836648724&cw=1600&ch=1200&sr=1600x1200&df=1&bh=2&tl=906&pl=3&mi=4&me=8&hc=4&n=1660655129967&url=korrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&vc=Intel%20Iris%20OpenGL%20Engine&ti=%D0%92%D0%A1%D0%A3%20%D1%83%D0%BD%D0%B8%D1%87%D1%82%D0%BE%D0%B6%D0%B8%D0%BB%D0%B8%20%D0%B1%D0%B0%D0%B7%D1%83%20%D0%A7%D0%92%D0%9A%20%D0%92%D0%B0%D0%B3%D0%BD%D0%B5%D1%80%D0%B0%20%D0%B2%20%D0%9F%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%BE%D0%B9%20-%20Korrespondent.net&zyx=3699735494
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 190.2.151.10 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 190-2-151-10.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 314349e78d72853d2c7b322d616e9a29b53957cf702ddc99766495fbb258d31d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
last-modified: Tue, 07 Dec 2021 16:48:38 GMT
server: nginx/1.14.0 (Ubuntu)
etag: W/"61af9066-72a8"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600, public, max-age=3600
expires: Tue, 16 Aug 2022 14:05:30 GMT

GET
H3 200 4.korrespondent.net.654324.js Show response
jsc.mgid.com/4/k/ 2 KB
1 KB 59ms
58ms Script
text/javascript 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://jsc.mgid.com/4/k/4.korrespondent.net.654324.js
Requested by: Host: z.cdn.umh.ua
URL: https://z.cdn.umh.ua/load?z=1849272440&div=zone_1849272440&cw=1600&ch=1200&sr=1600x1200&df=1&bh=2&tl=906&pl=3&mi=4&me=8&hc=4&n=1660655129967&url=korrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&vc=Intel%20Iris%20OpenGL%20Engine&ti=%D0%92%D0%A1%D0%A3%20%D1%83%D0%BD%D0%B8%D1%87%D1%82%D0%BE%D0%B6%D0%B8%D0%BB%D0%B8%20%D0%B1%D0%B0%D0%B7%D1%83%20%D0%A7%D0%92%D0%9A%20%D0%92%D0%B0%D0%B3%D0%BD%D0%B5%D1%80%D0%B0%20%D0%B2%20%D0%9F%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%BE%D0%B9%20-%20Korrespondent.net&zyx=3699735494
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 813ec2300178de638ddb6b784d7bea609defc322af5c037b7a4ae3d1bc94751a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: br
cf-cache-status: HIT
age: 6232
cf-polished: origSize=2329
last-modified: Fri, 05 Aug 2022 08:11:07 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: HFXJKJ28CB7G3EK2
x-amz-id-2: +zVI0lo/ppG8usZE8THzcqnj/qDQEZxVFafphhDkfDtwfhwjq2mTcDrobzSeua0nq0YoJYQpXveD00sOvQ81gQ==
cf-bgj: minify
server: cloudflare
etag: W/"52ea78a07a12b972ce817185afd9baed"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=10800
x-amz-version-id: W9fpHP.869JN.K6TxguO7aGGeNmi8aGd
cf-ray: 73ba61c45b41d6a6-CDG
expires: Tue, 16 Aug 2022 16:05:30 GMT

GET
H2 200 login.js Show response
id.korrespondent.net/js/ 27 KB
5 KB 92ms
76ms Script
application/javascript 193.29.200.151
UMHAS

General

Check archive.org

Show headers Download Go to

Full URL: https://id.korrespondent.net/js/login.js?v=4
Requested by: Host: id.korrespondent.net
URL: https://id.korrespondent.net/js/profile.js?v=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.29.200.151 , Ukraine, ASN197203 (UMHAS, UA),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 4420ea692c662405840a6b76be19da76ecd585025bbdbcd4e8e44ad5ef6f6dc5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
content-encoding: gzip
etag: "80d7a1c2b289d81:0"
last-modified: Sun, 26 Jun 2022 23:16:27 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript
cache-control: no-cache
accept-ranges: bytes
content-length: 4924

GET
H2 200 swiper-bundle.min.css
unpkg.com/swiper@7.3.0/ 15 KB
5 KB 109ms
37ms Stylesheet
text/css 2606:4700::6810:7baf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/swiper@7.3.0/swiper-bundle.min.css

Requested by

Host: ad.mox.tv
URL: https://ad.mox.tv/mox/mwayss_invocation.min.js?pzoneid=1554&height=288&width=400&tld=korrespondent.net&ctype=div

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7baf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6ca8fddb17d96df80923b284c7e07888f947eb3dd03974cd31e85f4d5e9dc6dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
age: 23426136
fly-request-id: 01FMS77QYFR7T91A14VZPZC4YW
content-encoding: br
vary: Accept-Encoding
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: cloudflare
etag: W/"3ccb-bbg35pXUy1EXOpXHxlwOip0M+cE"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 73ba61c4ce13cc5a-ZRH

GET
H2 200 achernar.min.js Show response
ad.mox.tv/js/achernar/ 11 KB
4 KB 38ms
25ms Script
application/javascript 190.2.151.10
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.mox.tv/js/achernar/achernar.min.js
Requested by: Host: ad.mox.tv
URL: https://ad.mox.tv/mox/mwayss_invocation.min.js?pzoneid=1554&height=288&width=400&tld=korrespondent.net&ctype=div
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 190.2.151.10 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 190-2-151-10.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: fce742d7814055a224b9e7b2a36bccfba4547644a968e838bf0b9d2f730866dc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
last-modified: Mon, 21 Feb 2022 14:47:09 GMT
server: nginx/1.14.0 (Ubuntu)
etag: W/"6213a5ed-2b1e"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600, public, max-age=3600
expires: Tue, 16 Aug 2022 14:05:30 GMT

GET
H2 200 prebid.js Show response
ad.mox.tv/js/achernar/ 266 KB
82 KB 47ms
34ms Script
application/javascript 190.2.151.10
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.mox.tv/js/achernar/prebid.js
Requested by: Host: ad.mox.tv
URL: https://ad.mox.tv/mox/mwayss_invocation.min.js?pzoneid=1554&height=288&width=400&tld=korrespondent.net&ctype=div
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 190.2.151.10 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 190-2-151-10.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 78f755249da2fa29690828464594f09814fc9a3d73cd197df9e146da64efa4fd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
last-modified: Mon, 27 Jun 2022 07:46:03 GMT
server: nginx/1.14.0 (Ubuntu)
etag: W/"62b9603b-429d0"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600, public, max-age=3600
expires: Tue, 16 Aug 2022 14:05:30 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 83 KB
29 KB 443ms
105ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: ad.mox.tv
URL: https://ad.mox.tv/mox/mwayss_invocation.min.js?pzoneid=1554&height=288&width=400&tld=korrespondent.net&ctype=div

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

07dc2e48ef051b38cc4841495a54a57efd4b1b8c12f4dd47af04ebf5dc60b5ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28647
x-xss-protection: 0
server: sffe
etag: "1305 / 344 of 1000 / last-modified: 1660648063"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 16 Aug 2022 13:05:30 GMT

GET
H2 200 swiper-bundle.min.js Show response
unpkg.com/swiper@7.3.0/ 132 KB
38 KB 56ms
48ms Script
application/javascript 2606:4700::6810:7baf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/swiper@7.3.0/swiper-bundle.min.js

Requested by

Host: ad.mox.tv
URL: https://ad.mox.tv/mox/mwayss_invocation.min.js?pzoneid=1554&height=288&width=400&tld=korrespondent.net&ctype=div

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7baf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

159c24eb0b9d044c0507e36e693d0ff23bbb990ae90523cc25f3683253ee43d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
age: 23426178
fly-request-id: 01FMS76ETJSXZKGZGFZVHH4A5S
content-encoding: br
vary: Accept-Encoding
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: cloudflare
etag: W/"211c1-rxAEOIj0DtL1iihSDpsruCFXSHs"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 73ba61c4ce14cc5a-ZRH

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 170 KB
57 KB 170ms
78ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: ad.mox.tv
URL: https://ad.mox.tv/mox/mwayss_invocation.min.js?pzoneid=1554&height=288&width=400&tld=korrespondent.net&ctype=div

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3f8ad69cc7e1ffd2d274c3a414f13c646c7a2bedc5ab572272292bcbc31df31a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57542
x-xss-protection: 0
server: cafe
etag: 8460575953565726743
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 16 Aug 2022 13:05:30 GMT

GET
H2 200 mwayss_invocation.min.css
ad.mox.tv/mox/ 3 KB
850 B 29ms
25ms Stylesheet
text/css 190.2.151.10
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.mox.tv/mox/mwayss_invocation.min.css
Requested by: Host: ad.mox.tv
URL: https://ad.mox.tv/mox/mwayss_invocation.min.js?pzoneid=1554&height=288&width=400&tld=korrespondent.net&ctype=div
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 190.2.151.10 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 190-2-151-10.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 60f74110267d386c033ca330fc5bbd7d2472c972b63b33fa8000e87c8f815de6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
last-modified: Wed, 10 Jun 2020 14:52:51 GMT
server: nginx/1.14.0 (Ubuntu)
etag: W/"5ee0f3c3-a0a"
vary: Accept-Encoding
content-type: text/css

GET
H2 200 p-gsmZhdaUra0N6.gif
pixel.quantserve.com/pixel/ 35 B
372 B 81ms
18ms Image
image/gif 2620:116:800d:21:b314:a0ef:ab7c:d546
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel/p-gsmZhdaUra0N6.gif

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:b314:a0ef:ab7c:d546 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:30 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 magic.png
bgstats.mox.tv/ 0
66 B 155ms
45ms Image
image/png 167.71.9.19
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bgstats.mox.tv/magic.png
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 167.71.9.19 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
server: nginx/1.14.0 (Ubuntu)
content-length: 0
content-type: image/png

GET

sync
ad.invamia.com/delivery/
Redirect Chain

https://x.bidswitch.net/sync?ssp=prodoohmox&user_id=eb6718de-e878-4354-bdc2-2720b7ae6d50&gdpr=0&gdpr_consent=
https://x.bidswitch.net/ul_cb/sync?ssp=prodoohmox&user_id=eb6718de-e878-4354-bdc2-2720b7ae6d50&gdpr=0&gdpr_consent=
https://sync.mathtag.com/sync/img?mt_exid=46&redir=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D80%26user_id%3D%5BUUID%5D%26expires%3D30%26ssp%3Dprodoohmox%26bsw_param%3Dad1f481a-c69d-4a57-831b-33e7fddb...
https://x.bidswitch.net/sync?dsp_id=80&user_id=661f62fb-961b-4500-92f9-12a388ac2c6f&expires=30&ssp=prodoohmox&bsw_param=ad1f481a-c69d-4a57-831b-33e7fddbf07f&gdpr=0&gdpr_consent=
https://ad.mox.tv/delivery/sync?userid=ad1f481a-c69d-4a57-831b-33e7fddbf07f
https://ad.mediawayss.com/delivery/sync?userid=ad1f481a-c69d-4a57-831b-33e7fddbf07f&inner_redirect=1&inner_uuid=eb6718de-e878-4354-bdc2-2720b7ae6d50&redirect_host_list=YWQub3V0c3RyZWFtLnRvZGF5LGFkL...
https://ad.outstream.today/delivery/sync?userid=ad1f481a-c69d-4a57-831b-33e7fddbf07f&inner_redirect=1&inner_uuid=eb6718de-e878-4354-bdc2-2720b7ae6d50&redirect_host_list=YWQuYWRvcHgubmV0LGFkLmludmFt...
https://ad.adopx.net/delivery/sync?userid=ad1f481a-c69d-4a57-831b-33e7fddbf07f&inner_redirect=1&inner_uuid=eb6718de-e878-4354-bdc2-2720b7ae6d50&redirect_host_list=YWQuaW52YW1pYS5jb20sYWQudmlkdmVydG...
https://ad.invamia.com/delivery/sync?userid=ad1f481a-c69d-4a57-831b-33e7fddbf07f&inner_redirect=1&inner_uuid=eb6718de-e878-4354-bdc2-2720b7ae6d50&redirect_host_list=YWQudmlkdmVydG8uaW8sYWQudmlkdmVy...

0
0

GET
H2 200 vast-player.min.js Show response
cdn.umh.ua/libs/vast/vast-player/ Frame 536A 64 KB
23 KB 27ms
23ms Script
application/javascript 78.159.118.240
LEASEWEB-DE-FRA-10

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.umh.ua/libs/vast/vast-player/vast-player.min.js

Requested by

Host: cdn.umh.ua
URL: https://cdn.umh.ua/libs/vast/vast-player/contentroll.html?advMediaId=zone_1392847469_vqYbOzVnIXir&ADTAG=https://z.cdn.umh.ua/load?o=v&z=1392847469&u=7be2aa7549820401&sr=1600x1200&cw=1600&ch=1200&hc=4&pl=3&mi=4&me=8.00&df=64&bh=2&tl=906&n=2797753744&url=korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&vc=Intel%20Iris%20OpenGL%20Engine&zyx=637049293

Protocol

Security

TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305

Server

78.159.118.240 , Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE),

Reverse DNS

hosted-by.leaseweb.com

Software

nginx /

Resource Hash

d9d9a1fec49726428028512605f0e7e446629f0c4fcc761c8b3af57460e1ae99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.umh.ua/libs/vast/vast-player/contentroll.html?advMediaId=zone_1392847469_vqYbOzVnIXir&ADTAG=https://z.cdn.umh.ua/load?o=v&z=1392847469&u=7be2aa7549820401&sr=1600x1200&cw=1600&ch=1200&hc=4&pl=3&mi=4&me=8.00&df=64&bh=2&tl=906&n=2797753744&url=korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&vc=Intel%20Iris%20OpenGL%20Engine&zyx=637049293
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
vary: Accept-Encoding
x-xss-protection: 1; mode=block;
last-modified: Tue, 01 Mar 2022 15:54:34 GMT
server: nginx
etag: W/"621e41ba-1017c"
access-control-max-age: 1728000
access-control-allow-methods: GET, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=86400
access-control-allow-credentials: true
access-control-allow-headers: X-PINGOTHER
expires: Wed, 17 Aug 2022 13:05:30 GMT

GET
H2 200 76.png
korrespondent.net/i/weather/icon/ 537 B
643 B 138ms
135ms Image
image/png 2606:4700::6812:1eb6
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://korrespondent.net/i/weather/icon/76.png
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1eb6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / ASP.NET
Resource Hash: e12a2c1c361ea32bb1c2d85f2aa7bcf31380cc7bd8af1b71a9400a3aeb4faa99

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
cf-cache-status: HIT
last-modified: Mon, 11 Jul 2016 11:43:59 GMT
server: cloudflare
age: 1779
x-powered-by: ASP.NET
etag: "eef6c48369dbd11:0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
cache-control: no-cache,public, max-age=31536
accept-ranges: bytes
cf-ray: 73ba61c50b1101e7-ZRH
content-length: 537

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 128ms
40ms Image
image/gif 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-1609229-9&cid=2006371786.1660655130&jid=954677258&_u=YEBAAUAAAAAAAC~&z=125241018

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 81ms
39ms Image
image/gif 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-1609229-9&cid=2006371786.1660655130&jid=954677258&_u=YEBAAUAAAAAAAC~&z=125241018

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 82ms
42ms Image
image/gif 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-1609229-30&cid=2006371786.1660655130&jid=1477493304&_u=aGDAgUABAAAAAG~&z=751716181

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 75ms
42ms Image
image/gif 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-1609229-30&cid=2006371786.1660655130&jid=1477493304&_u=aGDAgUABAAAAAG~&z=751716181

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:30 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
BLOB 200
OK c1ed10f7-aeb5-4ac4-83e5-19f1f35ed50d
https://korrespondent.net/ 0
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://korrespondent.net/c1ed10f7-aeb5-4ac4-83e5-19f1f35ed50d
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Length: 0
Content-Type: text/javascript

GET
BLOB 200
OK 6b1ae7e5-b649-4f4f-bccb-3010c76acd84
https://korrespondent.net/ 245 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://korrespondent.net/6b1ae7e5-b649-4f4f-bccb-3010c76acd84
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d68edf3c87c6a6d87223649e8162ef1584ea6faad6f20e80fdd5f72c21b16a17

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Length: 245
Content-Type: text/javascript

GET
H3 200 korrespondent.net.971150.js Show response
jsc.mgid.com/k/o/ 2 KB
1 KB 44ms
43ms Script
text/javascript 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://jsc.mgid.com/k/o/korrespondent.net.971150.js
Requested by: Host: z.cdn.umh.ua
URL: https://z.cdn.umh.ua/load?z=1349281805&div=zone_1349281805&cw=1600&ch=1200&sr=1600x1200&df=1&bh=2&tl=906&pl=3&mi=4&me=8&hc=4&n=1660655129967&url=korrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&vc=Intel%20Iris%20OpenGL%20Engine&ti=%D0%92%D0%A1%D0%A3%20%D1%83%D0%BD%D0%B8%D1%87%D1%82%D0%BE%D0%B6%D0%B8%D0%BB%D0%B8%20%D0%B1%D0%B0%D0%B7%D1%83%20%D0%A7%D0%92%D0%9A%20%D0%92%D0%B0%D0%B3%D0%BD%D0%B5%D1%80%D0%B0%20%D0%B2%20%D0%9F%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%BE%D0%B9%20-%20Korrespondent.net&zyx=3699735494
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b025ff367e60a9cc772159148d19e19f548aec0302db9eef1d93b5361a42d52d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: br
cf-cache-status: HIT
age: 6232
cf-polished: origSize=2325
last-modified: Wed, 03 Aug 2022 08:37:22 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: TMFMZS1QNBQWZ2QQ
x-amz-id-2: UjP+ozObNpdKGKLemYjJaF8cSJZhoZ2hf4HmZ9J1ueFVnyaYVK+T3x904z9N6Gf882Ly7enxS+M=
cf-bgj: minify
server: cloudflare
etag: W/"296f2ce6c156c85ec2878079602bfa53"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=10800
x-amz-version-id: thaaz7B7qQ3_OWh2tj.jDXdLs6cR8XkJ
cf-ray: 73ba61c47b97d6a6-CDG
expires: Tue, 16 Aug 2022 16:05:30 GMT

GET
H2 200 vast-player.min.js Show response
cdn.umh.ua/libs/vast/vast-player/ Frame E56A 64 KB
23 KB 40ms
39ms Script
application/javascript 78.159.118.240
LEASEWEB-DE-FRA-10

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.umh.ua/libs/vast/vast-player/vast-player.min.js

Requested by

Host: cdn.umh.ua
URL: https://cdn.umh.ua/libs/vast/vast-player/contentroll.html?advMediaId=zone_1179888271_MEKSfIllJRsQ&ADTAG=https://z.cdn.umh.ua/load?o=v&z=1179888271&u=7be2aa7549820401&sr=1600x1200&cw=1600&ch=1200&hc=4&pl=3&mi=4&me=8.00&df=64&bh=2&tl=906&n=2797753744&url=korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&vc=Intel%20Iris%20OpenGL%20Engine&zyx=637049293

Protocol

Security

TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305

Server

78.159.118.240 , Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE),

Reverse DNS

hosted-by.leaseweb.com

Software

nginx /

Resource Hash

d9d9a1fec49726428028512605f0e7e446629f0c4fcc761c8b3af57460e1ae99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.umh.ua/libs/vast/vast-player/contentroll.html?advMediaId=zone_1179888271_MEKSfIllJRsQ&ADTAG=https://z.cdn.umh.ua/load?o=v&z=1179888271&u=7be2aa7549820401&sr=1600x1200&cw=1600&ch=1200&hc=4&pl=3&mi=4&me=8.00&df=64&bh=2&tl=906&n=2797753744&url=korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&vc=Intel%20Iris%20OpenGL%20Engine&zyx=637049293
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
vary: Accept-Encoding
x-xss-protection: 1; mode=block;
last-modified: Tue, 01 Mar 2022 15:54:34 GMT
server: nginx
etag: W/"621e41ba-1017c"
access-control-max-age: 1728000
access-control-allow-methods: GET, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=86400
access-control-allow-credentials: true
access-control-allow-headers: X-PINGOTHER
expires: Wed, 17 Aug 2022 13:05:30 GMT

GET
H2 200 c.html Show response
cdn.admixer.net/scripts3/48427/ Frame 391C 738 B
519 B 101ms
100ms Document
text/html 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/48427/c.html?b=48427
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 6226df8c5bdf6ffda14992098c849dc8033db63fffd71d912056908385b3ba99

Request headers

Referer: https://korrespondent.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache: HIT
cache-control: max-age=31622400
content-encoding: gzip
content-type: text/html
date: Tue, 16 Aug 2022 13:05:30 GMT
etag: W/"62e28a7b-2e2"
expires: Sat, 29 Jul 2023 13:10:15 GMT
last-modified: Thu, 28 Jul 2022 13:09:15 GMT
server: nginx
vary: Accept-Encoding
x-cached-since: 2022-07-28T13:10:15+00:00
x-id: fr5-up-gc34

GET
H2 200 a21031c0f6a0994b3314.b.js Show response
cdn.admixer.net/scripts3/48427/ 23 KB
8 KB 105ms
104ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/48427/a21031c0f6a0994b3314.b.js
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 680f6e9a0e9f9d8c145e11d6937f688ff4299215d44bf0a54368ffc6acdbfc51

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-id: fr5-up-gc34
date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
last-modified: Thu, 28 Jul 2022 13:09:13 GMT
server: nginx
etag: W/"62e28a79-5d41"
vary: Accept-Encoding
x-cached-since: 2022-07-28T13:10:15+00:00
content-type: application/javascript
cache-control: max-age=31622400
cache: HIT
expires: Sat, 29 Jul 2023 13:10:15 GMT

GET
H2 200 0a75d04ce9f53a1a35b6.b.js Show response
cdn.admixer.net/scripts3/48427/ 75 KB
20 KB 114ms
113ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/48427/0a75d04ce9f53a1a35b6.b.js
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: ecd2e45fcd6ed0f17eaefccd72cdb8253be8673636adcbf3f8902aeeed654fe2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-id: fr5-up-gc34
date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
last-modified: Thu, 28 Jul 2022 13:09:02 GMT
server: nginx
etag: W/"62e28a6e-12c39"
vary: Accept-Encoding
x-cached-since: 2022-07-28T13:10:15+00:00
content-type: application/javascript
cache-control: max-age=31622400
cache: HIT
expires: Sat, 29 Jul 2023 13:10:15 GMT

GET
H2 200 c.html Show response
cdn.admixer.net/scripts3/48427/ Frame EAA6 738 B
405 B 100ms
99ms Document
text/html 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/48427/c.html?b=48427
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 6226df8c5bdf6ffda14992098c849dc8033db63fffd71d912056908385b3ba99

Request headers

Referer: https://korrespondent.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache: HIT
cache-control: max-age=31622400
content-encoding: gzip
content-type: text/html
date: Tue, 16 Aug 2022 13:05:30 GMT
etag: W/"62e28a7b-2e2"
expires: Sat, 29 Jul 2023 13:10:15 GMT
last-modified: Thu, 28 Jul 2022 13:09:15 GMT
server: nginx
vary: Accept-Encoding
x-cached-since: 2022-07-28T13:10:15+00:00
x-id: fr5-up-gc34

GET
H2 200 impress Show response
ad.mox.tv/delivery/ 1 KB
781 B 65ms
62ms XHR
application/json 190.2.151.10
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.mox.tv/delivery/impress?ctype=iframe&pzoneid=6795&height=250&width=300&tld=korrespondent.net&in_iframe=&position=atf&screen_width=1600&screen_height=1200&top_domain=korrespondent.net&top_url=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&domain=korrespondent.net&url=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&referrer=&async=1&uid=5109910484
Requested by: Host: ad.mox.tv
URL: https://ad.mox.tv/mox/mwayss_invocation.min.js?pzoneid=6795&height=250&width=300&tld=korrespondent.net&ctype=iframe
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 190.2.151.10 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 190-2-151-10.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 4f23f0187fb4902297212c0c271a5dab5f689c9658405bfbd0844591f3680440

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-origin: https://korrespondent.net
date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: application/json; charset=utf-8

GET
H3 200 4.korrespondent.net.654324.es6.js Show response
jsc.mgid.com/4/k/ 321 KB
81 KB 78ms
77ms Script
text/javascript 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://jsc.mgid.com/4/k/4.korrespondent.net.654324.es6.js
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/4/k/4.korrespondent.net.654324.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 08b1dd227c9b93b411c2dfc594331da8d304ba1659f07307c04991f5626f062b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: br
cf-cache-status: HIT
age: 6231
cf-polished: origSize=328589
last-modified: Fri, 05 Aug 2022 08:11:07 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: PGYCWG2J82WAK2ZC
x-amz-id-2: 2ex6Qr6c6AfLnoB5ArzEX+35pfaF+LV+13sQZcrAk2hKV7wofzRWBO2U21si/kNbOC6SaOUGrYc=
cf-bgj: minify
server: cloudflare
etag: W/"048b4d6e628dae711f1dbe66b9df2704"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=10800
x-amz-version-id: NZS46yg4kdeUhIMvNU.0C3kGOj7mu_7y
cf-ray: 73ba61c4fcb5d6a6-CDG
expires: Tue, 16 Aug 2022 16:05:30 GMT

GET
H3 200 korrespondent.net.971150.es6.js Show response
jsc.mgid.com/k/o/ 263 KB
76 KB 48ms
48ms Script
text/javascript 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://jsc.mgid.com/k/o/korrespondent.net.971150.es6.js
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/k/o/korrespondent.net.971150.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f1ceeece1517ef8d970dc3fb8a66680a5a0f14167754ab830cad880fd7efa8d4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: br
cf-cache-status: HIT
age: 6222
cf-polished: origSize=269241
last-modified: Fri, 05 Aug 2022 08:08:43 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 6Q491F54JAVXMHNV
x-amz-id-2: SzLoew7BoBQayYJlly+oKBQ/qOHmWy019onXnPUKLY875zo6LpmCiLx94wkXHIyqbXBxreFdp+Q=
cf-bgj: minify
server: cloudflare
etag: W/"086c542811b4a6fa39fbe18083c73c30"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=10800
x-amz-version-id: dQ0C8D7pwvahHG0n3PQkOTcbx2SeuLXN
cf-ray: 73ba61c4fcbad6a6-CDG
expires: Tue, 16 Aug 2022 16:05:30 GMT

GET
H2 204 load Show response
z.cdn.umh.ua/ Frame 536A 0
355 B 53ms
16ms XHR
text/plain 78.159.118.240
LEASEWEB-DE-FRA-10

General

Check archive.org

Show headers Download Go to

Full URL: https://z.cdn.umh.ua/load?o=v&z=1392847469&u=7be2aa7549820401&sr=1600x1200&cw=1600&ch=1200&hc=4&pl=3&mi=4&me=8.00&df=64&bh=2&tl=906&n=2797753744&url=korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&vc=Intel%20Iris%20OpenGL%20Engine&zyx=637049293
Requested by: Host: cdn.umh.ua
URL: https://cdn.umh.ua/libs/vast/vast-player/vast-player.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server: 78.159.118.240 , Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE),
Reverse DNS: hosted-by.leaseweb.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.umh.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:30 GMT
server: nginx
p3p: policyref="/p3p.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: https://cdn.umh.ua
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
expires: -1

GET
H2 204 load Show response
z.cdn.umh.ua/ Frame E56A 0
356 B 52ms
16ms XHR
text/plain 78.159.118.240
LEASEWEB-DE-FRA-10

General

Check archive.org

Show headers Download Go to

Full URL: https://z.cdn.umh.ua/load?o=v&z=1179888271&u=7be2aa7549820401&sr=1600x1200&cw=1600&ch=1200&hc=4&pl=3&mi=4&me=8.00&df=64&bh=2&tl=906&n=2797753744&url=korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&vc=Intel%20Iris%20OpenGL%20Engine&zyx=637049293
Requested by: Host: cdn.umh.ua
URL: https://cdn.umh.ua/libs/vast/vast-player/vast-player.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server: 78.159.118.240 , Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE),
Reverse DNS: hosted-by.leaseweb.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.umh.ua/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:30 GMT
server: nginx
p3p: policyref="/p3p.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: https://cdn.umh.ua
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
expires: -1

GET
H2 200 login_ru.js Show response
id.korrespondent.net/js/lang/ 4 KB
2 KB 71ms
70ms Script
text/javascript 193.29.200.151
UMHAS

General

Check archive.org

Show headers Download Go to

Full URL: https://id.korrespondent.net/js/lang/login_ru.js
Requested by: Host: jskor.ill.in.ua
URL: https://jskor.ill.in.ua/js/jq/jquery.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.29.200.151 , Ukraine, ASN197203 (UMHAS, UA),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 5d98508b439fcb46ceb1ac820d5fa1eba8c297a509a340f5b3b5555e55b1f55d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:29 GMT
content-encoding: gzip
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=86400
expires: Tue, 16 Aug 2022 23:05:30 GMT

GET
H2 200 mwayss_invocation.min.js Show response
ad.mox.tv/mox/ Frame EBAA 29 KB
10 KB 27ms
26ms Script
application/javascript 190.2.151.10
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.mox.tv/mox/mwayss_invocation.min.js?pzoneid=6798&height=250&width=300&tld=korrespondent.net&ctype=div
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 190.2.151.10 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 190-2-151-10.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 314349e78d72853d2c7b322d616e9a29b53957cf702ddc99766495fbb258d31d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
last-modified: Tue, 07 Dec 2021 16:48:38 GMT
server: nginx/1.14.0 (Ubuntu)
etag: W/"61af9066-72a8"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600, public, max-age=3600
expires: Tue, 16 Aug 2022 14:05:30 GMT

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame EBAA 375 KB
125 KB 109ms
61ms Script
text/javascript 2a00:1450:400e:80c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: ad.mox.tv
URL: https://ad.mox.tv/mox/mwayss_invocation.min.js?pzoneid=6795&height=250&width=300&tld=korrespondent.net&ctype=iframe

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:80c::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5ee00fad2265577bc5be56bc69c1e8c1071a4b201a5b9bd523c7204a54c31a28

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 127726
x-xss-protection: 0
expires: Tue, 16 Aug 2022 13:05:30 GMT

GET
H2 200 mwayss_invocation.min.css
ad.mox.tv/mox/ Frame EBAA 3 KB
850 B 27ms
27ms Stylesheet
text/css 190.2.151.10
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.mox.tv/mox/mwayss_invocation.min.css
Requested by: Host: ad.mox.tv
URL: https://ad.mox.tv/mox/mwayss_invocation.min.js?pzoneid=6795&height=250&width=300&tld=korrespondent.net&ctype=iframe
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 190.2.151.10 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 190-2-151-10.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 60f74110267d386c033ca330fc5bbd7d2472c972b63b33fa8000e87c8f815de6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
last-modified: Wed, 10 Jun 2020 14:52:51 GMT
server: nginx/1.14.0 (Ubuntu)
etag: W/"5ee0f3c3-a0a"
vary: Accept-Encoding
content-type: text/css

GET
H2 200 mwayss_invocation.iframe.min.css
ad.mox.tv/mox/ Frame EBAA 40 B
200 B 28ms
27ms Stylesheet
text/css 190.2.151.10
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.mox.tv/mox/mwayss_invocation.iframe.min.css
Requested by: Host: ad.mox.tv
URL: https://ad.mox.tv/mox/mwayss_invocation.min.js?pzoneid=6795&height=250&width=300&tld=korrespondent.net&ctype=iframe
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 190.2.151.10 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 190-2-151-10.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 334ff4c8e9f20c31bfe49e4f097a08ab9a249180d04b2939832f45eb594eb835

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
last-modified: Wed, 10 Jun 2020 14:52:51 GMT
server: nginx/1.14.0 (Ubuntu)
etag: W/"5ee0f3c3-28"
vary: Accept-Encoding
content-type: text/css

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 170 KB
57 KB 79ms
37ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3755662197386269

Requested by

Host: z.cdn.umh.ua
URL: https://z.cdn.umh.ua/load?z=1479810766&div=zone_1479810766&cw=1600&ch=1200&sr=1600x1200&df=1&bh=2&tl=906&pl=3&mi=4&me=8&hc=4&n=1660655129967&url=korrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&vc=Intel%20Iris%20OpenGL%20Engine&ti=%D0%92%D0%A1%D0%A3%20%D1%83%D0%BD%D0%B8%D1%87%D1%82%D0%BE%D0%B6%D0%B8%D0%BB%D0%B8%20%D0%B1%D0%B0%D0%B7%D1%83%20%D0%A7%D0%92%D0%9A%20%D0%92%D0%B0%D0%B3%D0%BD%D0%B5%D1%80%D0%B0%20%D0%B2%20%D0%9F%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%BE%D0%B9%20-%20Korrespondent.net&zyx=3699735494

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

46d70ca597acf6ac920dc348b4e09fecd016a6c59bbf450e9d627fee569754d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://korrespondent.net/
Origin: https://korrespondent.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57429
x-xss-protection: 0
server: cafe
etag: 1361913413142051792
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 16 Aug 2022 13:05:30 GMT

GET
H2 200 load Show response
z.cdn.umh.ua/ 2 KB
1016 B 26ms
24ms Script
application/javascript 78.159.118.240
LEASEWEB-DE-FRA-10

General

Check archive.org

Show headers Download Go to

Full URL: https://z.cdn.umh.ua/load?z=2024485967&div=zone_2024485967&cw=1600&ch=1200&sr=1600x1200&df=1&bh=2&tl=906&pl=3&mi=4&me=8&hc=4&n=1660655129967&url=korrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&vc=Intel%20Iris%20OpenGL%20Engine&ti=%D0%92%D0%A1%D0%A3%20%D1%83%D0%BD%D0%B8%D1%87%D1%82%D0%BE%D0%B6%D0%B8%D0%BB%D0%B8%20%D0%B1%D0%B0%D0%B7%D1%83%20%D0%A7%D0%92%D0%9A%20%D0%92%D0%B0%D0%B3%D0%BD%D0%B5%D1%80%D0%B0%20%D0%B2%20%D0%9F%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%BE%D0%B9%20-%20Korrespondent.net&zyx=3699735494
Requested by: Host: cdn.umh.ua
URL: https://cdn.umh.ua/libs/e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server: 78.159.118.240 , Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE),
Reverse DNS: hosted-by.leaseweb.com
Software: nginx /
Resource Hash: 6f57484d22ef9faa69a3df351c80cea598f524c8f0d83010c4ea8aa17f3a8eb5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
server: nginx
content-type: application/javascript; charset=utf-8
cache-control: no-cache, must-revalidate
content-length: 863
expires: -1

GET
H2 204 load Show response
z.cdn.umh.ua/ 0
94 B 23ms
23ms Script
text/plain 78.159.118.240
LEASEWEB-DE-FRA-10

General

Check archive.org

Show headers Download Go to

Full URL: https://z.cdn.umh.ua/load?z=1853094485&div=zone_1853094485&cw=1600&ch=1200&sr=1600x1200&df=1&bh=2&tl=906&pl=3&mi=4&me=8&hc=4&n=1660655129967&url=korrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&vc=Intel%20Iris%20OpenGL%20Engine&ti=%D0%92%D0%A1%D0%A3%20%D1%83%D0%BD%D0%B8%D1%87%D1%82%D0%BE%D0%B6%D0%B8%D0%BB%D0%B8%20%D0%B1%D0%B0%D0%B7%D1%83%20%D0%A7%D0%92%D0%9A%20%D0%92%D0%B0%D0%B3%D0%BD%D0%B5%D1%80%D0%B0%20%D0%B2%20%D0%9F%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%BE%D0%B9%20-%20Korrespondent.net&zyx=3699735494
Requested by: Host: cdn.umh.ua
URL: https://cdn.umh.ua/libs/e.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server: 78.159.118.240 , Germany, ASN28753 (LEASEWEB-DE-FRA-10, DE),
Reverse DNS: hosted-by.leaseweb.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:30 GMT
cache-control: no-cache, must-revalidate
server: nginx
expires: -1

GET
H2 200 mwayss_invocation.min.js Show response
ad.mox.tv/mox/ 29 KB
10 KB 25ms
24ms Script
application/javascript 190.2.151.10
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.mox.tv/mox/mwayss_invocation.min.js?pzoneid=784&height=600&width=300&tld=korrespondent.net&ctype=div
Requested by: Host: z.cdn.umh.ua
URL: https://z.cdn.umh.ua/load?z=1526170517&div=zone_1526170517&cw=1600&ch=1200&sr=1600x1200&df=1&bh=2&tl=906&pl=3&mi=4&me=8&hc=4&n=1660655129967&url=korrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&vc=Intel%20Iris%20OpenGL%20Engine&ti=%D0%92%D0%A1%D0%A3%20%D1%83%D0%BD%D0%B8%D1%87%D1%82%D0%BE%D0%B6%D0%B8%D0%BB%D0%B8%20%D0%B1%D0%B0%D0%B7%D1%83%20%D0%A7%D0%92%D0%9A%20%D0%92%D0%B0%D0%B3%D0%BD%D0%B5%D1%80%D0%B0%20%D0%B2%20%D0%9F%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%BE%D0%B9%20-%20Korrespondent.net&zyx=3699735494
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 190.2.151.10 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 190-2-151-10.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 314349e78d72853d2c7b322d616e9a29b53957cf702ddc99766495fbb258d31d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
last-modified: Tue, 07 Dec 2021 16:48:38 GMT
server: nginx/1.14.0 (Ubuntu)
etag: W/"61af9066-72a8"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600, public, max-age=3600
expires: Tue, 16 Aug 2022 14:05:30 GMT

GET
H2 200 1 Show response
go.rcvlink.com/cs/1/ Frame 895E 34 B
237 B 43ms
42ms Script
text/javascript 136.243.84.74
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://go.rcvlink.com/cs/1/1
Requested by: Host: go.rcvlink.com
URL: https://go.rcvlink.com/static/main.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.84.74 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.74.84.243.136.clients.your-server.de
Software: nginx /
Resource Hash: e3268172611300a1811f5ce65e6eee8a08b6badd3f7ed0ed2c12a45deb717180

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
server: nginx
content-type: text/javascript;charset=utf-8
access-control-allow-origin: *
hn: b28
cache-control: private, max-age=315360000
expires: Fri, 13 Aug 2032 16:05:30 +0300

GET
H/1.1 200
OK dsp.aspx Show response
inv-nets.admixer.net/ 222 B
674 B 101ms
18ms Script
application/javascript 146.0.227.110
VELIANET-AS velia...

General

Check archive.org

Show headers Download Go to

Full URL

https://inv-nets.admixer.net/dsp.aspx?sender=admixer&rct=4&v=2.0&rnd=3880902687423941.5&cpv=fb63e226-e0b1-88f1-a769-c779c0c3e30e&responseType=default&uids=%7B%7D&fpd=%7B%7D&kvTargeting=%7B%7D&data=%7B%22id%22%3A%22cb4ccb63-96c4-117e-0c58-4aa349c8f7a6%22%2C%22site%22%3A%7B%22page%22%3A%22https%253A%252F%252Fkorrespondent.net%252Fukraine%252F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi%22%2C%22ref%22%3A%22%22%2C%22sf%22%3A0%7D%2C%22device%22%3A%7B%22ua%22%3A%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F104.0.5112.79%20Safari%2F537.36%22%2C%22sr%22%3A%221600x1200%22%7D%2C%22labels%22%3A%7B%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22822f298f-4d16-f70d-ca68-1e0a8b23a018%22%2C%22tagid%22%3A%22e5fd91e8-bd2f-4dfd-8828-56f30e9914b6%22%2C%22ext%22%3A%7B%22ph%22%3A%22admixer1624934371%22%2C%22pos%22%3A0%2C%22inView%22%3A0%7D%2C%22sender%22%3A%22admixer%22%2C%22responseType%22%3Anull%7D%5D%2C%22allimps%22%3A1%7D&am-uid=null&3rdEnabled=true&3rd=true

Requested by

Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

146.0.227.110 , Ascension Island, ASN29066 (VELIANET-AS velia.net Internetdienste GmbH, DE),

Reverse DNS

Software

nginx /

Resource Hash

246a6d3c5f907838da64e3caab0a93a8443c7f4b32e4e6c1419f9e5e4b871429

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:30 GMT
Content-Encoding: gzip
Server: nginx
P3p: CP="NID DSP ALL COR"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Keep-Alive: timeout=25
Content-Length: 201
X-Xss-Protection: 0

GET
H2 200 impress Show response
ad.mox.tv/delivery/ Frame EBAA 21 KB
12 KB 159ms
156ms XHR
application/json 190.2.151.10
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.mox.tv/delivery/impress?ctype=div&pzoneid=6798&height=250&width=300&tld=korrespondent.net&in_iframe=1&position=atf&screen_width=1600&screen_height=1200&top_domain=korrespondent.net&top_url=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&domain=korrespondent.net&url=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&referrer=&async=1&uid=9629168616
Requested by: Host: ad.mox.tv
URL: https://ad.mox.tv/mox/mwayss_invocation.min.js?pzoneid=6798&height=250&width=300&tld=korrespondent.net&ctype=div
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 190.2.151.10 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 190-2-151-10.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: da94a3a7fb34f75dfd4dffaa941e6153a5bf855317db76dbdcaabd416c6206f5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-origin: https://korrespondent.net
date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: application/json; charset=utf-8

GET
H2 200 mwayss_invocation.min.js Show response
ad.mox.tv/mox/ 29 KB
10 KB 27ms
24ms Script
application/javascript 190.2.151.10
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.mox.tv/mox/mwayss_invocation.min.js?pzoneid=777&height=405&width=720&tld=korrespondent.net&ctype=div
Requested by: Host: z.cdn.umh.ua
URL: https://z.cdn.umh.ua/load?z=2024485967&div=zone_2024485967&cw=1600&ch=1200&sr=1600x1200&df=1&bh=2&tl=906&pl=3&mi=4&me=8&hc=4&n=1660655129967&url=korrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&vc=Intel%20Iris%20OpenGL%20Engine&ti=%D0%92%D0%A1%D0%A3%20%D1%83%D0%BD%D0%B8%D1%87%D1%82%D0%BE%D0%B6%D0%B8%D0%BB%D0%B8%20%D0%B1%D0%B0%D0%B7%D1%83%20%D0%A7%D0%92%D0%9A%20%D0%92%D0%B0%D0%B3%D0%BD%D0%B5%D1%80%D0%B0%20%D0%B2%20%D0%9F%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%BE%D0%B9%20-%20Korrespondent.net&zyx=3699735494
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 190.2.151.10 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 190-2-151-10.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 314349e78d72853d2c7b322d616e9a29b53957cf702ddc99766495fbb258d31d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
last-modified: Tue, 07 Dec 2021 16:48:38 GMT
server: nginx/1.14.0 (Ubuntu)
etag: W/"61af9066-72a8"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600, public, max-age=3600
expires: Tue, 16 Aug 2022 14:05:30 GMT

GET
BLOB 200
OK 9207246a-e718-4adf-8036-aa7d00b7fc85
https://korrespondent.net/ 0
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://korrespondent.net/9207246a-e718-4adf-8036-aa7d00b7fc85
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Length: 0
Content-Type: text/javascript

GET
BLOB 200
OK fd730ec5-5ce7-4be4-938f-9d9a219653cc
https://korrespondent.net/ 245 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://korrespondent.net/fd730ec5-5ce7-4be4-938f-9d9a219653cc
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d68edf3c87c6a6d87223649e8162ef1584ea6faad6f20e80fdd5f72c21b16a17

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Length: 245
Content-Type: text/javascript

GET
H2 200 impress Show response
ad.mox.tv/delivery/ 19 KB
11 KB 64ms
63ms XHR
application/json 190.2.151.10
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.mox.tv/delivery/impress?ctype=div&pzoneid=784&height=600&width=300&tld=korrespondent.net&in_iframe=&position=atf&screen_width=1600&screen_height=1200&top_domain=korrespondent.net&top_url=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&domain=korrespondent.net&url=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&referrer=&async=1&uid=4830318070
Requested by: Host: ad.mox.tv
URL: https://ad.mox.tv/mox/mwayss_invocation.min.js?pzoneid=784&height=600&width=300&tld=korrespondent.net&ctype=div
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 190.2.151.10 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 190-2-151-10.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: cd7b4bc60a8dfb9ea5a33a4e7365aff00eed163477685eca6c13f8cbcbc77dc7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-origin: https://korrespondent.net
date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: application/json; charset=utf-8

GET
H2 200 / Show response
c.mgid.com/pv/ 0
44 B 124ms
115ms Script
text/plain 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.mgid.com/pv/?pv=5&cbuster=166065513055118870723&uniqId=0f91b&lct=1659657600&niet=4g&nisd=false&jsv=es6&ref=&cxurl=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&lu=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&sessionId=62fb961b-045c1&pageView=1&pvid=182a6c257b7b9ee9958&site=423239&implVersion=11&dpr=1
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/k/o/korrespondent.net.1283487.es6.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 73ba61c61c639a06-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"

GET
BLOB 200
OK 45e621f8-3e00-4bec-89ef-e236f73f83e7
https://korrespondent.net/ 0
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://korrespondent.net/45e621f8-3e00-4bec-89ef-e236f73f83e7
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Length: 0
Content-Type: text/javascript

GET
BLOB 200
OK 2a6a61b4-1e74-4324-9d6e-d869976a0589
https://korrespondent.net/ 245 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://korrespondent.net/2a6a61b4-1e74-4324-9d6e-d869976a0589
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d68edf3c87c6a6d87223649e8162ef1584ea6faad6f20e80fdd5f72c21b16a17

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Length: 245
Content-Type: text/javascript

GET
BLOB 206
Partial Content 3a5ed93f-bf9d-4bdb-b9e5-9ac733d8e8c4
https://korrespondent.net/ 1 KB
0 Media
video/mp4

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://korrespondent.net/3a5ed93f-bf9d-4bdb-b9e5-9ac733d8e8c4
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 60ddc774c7b5fd0c01d169321a444da403d60c0042f6bee01b0c96f6e1535fda

Request headers

Referer
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Range: bytes=0-

Response headers

Content-Range: bytes 0-1492/1493
Content-Length: 1493
Content-Type: video/mp4

GET
H2 200 impress Show response
ad.mox.tv/delivery/ 68 KB
19 KB 243ms
243ms XHR
application/json 190.2.151.10
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.mox.tv/delivery/impress?ctype=div&pzoneid=777&height=405&width=720&tld=korrespondent.net&in_iframe=&position=atf&screen_width=1600&screen_height=1200&top_domain=korrespondent.net&top_url=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&domain=korrespondent.net&url=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&referrer=&async=1&uid=3758345174
Requested by: Host: ad.mox.tv
URL: https://ad.mox.tv/mox/mwayss_invocation.min.js?pzoneid=777&height=405&width=720&tld=korrespondent.net&ctype=div
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 190.2.151.10 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 190-2-151-10.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: ab6733930ef4cc96ede3c97152a1017f8d5af725d44d59ff884c804907dbd787

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-origin: https://korrespondent.net
date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: application/json; charset=utf-8

GET
H2 200 iframe.htm Show response
go.rcvlink.com/static/ Frame 8E7E 18 KB
8 KB 44ms
43ms Document
text/html 136.243.84.74
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://go.rcvlink.com/static/iframe.htm
Requested by: Host: go.rcvlink.com
URL: https://go.rcvlink.com/static/main.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.84.74 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.74.84.243.136.clients.your-server.de
Software: nginx /
Resource Hash: 419d32b91af4527e64fb23db098f7e4f5d030b63afeddf07ec593640c4a6fb7e

Request headers

Referer: https://korrespondent.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=86400
content-encoding: gzip
content-type: text/html
date: Tue, 16 Aug 2022 13:05:30 GMT
etag: W/"62f53f20-48ba"
expires: Wed, 17 Aug 2022 13:05:30 GMT
last-modified: Thu, 11 Aug 2022 17:40:48 GMT
server: nginx

GET
H2 200 iframe.htm Show response
go.rcvlink.com/static/ Frame 45C8 18 KB
8 KB 44ms
44ms Document
text/html 136.243.84.74
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://go.rcvlink.com/static/iframe.htm
Requested by: Host: go.rcvlink.com
URL: https://go.rcvlink.com/static/main.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.84.74 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.74.84.243.136.clients.your-server.de
Software: nginx /
Resource Hash: 419d32b91af4527e64fb23db098f7e4f5d030b63afeddf07ec593640c4a6fb7e

Request headers

Referer: https://korrespondent.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=86400
content-encoding: gzip
content-type: text/html
date: Tue, 16 Aug 2022 13:05:30 GMT
etag: W/"62f53f20-48ba"
expires: Wed, 17 Aug 2022 13:05:30 GMT
last-modified: Thu, 11 Aug 2022 17:40:48 GMT
server: nginx

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208090101/ 340 KB
120 KB 85ms
52ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-3755662197386269&plah=korrespondent.net

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3755662197386269

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8b99d6e31e03e67738e06651cbf8b52607afede1f7648c9d2cba471f85dc49e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 122753
x-xss-protection: 0
server: cafe
etag: 6586094395971051362
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 16 Aug 2022 13:05:30 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220811/r20190131/ Frame FF37 10 KB
5 KB 201ms
16ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220811/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-3755662197386269

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

de317176fa6b64a8e89bbd45d20b6be2560bbfa96e7e53e63eb754e18bfe6c1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://korrespondent.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 23855
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4412
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 16 Aug 2022 06:27:55 GMT
etag: 8616628553774171045
expires: Tue, 30 Aug 2022 06:27:55 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 p-gsmZhdaUra0N6.gif
pixel.quantserve.com/pixel/ 35 B
210 B 19ms
19ms Image
image/gif 2620:116:800d:21:b314:a0ef:ab7c:d546
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel/p-gsmZhdaUra0N6.gif

Requested by

Host: ad.mox.tv
URL: https://ad.mox.tv/mox/mwayss_invocation.min.js?pzoneid=784&height=600&width=300&tld=korrespondent.net&ctype=div

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:b314:a0ef:ab7c:d546 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:30 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 magic.png
bgstats.mox.tv/ 0
65 B 46ms
45ms Image
image/png 167.71.9.19
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bgstats.mox.tv/magic.png
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 167.71.9.19 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
server: nginx/1.14.0 (Ubuntu)
content-length: 0
content-type: image/png

GET
H2 200 p-gsmZhdaUra0N6.gif
pixel.quantserve.com/pixel/ Frame EBAA 35 B
210 B 19ms
18ms Image
image/gif 2620:116:800d:21:b314:a0ef:ab7c:d546
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel/p-gsmZhdaUra0N6.gif

Requested by

Host: ad.mox.tv
URL: https://ad.mox.tv/mox/mwayss_invocation.min.js?pzoneid=6798&height=250&width=300&tld=korrespondent.net&ctype=div

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:b314:a0ef:ab7c:d546 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:30 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET

sync
ad.invamia.com/delivery/ Frame EBAA
Redirect Chain

https://x.bidswitch.net/sync?ssp=prodoohmox&user_id=eb6718de-e878-4354-bdc2-2720b7ae6d50&gdpr=0&gdpr_consent=
https://ads.betweendigital.com/match?bidder_id=43092&gdpr=0&consent=&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dprodoohmox%26expires%3D30%...
https://ads.betweendigital.com/match?bidder_id=43092&gdpr=0&consent=&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dprodoohmox%26expires%3D30%...
https://x.bidswitch.net/sync?dsp_id=429&user_id=556cf06d-c475-52e4-a0a4-b5c3c25f23d8&ssp=prodoohmox&expires=30&user_group=1&gdpr=0&gdpr_consent=
https://ad.mox.tv/delivery/sync?userid=ad1f481a-c69d-4a57-831b-33e7fddbf07f
https://ad.mediawayss.com/delivery/sync?userid=ad1f481a-c69d-4a57-831b-33e7fddbf07f&inner_redirect=1&inner_uuid=eb6718de-e878-4354-bdc2-2720b7ae6d50&redirect_host_list=YWQub3V0c3RyZWFtLnRvZGF5LGFkL...
https://ad.outstream.today/delivery/sync?userid=ad1f481a-c69d-4a57-831b-33e7fddbf07f&inner_redirect=1&inner_uuid=eb6718de-e878-4354-bdc2-2720b7ae6d50&redirect_host_list=YWQuYWRvcHgubmV0LGFkLmludmFt...
https://ad.adopx.net/delivery/sync?userid=ad1f481a-c69d-4a57-831b-33e7fddbf07f&inner_redirect=1&inner_uuid=eb6718de-e878-4354-bdc2-2720b7ae6d50&redirect_host_list=YWQuaW52YW1pYS5jb20sYWQudmlkdmVydG...
https://ad.invamia.com/delivery/sync?userid=ad1f481a-c69d-4a57-831b-33e7fddbf07f&inner_redirect=1&inner_uuid=eb6718de-e878-4354-bdc2-2720b7ae6d50&redirect_host_list=YWQudmlkdmVydG8uaW8sYWQudmlkdmVy...

0
0

GET
H2 200 swiper-bundle.min.css
unpkg.com/swiper@7.3.0/ Frame EBAA 15 KB
4 KB 77ms
77ms Stylesheet
text/css 2606:4700::6810:7baf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/swiper@7.3.0/swiper-bundle.min.css

Requested by

Host: ad.mox.tv
URL: https://ad.mox.tv/mox/mwayss_invocation.min.js?pzoneid=6798&height=250&width=300&tld=korrespondent.net&ctype=div

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7baf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6ca8fddb17d96df80923b284c7e07888f947eb3dd03974cd31e85f4d5e9dc6dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
age: 23426136
fly-request-id: 01FMS77QYFR7T91A14VZPZC4YW
content-encoding: br
vary: Accept-Encoding
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: cloudflare
etag: W/"3ccb-bbg35pXUy1EXOpXHxlwOip0M+cE"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 73ba61c6e8d7cc5a-ZRH

GET
H2 200 achernar.min.js Show response
ad.mox.tv/js/achernar/ Frame EBAA 11 KB
4 KB 28ms
27ms Script
application/javascript 190.2.151.10
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.mox.tv/js/achernar/achernar.min.js
Requested by: Host: ad.mox.tv
URL: https://ad.mox.tv/mox/mwayss_invocation.min.js?pzoneid=6798&height=250&width=300&tld=korrespondent.net&ctype=div
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 190.2.151.10 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 190-2-151-10.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: fce742d7814055a224b9e7b2a36bccfba4547644a968e838bf0b9d2f730866dc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
last-modified: Mon, 21 Feb 2022 14:47:09 GMT
server: nginx/1.14.0 (Ubuntu)
etag: W/"6213a5ed-2b1e"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600, public, max-age=3600
expires: Tue, 16 Aug 2022 14:05:30 GMT

GET
H2 200 prebid.js Show response
ad.mox.tv/js/achernar/ Frame EBAA 266 KB
82 KB 32ms
31ms Script
application/javascript 190.2.151.10
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.mox.tv/js/achernar/prebid.js
Requested by: Host: ad.mox.tv
URL: https://ad.mox.tv/mox/mwayss_invocation.min.js?pzoneid=6798&height=250&width=300&tld=korrespondent.net&ctype=div
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 190.2.151.10 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 190-2-151-10.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 78f755249da2fa29690828464594f09814fc9a3d73cd197df9e146da64efa4fd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
last-modified: Mon, 27 Jun 2022 07:46:03 GMT
server: nginx/1.14.0 (Ubuntu)
etag: W/"62b9603b-429d0"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600, public, max-age=3600
expires: Tue, 16 Aug 2022 14:05:30 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame EBAA 83 KB
28 KB 132ms
131ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: ad.mox.tv
URL: https://ad.mox.tv/mox/mwayss_invocation.min.js?pzoneid=6798&height=250&width=300&tld=korrespondent.net&ctype=div

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2cd70243017eddd6d2f7394662040bc749411928b1e8277dce04b5cc8364eb64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28649
x-xss-protection: 0
server: sffe
etag: "1305 / 244 of 1000 / last-modified: 1660648126"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 16 Aug 2022 13:05:30 GMT

GET
H2 200 swiper-bundle.min.js Show response
unpkg.com/swiper@7.3.0/ Frame EBAA 132 KB
38 KB 42ms
42ms Script
application/javascript 2606:4700::6810:7baf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/swiper@7.3.0/swiper-bundle.min.js

Requested by

Host: ad.mox.tv
URL: https://ad.mox.tv/mox/mwayss_invocation.min.js?pzoneid=6798&height=250&width=300&tld=korrespondent.net&ctype=div

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7baf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

159c24eb0b9d044c0507e36e693d0ff23bbb990ae90523cc25f3683253ee43d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
age: 23426178
fly-request-id: 01FMS76ETJSXZKGZGFZVHH4A5S
content-encoding: br
vary: Accept-Encoding
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
server: cloudflare
etag: W/"211c1-rxAEOIj0DtL1iihSDpsruCFXSHs"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 73ba61c6e8dacc5a-ZRH

GET
H2 204 /
onetag-sys.com/usync/ Frame 3984 0
0 244ms
43ms Document
text/plain 51.89.9.252
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=46218987a9da2b5

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.252 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip252.ip-51-89-9.eu

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://korrespondent.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store
strict-transport-security: max-age=15552000

GET
H2 200 magic.png
bgstats.mox.tv/ Frame EBAA 0
65 B 45ms
45ms Image
image/png 167.71.9.19
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bgstats.mox.tv/magic.png
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 167.71.9.19 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
server: nginx/1.14.0 (Ubuntu)
content-length: 0
content-type: image/png

GET
H2 200 mgid_ua.svg
cdn.mgid.com/images/mgid/ 2 KB
1 KB 39ms
24ms Image
image/svg+xml 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.mgid.com/images/mgid/mgid_ua.svg
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 70d5c4de881e718d0b7638959680ba86722d44eecbe4058d20dd77b8d0d97155

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: br
cf-cache-status: HIT
age: 4349
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 31SG1V0WFRNKXC6R
x-amz-id-2: 2ywp9fgknp8c4HO0Z1cJ5C+4aMUUPCMjGdBA1cI/wAWAxrlaPAi52xxpkj8rcWWqMPvoQLnyl6w=
last-modified: Tue, 08 Mar 2022 17:05:01 GMT
server: cloudflare
x-amz-meta-s3cmd-attrs: atime:1646759091/ctime:1646759091/gid:0/gname:root/md5:617c205137825561208ef7c1a2d8f319/mode:33206/mtime:1646759091/uid:0/uname:root
etag: W/"617c205137825561208ef7c1a2d8f319"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=86400
x-amz-version-id: null
cf-ray: 73ba61c70dad9a06-FRA
expires: Wed, 17 Aug 2022 13:05:30 GMT

GET
H2 200 Adchoices.svg
cdn.mgid.com/images/logos/ 836 B
813 B 41ms
26ms Image
image/svg+xml 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.mgid.com/images/logos/Adchoices.svg
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7992a4430843ef8b4bbae534358be3193aa1ae9c78f273e8e8a70b6af1244ac5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: br
cf-cache-status: HIT
age: 2728
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 31SYWNNYNESPJ6F1
x-amz-id-2: 3myD4nXSsv4qiYMx2Hi56efn2ys0sdKXq9O5ZJG39ML6YXsxmNdK6iip2d5CSfCah3Py/VE8AbU=
last-modified: Wed, 17 Feb 2021 18:15:53 GMT
server: cloudflare
x-amz-meta-s3cmd-attrs: atime:1613585745/ctime:1613585745/gid:0/gname:root/md5:7d59364b7ed2df3f02507c9f92560df9/mode:33206/mtime:1613585745/uid:0/uname:root
etag: W/"7d59364b7ed2df3f02507c9f92560df9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=86400
x-amz-version-id: null
cf-ray: 73ba61c70dae9a06-FRA
expires: Wed, 17 Aug 2022 13:05:30 GMT

GET
H2 200 e1eee23f36481a69453f.b.js Show response
cdn.admixer.net/scripts3/48427/ 28 KB
11 KB 106ms
105ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/48427/e1eee23f36481a69453f.b.js
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 734b1760dd6b1371613bc5f380dc18f0d17ef81c0edf4622d5a1400c7ad9518a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-id: fr5-up-gc34
date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
last-modified: Thu, 28 Jul 2022 13:09:18 GMT
server: nginx
etag: W/"62e28a7e-702f"
vary: Accept-Encoding
x-cached-since: 2022-07-28T13:10:16+00:00
content-type: application/javascript
cache-control: max-age=31622400
cache: HIT
expires: Sat, 29 Jul 2023 13:10:16 GMT

GET
H2 200 fdabe098f34289659a17.b.js Show response
cdn.admixer.net/scripts3/48427/ 42 KB
18 KB 116ms
114ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/48427/fdabe098f34289659a17.b.js
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: f6247007e2b6a2b034c5ac6bb537e9451f7b5ed1dd8a23979068cd4e9160e72b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-id: fr5-up-gc34
date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
last-modified: Thu, 28 Jul 2022 13:09:19 GMT
server: nginx
etag: W/"62e28a7f-a793"
vary: Accept-Encoding
x-cached-since: 2022-07-28T13:10:16+00:00
content-type: application/javascript
cache-control: max-age=31622400
cache: HIT
expires: Sat, 29 Jul 2023 13:10:16 GMT

GET
H2 200 84011c43c3075e543c6d.b.js Show response
cdn.admixer.net/scripts3/48427/ 13 KB
5 KB 120ms
119ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/48427/84011c43c3075e543c6d.b.js
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 1083eef8b7598af7e021ae80d04890c3d02220b616f472acc64656ab024ba484

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-id: fr5-up-gc34
date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
last-modified: Thu, 28 Jul 2022 13:09:11 GMT
server: nginx
etag: W/"62e28a77-326c"
vary: Accept-Encoding
x-cached-since: 2022-07-28T13:10:16+00:00
content-type: application/javascript
cache-control: max-age=31622400
cache: HIT
expires: Sat, 29 Jul 2023 13:10:16 GMT

GET
H2 200 7103cce7fa6705169441.b.js Show response
cdn.admixer.net/scripts3/48427/ 11 KB
4 KB 107ms
106ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/48427/7103cce7fa6705169441.b.js
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: da5a6aaf22887d6be1d6aaf85b1bf31db6372817faeef47bd9f21b89fcb78109

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-id: fr5-up-gc34
date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
last-modified: Thu, 28 Jul 2022 13:09:10 GMT
server: nginx
etag: W/"62e28a76-2a79"
vary: Accept-Encoding
x-cached-since: 2022-07-28T13:10:16+00:00
content-type: application/javascript
cache-control: max-age=31622400
cache: HIT
expires: Sat, 29 Jul 2023 13:10:16 GMT

GET
H2 200 5927ef40e4a80e0040be.b.js Show response
cdn.admixer.net/scripts3/48427/ 215 KB
74 KB 129ms
128ms Script
application/javascript 2a03:90c0:41:2801::254
GCORE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.admixer.net/scripts3/48427/5927ef40e4a80e0040be.b.js
Requested by: Host: cdn.admixer.net
URL: https://cdn.admixer.net/scripts3/loader2.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a03:90c0:41:2801::254 Frankfurt am Main, Germany, ASN199524 (GCORE, LU),
Reverse DNS
Software: nginx /
Resource Hash: 4d1f56b3032e5c392c0a0e812c52d5fcc3da8d9f157d1e21d78434196f58495e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-id: fr5-up-gc34
date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
last-modified: Thu, 28 Jul 2022 13:09:08 GMT
server: nginx
etag: W/"62e28a74-35ac7"
vary: Accept-Encoding
x-cached-since: 2022-07-28T13:10:16+00:00
content-type: application/javascript
cache-control: max-age=31622400
cache: HIT
expires: Sat, 29 Jul 2023 13:10:16 GMT

GET
H2 200 / Show response
go.rcvlink.com/bdto/SNhIu61V0U/ Frame 8E7E 5 KB
3 KB 57ms
56ms XHR
application/json 136.243.84.74
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://go.rcvlink.com/bdto/SNhIu61V0U/?cache=tp3d49Lbv2772B8&ver=220811-2040&w=610&h=0&vw=1600&ms=577.10&me=0&ref=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Requested by: Host: go.rcvlink.com
URL: https://go.rcvlink.com/static/iframe.htm
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.84.74 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.74.84.243.136.clients.your-server.de
Software: nginx /
Resource Hash: 0c3bccae1f1f6b75a5f0d890ae15cc8e32221afed72bea06d5592185a28d3dd6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.rcvlink.com/static/iframe.htm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
last-modified: Tue, 16 Aug 2022 13:05:30 GMT
server: nginx
p3p: CP="CAO DSP COR LAW CURa ADMa DEVa PSAa PSDa OUR DELa BUS IND PHY ONL UNI PUR COM NAV INT STA",policyref="/w3c/p3p.xml"
access-control-allow-origin: *
hn: b16
cache-control: no-cache, no-store, no-transform, must-revalidate
content-type: application/json
expires: Tue, 16 Aug 2022 16:05:30 +0300

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 221 B
650 B 83ms
24ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=korrespondent.net&callback=_gfp_s_&client=ca-pub-3755662197386269

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208090101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-3755662197386269&plah=korrespondent.net

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

cafe /

Resource Hash

2bca6d4a748c8016f19ca9ee88f06b41a7b1928b2f490e44c0677ae022bae018

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 206
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 138ms
50ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=korrespondent.net

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 82ms
37ms Script
application/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=korrespondent.net

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame F3A0 0
188 B 122ms
79ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3755662197386269&output=html&adk=1812271804&adf=3025194257&lmt=1660655130&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&ea=0&pra=5&wgl=1&easpf=1&easpi=1&easai=1&asntp=0&asntpv=0&asntpl=0&asntpm=0&asntpc=300&asna=5&asnd=5&asnp=5&asns=5&asmat=-1&asptt=-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660655130599&bpp=3&bdt=1037&idt=136&shv=r20220811&mjsv=m202208090101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2419754494839&frm=20&pv=2&ga_vid=2006371786.1660655130&ga_sid=1660655131&ga_hid=351416207&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068486%2C31068789%2C44769306%2C31068881&oid=2&pvsid=4159801157072913&tmod=163380397&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=155

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://korrespondent.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 16 Aug 2022 13:05:30 GMT
expires: Tue, 16 Aug 2022 13:05:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame D9AB 23 KB
10 KB 361ms
332ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3755662197386269&output=html&h=90&slotname=6218171218&adk=3638426950&adf=2457552020&pi=t.ma~as.6218171218&w=728&lmt=1660655130&psa=0&format=728x90&url=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660655130602&bpp=1&bdt=1040&idt=160&shv=r20220811&mjsv=m202208090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2419754494839&frm=20&pv=1&ga_vid=2006371786.1660655130&ga_sid=1660655131&ga_hid=351416207&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=10&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068486%2C31068789%2C44769306%2C31068881&oid=2&pvsid=4159801157072913&tmod=163380397&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CpeE%7C&abl=NS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=uScTbWiw03&p=https%3A//korrespondent.net&dtd=167

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1475b24079e5706859e9b6a63c1e9639a9e34f065f13510f5369be0bbe2551f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://korrespondent.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 9751
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 16 Aug 2022 13:05:31 GMT
expires: Tue, 16 Aug 2022 13:05:31 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 1 Show response
servicer.mgid.com/1283487/ 2 KB
1 KB 59ms
41ms Script
application/x-javascript 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://servicer.mgid.com/1283487/1?pv=5&cbuster=1660655130782540961964&uniqId=0f91b&lct=1659657600&niet=4g&nisd=false&jsv=es6&mp4=1&ap=1&w=610&h=316&maxw_2=298&maxh_2=270&cols=2&ref=&cxurl=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&lu=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&sessionId=62fb961b-045c1&pageView=1&pvid=182a6c257b7b9ee9958&implVersion=11&dpr=1
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/k/o/korrespondent.net.1283487.es6.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f2084cd0c1196c60c46b019a6d52ffe0a97553c93b9e395a89c98a1a2da356d0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cf-ray: 73ba61c79e419a06-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 4fa0a4b4b34a13abefc36d1dc8305ceb
st11.rcvlink.com/2/304/ Frame 8E7E 16 KB
16 KB 101ms
58ms Image
image/webp 136.243.84.74
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://st11.rcvlink.com/2/304/4fa0a4b4b34a13abefc36d1dc8305ceb
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.84.74 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.74.84.243.136.clients.your-server.de
Software: nginx /
Resource Hash: 66af5d85560f25b8857229580d11c023509c32793df28162eca34790f007ea48

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.rcvlink.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
last-modified: Fri, 03 Jun 2022 09:50:28 GMT
server: nginx
etag: "6299d964-1bf89"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=7776000
accept-ranges: bytes
content-length: 16508
expires: Mon, 14 Nov 2022 13:05:30 GMT

GET
H2 200 23ab73b5404b62449e662fa5be6d9182
st11.rcvlink.com/2/304/ Frame 8E7E 10 KB
10 KB 154ms
111ms Image
image/webp 136.243.84.74
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://st11.rcvlink.com/2/304/23ab73b5404b62449e662fa5be6d9182
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.84.74 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.74.84.243.136.clients.your-server.de
Software: nginx /
Resource Hash: 571861bffcbb11702a9a254709f0adb704c56b645d070d20760a62e2173dd678

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.rcvlink.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
last-modified: Wed, 10 Aug 2022 11:20:01 GMT
server: nginx
etag: "62f39461-11e0d"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=7776000
accept-ranges: bytes
content-length: 9834
expires: Mon, 14 Nov 2022 13:05:30 GMT

GET
H2 200 gt.svg
go.rcvlink.com/img/ Frame 8E7E 219 B
428 B 52ms
51ms Image
image/svg+xml 136.243.84.74
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://go.rcvlink.com/img/gt.svg
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.84.74 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.74.84.243.136.clients.your-server.de
Software: nginx /
Resource Hash: 56d1f1f3e5b1add4f774ea6c58dbb722abd040454ccc1cc1ce38e9fe98e9021d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.rcvlink.com/static/iframe.htm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
last-modified: Tue, 22 Jan 2019 19:51:29 GMT
server: nginx
etag: "5c477441-db"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-length: 219
expires: Tue, 23 Aug 2022 13:05:30 GMT

GET
H2 200 logo160.png
go.rcvlink.com/img/ Frame 8E7E 6 KB
6 KB 53ms
52ms Image
image/png 136.243.84.74
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://go.rcvlink.com/img/logo160.png
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.84.74 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.74.84.243.136.clients.your-server.de
Software: nginx /
Resource Hash: a4b9e9ead2fa2e2326506b52b3f253b19ab9aa2bfe0b2c276dfbecfb4baf12cc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.rcvlink.com/static/iframe.htm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
last-modified: Mon, 21 Jan 2019 15:07:51 GMT
server: nginx
etag: "5c45e047-1869"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-length: 6249
expires: Tue, 23 Aug 2022 13:05:30 GMT

GET
H2 200 / Show response
go.rcvlink.com/bdto/f3wMYMNBP6/ Frame 45C8 4 KB
2 KB 60ms
57ms XHR
application/json 136.243.84.74
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://go.rcvlink.com/bdto/f3wMYMNBP6/?cache=tp3d49Lbv2772B8&ver=220811-2040&w=300&h=0&vw=1600&ms=530.87&me=0&ref=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Requested by: Host: go.rcvlink.com
URL: https://go.rcvlink.com/static/iframe.htm
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.84.74 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.74.84.243.136.clients.your-server.de
Software: nginx /
Resource Hash: 6feef6d629316fc0b78137760297b7a4c9302d377775ed1968b10bbd77b2c9ce

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.rcvlink.com/static/iframe.htm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
last-modified: Tue, 16 Aug 2022 13:05:30 GMT
server: nginx
p3p: CP="CAO DSP COR LAW CURa ADMa DEVa PSAa PSDa OUR DELa BUS IND PHY ONL UNI PUR COM NAV INT STA",policyref="/w3c/p3p.xml"
access-control-allow-origin: *
hn: b14
cache-control: no-cache, no-store, no-transform, must-revalidate
content-type: application/json
expires: Tue, 16 Aug 2022 16:05:30 +0300

GET
H2 200 p-gsmZhdaUra0N6.gif
pixel.quantserve.com/pixel/ 35 B
210 B 25ms
17ms Image
image/gif 2620:116:800d:21:b314:a0ef:ab7c:d546
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel/p-gsmZhdaUra0N6.gif

Requested by

Host: ad.mox.tv
URL: https://ad.mox.tv/mox/mwayss_invocation.min.js?pzoneid=777&height=405&width=720&tld=korrespondent.net&ctype=div

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:b314:a0ef:ab7c:d546 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:30 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET

sync
ad.invamia.com/delivery/
Redirect Chain

https://x.bidswitch.net/sync?ssp=prodoohmox&user_id=eb6718de-e878-4354-bdc2-2720b7ae6d50&gdpr=0&gdpr_consent=
https://ads.betweendigital.com/match?bidder_id=43092&gdpr=0&consent=&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dprodoohmox%26expires%3D30%...
https://ads.betweendigital.com/match?bidder_id=43092&gdpr=0&consent=&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dprodoohmox%26expires%3D30%...
https://x.bidswitch.net/sync?dsp_id=429&user_id=556cf06d-c475-52e4-a0a4-b5c3c25f23d8&ssp=prodoohmox&expires=30&user_group=1&gdpr=0&gdpr_consent=
https://ad.mox.tv/delivery/sync?userid=ad1f481a-c69d-4a57-831b-33e7fddbf07f
https://ad.mediawayss.com/delivery/sync?userid=ad1f481a-c69d-4a57-831b-33e7fddbf07f&inner_redirect=1&inner_uuid=eb6718de-e878-4354-bdc2-2720b7ae6d50&redirect_host_list=YWQub3V0c3RyZWFtLnRvZGF5LGFkL...
https://ad.outstream.today/delivery/sync?userid=ad1f481a-c69d-4a57-831b-33e7fddbf07f&inner_redirect=1&inner_uuid=eb6718de-e878-4354-bdc2-2720b7ae6d50&redirect_host_list=YWQuYWRvcHgubmV0LGFkLmludmFt...
https://ad.adopx.net/delivery/sync?userid=ad1f481a-c69d-4a57-831b-33e7fddbf07f&inner_redirect=1&inner_uuid=eb6718de-e878-4354-bdc2-2720b7ae6d50&redirect_host_list=YWQuaW52YW1pYS5jb20sYWQudmlkdmVydG...
https://ad.invamia.com/delivery/sync?userid=ad1f481a-c69d-4a57-831b-33e7fddbf07f&inner_redirect=1&inner_uuid=eb6718de-e878-4354-bdc2-2720b7ae6d50&redirect_host_list=YWQudmlkdmVydG8uaW8sYWQudmlkdmVy...

0
0

GET
H2 200 moxplayer.css
ad.mox.tv/js/moxplayer/ 51 KB
8 KB 30ms
22ms Stylesheet
text/css 190.2.151.10
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.mox.tv/js/moxplayer/moxplayer.css
Requested by: Host: ad.mox.tv
URL: https://ad.mox.tv/mox/mwayss_invocation.min.js?pzoneid=777&height=405&width=720&tld=korrespondent.net&ctype=div
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 190.2.151.10 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 190-2-151-10.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: a1fc449201f61ca3ea21d70a29c7539f8bcb19be28423a4e1258e7e1e994b042

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
last-modified: Wed, 10 Jun 2020 14:52:51 GMT
server: nginx/1.14.0 (Ubuntu)
etag: W/"5ee0f3c3-cbf7"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=3600, public, max-age=3600
expires: Tue, 16 Aug 2022 14:05:30 GMT

GET
H3 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ 375 KB
125 KB 155ms
58ms Script
text/javascript 2a00:1450:400e:80c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: ad.mox.tv
URL: https://ad.mox.tv/mox/mwayss_invocation.min.js?pzoneid=777&height=405&width=720&tld=korrespondent.net&ctype=div

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:80c::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5ee00fad2265577bc5be56bc69c1e8c1071a4b201a5b9bd523c7204a54c31a28

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 127726
x-xss-protection: 0
expires: Tue, 16 Aug 2022 13:05:30 GMT

GET
H2 200 inview.min.js Show response
ad.mox.tv/js/ima2/2/ 5 KB
2 KB 31ms
23ms Script
application/javascript 190.2.151.10
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.mox.tv/js/ima2/2/inview.min.js
Requested by: Host: ad.mox.tv
URL: https://ad.mox.tv/mox/mwayss_invocation.min.js?pzoneid=777&height=405&width=720&tld=korrespondent.net&ctype=div
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 190.2.151.10 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 190-2-151-10.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 2ebcdc45625d8bd6eb8cea62780c1128df28c86ef0e10a6369ec23c97d61d92c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
last-modified: Wed, 10 Jun 2020 14:52:51 GMT
server: nginx/1.14.0 (Ubuntu)
etag: W/"5ee0f3c3-1389"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600, public, max-age=3600
expires: Tue, 16 Aug 2022 14:05:30 GMT

GET
H2 200 vast-client.min.js Show response
ad.mox.tv/js/ima2/2/ 59 KB
13 KB 32ms
24ms Script
application/javascript 190.2.151.10
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.mox.tv/js/ima2/2/vast-client.min.js
Requested by: Host: ad.mox.tv
URL: https://ad.mox.tv/mox/mwayss_invocation.min.js?pzoneid=777&height=405&width=720&tld=korrespondent.net&ctype=div
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 190.2.151.10 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 190-2-151-10.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 04a436758e8992373a49eb612d5b5f54a6fe9e6b1aedab24b510411630fa99b8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
last-modified: Fri, 17 Sep 2021 18:13:12 GMT
server: nginx/1.14.0 (Ubuntu)
etag: W/"6144dab8-ea58"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600, public, max-age=3600
expires: Tue, 16 Aug 2022 14:05:30 GMT

GET
H2 200 ima.min.js Show response
ad.mox.tv/js/ima2/2/ 85 KB
22 KB 35ms
28ms Script
application/javascript 190.2.151.10
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.mox.tv/js/ima2/2/ima.min.js
Requested by: Host: ad.mox.tv
URL: https://ad.mox.tv/mox/mwayss_invocation.min.js?pzoneid=777&height=405&width=720&tld=korrespondent.net&ctype=div
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 190.2.151.10 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 190-2-151-10.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 2bc5a2143e0664261583e20d5cf80859585d86bda4e0ea1db3d787668111965f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
last-modified: Fri, 29 Jul 2022 19:28:50 GMT
server: nginx/1.14.0 (Ubuntu)
etag: W/"62e434f2-1539c"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600, public, max-age=3600
expires: Tue, 16 Aug 2022 14:05:30 GMT

GET
H2 200 moxplayer.min.js Show response
ad.mox.tv/js/moxplayer/ 276 KB
66 KB 51ms
46ms Script
application/javascript 190.2.151.10
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.mox.tv/js/moxplayer/moxplayer.min.js
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 190.2.151.10 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 190-2-151-10.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 155f07fa595a438ec58edc29cbc37dda721eb8d1e2d2b5ad8aeb559a611092c1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
last-modified: Thu, 14 Jul 2022 15:30:41 GMT
server: nginx/1.14.0 (Ubuntu)
etag: W/"62d036a1-44f13"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600, public, max-age=3600
expires: Tue, 16 Aug 2022 14:05:30 GMT

GET
H2 200 magic.png
bgstats.mox.tv/ 0
65 B 325ms
321ms Image
image/png 167.71.9.19
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bgstats.mox.tv/magic.png
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 167.71.9.19 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:31 GMT
server: nginx/1.14.0 (Ubuntu)
content-length: 0
content-type: image/png

GET
H2 200 pubads_impl_2022081101.js Show response
securepubads.g.doubleclick.net/gpt/ 388 KB
133 KB 60ms
18ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

sffe /

Resource Hash

48bd457befd1682d1e21bd4327a12799559ecc1308da5413b21ee60d2e6c0dde

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 12:33:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1939
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 135472
x-xss-protection: 0
last-modified: Thu, 11 Aug 2022 08:35:49 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 16 Aug 2023 12:33:11 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 620 B
867 B 90ms
50ms XHR
application/json 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=korrespondent.net

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

cafe /

Resource Hash

7f37c6bcfaa268588ad80865bd3927a96c16a2486d8e65417a34a1b798bcb683

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 16 Aug 2022 13:05:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 231
x-xss-protection: 0
expires: Tue, 16 Aug 2022 13:05:30 GMT

GET
H2 200 a58c986f3a8e9e10210babb752a271d1
st11.rcvlink.com/2/304/ Frame 45C8 22 KB
22 KB 74ms
74ms Image
image/webp 136.243.84.74
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://st11.rcvlink.com/2/304/a58c986f3a8e9e10210babb752a271d1
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.84.74 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.74.84.243.136.clients.your-server.de
Software: nginx /
Resource Hash: 20a3df19bb4591acf90ed393750b81271bd66ad897aa358be33e375a01cc66cf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.rcvlink.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
last-modified: Fri, 14 May 2021 14:45:02 GMT
server: nginx
etag: "609e8cee-9853"
content-type: image/webp
access-control-allow-origin: *
cache-control: max-age=7776000
accept-ranges: bytes
content-length: 22064
expires: Mon, 14 Nov 2022 13:05:30 GMT

GET
H2 200 pubads_impl_2022081101.js Show response
securepubads.g.doubleclick.net/gpt/ Frame EBAA 388 KB
132 KB 61ms
53ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js?cb=31068970

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

sffe /

Resource Hash

48bd457befd1682d1e21bd4327a12799559ecc1308da5413b21ee60d2e6c0dde

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 08:48:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 15406
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 135472
x-xss-protection: 0
last-modified: Thu, 11 Aug 2022 08:35:49 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 16 Aug 2023 08:48:44 GMT

GET
H2 200 logo160.png
go.rcvlink.com/img/ Frame 45C8 6 KB
6 KB 55ms
54ms Image
image/png 136.243.84.74
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://go.rcvlink.com/img/logo160.png
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.84.74 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.74.84.243.136.clients.your-server.de
Software: nginx /
Resource Hash: a4b9e9ead2fa2e2326506b52b3f253b19ab9aa2bfe0b2c276dfbecfb4baf12cc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://go.rcvlink.com/static/iframe.htm
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
last-modified: Mon, 21 Jan 2019 15:07:51 GMT
server: nginx
etag: "5c45e047-1869"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-length: 6249
expires: Tue, 23 Aug 2022 13:05:30 GMT

GET
H2 200 fpdata.js Show response
gaua.hit.gemius.pl/ 286 B
400 B 64ms
62ms Script
application/x-javascript 146.59.10.80
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gaua.hit.gemius.pl/fpdata.js?href=korrespondent.net
Requested by: Host: gaua.hit.gemius.pl
URL: https://gaua.hit.gemius.pl/xgemius.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 146.59.10.80 , France, ASN16276 (OVH, FR),
Reverse DNS: ip80.ip-146-59-10.eu
Software: GHC /
Resource Hash: 0d64296abe55a8dac5a22d1c99394e27f573b056d0a54ed01e1f0707258fa192

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
last-modified: Mon, 16 Jul 2012 10:03:40 GMT
server: GHC
etag: PRIVATE7520710249
p3p: CP="NOI DSP COR NID PSAo OUR IND"
cache-control: private, max-age=2592000
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-type: application/x-javascript
content-length: 286
expires: Thu, 15 Sep 2022 13:05:30 GMT

GET
H2 200 lsget.html Show response
ls.hit.gemius.pl/ Frame D707 5 KB
3 KB 176ms
52ms Document
text/html 146.59.30.104
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://ls.hit.gemius.pl/lsget.html
Requested by: Host: gaua.hit.gemius.pl
URL: https://gaua.hit.gemius.pl/xgemius.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 146.59.30.104 , France, ASN16276 (OVH, FR),
Reverse DNS: ip104.ip-146-59-30.eu
Software: GHC /
Resource Hash: 2d48b61c2f0783bec1a5c8d95e5f88866dd2794f401e8c7c4d9503608503b375

Request headers

Referer: https://korrespondent.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: none
cache-control: private, max-age=2592000
content-encoding: gzip
content-length: 2727
content-type: text/html;charset=utf-8
cross-origin-resource-policy: cross-origin
date: Tue, 16 Aug 2022 13:05:31 GMT
etag: PRIVATE7520710249
expires: Thu, 15 Sep 2022 13:05:31 GMT
last-modified: Mon, 16 Jul 2012 10:03:40 GMT
p3p: CP="NOI DSP COR NID PSAo OUR IND"
server: GHC
vary: Accept-Encoding,Origin,User-Agent

GET
DATA 200
OK truncated
/ 211 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 363832ce22d752de90a8074c063a729895ac3cf4c5650e1a5b82cfe2f5ee7674

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H/1.1 200
OK prebid.1.2.aspx Show response
inv-nets.admixer.net/ 42 B
507 B 52ms
52ms XHR
text/javascript 146.0.227.110
VELIANET-AS velia...

General

Check archive.org

Show headers Download Go to

Full URL

https://inv-nets.admixer.net/prebid.1.2.aspx

Requested by

Host: ad.mox.tv
URL: https://ad.mox.tv/js/achernar/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

146.0.227.110 , Ascension Island, ASN29066 (VELIANET-AS velia.net Internetdienste GmbH, DE),

Reverse DNS

Software

nginx /

Resource Hash

c979ffd70003be58ccc574778b78d9303e8b5b3494a6cdeb01449d65a5a815e6

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://korrespondent.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 16 Aug 2022 13:05:31 GMT
Server: nginx
P3p: CP="NID DSP ALL COR"
Access-Control-Allow-Origin: https://korrespondent.net
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Keep-Alive: timeout=25
Content-Length: 42
X-Xss-Protection: 0

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 126ms
47ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=korrespondent.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 16 Aug 2022 13:05:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 60ms
27ms Script
application/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=korrespondent.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 16 Aug 2022 13:05:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 451 B
274 B 458ms
423ms XHR
text/plain 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4159801157072913&correlator=167201564752631&eid=31068923%2C31068928%2C21068766%2C31061166&output=ldjh&gdfp_req=1&vrg=2022081101&ptt=17&impl=fifs&iu_parts=21679382043%3A22434891267%2Cmt_banners%2Cmt_umh_korrespondent.net_S_WW_336x280&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C336x280%7C336x90%7C321x123%7C320x100%7C320x50%7C300x250%7C300x100%7C300x75%7C300x50%7C300x31%7C292x30%7C250x250%7C240x133%7C234x60%7C220x90%7C216x54%7C216x36%7C200x200%7C180x150%7C168x42%7C168x28%7C125x125%7C120x240%7C120x90%7C120x60%7C120x30%7C120x20%7C88x31&fluid=height&ifi=3&adks=429713304&sfv=1-0-38&fsapi=false&prev_scp=mt_fln%3D0.8&sc=1&cookie=ID%3D7d1d3a232bbb798f-228d44c2f4cd0029%3AT%3D1660655130%3ART%3D1660655130%3AS%3DALNI_MbpG9cEHZXlWTLzHpXmKFnqLwCD_w&abxe=1&dt=1660655131074&lmt=1660655131&dlt=1660655129562&idt=1445&adxs=-168&adys=1208&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&frm=20&vis=1&psz=336x-1&msz=336x-1&fws=516&ohw=0&ga_vid=2006371786.1660655130&ga_sid=1660655131&ga_hid=351416207&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

cafe /

Resource Hash

13ea0f327d0c75771fec376ebba6f0817d32c52f5b8a78b29163247c65e08f1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:31 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 243
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://korrespondent.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 456 B
266 B 296ms
263ms XHR
text/plain 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4159801157072913&correlator=167201564752631&eid=31068923%2C31068928%2C21068766%2C31061166&output=ldjh&gdfp_req=1&vrg=2022081101&ptt=17&impl=fifs&iu_parts=21679382043%3A22434891267%2Cmt_banners%2Cmt_umh_korrespondent.net_banner_300x600_WW&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C300x600%7C300x250%7C300x100%7C300x75%7C300x50%7C300x31%7C292x30%7C250x360%7C250x250%7C240x400%7C240x133%7C234x60%7C220x90%7C216x54%7C216x36%7C200x446%7C200x200%7C180x150%7C168x42%7C168x28%7C160x600%7C125x125%7C120x600%7C120x240%7C120x90%7C120x60%7C120x30%7C120x20%7C88x31&fluid=height&ifi=4&adks=144773377&sfv=1-0-38&fsapi=false&prev_scp=mt_fln%3D0.8&sc=1&cookie=ID%3D7d1d3a232bbb798f-228d44c2f4cd0029%3AT%3D1660655130%3ART%3D1660655130%3AS%3DALNI_MbpG9cEHZXlWTLzHpXmKFnqLwCD_w&abxe=1&dt=1660655131079&lmt=1660655131&dlt=1660655129562&idt=1445&adxs=2320&adys=408&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&frm=20&vis=1&psz=1500x0&msz=1500x0&fws=4&ohw=0&ga_vid=2006371786.1660655130&ga_sid=1660655131&ga_hid=351416207&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

cafe /

Resource Hash

8aef4364e4f67400d02bc23926cffa55adcbc81f17f178b6e1dbffc1f311346c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:31 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 235
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://korrespondent.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 44 KB
11 KB 366ms
333ms XHR
text/plain 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4159801157072913&correlator=167201564752631&eid=31068923%2C31068928%2C21068766%2C31061166&output=ldjh&gdfp_req=1&vrg=2022081101&ptt=17&impl=fifs&iu_parts=21986089839%3A22434891267%2Civm_display%2Civm_umh_korrespondent.net_banner_300x600_WW&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C300x600%7C300x250%7C300x100%7C300x75%7C300x50%7C300x31%7C292x30%7C250x360%7C250x250%7C240x400%7C240x133%7C234x60%7C220x90%7C216x54%7C216x36%7C200x446%7C200x200%7C180x150%7C168x42%7C168x28%7C160x600%7C125x125%7C120x600%7C120x240%7C120x90%7C120x60%7C120x30%7C120x20%7C88x31&fluid=height&ifi=5&adks=4266777488&sfv=1-0-38&fsapi=false&prev_scp=mt_fln%3D0.3&sc=1&cookie=ID%3D7d1d3a232bbb798f-228d44c2f4cd0029%3AT%3D1660655130%3ART%3D1660655130%3AS%3DALNI_MbpG9cEHZXlWTLzHpXmKFnqLwCD_w&abxe=1&dt=1660655131083&lmt=1660655131&dlt=1660655129562&idt=1445&adxs=3820&adys=408&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&frm=20&vis=1&psz=1500x0&msz=1500x0&fws=4&ohw=0&ga_vid=2006371786.1660655130&ga_sid=1660655131&ga_hid=351416207&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

cafe /

Resource Hash

68960c8fdcaa9203204e9e383a89fac3658a1eba0a41c9dbefbcd817fd23fa06

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:31 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11137
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://korrespondent.net
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 440 B
258 B 295ms
263ms XHR
text/plain 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4159801157072913&correlator=167201564752631&eid=31068923%2C31068928%2C21068766%2C31061166&output=ldjh&gdfp_req=1&vrg=2022081101&ptt=17&impl=fifs&iu_parts=21830442390%3A22434891267%2Ckorrespondent.net_300x600_WW_%2C300x600&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C300x600%7C300x250%7C300x100%7C300x75%7C300x50%7C300x31%7C292x30%7C250x360%7C250x250%7C240x400%7C240x133%7C234x60%7C220x90%7C216x54%7C216x36%7C200x446%7C200x200%7C180x150%7C168x42%7C168x28%7C160x600%7C125x125%7C120x600%7C120x240%7C120x90%7C120x60%7C120x30%7C120x20%7C88x31&fluid=height&ifi=6&adks=1723450323&sfv=1-0-38&fsapi=false&sc=1&cookie=ID%3D7d1d3a232bbb798f-228d44c2f4cd0029%3AT%3D1660655130%3ART%3D1660655130%3AS%3DALNI_MbpG9cEHZXlWTLzHpXmKFnqLwCD_w&abxe=1&dt=1660655131087&lmt=1660655131&dlt=1660655129562&idt=1445&adxs=5320&adys=408&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&frm=20&vis=1&psz=1500x0&msz=1500x0&fws=4&ohw=0&ga_vid=2006371786.1660655130&ga_sid=1660655131&ga_hid=351416207&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

cafe /

Resource Hash

a18f84ce166eb4a692f62d6d4cca3ab068f189b428333757b2057e84f8829cb3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:31 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 227
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://korrespondent.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 58 KB
13 KB 486ms
454ms XHR
text/plain 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4159801157072913&correlator=167201564752631&eid=31068923%2C31068928%2C21068766%2C31061166&output=ldjh&gdfp_req=1&vrg=2022081101&ptt=17&impl=fifs&iu_parts=52555387%3A22434891267%2Ckorrespondent.net_300x600_WW&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x600%7C300x250%7C300x100%7C300x75%7C300x50%7C300x31%7C292x30%7C250x360%7C250x250%7C240x400%7C240x133%7C234x60%7C220x90%7C216x54%7C216x36%7C200x446%7C200x200%7C180x150%7C168x42%7C168x28%7C160x600%7C125x125%7C120x600%7C120x240%7C120x90%7C120x60%7C120x30%7C120x20%7C88x31&fluid=height&ifi=7&adks=2924878311&sfv=1-0-38&fsapi=false&prev_scp=yb_ab%3Db%26yb_dc%3Dd%26yb_mx%3Dm1%26yb_tt%3Dtt5%26yb_ff%3D1%26yb_th%3D5%26yb_tm%3D5%26yb_wd%3D2&sc=1&cookie=ID%3D7d1d3a232bbb798f-228d44c2f4cd0029%3AT%3D1660655130%3ART%3D1660655130%3AS%3DALNI_MbpG9cEHZXlWTLzHpXmKFnqLwCD_w&abxe=1&dt=1660655131092&lmt=1660655131&dlt=1660655129562&idt=1445&adxs=6820&adys=408&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&frm=20&vis=1&psz=1500x0&msz=1500x0&fws=4&ohw=0&ga_vid=2006371786.1660655130&ga_sid=1660655131&ga_hid=351416207&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

cafe /

Resource Hash

b5ff81dc47d0c3cfcfee6ba1b9c6c5db2c38c77079901a2c2ac1319bcdd96093

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:31 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13018
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://korrespondent.net
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 121 KB
44 KB 431ms
399ms XHR
text/plain 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4159801157072913&correlator=167201564752631&eid=31068923%2C31068928%2C21068766%2C31061166&output=ldjh&gdfp_req=1&vrg=2022081101&ptt=17&impl=fifs&iu_parts=21621488598%2CMAT_korrespondent.net_banner&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x600%7C300x250%7C300x100%7C300x75%7C300x50%7C300x31%7C292x30%7C250x360%7C250x250%7C240x400%7C240x133%7C234x60%7C220x90%7C216x54%7C216x36%7C200x446%7C200x200%7C180x150%7C168x42%7C168x28%7C160x600%7C125x125%7C120x600%7C120x240%7C120x90%7C120x60%7C120x30%7C120x20%7C88x31&fluid=height&ifi=8&adks=1245718219&sfv=1-0-38&fsapi=false&sc=1&cookie=ID%3D7d1d3a232bbb798f-228d44c2f4cd0029%3AT%3D1660655130%3ART%3D1660655130%3AS%3DALNI_MbpG9cEHZXlWTLzHpXmKFnqLwCD_w&abxe=1&dt=1660655131096&lmt=1660655131&dlt=1660655129562&idt=1445&adxs=8320&adys=408&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=6&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&frm=20&vis=1&psz=1500x0&msz=1500x0&fws=4&ohw=0&ga_vid=2006371786.1660655130&ga_sid=1660655131&ga_hid=351416207&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

cafe /

Resource Hash

f8a2fb04c2805781ab48cd9708cc056a3aaf0738d9cac4906fded158364a3270

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/86352550399540132/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/86352550399540132/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CNqzwbm2y_kCFQ2D_QcduG0DtQ&gqi=&layout=/sadbundle/%24csp%253Der3%24/86352550399540132/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/86352550399540132/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/86352550399540132/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CNqzwbm2y_kCFQ2D_QcduG0DtQ&gqi=&layout=/sadbundle/%24csp%253Der3%24/86352550399540132/index.html
content-encoding: br
x-content-type-options: nosniff
google-creative-id: -1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 45165
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
date: Tue, 16 Aug 2022 13:05:31 GMT
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://korrespondent.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
aad76d0bec8e37c4236218635c06b50b.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame AFB4 6 KB
4 KB 135ms
25ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://aad76d0bec8e37c4236218635c06b50b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://korrespondent.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 16 Aug 2022 13:05:31 GMT
expires: Wed, 16 Aug 2023 13:05:31 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMS0wMi8xMDE5MjQvN2I0YTNkMTMzZGI4ZjY4M...
s-img.mgid.com/g/11739876/492x277/-/ 12 KB
12 KB 67ms
24ms Image
image/webp 104.19.132.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/g/11739876/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMS0wMi8xMDE5MjQvN2I0YTNkMTMzZGI4ZjY4MTljM2ZlNzU0NTE2MDJjYjUuanBlZw.webp?v=1660655130-r102sBAaun5Xtlh5yJ3EEgNcKGLUdlrKA_PIMUmNqn0
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.132.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: afd0f29b4b5495d092c10dc6b7cfba7542f00870aeb505ece7058c69f2f55db8

Request headers

Referer: https://korrespondent.net/
Origin: https://korrespondent.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:31 GMT
cf-cache-status: HIT
last-modified: Tue, 21 Dec 2021 12:46:05 GMT
x-mg-request-uuid: fc01e4cb-5df8-479e-94f0-01f6064bed44
age: 8483868
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 73ba61c9df949962-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 12160
server: cloudflare

GET
H2 200 aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMi0wMy8xMDE5MjQvOWNiNzRjMTdhYmNlYWVlO...
s-img.mgid.com/g/12581090/492x277/-/ 16 KB
17 KB 69ms
28ms Image
image/webp 104.19.132.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/g/12581090/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMi0wMy8xMDE5MjQvOWNiNzRjMTdhYmNlYWVlOTkyMDExYmY5YzViODBlYWMuanBlZw.webp?v=1660655130-VHkuQlV4OuTY9_MSq2Pdi9iAMw5sXu7AQbZ2yMsODrA
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.132.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1598e045b4d9e7ab54c8164d124493be8cb6030eea6cccbbb41744487dbf8d9f

Request headers

Referer: https://korrespondent.net/
Origin: https://korrespondent.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:31 GMT
cf-cache-status: HIT
last-modified: Tue, 29 Mar 2022 09:38:19 GMT
x-mg-request-uuid: 7277f330-8691-46ae-bf98-0fb341bd7635
age: 8483919
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 73ba61c9df999962-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 16708
server: cloudflare

GET
DATA 200
OK truncated
/ Frame EBAA 211 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 363832ce22d752de90a8074c063a729895ac3cf4c5650e1a5b82cfe2f5ee7674

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H/1.1 200
OK prebid.1.2.aspx Show response
inv-nets.admixer.net/ Frame EBAA 42 B
507 B 115ms
115ms XHR
text/javascript 146.0.227.110
VELIANET-AS velia...

General

Check archive.org

Show headers Download Go to

Full URL

https://inv-nets.admixer.net/prebid.1.2.aspx

Requested by

Host: ad.mox.tv
URL: https://ad.mox.tv/js/achernar/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

146.0.227.110 , Ascension Island, ASN29066 (VELIANET-AS velia.net Internetdienste GmbH, DE),

Reverse DNS

Software

nginx /

Resource Hash

c979ffd70003be58ccc574778b78d9303e8b5b3494a6cdeb01449d65a5a815e6

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://korrespondent.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 16 Aug 2022 13:05:31 GMT
Server: nginx
P3p: CP="NID DSP ALL COR"
Access-Control-Allow-Origin: https://korrespondent.net
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Keep-Alive: timeout=25
Content-Length: 42
X-Xss-Protection: 0

GET
H/1.1 200
OK a.min.js Show response
0.code.cotsta.ru/dist/ Frame 3FAB 290 KB
93 KB 406ms
172ms Script
application/javascript 185.119.59.4
TIMEWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://0.code.cotsta.ru/dist/a.min.js

Requested by

Host: ad.mox.tv
URL: https://ad.mox.tv/js/achernar/achernar.min.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

185.119.59.4 St Petersburg, Russian Federation, ASN9123 (TIMEWEB-AS, RU),

Reverse DNS

353757-ce44784.tmweb.ru

Software

nginx/1.14.1 /

Resource Hash

52843d80d9ae9d8b68ec95209a51d1cf09949d770d786ac40a859a4dd92e1188

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:12:36 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Mon, 16 May 2022 11:47:04 GMT
Server: nginx/1.14.1
ETag: W/"628239b8-489a3"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=1800
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block

POST
H2 204 c Show response
prebid.a-mo.net/a/ Frame EBAA 0
278 B 190ms
78ms XHR
text/plain 147.75.85.234
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: ad.mox.tv
URL: https://ad.mox.tv/js/achernar/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.75.85.234 Schiphol, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://korrespondent.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://korrespondent.net
date: Tue, 16 Aug 2022 13:05:30 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
server: envoy
x-envoy-upstream-service-time: 27
vary: origin, Accept-Encoding

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame EBAA 107 B
122 B 43ms
43ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=korrespondent.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js?cb=31068970

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 16 Aug 2022 13:05:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame EBAA 107 B
122 B 28ms
26ms Script
application/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=korrespondent.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js?cb=31068970

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 16 Aug 2022 13:05:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame EBAA 702 B
436 B 280ms
277ms XHR
text/plain 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3264014519547007&correlator=2276935037374628&eid=31068457%2C31068970%2C44768683%2C31061166%2C44742767&output=ldjh&gdfp_req=1&vrg=2022081101&ptt=17&impl=fifs&iu_parts=21679382043%3A22434891267%2Cmt_banners%2Cmt_umh_korrespondent.net_banner_300x250_fixed_C&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C300x250%7C300x100%7C300x75%7C300x50%7C300x31%7C292x30%7C250x250%7C240x133%7C234x60%7C220x90%7C216x54%7C216x36%7C200x200%7C180x150%7C168x42%7C168x28%7C125x125%7C120x240%7C120x90%7C120x60%7C120x30%7C120x20%7C88x31&fluid=height&ifi=1&adks=2153768742&sfv=1-0-38&fsapi=false&prev_scp=mt_fln%3D0.8&sc=1&cookie=ID%3D7d1d3a232bbb798f-228d44c2f4cd0029%3AT%3D1660655130%3ART%3D1660655130%3AS%3DALNI_MbpG9cEHZXlWTLzHpXmKFnqLwCD_w&cdm=korrespondent.net&abxe=1&dt=1660655131199&lmt=1660655131&dlt=1660655130455&idt=682&adxs=2620&adys=1137&biw=1600&bih=1200&isw=300&ish=250&scr_x=0&scr_y=0&btvi=0&ucis=bvy63ax6ogp5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&nhd=1&url=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&top=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&frm=23&vis=1&psz=1800x-1&msz=1800x-1&fws=260&ohw=300&ea=0&ga_vid=2006371786.1660655130&ga_sid=1660655131&ga_hid=1381463464&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js?cb=31068970

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

cafe /

Resource Hash

1e9d5440d87587c4baad26c6df575e0ce2e0a3f0a5aa8c0c416df48e305bb0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:31 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 405
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://korrespondent.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame EBAA 486 B
290 B 319ms
316ms XHR
text/plain 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3264014519547007&correlator=2276935037374628&eid=31068457%2C31068970%2C44768683%2C31061166%2C44742767&output=ldjh&gdfp_req=1&vrg=2022081101&ptt=17&impl=fifs&iu_parts=21986089839%3A22434891267%2Civm_display%2Civm_umh_korrespondent.net_banner_300x250_fixed_C&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C300x250%7C300x100%7C300x75%7C300x50%7C300x31%7C292x30%7C250x250%7C240x133%7C234x60%7C220x90%7C216x54%7C216x36%7C200x200%7C180x150%7C168x42%7C168x28%7C125x125%7C120x240%7C120x90%7C120x60%7C120x30%7C120x20%7C88x31&fluid=height&ifi=2&adks=1196454782&sfv=1-0-38&fsapi=false&prev_scp=mt_fln%3D0.3&sc=1&cookie=ID%3D7d1d3a232bbb798f-228d44c2f4cd0029%3AT%3D1660655130%3ART%3D1660655130%3AS%3DALNI_MbpG9cEHZXlWTLzHpXmKFnqLwCD_w&cdm=korrespondent.net&abxe=1&dt=1660655131203&lmt=1660655131&dlt=1660655130455&idt=682&adxs=4420&adys=1137&biw=1600&bih=1200&isw=300&ish=250&scr_x=0&scr_y=0&btvi=0&ucis=mmyx5i9hamha&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&nhd=1&url=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&top=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&frm=23&vis=1&psz=1800x-1&msz=1800x-1&fws=260&ohw=300&ea=0&ga_vid=2006371786.1660655130&ga_sid=1660655131&ga_hid=1381463464&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js?cb=31068970

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

cafe /

Resource Hash

f38fa3cdf770e184a188b8398f73d85eb43a4ec4790e1a89ecd84ea91b1c1596

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:31 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 259
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://korrespondent.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame EBAA 469 B
286 B 270ms
267ms XHR
text/plain 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3264014519547007&correlator=2276935037374628&eid=31068457%2C31068970%2C44768683%2C31061166%2C44742767&output=ldjh&gdfp_req=1&vrg=2022081101&ptt=17&impl=fifs&iu_parts=21830442390%3A22434891267%2Ckorrespondent.net_banner_300x250_fixed_C_%2C300x250&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C300x250%7C300x100%7C300x75%7C300x50%7C300x31%7C292x30%7C250x250%7C240x133%7C234x60%7C220x90%7C216x54%7C216x36%7C200x200%7C180x150%7C168x42%7C168x28%7C125x125%7C120x240%7C120x90%7C120x60%7C120x30%7C120x20%7C88x31&fluid=height&ifi=3&adks=306219408&sfv=1-0-38&fsapi=false&sc=1&cookie=ID%3D7d1d3a232bbb798f-228d44c2f4cd0029%3AT%3D1660655130%3ART%3D1660655130%3AS%3DALNI_MbpG9cEHZXlWTLzHpXmKFnqLwCD_w&cdm=korrespondent.net&abxe=1&dt=1660655131205&lmt=1660655131&dlt=1660655130455&idt=682&adxs=6220&adys=1137&biw=1600&bih=1200&isw=300&ish=250&scr_x=0&scr_y=0&btvi=0&ucis=vrmq41ackr4h&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&nhd=1&url=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&top=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&frm=23&vis=1&psz=1800x-1&msz=1800x-1&fws=260&ohw=300&ea=0&ga_vid=2006371786.1660655130&ga_sid=1660655131&ga_hid=1381463464&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js?cb=31068970

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

cafe /

Resource Hash

0691232849cf22b42a053a3b4a8880000d038e1dea9d0da7188da2131914d33d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:31 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 255
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://korrespondent.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame EBAA 43 KB
11 KB 376ms
373ms XHR
text/plain 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3264014519547007&correlator=2276935037374628&eid=31068457%2C31068970%2C44768683%2C31061166%2C44742767&output=ldjh&gdfp_req=1&vrg=2022081101&ptt=17&impl=fifs&iu_parts=52555387%3A22434891267%2Ckorrespondent.net_banner_300x250_fixed_C&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C300x100%7C300x75%7C300x50%7C300x31%7C292x30%7C250x250%7C240x133%7C234x60%7C220x90%7C216x54%7C216x36%7C200x200%7C180x150%7C168x42%7C168x28%7C125x125%7C120x240%7C120x90%7C120x60%7C120x30%7C120x20%7C88x31&fluid=height&ifi=4&adks=303499490&sfv=1-0-38&fsapi=false&prev_scp=yb_ab%3Db%26yb_dc%3Dd%26yb_mx%3Dm116%26yb_tt%3Dtt6%26yb_ff%3D0%26yb_th%3D5%26yb_tm%3D5%26yb_wd%3D2&sc=1&cookie=ID%3D7d1d3a232bbb798f-228d44c2f4cd0029%3AT%3D1660655130%3ART%3D1660655130%3AS%3DALNI_MbpG9cEHZXlWTLzHpXmKFnqLwCD_w&cdm=korrespondent.net&abxe=1&dt=1660655131207&lmt=1660655131&dlt=1660655130455&idt=682&adxs=8020&adys=1137&biw=1600&bih=1200&isw=300&ish=250&scr_x=0&scr_y=0&btvi=0&ucis=8szwgzccluvp&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&nhd=1&url=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&top=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&frm=23&vis=1&psz=1800x-1&msz=1800x-1&fws=260&ohw=300&ea=0&ga_vid=2006371786.1660655130&ga_sid=1660655131&ga_hid=1381463464&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js?cb=31068970

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

cafe /

Resource Hash

adddc2e9a76c0aa1d4aa53a9a34c6c3c45cde681ee06de5dfa9d5f6e6d812354

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:31 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10938
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://korrespondent.net
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame EBAA 57 KB
12 KB 357ms
354ms XHR
text/plain 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3264014519547007&correlator=2276935037374628&eid=31068457%2C31068970%2C44768683%2C31061166%2C44742767&output=ldjh&gdfp_req=1&vrg=2022081101&ptt=17&impl=fifs&iu_parts=21621488598%2CMAT_korrespondent.net_banner_fixed_b&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C300x100%7C300x75%7C300x50%7C300x31%7C292x30%7C250x250%7C240x133%7C234x60%7C220x90%7C216x54%7C216x36%7C200x200%7C180x150%7C168x42%7C168x28%7C125x125%7C120x240%7C120x90%7C120x60%7C120x30%7C120x20%7C88x31&fluid=height&ifi=5&adks=3295196017&sfv=1-0-38&fsapi=false&sc=1&cookie=ID%3D7d1d3a232bbb798f-228d44c2f4cd0029%3AT%3D1660655130%3ART%3D1660655130%3AS%3DALNI_MbpG9cEHZXlWTLzHpXmKFnqLwCD_w&cdm=korrespondent.net&abxe=1&dt=1660655131208&lmt=1660655131&dlt=1660655130455&idt=682&adxs=13420&adys=1137&biw=1600&bih=1200&isw=300&ish=250&scr_x=0&scr_y=0&btvi=0&ucis=qk5ht7ojqcpt&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&nhd=1&url=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&top=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&frm=23&vis=1&psz=1800x-1&msz=1800x-1&fws=260&ohw=300&ea=0&ga_vid=2006371786.1660655130&ga_sid=1660655131&ga_hid=1381463464&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js?cb=31068970

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

cafe /

Resource Hash

42276759762e20ad22c5a1a036ada29b2e9bb581e94906a0df8cf1aa2a2cdb16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:31 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12751
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://korrespondent.net
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame EBAA 14 KB
11 KB 139ms
77ms XHR
application/json 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022081101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js?cb=31068970

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2efd01e0321398d63e1378c342a79ce57b05ca28db6485cccfdab344dcbc6c10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 16 Aug 2022 13:05:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11195
x-xss-protection: 0

GET
H2 200 container.html Show response
007c3a8bc11f45e050582ea5902a5eb0.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame E697 6 KB
3 KB 96ms
24ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://007c3a8bc11f45e050582ea5902a5eb0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js?cb=31068970

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://korrespondent.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 16 Aug 2022 13:05:31 GMT
expires: Wed, 16 Aug 2023 13:05:31 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 bridge3.525.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 095F 635 KB
205 KB 47ms
47ms Document
text/html 2a00:1450:400e:80c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.525.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:80c::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d47d16bf34e4c557ae13192bf351083ee15c9bed72a139fb1e14272d7b391230

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://korrespondent.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 470864
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210284
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Thu, 11 Aug 2022 02:17:47 GMT
expires: Fri, 11 Aug 2023 02:17:47 GMT
last-modified: Thu, 11 Aug 2022 01:58:48 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 client.js Show response
s0.2mdn.net/instream/video/ 44 KB
17 KB 72ms
27ms Script
text/javascript 2a00:1450:4001:802::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 16 Aug 2022 13:05:31 GMT

GET
H2 200 video
ad.mox.tv/delivery/rtb/ 0
0 42ms
41ms Image
text/xml 190.2.151.10
WORLDSTREAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.mox.tv/delivery/rtb/video?data=a00yTHM3VW10Q0h5TmZUREtCOFBvK3JoZ0ZGYzRrOXNzSHpqNXAyR1NxdWt0WkEydFRweVVSNk1vMVdNazcweFc1cVA2QXd4akFLSjIxS21rYU9GYThRZUhtWUdKa3NZUXpUN3lROWZoNDMyYktVcTQyY1dpWC9MK1E5M2x0VnhGVEd5Q0hrZ1BWWTU5QzZnYWV2M3JwZzN0emhkalFtZU1GbG5tbVRqZmZ3b3d6ajBXdkpvV0RzTjh0S09XK2lBUkRQeUdFSU1lTVM3OXBleXFSUnN1OVBVVnBsWmtKRkt5aEFEQzIvUUxOem5aanR0VFo1aTErVzRCVVVLUFE0REwyMmJCc3BVYnpjUFowcWg3UzFmT3NyQWtsZ0VLdmFEQnJ6ZU5VZ0lCNDB2dDBvdG1iMDQyMjc1WTlNZjEwVlJqWDBWR2dtREhNa1FNOXFVY0M3bFdWYUJyRm9CYitkWitsZW41cEdrN2RHOHk5TStSRWhuTEQxYU44SU43WThSM2NicUxLd3RveHdnTlBMNFU1V004L1JSNzZvSUgwMWpmTUdlNE13aVIxZERyQmZxelBZYmF4U3NOZnl2Mm05Q0EwTHQ2ZzJPSGZ3bmdwd1M5cjlsdVRET2RBMzlhKzdsd2EzRUxaK3luYnFseUhRMEFCQlNwWnBIa25CMUhHVEJTV2s3S01na0Y4TEhOZCtsVmNVQmoyMUVqSGxidVl3UDZZQXBmakFLZEdxRnAwQ2UybWpJWEdQTzk4b0g5eFVaUE9tclpyYjdyUXZSK0FQMDBVT3FHUT09
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 190.2.151.10 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 190-2-151-10.hosted-by-worldstream.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/ Frame D9AB 3 KB
1 KB 60ms
19ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3755662197386269&output=html&h=90&slotname=6218171218&adk=3638426950&adf=2457552020&pi=t.ma~as.6218171218&w=728&lmt=1660655130&psa=0&format=728x90&url=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660655130602&bpp=1&bdt=1040&idt=160&shv=r20220811&mjsv=m202208090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2419754494839&frm=20&pv=1&ga_vid=2006371786.1660655130&ga_sid=1660655131&ga_hid=351416207&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=10&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068486%2C31068789%2C44769306%2C31068881&oid=2&pvsid=4159801157072913&tmod=163380397&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CpeE%7C&abl=NS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=uScTbWiw03&p=https%3A//korrespondent.net&dtd=167

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 12:58:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 445
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Aug 2022 12:58:06 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D9AB 140 KB
43 KB 148ms
60ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

75bf5c0112a41f871dc47c5e98deef6dc7db8e94178bf0c853f3a09415f6d338

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44015
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1660137096112928"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 16 Aug 2022 13:05:31 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/ Frame D9AB 17 KB
8 KB 57ms
16ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:04:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 33
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7599
x-xss-protection: 0
server: cafe
etag: 9215437806027971270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Aug 2022 13:04:58 GMT

GET
H2

200

rexdot.js Show response
gaua.hit.gemius.pl/__/_1660655131292/
Redirect Chain

https://gaua.hit.gemius.pl/_1660655131292/rexdot.js?l=100&id=1w.q9md1vyi0RfOuiXz46WZVLVTZsxt2XTSMzkxvvoz.x7&et=view&hsrc=1&initsonar=1&extra=&inner=_ver%3D328&eventid=0&fr=1&tz=0&fv=-&href=https%3A...
https://gaua.hit.gemius.pl/__/_1660655131292/rexdot.js?l=100&id=1w.q9md1vyi0RfOuiXz46WZVLVTZsxt2XTSMzkxvvoz.x7&et=view&hsrc=1&initsonar=1&extra=&inner=_ver%3D328&eventid=0&fr=1&tz=0&fv=-&href=https...

169 B
423 B

307ms
306ms

Script
application/x-javascript

146.59.10.80
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gaua.hit.gemius.pl/__/_1660655131292/rexdot.js?l=100&id=1w.q9md1vyi0RfOuiXz46WZVLVTZsxt2XTSMzkxvvoz.x7&et=view&hsrc=1&initsonar=1&extra=&inner=_ver%3D328&eventid=0&fr=1&tz=0&fv=-&href=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&ref=&screen=1600x1200r1000&col=24&window=1600x1200&vis=1&lsdata=P1OHIpzeOwrk1_RDBCJ_tDOonYOs8SLBjdUCh8lEG3X.87poK2f21sPM19PtD_kQ9PYdAXwYdr_Srs0BQOYYiPhI7WXu/RvKpaugvPDRJb/&ltime=391&fpdata=-TURNEDOFF
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Server: 146.59.10.80 , France, ASN16276 (OVH, FR),
Reverse DNS: ip80.ip-146-59-10.eu
Software: GHC /
Resource Hash: 36fe5f8245102e422e7bae2126481c36ae6e9c89bb695b8e9018171ea379d7a5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:31 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-type: application/x-javascript
content-length: 169
expires: Mon, 15 Aug 2022 13:05:31 GMT

Redirect headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:31 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: /__/_1660655131292/rexdot.js?l=100&id=1w.q9md1vyi0RfOuiXz46WZVLVTZsxt2XTSMzkxvvoz.x7&et=view&hsrc=1&initsonar=1&extra=&inner=_ver%3D328&eventid=0&fr=1&tz=0&fv=-&href=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&ref=&screen=1600x1200r1000&col=24&window=1600x1200&vis=1&lsdata=P1OHIpzeOwrk1_RDBCJ_tDOonYOs8SLBjdUCh8lEG3X.87poK2f21sPM19PtD_kQ9PYdAXwYdr_Srs0BQOYYiPhI7WXu/RvKpaugvPDRJb/&ltime=391&fpdata=-TURNEDOFF
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 0
expires: Mon, 15 Aug 2022 13:05:31 GMT

GET
H3 200 / Show response
c.mgid.com/pv/ 0
186 B 128ms
128ms Script
text/plain 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.mgid.com/pv/?pv=5&cbuster=1660655131296849291927&childs=360034,1314719&lct=1659657600&niet=4g&nisd=false&jsv=es6&ref=&cxurl=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&lu=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&sessionId=62fb961b-045c1&pageView=1&pvid=182a6c257b7b9ee9958&site=423239&implVersion=11&dpr=1
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/4/k/4.korrespondent.net.654324.es6.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:31 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 73ba61cab9c7d6a6-CDG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame D9AB 0
0 95ms
56ms Fetch
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CRzeHGpb7YrmTNo6EvPIP3ZWumAzJntKxXNWdkfdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTM3NTU2NjIxOTczODYyNjmgAdW20uoDyAEJqQLrBVo97AmxPqgDAaoEmQJP0E0aqRP3bLdlCrBf-zAXylx5qTbHXcYTBpgsNJIY7dKp3S10lOArPTk-ErwyrKC44yzkav41TAS4QZ63HYuDSnr5kLksfX9LsLZqugDUcDTZeJoX9onmXykguqijVO2wRa_IEEeX0QKths6eid2FG0lIKOWSZm0KBIjJ5brjRz9e030Dy9OLpTEQROCDdBgrfxu9QjnTLQ6YoBVx2sy_xAujNh7-llEQ_0vBB9fVCzNRt024ESChGElkIlEAR_I7piAIwQ4NPS9t6_5dZJzeaPwwOl1WbGo7v9mNQ67vj_gCQPQaw0U50qF_MB-hnG4pmQu7bBsgM1_gawFQHGiKnsELeSawxiN79_1om751efwFW7_7fF9wrIAGrfmcm8mIzNaFAaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAcBABMgLrAjoCgECACgH6CwIIAYAMAdAVAYAXAbIXGgoYEhRwdWItMzc1NTY2MjE5NzM4NjI2ORgA&sigh=EmIxZPygt24&uach_m=[UACH]&cid=CAQSGwCsnQUxfXIZNWIpKJXFxnwL3OL66Of7i_yL_hgB

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3755662197386269&output=html&h=90&slotname=6218171218&adk=3638426950&adf=2457552020&pi=t.ma~as.6218171218&w=728&lmt=1660655130&psa=0&format=728x90&url=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660655130602&bpp=1&bdt=1040&idt=160&shv=r20220811&mjsv=m202208090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2419754494839&frm=20&pv=1&ga_vid=2006371786.1660655130&ga_sid=1660655131&ga_hid=351416207&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=10&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068486%2C31068789%2C44769306%2C31068881&oid=2&pvsid=4159801157072913&tmod=163380397&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CpeE%7C&abl=NS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=uScTbWiw03&p=https%3A//korrespondent.net&dtd=167
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Tue, 16 Aug 2022 13:05:31 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Tue, 16 Aug 2022 13:05:31 GMT

GET
H2 200 notify
rtb.nl.eu.criteo.com/google/auction/ Frame D9AB 0
0 107ms
29ms Fetch 2a02:2638:1::2
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.nl.eu.criteo.com/google/auction/notify?profile=14&payload=k5CTFN6BMNgFWp2DYgICAAAALTT3sEV_vtK6Nw1YRNdkNhAalvtiKkL7F__VvQjnBPUAEgAA&wp=YvuWGgANibkITwIOAAuK3Qo7vZPSqYqDzojZtQ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::2 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
server: Kestrel
server-processing-duration-in-ticks: 345234
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame C32F 184 KB
54 KB 230ms
157ms Document
text/html 2a02:2638:1::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=YvuWGgANibkITwIOAAuK3Qo7vZPSqYqDzojZtQ&u=%7CLc54TrZYb0Pomubk4zjimG2KXH%2BHywyuj9a7b88Apr0%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNy44cDHK1QYNdJ71gdyCWvylMYxXMLCj4fODidRdwMR55tQ-B9hy0g1QCKGju0TMFa1bhOsc0-qHI0q5s3rBU2JaNXDxHM41bHrALWacGMF-IvHGHkW0PTFwaWKbpxliJNEwp9STjpWKNH66E1CHAMrcQ2j8kyBcM8iFG1GHiupiH_v71jj-kj8vtB6oNSp5NRaKH9hiQTxYQtRASBP17yD2C4dJ-l93HGD-bhOgoKOcjpm5vJw8nO-UmtnG0sTRkaitzww9CwLxbVmkPygl7LYe_HEueOvJ1QT7YcvQ5c41bbsTTLTQ0lJodtdv7cJQhyC_BfP69-lb2LIXZ9Myn1DFtIMzHyZjIhddaxCPdBRhQow3As7hucsJ4czDUwQ6aT23TjvLc_zbgESEUJ29pYL3wLz8PVc8i5ix89KITNbrVYPx-6zjNxmWWedmk9kznmeFbxy1d4S8&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCn0G5Gpb7YrmTNo6EvPIP3ZWumAzJntKxXNWdkfdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTM3NTU2NjIxOTczODYyNjmgAdW20uoDyAEJqQLrBVo97AmxPqgDAaoEnAJP0E0aqRP3bLdlCrBf-zAXylx5qTbHXcYTBpgsNJIY7dKp3S10lOArPTk-ErwyrKC44yzkav41TAS4QZ63HYuDSnr5kLksfX9LsLZqugDUcDTZeJoX9onmXykguqijVO2wRa_IEEeX0QKths6eid2FG0lIKOWSZm0KBIjJ5brjRz9e030Dy9OLpTEQROCDdBgrfxu9QjnTLQ6YoBVx2sy_xAujNh7-llEQ_0vBB9fVCzNRt024ESChGElkIlEAR_I7piAIwQ4NPS9t6_5dZJzeaPwwOl1WbGo7v9mNQ67vj_gCQPQaw0U50qF_MB-hnG4pmQv5bjqytNB8eL7MCMtao2fzcDK6cClV73_cU4PTi0Mbd6d-1ttjE_n-5IAGrfmcm8mIzNaFAaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAcBABMgLrAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1rV8Gh6P4in6IA2EuDDJt8mBnUGA%26client%3Dca-pub-3755662197386269%26adurl%3D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

338672bf319bd85284aa8457a623d08a19f035585479fec1e8f1346f98cc17fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Tue, 16 Aug 2022 13:05:31 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=sgMToKKfDcEqp4JZixThBvVEtuYZOLIdeLDU9iAPVolEE3ISTXj0s9kG4cJzoiUkAeoPEcnf0Rz-GkpQjA_rL3A3Cf-MLk28iV2d2H2Ime4mNYU2hFyv8zVCpG-qsMsT91j6lYRhbBXXm44cRunbcwOPh1fECRm-6RbOD6e3uIkT2iSDXs3-NpKqK2-qRMgAgOGyC--qDKai-vJqWi8HKFH1y7DLQtTyWzbyiG2Yx_UQ95PsDAGKz_clhgk4OHDCcJDWug"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 134954745
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
BLOB 206
Partial Content 801dad67-0021-4b88-a682-83e6323d18da
https://korrespondent.net/ 1 KB
0 Media
video/mp4

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://korrespondent.net/801dad67-0021-4b88-a682-83e6323d18da
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 60ddc774c7b5fd0c01d169321a444da403d60c0042f6bee01b0c96f6e1535fda

Request headers

Referer
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Range: bytes=0-

Response headers

Content-Range: bytes 0-1492/1493
Content-Length: 1493
Content-Type: video/mp4

GET
BLOB 206
Partial Content 15746fc2-108b-438f-8fe6-5dc279d782b7
https://korrespondent.net/ 1 KB
0 Media
video/mp4

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://korrespondent.net/15746fc2-108b-438f-8fe6-5dc279d782b7
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 60ddc774c7b5fd0c01d169321a444da403d60c0042f6bee01b0c96f6e1535fda

Request headers

Referer
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Range: bytes=0-

Response headers

Content-Range: bytes 0-1492/1493
Content-Length: 1493
Content-Type: video/mp4

GET
H2 200 cJZKeOuBrn4kERxqtaUH3VtXRa8TVwTICgirnJhmVJw.woff2
fonts.gstatic.com/s/opensans/v10/ 15 KB
15 KB 66ms
22ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v10/cJZKeOuBrn4kERxqtaUH3VtXRa8TVwTICgirnJhmVJw.woff2

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3135160ee3b34e2d1e58bf80944a1ed2cef3f073528ea98f11916a397b4c6ac9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://korrespondent.net/
Origin: https://korrespondent.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 10 Aug 2022 16:07:40 GMT
x-content-type-options: nosniff
age: 507471
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15556
x-xss-protection: 0
last-modified: Thu, 21 Aug 2014 18:06:58 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 10 Aug 2023 16:07:40 GMT

GET
H2 200 k3k702ZOKiLJc3WVjuplzOgdm0LZdjqr5-oayXSOefg.woff2
fonts.gstatic.com/s/opensans/v10/ 16 KB
16 KB 60ms
17ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v10/k3k702ZOKiLJc3WVjuplzOgdm0LZdjqr5-oayXSOefg.woff2

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

abcbe0423061bbf5caca8b070eb57c5ea831fde8cca4af206f8b48938142b4e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://korrespondent.net/
Origin: https://korrespondent.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 11:18:16 GMT
x-content-type-options: nosniff
age: 6435
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16224
x-xss-protection: 0
last-modified: Thu, 21 Aug 2014 18:08:16 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 16 Aug 2023 11:18:16 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame EBAA 17 KB
6 KB 66ms
30ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js?cb=31068970

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 16 Aug 2022 13:05:31 GMT

GET
H2 200 i.js Show response
cm.mgid.com/ 0
125 B 131ms
116ms Script
application/javascript 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.mgid.com/i.js?&cbuster=1660655131459701458928
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/k/o/korrespondent.net.1283487.es6.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:31 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: application/javascript
cache-control: no-store, no-cache, must-revalidate, max-age=0
cf-ray: 73ba61cbcb099a06-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0

GET
H3 200 1 Show response
servicer.mgid.com/360033/ 3 KB
2 KB 56ms
56ms Script
application/x-javascript 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://servicer.mgid.com/360033/1?pv=5&cbuster=1660655131462453534162&childs=360034,1314719&lct=1659657600&niet=4g&nisd=false&jsv=es6&mp4=1&ap=1&w=300&h=250&maxw_1=300&maxh_1=250&ident_p=true&cols=5&ref=&cxurl=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&lu=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&sessionId=62fb961b-045c1&pageView=1&pvid=182a6c257b7b9ee9958&implVersion=11&dpr=1
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/4/k/4.korrespondent.net.654324.es6.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f897d1651cfade653e3b95067b4690e0f51c0b55c836878447af5b62e5370a58

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:31 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cf-ray: 73ba61cbbc1cd6a6-CDG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 Si93QkNCaTIzMUdwRGxCOVJna3pKbmppS3FDaW05N0d4QWQ5QXZNdENJeitBclhvS2t0OXdpZXEyeXQ4NWJVTDdqRVlqM25oZUdZdzNUdHQxUHpjMlIyYlpGUjR1VlFaTHNoWlZVc3A4emlERlIxZHJWT2k1a0xjUDNTSlVvRkhVTmJhMXlCYmdCN0dUWDI2QVZMS... Show response
ad.mox.tv/delivery/video/pod/ Frame 095F 39 KB
18 KB 41ms
40ms XHR
text/xml 190.2.151.10
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.mox.tv/delivery/video/pod/Si93QkNCaTIzMUdwRGxCOVJna3pKbmppS3FDaW05N0d4QWQ5QXZNdENJeitBclhvS2t0OXdpZXEyeXQ4NWJVTDdqRVlqM25oZUdZdzNUdHQxUHpjMlIyYlpGUjR1VlFaTHNoWlZVc3A4emlERlIxZHJWT2k1a0xjUDNTSlVvRkhVTmJhMXlCYmdCN0dUWDI2QVZMS1N0Nlg2MzBqSTMyZmg3WkpHTXppcWExR2xtSkZBYU9OOENva2taOGxsUWJKNjhscE5zMENyNEU2QnVHYlhBaHRIOUs5RDUvMUwrS1d6bVVna3VMeGVoVDNzK0RnZ3RKUXZ3QWh4WjdCR3IwczBHK3hHY28rVWFVOWhLaVNxYkN6YVloTXJ5SVprOStJaXZrUDQ5Z2k5UXdhUlFhSUVXM0RkRU9vajZ3SGZ2L3NJa3hveHh1OGZXWUF5ZUR3WTNBcWY5WmZnYkdFaFIwUnhVNFhVeTVWZ3Z4WXZ2cFRvb3o0K2pvSHhsSVlYMU1hUjJYT3hNNzNwU1BqellId2VBUS9hWmVsNGZPYUo0T3JwVzYrTHk0ait6dXpqdjBya25pT0g2ZnRNdXFoaUZRY0x1RzZGcjlNVDlYdGRpNUlDMFF0dUp4czd6QXZMWGtWNU5oTC9ydkRRZTZ6b0hmNG1NaHlTdXVKNVV5NjQ3b3J1Mnk2dFF6RE8weFdXTnVFZlRCN2RHSG1PVEZOQnMwem1PWjdzYUdLdGs0dTd3Z3d6VmQvUG1MdnFDUzRCRjArQjRSU1NJb2hKdTlHVXBoVXF1MDJ4Q3l1aS9hcXE1RjhpWVZpaFpkbk1SY1d2UTNOemZTRExJbzF5ZGhUeHBFMW4vOU9wZDlGSVZtRHpBUlVtakVTNE9Td1doOXNrS3NzbTh3TFA3U05PR1lrVndHdWhscFlSWDhBa05QK2F5b0hEdUVwZk9MUExNcmM1ckVxekhtVEd3PT0%3D
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.525.0_en.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 190.2.151.10 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 190-2-151-10.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 9c977a8971d5cffbe1f384ac368431f7b22c3d5a7bfdde2824dab4a0c53f3ee8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-origin: https://imasdk.googleapis.com
date: Tue, 16 Aug 2022 13:05:31 GMT
content-encoding: gzip
access-control-allow-credentials: true
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/xml;charset=UTF-8

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012208081650000/ Frame A7A6 220 KB
61 KB 87ms
15ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012208081650000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d2e5722cf0b8d8df31200550801d755733c56d9ca2758b7041fbed009e0c9d08

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 64338
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61502
x-xss-protection: 0
server: sffe
date: Mon, 15 Aug 2022 19:13:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "df13b0b17adb5918"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 15 Aug 2023 19:13:13 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012208081650000/v0/ Frame A7A6 14 KB
5 KB 111ms
40ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012208081650000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e14ddde632bad66a3f79d6dc2c6a212d3b1b5cd8100cb6b73984b8797c5ed86

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 64338
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5197
x-xss-protection: 0
server: sffe
date: Mon, 15 Aug 2022 19:13:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "aca8368210f82021"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 15 Aug 2023 19:13:13 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012208081650000/v0/ Frame A7A6 94 KB
28 KB 113ms
42ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012208081650000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

70fa25d0cd4744b6b91054ad55e3e931dad31cc85915b13e33e4e674426c7cc1

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 64338
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28794
x-xss-protection: 0
server: sffe
date: Mon, 15 Aug 2022 19:13:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "cc093c4134ec5f1e"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 15 Aug 2023 19:13:13 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012208081650000/v0/ Frame A7A6 5 KB
2 KB 119ms
47ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012208081650000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec61d9fd1b3609a3a53f377ed07059c3dc7d2cb1502022e0623b4ebc1ea0f35e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 64338
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1913
x-xss-protection: 0
server: sffe
date: Mon, 15 Aug 2022 19:13:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "ef17e6cba96d5668"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 15 Aug 2023 19:13:13 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012208081650000/v0/ Frame A7A6 40 KB
13 KB 119ms
48ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012208081650000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d200dc372fb333c0ca488fba2a569a686cbf5f1ba0cc0544a4a8c96a4f91de3

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 64338
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12948
x-xss-protection: 0
server: sffe
date: Mon, 15 Aug 2022 19:13:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "08e07a681963ea9f"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 15 Aug 2023 19:13:13 GMT

GET
DATA 200
OK truncated
/ Frame A7A6 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c7b1cdb07783366502d87c81cd7e918667775859ff3b7392bf26d29ed8d17dad

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 949097195178092781
tpc.googlesyndication.com/simgad/ Frame A7A6 140 KB
140 KB 21ms
20ms Image
image/gif 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/949097195178092781

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fb723f64a4592323ee7fa4e2014452d2749fa12d60cc4fd55e22680a0b3c3e3c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 05:37:44 GMT
x-content-type-options: nosniff
age: 113267
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 143672
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 05:28:17 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 15 Aug 2023 05:37:44 GMT

GET
H3 200 ru.png
tpc.googlesyndication.com/pagead/images/abg/ Frame A7A6 3 KB
3 KB 20ms
18ms Image
image/png 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/ru.png

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fed2d61088cba54be39b2069add7103160e31f07c950c0e2e7706d6d6dc9ebf6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 19:13:14 GMT
x-content-type-options: nosniff
server: cafe
age: 64337
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 6726277462267614359
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3041
x-xss-protection: 0
expires: Tue, 16 Aug 2022 19:13:14 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame A7A6 344 B
368 B 19ms
18ms Image
image/png 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 19:13:14 GMT
x-content-type-options: nosniff
server: cafe
age: 64337
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 6766994032117382215
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 344
x-xss-protection: 0
expires: Tue, 16 Aug 2022 19:13:14 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame A7A6 0
0 134ms
48ms Image
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQafnH4tE4lT75Lyc0sY6bmPAVj_6dg6b15lZg9B626G_vpVhvkBiigBKOpmNLIFyfcTg13oidkJJLbSz8edfVXokUWfw
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame A7A6 0
0 62ms
61ms Image
text/html 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cw_2mG5b7YqLrC5mJ9u8Pu5ydwA7int_ha9-4j4H3ENvZHhABINLIxnxglYKAgJQHoAGG76uVAsgBA-ACAKgDAcgDCKoE3gJP0E6SzkJF83TddbS3vQhL054eufyU5YQp4Dbr1NVb24vLIMpOckughl7ga1GvRRcj_JhD-xVjnbmB1h0vubnJGubfVgxVOPZ20R4MalD68nzO0rkWH9knp_U4n-UZwqJG9x_h3eBr8cGli9tcOOBldClcYim_U8V6Hkf9KeCR4hMu4UBEQmA_3HCQbAz3PwYuep2GLjMczrDfeqn4MALRIKFaKr5bi9bodr0SuptJYRyh8h2Zklpu77JgloC6dtfnfFlosiVGGqanjpn6jBTYFpTosODWbIqjNOxSV_9mwZg2-dPipN6vdJs1zRUJaPrDidYp6MDn-LeVotAsmOwyNPXajv8Q5icDswQu3NsnZVHhGLszRkSUJy8iQxCOcFMdCFPdmYYMETt3D8ZHincFrIdPAaJjUHI-d3VNYIANu9G_IPnNVFonCLnU34aZqJWks-in9Vi0AkoKpwSIycAEn4bZ3NoD4AQBkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBgOAB-KQ1OoBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQwaIO0ggRCIDhgBAQARgdMgKqAjoCgEDyCBthZHgtc3Vic3luLTI5NjAwNjM1NDAyMTI3MjiACgPICwHYEwzQFQGYFgGAFwGyFx4KHAgAEhRwdWItMTI5MDk5NTkwMTkwNTU4OBi7iXY&sigh=9DgR4hKu-Yg&uach_m=[UACH]
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s65-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

GET
H2 200 tracking
ad.mox.tv/delivery/ 51 B
51 B 31ms
31ms Image
text/html 190.2.151.10
WORLDSTREAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.mox.tv/delivery/tracking?hash=TnhiZERrYSt3bWw0TnI2bExjZUZ5KzE2M1NPdzgrSXFieTlHZ0dkbjZ6cHVpb1NFY2hWOVBlVHJ5Uk5rMHpkK1Q4WGFzaVdGZFNpaVh6NWMyU1dVbTl5WmFYN2tKcVZWTmR0K3VHc2cvNFltV1pFWDFDcUJPai9GNnNPQlR2RGJzdWpXNExNVjJYWU1HN3lqVXJqWE5lcGtpcStsYk4rTXZqd2RSWmx5cFgxL2dZMVp3Ti8ybkpyczBqZVBONEtXeFNxbUovRTF2bVdPUHBWNXlqVUFYN0hkS2JxTCtYRTR3VCs5dUdmWThjVlJuajNKK2xTbG9laGJRM2Nha1gxZA%3D%3D&params=WU5hbjdEMFYwSjFoSjB4VmZOWlNFUT09
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 190.2.151.10 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 190-2-151-10.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 16 Aug 2022 13:05:31 GMT
content-encoding: gzip
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 i-noref.js Show response
cm.mgid.com/ Frame 7190 0
38 B 120ms
119ms Script
application/javascript 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.mgid.com/i-noref.js?cbuster=1660655131519797400375
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/k/o/korrespondent.net.1283487.es6.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:31 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: application/javascript
cache-control: no-store, no-cache, must-revalidate, max-age=0
cf-ray: 73ba61cc1b639a06-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame F009 13 KB
5 KB 17ms
16ms Document
text/html 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://korrespondent.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1507
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 16 Aug 2022 12:40:24 GMT
expires: Wed, 16 Aug 2023 12:40:24 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 08AA 783 B
536 B 130ms
52ms Document
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

a6e88b8cfe698f9f6915414ab7faa9aa16f5f305aad506b1473902f40578d483

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-hckkRTD221Kft96KwJ1tLQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://korrespondent.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-hckkRTD221Kft96KwJ1tLQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 16 Aug 2022 13:05:31 GMT
expires: Tue, 16 Aug 2022 13:05:31 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
DATA 200
OK truncated
/ Frame D9AB 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9c72f749bfcd24a7184e4036a7299671694b80aee0537745904580d38f60c3cf

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 container.html Show response
aad76d0bec8e37c4236218635c06b50b.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame EF00 6 KB
3 KB 58ms
26ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://aad76d0bec8e37c4236218635c06b50b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://korrespondent.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 16 Aug 2022 13:05:31 GMT
expires: Wed, 16 Aug 2023 13:05:31 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 tracking
ad.mox.tv/delivery/ 51 B
51 B 36ms
34ms Image
text/html 190.2.151.10
WORLDSTREAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.mox.tv/delivery/tracking?hash=UUM4elZUT0xCMnNIa0FQNThWeFNiL1pJOVExT2t4ekZpRkViNnV1MUF2aUN6cHpHcHFHSVZnVU9UeFVVQ2cra2ZjT3V0TVMzNElYZWdhRFJFalp1YVBHNFB1UTQyMkxVa09NVWhiN3VOTkQzWUtQRzBXN3ZWR1V1eE1qYlVhVmFMdEIxbC93bFNtYWI2UWptMkFJZEJ2cE5Pb09ReThQY2RyWVIxeTJjZEoyWnpqc0t0WUIzLzEwTm5uMlJzZGp2M2RzYnRHOCtaYkZmTWloRUQ1bTBPaThtY3MvVzVXaW93MjB4QXh0Z3NtNitweTgrRG80TnAzS3lWdVZmK0N0b0tRelBDSGJYL0UyWk9sU3V5UXk5eHc9PQ%3D%3D&params=WU5hbjdEMFYwSjFoSjB4VmZOWlNFUT09
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 190.2.151.10 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 190-2-151-10.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 16 Aug 2022 13:05:31 GMT
content-encoding: gzip
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H3 200 1 Show response
servicer.mgid.com/971150/ 3 KB
2 KB 57ms
56ms Script
application/x-javascript 104.19.136.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://servicer.mgid.com/971150/1?mp4=1&ap=1&w=940&h=241&maxw_3=303&maxh_3=250&ident_p=true&cols=3&pv=5&cbuster=166065513158553087005&uniqId=0405f&lct=1659657600&niet=4g&nisd=false&jsv=es6&ref=&cxurl=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&lu=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&sessionId=62fb961b-045c1&pageView=0&pvid=182a6c257b7b9ee9958&implVersion=11&dpr=1
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/k/o/korrespondent.net.971150.es6.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.136.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f263e74fd00d4fb7dbb6e705c8de26d3689f5d2c844046892fe4e8e9c5e1175

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:31 GMT
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cf-ray: 73ba61cc8dc2d6a6-CDG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame C32F 2 KB
1 KB 195ms
30ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YvuWGgANibkITwIOAAuK3Qo7vZPSqYqDzojZtQ&u=%7CLc54TrZYb0Pomubk4zjimG2KXH%2BHywyuj9a7b88Apr0%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNy44cDHK1QYNdJ71gdyCWvylMYxXMLCj4fODidRdwMR55tQ-B9hy0g1QCKGju0TMFa1bhOsc0-qHI0q5s3rBU2JaNXDxHM41bHrALWacGMF-IvHGHkW0PTFwaWKbpxliJNEwp9STjpWKNH66E1CHAMrcQ2j8kyBcM8iFG1GHiupiH_v71jj-kj8vtB6oNSp5NRaKH9hiQTxYQtRASBP17yD2C4dJ-l93HGD-bhOgoKOcjpm5vJw8nO-UmtnG0sTRkaitzww9CwLxbVmkPygl7LYe_HEueOvJ1QT7YcvQ5c41bbsTTLTQ0lJodtdv7cJQhyC_BfP69-lb2LIXZ9Myn1DFtIMzHyZjIhddaxCPdBRhQow3As7hucsJ4czDUwQ6aT23TjvLc_zbgESEUJ29pYL3wLz8PVc8i5ix89KITNbrVYPx-6zjNxmWWedmk9kznmeFbxy1d4S8&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCn0G5Gpb7YrmTNo6EvPIP3ZWumAzJntKxXNWdkfdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTM3NTU2NjIxOTczODYyNjmgAdW20uoDyAEJqQLrBVo97AmxPqgDAaoEnAJP0E0aqRP3bLdlCrBf-zAXylx5qTbHXcYTBpgsNJIY7dKp3S10lOArPTk-ErwyrKC44yzkav41TAS4QZ63HYuDSnr5kLksfX9LsLZqugDUcDTZeJoX9onmXykguqijVO2wRa_IEEeX0QKths6eid2FG0lIKOWSZm0KBIjJ5brjRz9e030Dy9OLpTEQROCDdBgrfxu9QjnTLQ6YoBVx2sy_xAujNh7-llEQ_0vBB9fVCzNRt024ESChGElkIlEAR_I7piAIwQ4NPS9t6_5dZJzeaPwwOl1WbGo7v9mNQ67vj_gCQPQaw0U50qF_MB-hnG4pmQv5bjqytNB8eL7MCMtao2fzcDK6cClV73_cU4PTi0Mbd6d-1ttjE_n-5IAGrfmcm8mIzNaFAaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAcBABMgLrAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1rV8Gh6P4in6IA2EuDDJt8mBnUGA%26client%3Dca-pub-3755662197386269%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:31 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 11 Aug 2023 13:05:31 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame C32F 2 KB
1 KB 196ms
31ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:31 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 11 Aug 2023 13:05:31 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame C32F 308 B
636 B 160ms
28ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:31 GMT
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Fri, 11 Aug 2023 13:05:31 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame C32F 293 B
622 B 158ms
26ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:31 GMT
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Fri, 11 Aug 2023 13:05:31 GMT

GET
H2 200 lg.php
cat.nl.eu.criteo.com/delivery/ Frame C32F 43 B
348 B 190ms
26ms Image
image/gif 178.250.2.148
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.nl.eu.criteo.com/delivery/lg.php?cppv=3&cpp=M_F7b1JLIeKPzIM4rdWXtQgcNjnTp_IZIO_gaQrfG9bbdSsHhxpGyLYwO9S__ti8AgTlPnr4qhPHLIn_Wwp8e_llHgeAKg_ijzqfeuERHHGrzygemh0JRPTePY8Ik9O_zT85iXLTkC-FFIP5XUq17NBAKPHx9DwYy42LyvzuqgsVnsn_V4zZQK0T68AEhmLYxqItN3DwPtkjc9eX79ndJnUhCRL92V91f7qX7aCLEYVviby-ggCCOsY77Ug5xhKml2YISZcqRq-VwNixqgMYwgZRWydCV4RXM1WMDSErAB_duMyc9pIZjVYyODm-HqZlggh_l8IqkvZL_xMPvv6DhhJJPG8n0grNf2sGBmP3S6k37yW3hb6AXn5dJQgDwYdwCvievKCctBvZIuRIqIAM4uR7XbF9VKbnyWYctC6FzbMepogA

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.148 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:31 GMT
server: Kestrel
strict-transport-security: max-age=31536000; preload;
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2905573
content-type: image/gif
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 m
secure-gl.imrworldwide.com/cgi-bin/ Frame C32F 0
686 B 224ms
120ms Image
text/plain 2600:9000:21f3:5a00:1e:a43d:b640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-gl.imrworldwide.com/cgi-bin/m?ca=nlsn184820&cr=crtve&ce=criteo&pc=criteo_plc0001&ci=nlsnci162&am=3&at=view&rt=banner&st=image&r=1660655130
Requested by: Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=YvuWGgANibkITwIOAAuK3Qo7vZPSqYqDzojZtQ&u=%7CLc54TrZYb0Pomubk4zjimG2KXH%2BHywyuj9a7b88Apr0%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNy44cDHK1QYNdJ71gdyCWvylMYxXMLCj4fODidRdwMR55tQ-B9hy0g1QCKGju0TMFa1bhOsc0-qHI0q5s3rBU2JaNXDxHM41bHrALWacGMF-IvHGHkW0PTFwaWKbpxliJNEwp9STjpWKNH66E1CHAMrcQ2j8kyBcM8iFG1GHiupiH_v71jj-kj8vtB6oNSp5NRaKH9hiQTxYQtRASBP17yD2C4dJ-l93HGD-bhOgoKOcjpm5vJw8nO-UmtnG0sTRkaitzww9CwLxbVmkPygl7LYe_HEueOvJ1QT7YcvQ5c41bbsTTLTQ0lJodtdv7cJQhyC_BfP69-lb2LIXZ9Myn1DFtIMzHyZjIhddaxCPdBRhQow3As7hucsJ4czDUwQ6aT23TjvLc_zbgESEUJ29pYL3wLz8PVc8i5ix89KITNbrVYPx-6zjNxmWWedmk9kznmeFbxy1d4S8&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCn0G5Gpb7YrmTNo6EvPIP3ZWumAzJntKxXNWdkfdwwI23ARABIABgleKQgqAHggEXY2EtcHViLTM3NTU2NjIxOTczODYyNjmgAdW20uoDyAEJqQLrBVo97AmxPqgDAaoEnAJP0E0aqRP3bLdlCrBf-zAXylx5qTbHXcYTBpgsNJIY7dKp3S10lOArPTk-ErwyrKC44yzkav41TAS4QZ63HYuDSnr5kLksfX9LsLZqugDUcDTZeJoX9onmXykguqijVO2wRa_IEEeX0QKths6eid2FG0lIKOWSZm0KBIjJ5brjRz9e030Dy9OLpTEQROCDdBgrfxu9QjnTLQ6YoBVx2sy_xAujNh7-llEQ_0vBB9fVCzNRt024ESChGElkIlEAR_I7piAIwQ4NPS9t6_5dZJzeaPwwOl1WbGo7v9mNQ67vj_gCQPQaw0U50qF_MB-hnG4pmQv5bjqytNB8eL7MCMtao2fzcDK6cClV73_cU4PTi0Mbd6d-1ttjE_n-5IAGrfmcm8mIzNaFAaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAcBABMgLrAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1rV8Gh6P4in6IA2EuDDJt8mBnUGA%26client%3Dca-pub-3755662197386269%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:5a00:1e:a43d:b640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:31 GMT
via: 1.1 58b222ebbb6cc6c8c8c9a46127ae3a3e.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA2-C2
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://secure-gl.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
access-control-allow-origin: *
cache-control: no-cache
cross-origin-resource-policy: cross-origin
x-cache: Miss from cloudfront
accept-ch: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
content-length: 0
x-amz-cf-id: yTcRlqeMut2mRRfgxQXb9zhWT0ohYcffFl4A5zVza0TI29uREauKdw==
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 49ms
48ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=korrespondent.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 16 Aug 2022 13:05:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 28ms
28ms Script
application/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=korrespondent.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 16 Aug 2022 13:05:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 43 KB
11 KB 274ms
274ms XHR
text/plain 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4159801157072913&correlator=167201564752631&eid=31068923%2C31068928%2C21068766%2C31061166&output=ldjh&gdfp_req=1&vrg=2022081101&ptt=17&impl=fifs&iu_parts=21986089839%3A22434891267%2Civm_display%2Civm_umh_korrespondent.net_S_WW_336x280&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=320x50%7C336x280%7C336x90%7C321x123%7C320x100%7C320x50%7C300x250%7C300x100%7C300x75%7C300x50%7C300x31%7C292x30%7C250x250%7C240x133%7C234x60%7C220x90%7C216x54%7C216x36%7C200x200%7C180x150%7C168x42%7C168x28%7C125x125%7C120x240%7C120x90%7C120x60%7C120x30%7C120x20%7C88x31&fluid=height&ifi=9&adks=2632305383&sfv=1-0-38&fsapi=false&prev_scp=mt_fln%3D0.3&sc=1&cookie=ID%3D7d1d3a232bbb798f%3AT%3D1660655130%3AS%3DALNI_MaRb-A0QJAXYI5Y5wkNt4HWivBT2w&abxe=1&dt=1660655131595&lmt=1660655131&dlt=1660655129562&idt=1445&adxs=-168&adys=1208&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=2&ucis=7&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&frm=20&vis=1&psz=336x-1&msz=336x-1&fws=516&ohw=0&ga_vid=2006371786.1660655130&ga_sid=1660655131&ga_hid=351416207&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

cafe /

Resource Hash

98f304a05a17f5120eb93b6a6545bb2531abb810cb96515c7e0d8ce35493ff6c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:31 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10907
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://korrespondent.net
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pwt.js Show response
ads.pubmatic.com/AdServer/js/pwt/161673/7165/ 209 KB
67 KB 207ms
59ms Script
application/javascript 23.47.208.212
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/pwt/161673/7165/pwt.js
Requested by: Host: jsc.mgid.com
URL: https://jsc.mgid.com/k/o/korrespondent.net.1283487.es6.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.47.208.212 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-47-208-212.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 8c9bbe742162fa5293b477b57ff3dee85206b67553d0a448a672ca207edf3760

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:31 GMT
content-encoding: gzip
last-modified: Thu, 11 Aug 2022 07:25:33 GMT
server: Apache
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=31483
accept-ranges: bytes
content-type: application/javascript
content-length: 67841
expires: Tue, 16 Aug 2022 21:50:14 GMT

GET
H3 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012208081650000/ Frame F485 220 KB
60 KB 56ms
17ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012208081650000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d2e5722cf0b8d8df31200550801d755733c56d9ca2758b7041fbed009e0c9d08

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 64338
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61502
x-xss-protection: 0
server: sffe
date: Mon, 15 Aug 2022 19:13:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "df13b0b17adb5918"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 15 Aug 2023 19:13:13 GMT

GET
H3 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012208081650000/v0/ Frame F485 14 KB
5 KB 82ms
44ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012208081650000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e14ddde632bad66a3f79d6dc2c6a212d3b1b5cd8100cb6b73984b8797c5ed86

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 64338
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5197
x-xss-protection: 0
server: sffe
date: Mon, 15 Aug 2022 19:13:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "aca8368210f82021"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 15 Aug 2023 19:13:13 GMT

GET
H3 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012208081650000/v0/ Frame F485 94 KB
28 KB 83ms
45ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012208081650000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

70fa25d0cd4744b6b91054ad55e3e931dad31cc85915b13e33e4e674426c7cc1

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 64338
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28794
x-xss-protection: 0
server: sffe
date: Mon, 15 Aug 2022 19:13:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "cc093c4134ec5f1e"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 15 Aug 2023 19:13:13 GMT

GET
H3 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012208081650000/v0/ Frame F485 5 KB
2 KB 53ms
15ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012208081650000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec61d9fd1b3609a3a53f377ed07059c3dc7d2cb1502022e0623b4ebc1ea0f35e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 64338
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1913
x-xss-protection: 0
server: sffe
date: Mon, 15 Aug 2022 19:13:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "ef17e6cba96d5668"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 15 Aug 2023 19:13:13 GMT

GET
H3 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012208081650000/v0/ Frame F485 40 KB
13 KB 54ms
16ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012208081650000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d200dc372fb333c0ca488fba2a569a686cbf5f1ba0cc0544a4a8c96a4f91de3

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 64338
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12948
x-xss-protection: 0
server: sffe
date: Mon, 15 Aug 2022 19:13:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "08e07a681963ea9f"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 15 Aug 2023 19:13:13 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame F485 8 KB
1 KB 34ms
32ms Stylesheet
text/css 2a00:1450:400e:80c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:80c::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4cf6f3dffbc65f9231255bf31f40ddc84a45bc57428b41d6786afc7153b90b7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 16 Aug 2022 13:01:06 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 16 Aug 2022 13:05:31 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 16 Aug 2022 13:05:31 GMT

GET
H3 200 ru.png
tpc.googlesyndication.com/pagead/images/abg/ Frame F485 3 KB
3 KB 17ms
16ms Image
image/png 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/ru.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fed2d61088cba54be39b2069add7103160e31f07c950c0e2e7706d6d6dc9ebf6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 19:13:14 GMT
x-content-type-options: nosniff
server: cafe
age: 64337
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 6726277462267614359
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3041
x-xss-protection: 0
expires: Tue, 16 Aug 2022 19:13:14 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame F485 344 B
368 B 18ms
17ms Image
image/png 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 19:13:14 GMT
x-content-type-options: nosniff
server: cafe
age: 64337
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 6766994032117382215
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 344
x-xss-protection: 0
expires: Tue, 16 Aug 2022 19:13:14 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame F485 0
0 48ms
48ms Image
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQzZo3-UWT21RJTVYNPzTiWHq_XGPbPx3Y4bX29jCdFuwWAmjpPNG0awDwUVzsV548N2t_yCigctbqKvjQVdHviOyA2DA
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame F485 0
0 164ms
164ms Image
text/html 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CBBk_G5b7YufnDO3D7_UP4N2wyALS6KTGa9Ty1tSnDa3K_d8FEAEgm9yJImCVgoCAlAegAfKO4aoCyAEJ4AIAqAMByAMKqgTeAk_QazcxYN9_U6EYY-vcKFbRY-S-FQ-z-pXbqow0B2x1j7j6nNaJeQRdzKf4VD2x7e1-KNwqbdrRfGtQ36lnB2cAi1ltMc4xLlGoAB7h_Ymx4I8wEmGmuCgxgqyWZTwtai5Kb757ITBDoejD0KlpcBM0118qwMdmZvOtblKxL4Vz79GSdRvI3iOYxN5MqzfYjJ9VCnKOzgJiCEe5XPGSt2fFI8X2_doKG3ml3c7shlC212s3y0MfXLzr6u6jhH4F3JnPYd9pgWQNT2aluCUv0CDZPrTeTqZdfSPU_NmkeeCr800W0S0NIpv6xRl9jA09Vif3n1jscD7ndynpHH8hsYucf7GTT7A2XUs-1Rz3yDuTSYvxk5ysGHywwiQz_OJ2BIIkhHj7FtuVFhVFElNfYeRswrbURgc19WTlgFjFB26hWwkcxXI3lmGrFyhld09C1tX5dwlpa4H3zDUJF2uxwATDhcj7xgPgBAGSBQQIBBgBkgUECAUYBKAGLoAH9vCe1QGoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBBDBmgTSCBEIgOGAEBABGB0yAqoCOgKAQPIIG2FkeC1zdWJzeW4tNDM1NDMxNzQxMDgzMjgyNoAKA8gLAdgTDIgUAdAVAZgWAYAXAbIXHgocCAASFHB1Yi04MjQxMDQ5NDk3NjA4OTk3GPPxFg&sigh=7vOFQNoV4iw&uach_m=[UACH]&template_id=5000
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s65-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

GET
H2 200 tracking
ad.mox.tv/delivery/ 51 B
51 B 33ms
32ms Image
text/html 190.2.151.10
WORLDSTREAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.mox.tv/delivery/tracking?hash=TVZPb2FzSEg1TStRWm04cFc5bUJUTGxvenhtRWRQdS9jamVkTlhYSTVDQ2FqTmJsdDBlMGpiMmZxdUxuSFpCU2xVcXZzVHRWU2lRMUZCMnZhZnI3VXJOOUNFMkJEU0VsY0NyM1VQVHhSY3ByODFWQ2JwYkRtSnpDV01hRDJucWZMSEdMbTlDdGJzb1VtdjhkZDQyYlFwQWJqN0NabjhwSWMzNkNnOUVFZzNZS2NpU0Nmak90cFdvcjJkNi82cVRrSW5UUVZ1NkNkaFRyajhROS9Gc2VhR3IwYjJXd3pIV084bDE5SlZsUnlhTC8yQzQzRHBvSGgwZ090VDJZNXV4OA%3D%3D&params=WU5hbjdEMFYwSjFoSjB4VmZOWlNFUT09
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 190.2.151.10 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 190-2-151-10.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 16 Aug 2022 13:05:31 GMT
content-encoding: gzip
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H3 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/13907714606289961922/ Frame F485 58 KB
58 KB 18ms
18ms Image
image/jpeg 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/13907714606289961922/downsize_200k_v1?w=600&h=314

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e52859e0aae22eea5a32b5151c32f9e3b572261ea9dd89f87c865e2c954b6573

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 04:15:56 GMT
x-content-type-options: nosniff
age: 118175
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 58908
x-xss-protection: 0
last-modified: Fri, 14 May 2021 00:34:21 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/content-ads-owners
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 15 Aug 2023 04:15:56 GMT

GET
DATA 200
OK truncated
/ Frame F485 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame F485 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame F485 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dd104612e94fc2aca818752d3662ffaa81ec336c2f6f5bb2c727df0d720bc053

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 095F 156 B
185 B 300ms
299ms XHR
text/xml 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F23081961%2C22434891267%2Fkorrespondent.net_Video&description_url=https%3A%2F%2Fkorrespondent.net%2F&tfcd=0&npa=0&sz=480x360&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=2168260186022593&sdkv=h.3.525.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&u_so=l&ctv=0&sdki=44d&ptt=20&adk=741597496&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.525.0&sid=ACF8B6FA-9D0A-4928-BF3A-ED5DC6469DC8&nel=0&eid=44750823%2C44754420%2C44760950%2C44762904%2C44765701%2C44767130&url=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&dt=1660655131693&cookie=ID%3D7d1d3a232bbb798f-228d44c2f4cd0029%3AT%3D1660655130%3ART%3D1660655130%3AS%3DALNI_MbpG9cEHZXlWTLzHpXmKFnqLwCD_w&scor=1518696833243250&ged=ve4_td2_tt1_pd2_la2000_er1146.635.1147.636_vi0.0.1200.1600_vp100_ts1_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.525.0_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:31 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 095F 156 B
185 B 329ms
329ms XHR
text/xml 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21830442390%2C22434891267%2Fkorrespondent.net_video_WW_%2Fvast_18&description_url=http%3A%2F%2Fkorrespondent.net&tfcd=0&npa=0&sz=400x300%7C640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=2168260186022593&sdkv=h.3.525.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&u_so=l&ctv=0&sdki=44d&ptt=20&adk=741597496&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.525.0&sid=ACF8B6FA-9D0A-4928-BF3A-ED5DC6469DC8&nel=0&eid=44750823%2C44754420%2C44760950%2C44762904%2C44765701%2C44767130&url=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&dt=1660655131696&cookie=ID%3D7d1d3a232bbb798f-228d44c2f4cd0029%3AT%3D1660655130%3ART%3D1660655130%3AS%3DALNI_MbpG9cEHZXlWTLzHpXmKFnqLwCD_w&scor=1518696833243250&ged=ve4_td2_tt1_pd2_la2000_er1146.635.1147.636_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.525.0_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:32 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
pubads.g.doubleclick.net/gampad/live/ Frame 095F 156 B
255 B 316ms
316ms XHR
text/xml 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/live/ads?iu=%2F21986089839%2C22434891267%2Fivm_video%2Fivm_umh_korrespondent.net_WW_video&description_url=http%3A%2F%2Fkorrespondent.net&tfcd=0&npa=0&sz=400x300%7C640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=2168260186022593&cust_params=mt_fln%3D1.5&sdkv=h.3.525.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&u_so=l&ctv=0&sdki=44d&ptt=20&adk=741597496&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.525.0&sid=ACF8B6FA-9D0A-4928-BF3A-ED5DC6469DC8&nel=0&eid=44750823%2C44754420%2C44760950%2C44762904%2C44765701%2C44767130&url=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&dt=1660655131698&cookie=ID%3D7d1d3a232bbb798f-228d44c2f4cd0029%3AT%3D1660655130%3ART%3D1660655130%3AS%3DALNI_MbpG9cEHZXlWTLzHpXmKFnqLwCD_w&scor=1518696833243250&ged=ve4_td2_tt1_pd2_la2000_er1146.635.1147.636_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.525.0_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

ltt /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 153
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: ltt
google-mediationtag-id: -2
google-creative-id: -2
x-frame-options: SAMEORIGIN
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 095F 156 B
523 B 271ms
271ms XHR
text/xml 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F52555387%2C22434891267%2Fkorrespondent.net_video_WW&description_url=https%3A%2F%2Fwww.korrespondent.net%2F&tfcd=0&npa=0&sz=400x300%7C640x480&max_ad_duration=30000&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=2168260186022593&sdkv=h.3.525.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&u_so=l&ctv=0&sdki=44d&ptt=20&adk=741597496&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.525.0&sid=ACF8B6FA-9D0A-4928-BF3A-ED5DC6469DC8&nel=0&eid=44750823%2C44754420%2C44760950%2C44762904%2C44765701%2C44767130&url=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&dt=1660655131700&cookie=ID%3D7d1d3a232bbb798f-228d44c2f4cd0029%3AT%3D1660655130%3ART%3D1660655130%3AS%3DALNI_MbpG9cEHZXlWTLzHpXmKFnqLwCD_w&scor=1518696833243250&ged=ve4_td2_tt1_pd2_la2000_er1146.635.1147.636_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.525.0_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:31 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
pubads.g.doubleclick.net/gampad/live/ Frame 095F 156 B
226 B 391ms
391ms XHR
text/xml 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/live/ads?iu=%2F21679382043%2C22434891267%2Fmt_video_NPR%2Fmt_umh_korrespondent.net_video_WW&description_url=http%3A%2F%2Fkorrespondent.net&tfcd=0&npa=0&sz=400x300%7C640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=2168260186022593&cust_params=mt_fln%3D1.3&sdkv=h.3.525.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&u_so=l&ctv=0&sdki=44d&ptt=20&adk=741597496&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.525.0&sid=ACF8B6FA-9D0A-4928-BF3A-ED5DC6469DC8&nel=0&eid=44750823%2C44754420%2C44760950%2C44762904%2C44765701%2C44767130&url=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&dt=1660655131702&cookie=ID%3D7d1d3a232bbb798f-228d44c2f4cd0029%3AT%3D1660655130%3ART%3D1660655130%3AS%3DALNI_MbpG9cEHZXlWTLzHpXmKFnqLwCD_w&scor=1518696833243250&ged=ve4_td2_tt1_pd2_la2000_er1146.635.1147.636_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.525.0_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

ltt /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 153
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: ltt
google-mediationtag-id: -2
google-creative-id: -2
x-frame-options: SAMEORIGIN
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
pubads.g.doubleclick.net/gampad/live/ Frame 095F 81 KB
18 KB 543ms
542ms XHR
text/xml 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/live/ads?iu=%2F21986089839%2C22434891267%2Fivm_video%2Fivm_umh_korrespondent.net_WW_video&description_url=http%3A%2F%2Fkorrespondent.net&tfcd=0&npa=0&sz=400x300%7C640x480&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&correlator=2168260186022593&cust_params=mt_fln%3D0.5&sdkv=h.3.525.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&u_so=l&ctv=0&sdki=44d&ptt=20&adk=741597496&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.525.0&sid=ACF8B6FA-9D0A-4928-BF3A-ED5DC6469DC8&nel=0&eid=44750823%2C44754420%2C44760950%2C44762904%2C44765701%2C44767130&url=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&dt=1660655131704&cookie=ID%3D7d1d3a232bbb798f-228d44c2f4cd0029%3AT%3D1660655130%3ART%3D1660655130%3AS%3DALNI_MbpG9cEHZXlWTLzHpXmKFnqLwCD_w&scor=1518696833243250&ged=ve4_td2_tt1_pd2_la2000_er1146.635.1147.636_vi0.0.1200.1600_vp100_ts0_eb24171

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.525.0_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

ltt /

Resource Hash

33c9a67348a9fb11e888e1180d62810c269f9e83c6e2d05dc6bae8dd8ab462f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18420
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: ltt
google-creative-id: -1
x-frame-options: SAMEORIGIN
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK dsp.aspx Show response
inv-nets.admixer.net/ Frame 095F 13 B
482 B 19ms
19ms XHR
application/xml 146.0.227.110
VELIANET-AS velia...

General

Check archive.org

Show headers Download Go to

Full URL

https://inv-nets.admixer.net/dsp.aspx?rct=3&zone=df1b2b73-47b9-415b-8689-93ad194db745&zoneInt=87794&sect=36064&site=11930&rnd=166065513162fb961b82aac&page=korrespondent.net

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.525.0_en.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

146.0.227.110 , Ascension Island, ASN29066 (VELIANET-AS velia.net Internetdienste GmbH, DE),

Reverse DNS

Software

nginx /

Resource Hash

d938d6d21a55a7bb8a389cb6ca0fff204cda9532d81b4ca19af184ea3d748ebc

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:31 GMT
Server: nginx
P3p: CP="NID DSP ALL COR"
Access-Control-Allow-Origin: https://imasdk.googleapis.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/xml; charset=utf-8
Keep-Alive: timeout=25
Content-Length: 13
X-Xss-Protection: 0

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame F485 28 KB
28 KB 56ms
22ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://korrespondent.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 10 Aug 2022 08:44:44 GMT
x-content-type-options: nosniff
age: 534047
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28288
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 10 Aug 2023 08:44:44 GMT

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjYUvaYr.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame F485 14 KB
14 KB 58ms
24ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjYUvaYr.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

15e749617a3856bfaa4d2cea0c50d88366d2b579841bd5a45bd2d34062babc51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://korrespondent.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 23:42:24 GMT
x-content-type-options: nosniff
age: 48187
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14432
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:04:58 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 15 Aug 2023 23:42:24 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame C32F 12 KB
6 KB 22ms
21ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:31 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 11 Aug 2023 13:05:31 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C32F 7 KB
7 KB 100ms
24ms Image
image/png 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?h=176&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fstatic.nl.eu.criteo.net%2Fdesign%2Fdt%2F2861%2F190124%2F8d6bc06124f044d4973e0db21c495799_logo.png&v=3&w=256&s=Ztz4HcK_1CUe8izFWU-TMUXT

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

2a29e79bd75cc83eade181c4acc1c198786539997766b648bc21ed5aa7698408

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:31 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=29347370
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 7142
expires: Sat, 22 Jul 2023 05:08:22 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C32F 2 KB
2 KB 100ms
24ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2F6%2FlogoBosch-Gruppe-2804DE-1909091413.gif%3Feb%3D1&v=3&w=800&s=HYbmSDVtbe5wAnm1TH3AhaIB&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

490319aff00a55cfc00d9e24f71f39fc0801858055c62c07bec8fabf2f6e24ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:30 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=381663
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 1584
expires: Sat, 20 Aug 2022 23:06:35 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C32F 3 KB
3 KB 123ms
47ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2F1%2FlogoStepStone-sucht-fur-das-Deutsche-Rote-Kreuz-295856DE-2203290822.gif%3Feb%3D1&v=3&w=800&s=VpvLKR3klboFeQeW28_GABdI&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e29ffeda170cb0752b062928f22de04adc1c9177706f50b9c6a9c96dc706bf61

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:31 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=974992
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 2742
expires: Sat, 27 Aug 2022 19:55:24 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C32F 2 KB
3 KB 120ms
44ms Image
image/png 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2F5%2FlogoRheinmetall-Immobiliengesellschaft-mbH-105281DE-2106231724.gif%3Feb%3D1&v=3&w=800&s=jOxZCGG5Ym_DPcA0-CpCnrYy&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

cc5e65f3bf4a6f565b2e549b9b401450a1e7d283ffe50dd4a906b5375808b851

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:31 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/png
cache-control: public, max-age=362192
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 2446
expires: Sat, 20 Aug 2022 17:42:04 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C32F 1 KB
1 KB 121ms
45ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FB%2FlogoBKA_Bundeskriminalamt_4558DE.gif%3Feb%3D1&v=3&w=800&s=DI0SONUVXrdIf4n2KRU4NSEh&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e4b58a351151e4da3ebfac8c923fc7c19c7bbbd6696d716a2f3465bf869f1138

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:31 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=1611830
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 1266
expires: Sun, 04 Sep 2022 04:49:22 GMT

GET
H2 200 img
pix.eu.criteo.net/img/ Frame C32F 1 KB
1 KB 121ms
46ms Image
image/webp 178.250.0.139
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pix.eu.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=2861&q=80&r=0&u=http%3A%2F%2Fwww.stepstone.de%2Fupload_DE%2Flogo%2FL%2FlogoLandeshauptstadt-Stuttgart-188529DE.gif%3Feb%3D1&v=3&w=800&s=vZ604ejNI0IthEkYFX3drGcn&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.139 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

pix.par.vip.prod.criteo.com

Software

Finatra /

Resource Hash

8081c76de1493e67239a84553a77c274e740ef5dfffc875d12b94eafd6729d65

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:31 GMT
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Finatra
vary: Origin
content-type: image/webp
cache-control: public, max-age=2323511
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
content-length: 1226
expires: Mon, 12 Sep 2022 10:30:43 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame C32F 0
128 B 95ms
24ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=sgMToKKfDcEqp4JZixThBvVEtuYZOLIdeLDU9iAPVolEE3ISTXj0s9kG4cJzoiUkAeoPEcnf0Rz-GkpQjA_rL3A3Cf-MLk28iV2d2H2Ime4mNYU2hFyv8zVCpG-qsMsT91j6lYRhbBXXm44cRunbcwOPh1fECRm-6RbOD6e3uIkT2iSDXs3-NpKqK2-qRMgAgOGyC--qDKai-vJqWi8HKFH1y7DLQtTyWzbyiG2Yx_UQ95PsDAGKz_clhgk4OHDCcJDWug&sds=2&rev=82415&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 16 Aug 2022 13:05:30 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame C32F 2 KB
1 KB 30ms
29ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:31 GMT
content-encoding: gzip
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 11 Aug 2023 13:05:31 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame C32F 2 KB
1 KB 30ms
30ms Image
image/svg+xml 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:31 GMT
content-encoding: gzip
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
strict-transport-security: max-age=31536000; preload;
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Fri, 11 Aug 2023 13:05:31 GMT

GET
H3 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/86352550399540132/ Frame 7FF3 10 KB
3 KB 17ms
17ms Document
text/html 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/86352550399540132/index.html

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de6de06b5d49335bab8937daf66e6d0d112c62cdc4b9f5af1799647b84c5e8d4

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://aad76d0bec8e37c4236218635c06b50b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 215831
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 3173
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
cross-origin-resource-policy: cross-origin
date: Sun, 14 Aug 2022 01:08:20 GMT
expires: Mon, 14 Aug 2023 01:08:20 GMT
last-modified: Wed, 13 Jul 2022 11:28:04 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame EF00 0
0 169ms
169ms Fetch
text/html 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CgAZgG5b7Ypq6C42G9u8PuNuNqAuuooDca56p_fmXEJ_moNSzMxABIPeezU1glYKAgJQHoAHc9KXUA8gBCakC6wVaPewJsT7gAgCoAwHIA0iqBIgDT9D7EroMFSBEnP2_tIQ8A40EKyHeR2cmIF2byjKP7Dr6DbaGwjaEc5jnSvaGlN99rQDGoEa60UYLh-TZSrirDuIA84H7X0zRLDOzt89vNIvysMBeVyNmByR5sBGHzkAnwDeW19DNt-0W3LzhsjV16SkiJ8PyqfGz6Q6sTGIyi_QV_sPDMlGCuUE81-cl-IfqsbQk731gd7VRaQBYr8ZBn89piu29rJdAwmeQQ2nba_lLvEpbFdjw5Mxqy5-zG99_Helf_Slyrh7MX7-Tu4JUQevKGt2jXxgf7hzlUsC6iffDp8aWwTM2eEs6qblLjlY8NJA6KlZyBD8DvIbs1vqfdEN5mwQgeSbg95o4PGhzBKnTdwOYYA2PZ1CUDA8IyJWvez12YWUUOQ1cs2nOVZJ4GcqvacSVNuYlAH82w95tFmRZlMzMjwPQzAxRvF6kHrd_an6bsL0Uxul-OUYmeGp907iYiC3fMO4IEIWGc0FBglySiQ0FCjqna9Ht0zBbJ3KLSFnxH3bWZQHABPrW_cyJBOAEAZIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYugAeMi9orqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQsMoE0ggRCIDhgBAQARgdMgKqAjoCgECACgHICwHYEw3QFQGAFwGyFx4KHAgAEhRwdWItMzY5MDUzNDQ4NTE2NDYzNBicy2k&sigh=3lRjYovP9rA&uach_m=[UACH]&template_id=419
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s65-in-f2.1e100.net
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aad76d0bec8e37c4236218635c06b50b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220811/r20110914/ Frame EF00 23 KB
9 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220811/r20110914/abg_lite_fy2021.js

Requested by

Host: aad76d0bec8e37c4236218635c06b50b.safeframe.googlesyndication.com
URL: https://aad76d0bec8e37c4236218635c06b50b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ba7beca0f5402387b359ad40d2af0dda9632f6b81e2aa0c26336324c358c3e10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aad76d0bec8e37c4236218635c06b50b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:03:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 140
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9668
x-xss-protection: 0
server: cafe
etag: 3250940068065303693
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Aug 2022 13:03:11 GMT

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame A7A6
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

44ms
44ms

Image
text/html

2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H3
Server: 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Redirect headers

date: Tue, 16 Aug 2022 13:05:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

POST
H/1.1 200
OK / Show response
t.cotsta.ru/v4/track/tag/ Frame 3FAB 2 B
196 B 100ms
28ms XHR
text/plain 168.119.79.238
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://t.cotsta.ru/v4/track/tag/?v=1&time__offset=2&event=js_init&ex_pl_id=none&pl_id=none
Requested by: Host: 0.code.cotsta.ru
URL: https://0.code.cotsta.ru/dist/a.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 168.119.79.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.238.79.119.168.clients.your-server.de
Software: nginx/1.14.1 /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://korrespondent.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 16 Aug 2022 13:05:31 GMT
Server: nginx/1.14.1
Connection: keep-alive
Content-Length: 2
Content-Type: text/plain; charset=utf-8

GET
H/1.1 200
OK getPartnership Show response
a.cotsta.ru/ Frame 3FAB 4 KB
2 KB 114ms
40ms XHR
application/json 168.119.79.238
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://a.cotsta.ru/getPartnership?title=&keywords=&description=&os=Windows&viewport_width=1200&viewport_height=1600&browser_name=Chrome&browser_version=104&language=en-US&timezone=0&init_ref=&user_hash=YlR5cGU9Q2hyb21lJmJWZXJzaW9uPTEwNCZyV2lkdGg9MTIwMCZySGVpZ2h0PTE2MDA%3D&ref=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Requested by: Host: 0.code.cotsta.ru
URL: https://0.code.cotsta.ru/dist/a.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 168.119.79.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.238.79.119.168.clients.your-server.de
Software: nginx/1.14.1 / PHP/7.4.19
Resource Hash: 5b26ed637b9892bb358f2cb5e8de6deaa37df3f2247f7e2e7b200b6b4af2a809

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:31 GMT
Content-Encoding: gzip
Server: nginx/1.14.1
X-Powered-By: PHP/7.4.19
Vary: Accept-Encoding
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT

POST
H/1.1 200
OK / Show response
t.cotsta.ru/v4/track/tag/ Frame 3FAB 2 B
196 B 99ms
28ms XHR
text/plain 168.119.79.238
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://t.cotsta.ru/v4/track/tag/?v=1&time__offset=0&event=server_request&ex_pl_id=none&pl_id=none
Requested by: Host: 0.code.cotsta.ru
URL: https://0.code.cotsta.ru/dist/a.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 168.119.79.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.238.79.119.168.clients.your-server.de
Software: nginx/1.14.1 /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://korrespondent.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 16 Aug 2022 13:05:31 GMT
Server: nginx/1.14.1
Connection: keep-alive
Content-Length: 2
Content-Type: text/plain; charset=utf-8

GET
H3 200 949097195178092781
tpc.googlesyndication.com/simgad/ Frame A7A6 140 KB
140 KB 16ms
15ms Image
image/gif 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/949097195178092781

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012208081650000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fb723f64a4592323ee7fa4e2014452d2749fa12d60cc4fd55e22680a0b3c3e3c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 05:37:44 GMT
x-content-type-options: nosniff
age: 113267
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 143672
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 05:28:17 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 15 Aug 2023 05:37:44 GMT

GET
H3 200 ru.png
tpc.googlesyndication.com/pagead/images/abg/ Frame A7A6 3 KB
3 KB 18ms
18ms Image
image/png 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/ru.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012208081650000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fed2d61088cba54be39b2069add7103160e31f07c950c0e2e7706d6d6dc9ebf6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 19:13:14 GMT
x-content-type-options: nosniff
server: cafe
age: 64337
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 6726277462267614359
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3041
x-xss-protection: 0
expires: Tue, 16 Aug 2022 19:13:14 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame A7A6 344 B
368 B 19ms
19ms Image
image/png 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012208081650000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 19:13:14 GMT
x-content-type-options: nosniff
server: cafe
age: 64337
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 6766994032117382215
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 344
x-xss-protection: 0
expires: Tue, 16 Aug 2022 19:13:14 GMT

GET
DATA 200
OK truncated
/ Frame 095F 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012208081650000/ Frame FB26 220 KB
60 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012208081650000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d2e5722cf0b8d8df31200550801d755733c56d9ca2758b7041fbed009e0c9d08

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 64338
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61502
x-xss-protection: 0
server: sffe
date: Mon, 15 Aug 2022 19:13:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "df13b0b17adb5918"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 15 Aug 2023 19:13:13 GMT

GET
H3 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012208081650000/v0/ Frame FB26 14 KB
5 KB 20ms
18ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012208081650000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e14ddde632bad66a3f79d6dc2c6a212d3b1b5cd8100cb6b73984b8797c5ed86

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 64338
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5197
x-xss-protection: 0
server: sffe
date: Mon, 15 Aug 2022 19:13:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "aca8368210f82021"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 15 Aug 2023 19:13:13 GMT

GET
H3 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012208081650000/v0/ Frame FB26 94 KB
28 KB 21ms
15ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012208081650000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

70fa25d0cd4744b6b91054ad55e3e931dad31cc85915b13e33e4e674426c7cc1

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 64338
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28794
x-xss-protection: 0
server: sffe
date: Mon, 15 Aug 2022 19:13:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "cc093c4134ec5f1e"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 15 Aug 2023 19:13:13 GMT

GET
H3 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012208081650000/v0/ Frame FB26 5 KB
2 KB 24ms
18ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012208081650000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec61d9fd1b3609a3a53f377ed07059c3dc7d2cb1502022e0623b4ebc1ea0f35e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 64338
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1913
x-xss-protection: 0
server: sffe
date: Mon, 15 Aug 2022 19:13:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "ef17e6cba96d5668"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 15 Aug 2023 19:13:13 GMT

GET
H3 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012208081650000/v0/ Frame FB26 40 KB
13 KB 24ms
18ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012208081650000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d200dc372fb333c0ca488fba2a569a686cbf5f1ba0cc0544a4a8c96a4f91de3

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 64338
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12948
x-xss-protection: 0
server: sffe
date: Mon, 15 Aug 2022 19:13:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "08e07a681963ea9f"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 15 Aug 2023 19:13:13 GMT

GET
H3 200 ru.png
tpc.googlesyndication.com/pagead/images/abg/ Frame FB26 3 KB
3 KB 21ms
15ms Image
image/png 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/ru.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fed2d61088cba54be39b2069add7103160e31f07c950c0e2e7706d6d6dc9ebf6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 19:13:14 GMT
x-content-type-options: nosniff
server: cafe
age: 64337
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 6726277462267614359
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3041
x-xss-protection: 0
expires: Tue, 16 Aug 2022 19:13:14 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame FB26 344 B
368 B 22ms
16ms Image
image/png 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 19:13:14 GMT
x-content-type-options: nosniff
server: cafe
age: 64337
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 6766994032117382215
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 344
x-xss-protection: 0
expires: Tue, 16 Aug 2022 19:13:14 GMT

GET
DATA 200
OK truncated
/ Frame FB26 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2bdc36b4ed75c9ce98e2002e715d0105aa79013a30848e4c93a2f0743e17be32

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 5146968333678179395
tpc.googlesyndication.com/daca_images/simgad/ Frame FB26 49 KB
49 KB 23ms
20ms Image
image/png 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/5146968333678179395

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1cbf6ff5a1fe29ad13e5ba433cfc892ea91e1b4b6e5d4b2ee34973e9c44a4578

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 08:25:46 GMT
x-content-type-options: nosniff
age: 103185
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 50123
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 08:17:04 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 15 Aug 2023 08:25:46 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame FB26 0
0 174ms
171ms Image
text/html 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C4_7MG5b7Yt2-J9jG7_UP3LyWwA7int_ha4C6ldKYENvZHhABINLIxnxglYKAgJQHoAGG76uVAsgBAuACAKgDAcgDCKoE3gJP0Axm_1haAQydGM3p8r2tuQiNjQUNJtJJRo4a1YGfK1WGMAjlzzyTQSYKFnH2Py4CkM3ds-e9_SP0FqKKnW5zS9Rqgnz-Yv4XEBzUXIL6e_8qNsF0MPMDuBjmdwcWuAJQ8VOG61Iw-v_P7DtNaosJuEEA5RuKKoO0v0veIRF1Pi1aNByr_wOS0emRnH224G5HBlM44NdPOtJOre1b1MiTwKsdH_-dZk7UBmrepay3ZTjtltysT558y1SKOFJj0-q9rYM7XVqMPQtfODHKrv7m5EIPhl8BVxSOQP3OLMIHcZ0OJ2hPKTCoRNTwWc0kqLBSYAZsPS4VIj8RYZYxP-nd4QpyAIz8PkcDGF_rLsBGBU0_iLCFR8KXfgnb2APfSVvYwSZqn9rhl3000I8oQF9_ESR9HRlTjHCcPuU0Osrc03F3qr6JGsWsfQpe8FSjCJ7-V_0en-4XBbqcr4BQasAEn4bZ3NoD4AQBkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBgKAB-KQ1OoBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQh-AO0ggRCIDhgBAQARgdMgKqAjoCgEDyCBthZHgtc3Vic3luLTI5NjAwNjM1NDAyMTI3MjiACgPICwHYEwzQFQGYFgGAFwGyFx4KHAgAEhRwdWItMTI5MDk5NTkwMTkwNTU4OBi7iXY&sigh=U4I3pQJNWZ8&uach_m=[UACH]
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s65-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

GET
H2 200 tracking
ad.mox.tv/delivery/ 51 B
51 B 33ms
31ms Image
text/html 190.2.151.10
WORLDSTREAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.mox.tv/delivery/tracking?hash=MGlZM0x2ZnFFMnlGaWpOVzF0WVVRNnhUbHlDUVpIQjFjaXdTREtnWUFQb0N0enpVV0FRSGs3enErMWNWOG9VSGpybDFMWFN1WnBsdGNwMmo1WE9NbDVFeDgyeExMUmFJZGNRUmpQNk92N1lpanA3VmtSNk9vQUtjb1creDA2QUVGdHRXeTE2NkF5RU1pVXNLSmc3d1Q4Z0x3WGdGVXhKNVFDcHNxZXgrM3pBUE5uVWh2RnFPdXVuZzNUMXNrRGtLQXBTZjVMQmhwNDVaZ0tkeWc2R0dFQzBjQWZ5ZFBueDF6bkF4K0VlNkNRaDJBRHdPc3gxS0M3N0xwUzBteVdvZQ%3D%3D&params=WU5hbjdEMFYwSjFoSjB4VmZOWlNFUT09
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 190.2.151.10 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 190-2-151-10.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 16 Aug 2022 13:05:31 GMT
content-encoding: gzip
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H2 200 pixel.gif
ad.mox.tv/mox/test/ Frame 095F 42 B
173 B 31ms
28ms Image
image/gif 190.2.151.10
WORLDSTREAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.mox.tv/mox/test/pixel.gif
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 190.2.151.10 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 190-2-151-10.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:31 GMT
last-modified: Wed, 10 Jun 2020 14:52:51 GMT
server: nginx/1.14.0 (Ubuntu)
accept-ranges: bytes
etag: "5ee0f3c3-2a"
content-length: 42
content-type: image/gif

GET
H3 200 ppA1fI0VetKp8Yjs2tI4w37711CBJFVOi33fKYbLAYg.js Show response
pagead2.googlesyndication.com/bg/ Frame F009 36 KB
14 KB 19ms
17ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/ppA1fI0VetKp8Yjs2tI4w37711CBJFVOi33fKYbLAYg.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a690357c8d157ad2a9f188ecdad238c37efbd7508124554e8b7ddf2986cb0188

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 12:58:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 397
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13955
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 16 Aug 2023 12:58:54 GMT

GET
H3 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame 7FF3 9 KB
3 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/86352550399540132/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 09:41:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12233
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3271
x-xss-protection: 0
server: cafe
etag: 7483759447172721109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Wed, 17 Aug 2022 09:41:38 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 7FF3 26 KB
10 KB 16ms
16ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/86352550399540132/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 16:14:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 75074
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Tue, 16 Aug 2022 16:14:17 GMT

GET
H3 200 321b20d6f1e1117231f20a0756ab7cf6.js Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/86352550399540132/ Frame 7FF3 76 KB
19 KB 23ms
23ms Script
application/x-javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/86352550399540132/321b20d6f1e1117231f20a0756ab7cf6.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/86352550399540132/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c6ab4f9a3174d8ff5b06299a2694497bea1d78f277f2720f203ecbe21d7d623d

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 215831
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19325
x-xss-protection: 0
last-modified: Wed, 13 Jul 2022 11:28:04 GMT
server: sffe
date: Sun, 14 Aug 2022 01:08:20 GMT
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 14 Aug 2023 01:08:20 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 08AA 0
0 49ms
49ms Image
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022081101&jk=3264014519547007&rc=
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame F485 344 B
372 B 17ms
16ms Image
image/png 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012208081650000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 19:13:14 GMT
x-content-type-options: nosniff
server: cafe
age: 64338
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 6766994032117382215
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 344
x-xss-protection: 0
expires: Tue, 16 Aug 2022 19:13:14 GMT

GET
H3 200 aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMi0wMS8xMDE5MjQvYzBkZDYzNTMxNTU0MjlmY...
s-img.mgid.com/g/12581120/492x277/-/ 13 KB
14 KB 297ms
78ms Image
image/webp 104.19.132.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/g/12581120/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMi0wMS8xMDE5MjQvYzBkZDYzNTMxNTU0MjlmYzk1MWI4MDQ5ZGUyNmRlZmUuanBlZw.webp?v=1660655131-lG8y1-hmObT23mhx3CoTHXyr3ygeTrzSU6PY8MHtV2w
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.132.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6cf010e708fd6c2b74519204e7f6924b1356c7bad6ae12996b4a0ecbb3bb67ce

Request headers

Referer: https://korrespondent.net/
Origin: https://korrespondent.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:32 GMT
cf-cache-status: HIT
last-modified: Tue, 29 Mar 2022 09:41:24 GMT
x-mg-request-uuid: 7ee1d0e8-add2-45df-8e8e-76ae1efac70d
age: 9887
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 73ba61d0797799ab-CDG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 13548
server: cloudflare

GET
H3 200 aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMi0wMy8xMDE5MjQvOWNiNzRjMTdhYmNlYWVlO...
s-img.mgid.com/g/12581090/492x277/-/ 16 KB
17 KB 307ms
88ms Image
image/webp 104.19.132.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/g/12581090/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMi0wMy8xMDE5MjQvOWNiNzRjMTdhYmNlYWVlOTkyMDExYmY5YzViODBlYWMuanBlZw.webp?v=1660655131-KR_MMON4M8VJIG2RmE6gaOM_Hv8Q0CVHAVtd-tljOYU
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.132.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1598e045b4d9e7ab54c8164d124493be8cb6030eea6cccbbb41744487dbf8d9f

Request headers

Referer: https://korrespondent.net/
Origin: https://korrespondent.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:32 GMT
cf-cache-status: HIT
last-modified: Tue, 29 Mar 2022 09:38:19 GMT
x-mg-request-uuid: 7277f330-8691-46ae-bf98-0fb341bd7635
age: 14171
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 73ba61d0797a99ab-CDG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 16708
server: cloudflare

GET
H3 200 aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ194eV9jZW50ZXIsd18xMDIwLHhfNTM3LHlfNDk0L2h0dHA6Ly9pbWdob3N0cy5jb20vdC8yMDIxLTEwLzEwMTkyNC9lOGE2N...
s-img.mgid.com/g/12581140/492x277/-/ 13 KB
14 KB 321ms
102ms Image
image/webp 104.19.132.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/g/12581140/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ194eV9jZW50ZXIsd18xMDIwLHhfNTM3LHlfNDk0L2h0dHA6Ly9pbWdob3N0cy5jb20vdC8yMDIxLTEwLzEwMTkyNC9lOGE2NWU4NjU5ZjcxOWZiMTFmNDMzNmZhZDIyZTNkZS5qcGc.webp?v=1660655131-QeENE0jaX2J1SEjENAyQSeGGpNiwJe-pIKH2V444eYU
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.132.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7fee5488f247de155c84a033494401076018c81062f48180373e3cf05ae47c69

Request headers

Referer: https://korrespondent.net/
Origin: https://korrespondent.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:32 GMT
cf-cache-status: HIT
last-modified: Tue, 29 Mar 2022 09:37:52 GMT
x-mg-request-uuid: 723bbc00-02f5-47ed-947c-c3d40d16f51e
age: 1066066
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 73ba61d0797b99ab-CDG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 13508
server: cloudflare

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 00CD 143 B
163 B 15ms
15ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: aad76d0bec8e37c4236218635c06b50b.safeframe.googlesyndication.com
URL: https://aad76d0bec8e37c4236218635c06b50b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://aad76d0bec8e37c4236218635c06b50b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1579
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
date: Tue, 16 Aug 2022 12:39:13 GMT
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/ Frame EF00 3 KB
1 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/window_focus_fy2021.js

Requested by

Host: aad76d0bec8e37c4236218635c06b50b.safeframe.googlesyndication.com
URL: https://aad76d0bec8e37c4236218635c06b50b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aad76d0bec8e37c4236218635c06b50b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 12:58:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 446
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Aug 2022 12:58:06 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame EF00 140 KB
43 KB 55ms
55ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: aad76d0bec8e37c4236218635c06b50b.safeframe.googlesyndication.com
URL: https://aad76d0bec8e37c4236218635c06b50b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

75bf5c0112a41f871dc47c5e98deef6dc7db8e94178bf0c853f3a09415f6d338

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aad76d0bec8e37c4236218635c06b50b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44015
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1660137096112928"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 16 Aug 2022 13:05:32 GMT

GET
H2

200

sid Show response
mug.criteo.com/
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fkorrespondent.net%2F&domain=korrespondent.net&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=cLl-BHxEdjh4T3ZuZ3c3eWJKS3BySnZwZGVLdVVPcVgwYkRIOTRQSDdqektERFJuQytXdjJaN2JBcHRIUFFnRDkwRzNxYllXZFRISXh4NnV0SkhOMGlEMkdHTkdhdCtLR2FWWjRYMDVOT3BoYUk0bFVQUGk0UGplVzY5bF...

344 B
613 B

78ms
30ms

XHR
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=cLl-BHxEdjh4T3ZuZ3c3eWJKS3BySnZwZGVLdVVPcVgwYkRIOTRQSDdqektERFJuQytXdjJaN2JBcHRIUFFnRDkwRzNxYllXZFRISXh4NnV0SkhOMGlEMkdHTkdhdCtLR2FWWjRYMDVOT3BoYUk0bFVQUGk0UGplVzY5bFJnZm9BMjkxL2h6NlowajRjaWtxRTZ2SmVlTWFvQ2E1MGVqOFdkVHhYRnQyR0tobUh2SGE4eS9uc2tmSHlUeUEreXpyYzV2UWlwWE4relllbEVoSktGaW1nd0k3Y0Zjd2MxUVIrNzBtMjE4RjVWcHdQMmowPXw&cppv=2

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

f248e71877661dc6dee18907ce22e04ceeba7f468474101510b118ca40cdb4d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:31 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 3266
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:32 GMT
location: https://mug.criteo.com/sid?cpp=cLl-BHxEdjh4T3ZuZ3c3eWJKS3BySnZwZGVLdVVPcVgwYkRIOTRQSDdqektERFJuQytXdjJaN2JBcHRIUFFnRDkwRzNxYllXZFRISXh4NnV0SkhOMGlEMkdHTkdhdCtLR2FWWjRYMDVOT3BoYUk0bFVQUGk0UGplVzY5bFJnZm9BMjkxL2h6NlowajRjaWtxRTZ2SmVlTWFvQ2E1MGVqOFdkVHhYRnQyR0tobUh2SGE4eS9uc2tmSHlUeUEreXpyYzV2UWlwWE4relllbEVoSktGaW1nd0k3Y0Zjd2MxUVIrNzBtMjE4RjVWcHdQMmowPXw&cppv=2
strict-transport-security: max-age=31536000; preload;
access-control-allow-methods: GET
content-type: text/html; charset=utf-8
access-control-allow-origin: https://korrespondent.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1113
content-length: 482
expires: 0

GET
H2 200 header-bidding.js Show response
yandex.ru/ads/system/ Frame 3FAB 116 KB
32 KB 238ms
69ms Script
text/javascript 2a02:6b8:a::a
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yandex.ru/ads/system/header-bidding.js

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:a::a Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

6aa902a76341c901be30149fa7032befb55976883f2947aec2cf463fa68ea7e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
content-encoding: br
x-content-type-options: nosniff
nel: {"report_to": "network-errors", "max_age": 86400, "success_fraction": 0.001, "failure_fraction": 0.1}
x-yandex-req-id: 1660655132254553-2193320370902096738-vla1-5473-vla-l7-balancer-8080-BAL-2623
report-to: { "group": "network-errors", "max_age": 86400, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=3600
x-robots-tag: noindex, noarchive, nofollow
expires: Tue, 16 Aug 2022 14:05:32 GMT

GET
H/1.1 200
OK p4.41.0.js Show response
0.code.cotsta.ru/dist/ Frame 3FAB 281 KB
106 KB 90ms
90ms Script
application/javascript 185.119.59.4
TIMEWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://0.code.cotsta.ru/dist/p4.41.0.js

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

185.119.59.4 St Petersburg, Russian Federation, ASN9123 (TIMEWEB-AS, RU),

Reverse DNS

353757-ce44784.tmweb.ru

Software

nginx/1.14.1 /

Resource Hash

9d2ae8c80a6f17e7068957051ed9b2de5217215c2741b2671f3ae1a1e9ea4922

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:12:37 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Thu, 03 Jun 2021 11:49:04 GMT
Server: nginx/1.14.1
ETag: W/"60b8c1b0-46548"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=1800
Transfer-Encoding: chunked
Connection: keep-alive
X-XSS-Protection: 1; mode=block

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ Frame 3FAB 159 KB
41 KB 201ms
33ms Script
application/javascript 18.66.23.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.23.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-23-213.vie50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 925ed48219a2d3c339c5d288fdae3f965efbca0e5ee4e369b7dcbb04b6ade06f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Tue, 16 Aug 2022 12:58:48 GMT
via: 1.1 36cd2d0f34e25c2dc5099656a60bedac.cloudfront.net (CloudFront), 1.1 89a6fa6293c9b0bbce683ad0b9f7f538.cloudfront.net (CloudFront)
last-modified: Mon, 15 Aug 2022 16:11:59 GMT
server: AmazonS3
age: 405
etag: W/"52a6bc60961c702869c58b9d159c8e37"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-pop: FRA60-P1, VIE50-P1
content-encoding: gzip
x-amz-cf-id: LT2KznI03UzMm47cy-ltN76LItpqzcOBO1RH4D9wZXEtcwijOQZ6Iw==

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 3FAB 83 KB
28 KB 25ms
25ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

sffe /

Resource Hash

fb5e985fa55cb8c424d5ba26bd212d92f9e34ee2454c65bc65d1c1e9cc8757c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28641
x-xss-protection: 0
server: sffe
etag: "1305 / 8 of 1000 / last-modified: 1660648063"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 16 Aug 2022 13:05:32 GMT

GET
H2 200 code.js Show response
top-fwz1.mail.ru/js/ Frame 3FAB 25 KB
11 KB 288ms
72ms Script
application/javascript 95.163.52.67
MAILRU-AS Mail.Ru

General

Check archive.org

Show headers Download Go to

Full URL

https://top-fwz1.mail.ru/js/code.js

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

95.163.52.67 , Russian Federation, ASN47764 (MAILRU-AS Mail.Ru, RU),

Reverse DNS

top-fwz1.mail.ru

Software

nginx /

Resource Hash

556c93a5fc44ead9fbfa6f393af3a2a00a29eadda87db9356e9ea3d705320ae8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="NOI DSP COR NID CUR PSA OUR NOR"
amp-access-control-allow-source-origin: *
last-modified: Wed, 10 Aug 2022 17:24:07 GMT
server: nginx
etag: W/"62f3e9b7-6411"
access-control-allow-methods: GET, POST, HEAD, PUT, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: max-age=3600, private
access-control-allow-credentials: true
accept-ch-lifetime: 86400
accept-ch: DPR, Width, Viewport-Width, Downlink, Device-Memory, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version
timing-allow-origin: *
access-control-allow-headers: *
expires: Tue, 16 Aug 2022 14:05:32 GMT

GET
H2 200 tag.js Show response
mc.yandex.ru/metrika/ Frame 3FAB 205 KB
71 KB 342ms
126ms Script
application/javascript 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/metrika/tag.js

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

4feb8a4baf1ab6d4efee5b984ea48ff22af46b19c3b6c21964607fe61eea837c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:32 GMT
content-encoding: br
last-modified: Mon, 15 Aug 2022 15:05:51 GMT
etag: "62fa369f-118b8"
strict-transport-security: max-age=31536000
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
content-length: 71864
expires: Tue, 16 Aug 2022 14:05:32 GMT

POST
H/1.1 200
OK / Show response
t.cotsta.ru/v4/track/tag/ Frame 3FAB 2 B
196 B 28ms
28ms XHR
text/plain 168.119.79.238
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://t.cotsta.ru/v4/track/tag/?v=1&time__offset=181&event=document_ready&ex_pl_id=none&pl_id=none
Requested by: Host: 0.code.cotsta.ru
URL: https://0.code.cotsta.ru/dist/a.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 168.119.79.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.238.79.119.168.clients.your-server.de
Software: nginx/1.14.1 /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://korrespondent.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 16 Aug 2022 13:05:32 GMT
Server: nginx/1.14.1
Connection: keep-alive
Content-Length: 2
Content-Type: text/plain; charset=utf-8

GET
H2 200 pixel.gif
ad.mox.tv/mox/test/ Frame 095F 42 B
173 B 24ms
23ms Image
image/gif 190.2.151.10
WORLDSTREAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.mox.tv/mox/test/pixel.gif
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.525.0_en.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 190.2.151.10 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 190-2-151-10.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:32 GMT
last-modified: Wed, 10 Jun 2020 14:52:51 GMT
server: nginx/1.14.0 (Ubuntu)
accept-ranges: bytes
etag: "5ee0f3c3-2a"
content-length: 42
content-type: image/gif

POST
H/1.1 200
OK / Show response
t.cotsta.ru/v4/track/tag/ Frame 3FAB 2 B
196 B 28ms
28ms XHR
text/plain 168.119.79.238
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://t.cotsta.ru/v4/track/tag/?v=1&time__offset=182&event=ad_apply&ex_pl_id=/21830442390,22434891267/korrespondent.net_amx_/300x250_bs&pl_id=364
Requested by: Host: 0.code.cotsta.ru
URL: https://0.code.cotsta.ru/dist/a.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 168.119.79.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.238.79.119.168.clients.your-server.de
Software: nginx/1.14.1 /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://korrespondent.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 16 Aug 2022 13:05:32 GMT
Server: nginx/1.14.1
Connection: keep-alive
Content-Length: 2
Content-Type: text/plain; charset=utf-8

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame FB26
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

45ms
45ms

Image
text/html

2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H3
Server: 2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Redirect headers

date: Tue, 16 Aug 2022 13:05:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzM6MixjX2ZpbGwsZV9zaGFycGVuOjEwMCxmX2pwZyxnX2ZhY2VzOmF1dG8scV9hdXRvOmdvb2Qsd18xMDIwL2h0dHA6Ly9pbWdob3N0cy5jb20vdC8yMDIyLTA3LzEwMTkyNC9iNDVjM...
s-img.mgid.com/g/13780801/492x328/-/ 14 KB
15 KB 144ms
44ms Image
image/webp 104.19.132.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/g/13780801/492x328/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzM6MixjX2ZpbGwsZV9zaGFycGVuOjEwMCxmX2pwZyxnX2ZhY2VzOmF1dG8scV9hdXRvOmdvb2Qsd18xMDIwL2h0dHA6Ly9pbWdob3N0cy5jb20vdC8yMDIyLTA3LzEwMTkyNC9iNDVjM2U5MWM4YTc4ZDQwMzg2OTc0MWJhNjVjY2E4OS5qcGVn.webp?v=1660655131-9ofngu7TAFq_WsZpL43f2DiQPhNDT_NTKiy91UvQYek
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.132.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fefeaaef46ac6e5282ec906a5679fbeeacf86dde688e29ea245daac94d6baa51

Request headers

Referer: https://korrespondent.net/
Origin: https://korrespondent.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:32 GMT
cf-cache-status: HIT
last-modified: Thu, 11 Aug 2022 08:47:10 GMT
x-mg-request-uuid: 717e2604-a74a-444a-a62a-943f042c2c13
age: 439325
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 73ba61d0798299ab-CDG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 14368
server: cloudflare

GET
H3 200 aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzM6MixjX2ZpbGwsZV9zaGFycGVuOjEwMCxmX2pwZyxnX3h5X2NlbnRlcixxX2F1dG86Z29vZCx3XzEwMjAseF8yNjMseV8yMjIvaHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjItMDcvM...
s-img.mgid.com/g/13780794/492x328/-/ 27 KB
27 KB 157ms
58ms Image
image/webp 104.19.132.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s-img.mgid.com/g/13780794/492x328/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzM6MixjX2ZpbGwsZV9zaGFycGVuOjEwMCxmX2pwZyxnX3h5X2NlbnRlcixxX2F1dG86Z29vZCx3XzEwMjAseF8yNjMseV8yMjIvaHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjItMDcvMTAxOTI0L2MxMjQ5OTdlZGU1YTU2MmVhNTM0ZjFhNzUzYjc2MGJmLnBuZw.webp?v=1660655131-c65LU6J0S400Prc7YJyckkFnpIqq23AzmgG97H-lK1I
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.132.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 57a73a9a530e4bc11de0e19150beb203d37372803f888f4ffa603ac6d2319b83

Request headers

Referer: https://korrespondent.net/
Origin: https://korrespondent.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:32 GMT
cf-cache-status: HIT
last-modified: Thu, 11 Aug 2022 08:48:43 GMT
x-mg-request-uuid: b58e26f7-d4fe-4677-9ea4-4217c8245374
age: 302
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
cf-ray: 73ba61d0797f99ab-CDG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 27244
server: cloudflare

GET
H2 200 pixel.gif
ad.mox.tv/mox/test/ Frame 095F 42 B
173 B 23ms
23ms Image
image/gif 190.2.151.10
WORLDSTREAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.mox.tv/mox/test/pixel.gif
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.525.0_en.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 190.2.151.10 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 190-2-151-10.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:32 GMT
last-modified: Wed, 10 Jun 2020 14:52:51 GMT
server: nginx/1.14.0 (Ubuntu)
accept-ranges: bytes
etag: "5ee0f3c3-2a"
content-length: 42
content-type: image/gif

GET
H3 200 css
fonts.googleapis.com/ Frame 7FF3 4 KB
621 B 57ms
56ms Stylesheet
text/css 2a00:1450:400e:80c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400|Roboto:700

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/86352550399540132/321b20d6f1e1117231f20a0756ab7cf6.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:80c::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

099f342bcdd01d03cacd2d665bb82ed11b7110f74768ec40774de44140481a38

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 16 Aug 2022 12:30:55 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 16 Aug 2022 13:05:32 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 16 Aug 2022 13:05:32 GMT

GET
H3 200 a6086a5b79636974ceb4d8b3399bfb2d.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/86352550399540132/media/ Frame 7FF3 3 KB
3 KB 24ms
23ms Image
image/png 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/86352550399540132/media/a6086a5b79636974ceb4d8b3399bfb2d.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/86352550399540132/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

383c248124d43e4245ec6327490c21e21b15757c7c33bbe28e8f54856a6cf9b6

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 215832
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2984
x-xss-protection: 0
last-modified: Wed, 13 Jul 2022 11:28:04 GMT
server: sffe
date: Sun, 14 Aug 2022 01:08:20 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 14 Aug 2023 01:08:20 GMT

GET
H3 200 56b43f72be8b6be639cdd483e7f48c12.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/86352550399540132/media/ Frame 7FF3 3 KB
1 KB 23ms
22ms Image
image/svg+xml 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/86352550399540132/media/56b43f72be8b6be639cdd483e7f48c12.svg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/86352550399540132/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

985a75678aeb2265ad5871fa4e1bc207eefa788e1d5a47bf5dd848e3d9847765

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 198241
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1314
x-xss-protection: 0
last-modified: Wed, 13 Jul 2022 11:28:04 GMT
server: sffe
date: Sun, 14 Aug 2022 06:01:31 GMT
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 14 Aug 2023 06:01:31 GMT

GET
H3 200 8715b237bf03a9af2c4720d6c0b240ea.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/86352550399540132/media/ Frame 7FF3 9 KB
9 KB 22ms
21ms Image
image/png 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/86352550399540132/media/8715b237bf03a9af2c4720d6c0b240ea.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/86352550399540132/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9a84fcce314ed8a6146313f434552a1acc20b98711e023a43b6d510375efd86

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 215832
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9636
x-xss-protection: 0
last-modified: Wed, 13 Jul 2022 11:28:04 GMT
server: sffe
date: Sun, 14 Aug 2022 01:08:20 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 14 Aug 2023 01:08:20 GMT

GET
H2 206 http%3A%2F%2Fimghosts.com%2Ft%2F2022-07%2F101924%2F49f6022df60efde4b0e77b058e36ac37.gif
cl.imghosts.com/imgh/image/fetch/ar_3:2,c_fill,f_mp4,fl_lossy,g_faces:auto,w_680/ 256 KB
256 KB 117ms
44ms Media
video/mp4 2606:4700:4400::ac40:9040
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cl.imghosts.com/imgh/image/fetch/ar_3:2,c_fill,f_mp4,fl_lossy,g_faces:auto,w_680/http%3A%2F%2Fimghosts.com%2Ft%2F2022-07%2F101924%2F49f6022df60efde4b0e77b058e36ac37.gif?v=1660655131-h3TMjNRXSJmxMjoiqh9gjcxaosY2TdIr51lfc67_4r0

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9040 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

20e1e4528a14b80eec763aac082227995ad0e9e0ffd0cb26cb45a2016edd5aad

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

Referer: https://korrespondent.net/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Range: bytes=0-

Response headers

date: Tue, 16 Aug 2022 13:05:32 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
cf-cache-status: HIT
age: 442021
Content-Range: bytes 0-261685/261686
server-timing: fastly;dur=68;cpu=0;start=2022-08-11T08:46:03.018Z;desc=hit,rtt;dur=0
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 261686
timing-allow-origin: *
last-modified: Wed, 20 Jul 2022 21:45:57 GMT
server: cloudflare
etag: "d35fac2840836fe3fb442818ae276b36"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: video/mp4
access-control-allow-origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,X-Content-Type-Options
cache-control: public, max-age=31536000
cf-ray: 73ba61d07b0a01fc-ZRH
expires: Wed, 16 Aug 2023 13:05:32 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame F009 0
12 B 15ms
15ms Image
text/plain 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?9HkXXQ
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:32 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 236ms
49ms Preflight
application/json 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fkorrespondent.net%2F&domain=korrespondent.net&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://korrespondent.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://korrespondent.net
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Tue, 16 Aug 2022 13:05:32 GMT
expires: 0
pragma: no-cache
server-processing-duration-in-ticks: 1131
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 7FF3 15 KB
16 KB 16ms
16ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400|Roboto:700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 14 Aug 2022 05:29:41 GMT
x-content-type-options: nosniff
age: 200151
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 14 Aug 2023 05:29:41 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 7FF3 15 KB
15 KB 24ms
24ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400|Roboto:700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 11 Aug 2022 08:01:51 GMT
x-content-type-options: nosniff
age: 450221
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 11 Aug 2023 08:01:51 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame EB72 4 KB
621 B 134ms
133ms Stylesheet
text/css 2a00:1450:400e:80c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500

Requested by

Host: t.me
URL: https://t.me/operativnoZSU/36424?embed=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:80c::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

46d1791d45e9e6840842ef90f192c2c6f1f4247baa7c1f32f2da75d3a05c0de2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://t.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 16 Aug 2022 13:01:21 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 16 Aug 2022 13:05:32 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 16 Aug 2022 13:05:32 GMT

GET
H2 200 widget-frame.css
telegram.org/css/ Frame EB72 86 KB
22 KB 46ms
45ms Stylesheet
text/css 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://telegram.org/css/widget-frame.css?62

Requested by

Host: t.me
URL: https://t.me/operativnoZSU/36424?embed=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

437e2f919345cdc64ce4cc4de32598b6c99b2962f3e209c4c2efe4eeb4db7971

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://t.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:32 GMT
content-encoding: gzip
last-modified: Fri, 15 Jul 2022 13:29:32 GMT
server: nginx/1.18.0
etag: W/"62d16bbc-157fd"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css
cache-control: max-age=345600
expires: Sat, 20 Aug 2022 13:05:32 GMT

GET
H2 200 pnP2Q_LtnFJvhBBd2ChwFBtLYLDEb-cWcKEZxG4nmxAq2i9AESCkSyMIVXNxsTVrRHYTQlrcGbMJcoGtnSPAhG-_UJEbhGbOTQUItNbDmxSijzFDOf9LZTMqx4iKdZVfH9ajSwufl-weK5dTzMvc9iJ-hQYupA2hBKgr3w7hp_8eoPDrYg2m1GBmtRmelwM4QN78l...
cdn4.telegram-cdn.org/file/ Frame EB72 11 KB
11 KB 71ms
19ms Image
image/jpeg 34.111.35.152
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn4.telegram-cdn.org/file/pnP2Q_LtnFJvhBBd2ChwFBtLYLDEb-cWcKEZxG4nmxAq2i9AESCkSyMIVXNxsTVrRHYTQlrcGbMJcoGtnSPAhG-_UJEbhGbOTQUItNbDmxSijzFDOf9LZTMqx4iKdZVfH9ajSwufl-weK5dTzMvc9iJ-hQYupA2hBKgr3w7hp_8eoPDrYg2m1GBmtRmelwM4QN78l3wiwqgP0M5zK0PWoYt0GufYPoWDSqQCDcUofN5J32XahfJhCE4pnYDsSces7h3YCWyvY9ZRdiky_1WvdksGWsc1MZWVtCrbO4rEyuBTx-q9IUVG8VChsdN5ISzo5PI5uFBLdFoaS8R1u8YprQ.jpg

Requested by

Host: t.me
URL: https://t.me/operativnoZSU/36424?embed=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.111.35.152 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

152.35.111.34.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

273b29e3e581aa9820d1fa5f3a769c2018974c359d28a6eef0ee09cbe0b939d7

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; sandbox
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://t.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

content-security-policy: default-src 'none'; sandbox
via: 1.1 google
x-content-type-options: nosniff
age: 6432
date: Tue, 16 Aug 2022 11:18:20 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11091
x-xss-protection: 1; mode=block
server: nginx/1.18.0
x-frame-options: DENY
etag: "c5e047ea0c508aa009f59b0d4767d3c4ff34db3d"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
cache-control: public,max-age=7200
accept-ranges: bytes, bytes

GET
H2 200 telegram-widget.js Show response
oauth.tg.dev/js/ Frame EB72 19 KB
6 KB 88ms
23ms Script
application/javascript 104.222.176.10
SEABONE-NET TELEC...

General

Check archive.org

Show headers Download Go to

Full URL

https://oauth.tg.dev/js/telegram-widget.js?19

Requested by

Host: t.me
URL: https://t.me/operativnoZSU/36424?embed=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.222.176.10 , United Kingdom, ASN6762 (SEABONE-NET TELECOM ITALIA SPARKLE S.p.A., IT),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

60c62e0e44a2b4a1116d28f8a69f20c108cc84b5c173060d134a6ec083e12240

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://t.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:32 GMT
content-encoding: gzip
last-modified: Thu, 14 Apr 2022 10:47:14 GMT
server: nginx/1.18.0
etag: W/"6257fbb2-4a0b"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
cache-control: max-age=345600
expires: Sat, 20 Aug 2022 13:05:32 GMT

GET
H2 200 widget-frame.js Show response
telegram.org/js/ Frame EB72 91 KB
25 KB 26ms
25ms Script
application/javascript 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://telegram.org/js/widget-frame.js?59

Requested by

Host: t.me
URL: https://t.me/operativnoZSU/36424?embed=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

a3a9666403dd904811c01ba6925d89449b27aa3efe19e86b9d8864d660922fc6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://t.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:32 GMT
content-encoding: gzip
last-modified: Thu, 14 Jul 2022 22:52:43 GMT
server: nginx/1.18.0
etag: W/"62d09e3b-16c7c"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
cache-control: max-age=345600
expires: Sat, 20 Aug 2022 13:05:32 GMT

GET
H3 200 JTURjIg1_i6t8kCHKm45_dJE3gnD_g.woff2
fonts.gstatic.com/s/montserrat/v12/ 19 KB
19 KB 21ms
21ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v12/JTURjIg1_i6t8kCHKm45_dJE3gnD_g.woff2

Requested by

Host: ad.mox.tv
URL: https://ad.mox.tv/js/moxplayer/moxplayer.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

746589ecfb4406519933a6aea5f1149224afcba81e3c3ef0541e7ad6c8111b7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.mox.tv/
Origin: https://korrespondent.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 10:58:44 GMT
x-content-type-options: nosniff
age: 7608
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18956
x-xss-protection: 0
last-modified: Tue, 07 Nov 2017 15:27:08 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 16 Aug 2023 10:58:44 GMT

GET
DATA 200
OK truncated
/ 216 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1c5b104caea431c322db57433a42e842d0df628110cb8cedda3e2bbfa46f0bcd

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H/1.1 200
OK moxtv-logo-big.svg
cdn.mox.tv/assets/mox-tv/ 2 KB
2 KB 207ms
66ms Image
image/svg+xml 185.180.223.91
WORLDSTREAM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.mox.tv/assets/mox-tv/moxtv-logo-big.svg

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.180.223.91 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),

Reverse DNS

185-180-223-91.hosted-by-worldstream.net

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

cb5d0030be491ac393d71f8c248a6e552d35be0fd1ac7efcf8107abb04fa6b6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:32 GMT
Last-Modified: Wed, 11 Dec 2019 15:12:11 GMT
Server: nginx/1.14.0 (Ubuntu)
Connection: keep-alive
etag: "6cd6bea1e621ae7acc48b79bb588c71d"
Vary: Access-Control-Request-Headers,Access-Control-Request-Method,Origin
X-HW: 1660655132.dop240.am5.t,1660655132.cds148.am5.shn,1660655132.dop240.am5.t,1660655132.cds002.am5.c
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Cache-Control: max-age=572
x-rgw-object-type: Normal
strict-transport-security: max-age=15552000; includeSubDomains; preload
Accept-Ranges: bytes
Content-Length: 1822
Expires: Tue, 16 Aug 2022 13:15:04 GMT

GET
DATA 200
OK truncated
/ 75 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8975997ebeecb09737ece81428affda5d69642f01d629fb8873d1e9db26ed26f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H2 204 csi
csi.gstatic.com/ Frame 095F 0
327 B 102ms
36ms Ping
image/gif 2a00:1450:400e:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=1~l6w76s63&c=2419754494839&slotId=1209877247419.5&qqid=CPH977m2y_kCFSbJUQodbtAMzg&gqid=G5b7Ytz7N6v81wbo57P4Cw&fb=ima_html5-lima&sdkv=h.3.525.0&mrd=4&aab=1&itv=1&eee=missing-element&bi=missing-id&vast_v=4.0&ghmsh_eids=44750823%2C44754420%2C44760950%2C44762904%2C44765701%2C44767130&icc=1&icrh=0&icri=0&icrs=1&icru=0&icp=GoogleWhyThisAd&icdi=18x18&vmfc=2&vhc=0&wta=1&hghme=1&met.4=ghmsh_s.l6w76su2~ghmsh_s.l6w76su3~ghmsh_s.l6w76su3&ghmsh_mi=22%2C18%2C&ghmsh_vi=134%2C136%2C243%2C247%2C&ghmsh_ai=139%2C140%2C250%2C&ghmsh_gvt=0&ams=1&vs=1280x720&vc=avc1.64001F&mt=video%2Fmp4&vsrc=youtube&bit=22&cpn=GIag2j7ROo_Tb9iO
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.525.0_en.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400e:810::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:32 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 css2
fonts.googleapis.com/ Frame EB72 112 KB
29 KB 58ms
57ms Stylesheet
text/css 2a00:1450:400e:80c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=M+PLUS+Rounded+1c:wght@700&display=swap

Requested by

Host: telegram.org
URL: https://telegram.org/css/widget-frame.css?62

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:80c::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f1c5e16c3abc728ef3c7eb1ff66fc5b15f08232156bae6493e37becbd1b2f01d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://telegram.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 16 Aug 2022 13:05:19 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 16 Aug 2022 13:05:32 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 16 Aug 2022 13:05:32 GMT

GET
H/1.1 206
Partial Content 480_650.mp4
cdn.mox.tv/data/poY7y70BITeTugc/1138/video/1744/ 80 KB
0 147ms
50ms Media
video/mp4 185.180.223.91
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.mox.tv/data/poY7y70BITeTugc/1138/video/1744/480_650.mp4
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.180.223.91 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 185-180-223-91.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash

Request headers

Referer: https://korrespondent.net/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Range: bytes=0-

Response headers

Date: Tue, 16 Aug 2022 13:05:32 GMT
Last-Modified: Thu, 02 Sep 2021 16:24:30 GMT
Server: nginx/1.14.0 (Ubuntu)
Access-Control-Allow-Origin: *
ETag: "6130fabe-3299a49"
Content-Type: video/mp4
Content-Range: bytes 0-53058120/53058121
Connection: keep-alive
Content-Length: 53058121

GET
H3 200 help_outline_white_24dp_with_3px_trbl_padding.png
imasdk.googleapis.com/formats/wta/ Frame 095F 453 B
478 B 49ms
48ms Image
image/png 2a00:1450:400e:80c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imasdk.googleapis.com/formats/wta/help_outline_white_24dp_with_3px_trbl_padding.png?wp=ca-pub-5855149998903976

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:80c::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e519cc4b7b8fdc64a7aaafc1b808cde266a234205aac0d6c55589c12446d565e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/js/core/bridge3.525.0_en.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 12:58:33 GMT
x-content-type-options: nosniff
age: 419
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 453
x-xss-protection: 0
last-modified: Wed, 13 Oct 2021 14:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: image/png
cache-control: public, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 16 Aug 2022 13:48:33 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/live/interaction/ Frame 095F 42 B
65 B 184ms
184ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/live/interaction/?ai=CZJiSG5b7YrGEOqaSxwLuoLPwDPPj3-Brjdjd75cQsJAfEAEggM_UfGCVgoCAlAegAYjmoKoByAEFqQKtlUR5CQmxPuACAKgDAZgEAKoE9AJP0Eio67Fpm--beKCV4g3ptflHHH0GAf4SN5Gl9MZJn-sRukinQkE58h0Qk1Zzh5vc_rcFD4AX3MGTmMufTAcVvpvczCz8WUAezKsgU5W_rPbybyFvayPp5HWb2yR6ufQVzU8zuTG8oIyYbHqLCWcMk7xZN593uNqXhOGE1PPkjLZFwn4TYKA9HSYgrOpOfGxh0Hv72vVDecQ-fy8yahvrRgG3pyoOGyZDyfH9qYUBu89k9hBPQ1rBQDOTT0RbEuhk60OyxQQ9lFJ5uPtdjfhTpx7gi1dlj1vh_W6BnCHC0DV2iSUgkLuQhenNedQGHJextWqLNv3AsUt6zZ1LqIyQ5Sl78WldLVQzEYbRrCBLyqc8cxgfxoXvp5W1BmCSR2P9E-bM-aRf44m7-tmfLHrs0t9W-oYdw6HbSHlkMvmenOkrHXciY0xKnuVUx9jBGVI7ihkPtkXMmOeCCWGvdW2qZBNwuoOCwIjQGUuLnu4ANdL2RebABMW8irv8A-AEAYgF5NamtkGSBQgIAxADGAFQAaAGVIAH4Jnf1QKoB47OG6gHk9gbqAec3BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwGoCAHSCBEIgOGAEBABGB0yAqoCOgKAQPIIG2FkeC1zdWJzeW4tMjk2MDA2MzU0MDIxMjcyOLEJRpEBiQk4epGACgOYCwHICwHQCw64DAHYEwzQFQHiFgIIAfgWAYAXAQ&sigh=-Yzq41kNyZQ&label=show_ad

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ltt /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:32 GMT
x-content-type-options: nosniff
server: ltt
timing-allow-origin: *
x-frame-options: SAMEORIGIN
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
pubads.g.doubleclick.net/gampad/live/ Frame 095F 0
0 60ms
59ms Image
text/html 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pubads.g.doubleclick.net/gampad/live/adview?ai=C4qSYG5b7YrGEOqaSxwLuoLPwDPPj3-Brjdjd75cQsJAfEAEggM_UfGCVgoCAlAegAYjmoKoByAEFqQKtlUR5CQmxPuACAKgDAZgEAKoE8QJP0Eio67Fpm--beKCV4g3ptflHHH0GAf4SN5Gl9MZJn-sRukinQkE58h0Qk1Zzh5vc_rcFD4AX3MGTmMufTAcVvpvczCz8WUAezKsgU5W_rPbybyFvayPp5HWb2yR6ufQVzU8zuTG8oIyYbHqLCWcMk7xZN593uNqXhOGE1PPkjLZFwn4TYKA9HSYgrOpOfGxh0Hv72vVDecQ-fy8yahvrRgG3pyoOGyZDyfH9qYUBu89k9hBPQ1rBQDOTT0RbEuhk60OyxQQ9lFJ5uPtdjfhTpx7gi1dlj1vh_W6BnCHC0DV2iSUgkLuQhenNedQGHJextWqLNv3AsUt6zZ1LqIyQ5Sl78WldLVQzEYbRrCBLyqc8cxgfxoXvp5W1BmCSR2P9E-bM-aRf44m7-tmfLHrs0t9W-oYdw6HbSHlkMvmenOkrHXciYxRLRNVfhWLgi8CcP0eRA1A9RsN2_zOyf8CgSgurVUWmNHQvDmeTDmyta0zABMW8irv8A-AEAaAGVIAH4Jnf1QKoB47OG6gHk9gbqAec3BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcEEPKOGKgIAdIIEQiA4YAQEAEYHTICqgI6AoBA8ggbYWR4LXN1YnN5bi0yOTYwMDYzNTQwMjEyNzI4gAoDyAsBwhMGGIjmoKoB2BMM0BUB4hYCCAGAFwGyFx4KHAgAEhRwdWItMTI5MDk5NTkwMTkwNTU4OBi7iXY&sigh=37pLy19Fixk&cmd=Ch1jYS12aWRlby1wdWItMTI5MDk5NTkwMTkwNTU4OBAAGAI&uach_m=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vt=10
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s65-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 095F 0
20 B 51ms
50ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?evt=start&format=TRUEVIEW&lid=143&sdkv=h.3.525.0&e=44750823%2C44754420%2C44760950%2C44762904%2C44765701%2C44767130&id=ima_html5&c=4069220768159998&domain=korrespondent.net

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pubads_impl_2022081101.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 3FAB 388 KB
132 KB 16ms
15ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

sffe /

Resource Hash

48bd457befd1682d1e21bd4327a12799559ecc1308da5413b21ee60d2e6c0dde

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 12:33:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1941
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 135472
x-xss-protection: 0
last-modified: Thu, 11 Aug 2022 08:35:49 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 16 Aug 2023 12:33:11 GMT

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ Frame 3FAB 0
312 B 45ms
43ms XHR
text/plain 18.66.23.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fkorrespondent.net&pubid=5c3c4d42-c5ae-4bf5-a931-2f0dc2cf7912
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.23.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-23-213.vie50.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 07:29:06 GMT
via: 1.1 89a6fa6293c9b0bbce683ad0b9f7f538.cloudfront.net (CloudFront)
server: Server
age: 20185
x-cache: Hit from cloudfront
access-control-allow-origin: https://korrespondent.net
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-pop: VIE50-P1
x-amz-cf-id: AEbLtW6fDfB3e-kJNOckKK9HC8_-s1SBSHmQzI9paxPO05uPQc-KKA==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame 3FAB 6 KB
3 KB 85ms
29ms XHR
application/javascript 18.66.23.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.23.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-23-213.vie50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: JXufo2ctue2uysHllG2MRpKE8F0E4.a0
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
age: 39674
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Wed, 03 Aug 2022 22:19:11 GMT
server: AmazonS3
date: Tue, 16 Aug 2022 02:15:21 GMT
vary: Accept-Encoding,Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 c172ad3d6658cab7ff64a4a64dca4822.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: VIE50-P1
x-amz-cf-id: O0wP_i7SHvFzCXINYDvkmN7Yt7Rgs5Bt079ldbi4zMVQFWA6M2aDWA==

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 98ms
25ms Preflight
application/json 178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: null
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Tue, 16 Aug 2022 13:05:32 GMT
expires: 0
pragma: no-cache
server-processing-duration-in-ticks: 1178
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/ Frame EF00 17 KB
7 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220811/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: aad76d0bec8e37c4236218635c06b50b.safeframe.googlesyndication.com
URL: https://aad76d0bec8e37c4236218635c06b50b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aad76d0bec8e37c4236218635c06b50b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:03:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 109
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7599
x-xss-protection: 0
server: cafe
etag: 9215437806027971270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 30 Aug 2022 13:03:43 GMT

GET
H3 200 ppA1fI0VetKp8Yjs2tI4w37711CBJFVOi33fKYbLAYg.js Show response
pagead2.googlesyndication.com/bg/ Frame 7FF3 36 KB
14 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/ppA1fI0VetKp8Yjs2tI4w37711CBJFVOi33fKYbLAYg.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a690357c8d157ad2a9f188ecdad238c37efbd7508124554e8b7ddf2986cb0188

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 12:58:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 398
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13955
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 16 Aug 2023 12:58:54 GMT

POST
H2 204 csi
csi.gstatic.com/ 0
45 B 38ms
37ms Ping
image/gif 2a00:1450:400e:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&top=1&puid=1~l6w76s0i&c=2419754494839&slotId=1209877247419.5&eee=missing-element&bi=missing-id
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400e:810::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:32 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 00CD
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

33ms
32ms

Document
text/html

2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: aad76d0bec8e37c4236218635c06b50b.safeframe.googlesyndication.com
URL: https://aad76d0bec8e37c4236218635c06b50b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 16 Aug 2022 13:05:32 GMT
expires: Tue, 16 Aug 2022 13:05:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 16 Aug 2022 13:05:32 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1

206
Partial Content

videoplayback
rr4---sn-4g5ednd7.googlevideo.com/
Redirect Chain

https://rr5---sn-4g5e6nzl.googlevideo.com/videoplayback?expire=1660683932&ei=HJb7YpOpCYOJxgKirKh4&ip=193.27.14.10&id=3ed0f943d73edb30&itag=22&source=youtube&requiressl=yes&mh=6i&mm=31&mn=sn-4g5e6nz...
https://rr4---sn-4g5ednd7.googlevideo.com/videoplayback?expire=1660683932&ei=HJb7YpOpCYOJxgKirKh4&ip=193.27.14.10&id=3ed0f943d73edb30&itag=22&source=youtube&requiressl=yes&susc=gvp&acao=yes&ctier=L...

3 MB
3 MB

106ms
17ms

Media
video/mp4

2a00:1450:4001:16::9
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://rr4---sn-4g5ednd7.googlevideo.com/videoplayback?expire=1660683932&ei=HJb7YpOpCYOJxgKirKh4&ip=193.27.14.10&id=3ed0f943d73edb30&itag=22&source=youtube&requiressl=yes&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=39.288&lmt=1630704983284524&txp=5311224&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRgIhAJH8DhauUAbYfvQn_34EZnD4H7LYy29nekgEXydMRt9bAiEAxFYiZrbMfiYL_OWmI2l805z6xKnBz7YiRQtKJgxqY4A=&cpn=GIag2j7ROo_Tb9iO&redirect_counter=1&rm=sn-4g5ed776&req_id=34eb26302fd836e2&cms_redirect=yes&cmsv=e&ipbypass=yes&mh=6i&mip=2001:ac8:20:301::201e&mm=31&mn=sn-4g5ednd7&ms=au&mt=1660654862&mv=m&mvi=4&pl=53&lsparams=ipbypass,mh,mip,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRgIhAKTOFiFjrJnk4aUYJDk4zm48Xyu7qL8Oi1116lga74V9AiEAwF3elk-N7XkVJJ40TcAmGddiLUv6v9sV2iN_jRoloXQ%3D

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

HTTP/1.1

Server

2a00:1450:4001:16::9 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

772e8003d51183fa1bebbb6cf159aa48e4de85a2d4b2b67b0ebc5d7f71adcb78

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:32 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 03 Sep 2021 21:36:23 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Content-Range: bytes 0-3574462/3574463
Cache-Control: private, max-age=28500
Cross-Origin-Resource-Policy: cross-origin
Connection: close
Accept-Ranges: bytes
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 3574463
Expires: Tue, 16 Aug 2022 13:05:32 GMT

Redirect headers

Date: Tue, 16 Aug 2022 13:05:32 GMT
X-Content-Type-Options: nosniff
Last-Modified: Wed, 02 May 2007 10:26:10 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: text/html
Location: https://rr4---sn-4g5ednd7.googlevideo.com/videoplayback?expire=1660683932&ei=HJb7YpOpCYOJxgKirKh4&ip=193.27.14.10&id=3ed0f943d73edb30&itag=22&source=youtube&requiressl=yes&susc=gvp&acao=yes&ctier=L&mime=video/mp4&vprv=1&dur=39.288&lmt=1630704983284524&txp=5311224&sparams=expire,ei,ip,id,itag,source,requiressl,susc,acao,ctier,mime,vprv,dur,lmt&sig=AOq0QJ8wRgIhAJH8DhauUAbYfvQn_34EZnD4H7LYy29nekgEXydMRt9bAiEAxFYiZrbMfiYL_OWmI2l805z6xKnBz7YiRQtKJgxqY4A=&cpn=GIag2j7ROo_Tb9iO&redirect_counter=1&rm=sn-4g5ed776&req_id=34eb26302fd836e2&cms_redirect=yes&cmsv=e&ipbypass=yes&mh=6i&mip=2001:ac8:20:301::201e&mm=31&mn=sn-4g5ednd7&ms=au&mt=1660654862&mv=m&mvi=4&pl=53&lsparams=ipbypass,mh,mip,mm,mn,ms,mv,mvi,pl&lsig=AG3C_xAwRgIhAKTOFiFjrJnk4aUYJDk4zm48Xyu7qL8Oi1116lga74V9AiEAwF3elk-N7XkVJJ40TcAmGddiLUv6v9sV2iN_jRoloXQ%3D
Cache-Control: private, max-age=900
Cross-Origin-Resource-Policy: cross-origin
Connection: close
Content-Length: 0
Expires: Tue, 16 Aug 2022 13:05:32 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame D9AB 42 B
64 B 61ms
59ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvc7f8RA56ZF8iK5yphWUBYT8bt9cKQj3lXmKrKHQCI7y9y0RLY7yhNXkTopYVQXdLOxeBfOg0Jaz4iJ_iUClv-2h0&sig=Cg0ArKJSzG0zrjzncmQ4EAE&id=lidar2&mcvt=1072&p=0,0,90,728&mtos=1072,1072,1072,1072,1072&tos=1072,0,0,0,0&v=20220810&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3638426950&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1660655130770&rpt=723&met=ie&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 095F 0
17 B 81ms
36ms Ping
image/gif 2a00:1450:400e:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=2~l6w76sx0&c=2419754494839&slotId=1209877247419.5&qqid=CPH977m2y_kCFSbJUQodbtAMzg&gqid=G5b7Ytz7N6v81wbo57P4Cw&fb=ima_html5-lima&sdkv=h.3.525.0&mrd=4&aab=1&itv=1&met.4=ghmsh_s.l6w76sx1~vss_tr.vt
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.525.0_en.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400e:810::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:32 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 getcookie Show response
matchid.adfox.yandex.ru/ Frame 3FAB 88 B
374 B 532ms
63ms XHR
application/json 2a02:6b8::16b
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://matchid.adfox.yandex.ru/getcookie

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/header-bidding.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a02:6b8::16b Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

c6e8504dab871177a8d6e8ff42464a0a0ac8f3dc47409e95262217b55c53e870

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-origin: https://korrespondent.net
date: Tue, 16 Aug 2022 13:05:33 GMT
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 88
x-content-type-options: nosniff
content-type: application/json

POST
H/1.1 200
OK / Show response
t.cotsta.ru/v4/track/tag/ Frame 3FAB 2 B
196 B 29ms
29ms XHR
text/plain 168.119.79.238
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://t.cotsta.ru/v4/track/tag/?v=1&time__offset=728&event=init_creative&ex_pl_id=/21830442390,22434891267/korrespondent.net_amx_/300x250_bs&pl_id=364
Requested by: Host: 0.code.cotsta.ru
URL: https://0.code.cotsta.ru/dist/a.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 168.119.79.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.238.79.119.168.clients.your-server.de
Software: nginx/1.14.1 /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://korrespondent.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 16 Aug 2022 13:05:32 GMT
Server: nginx/1.14.1
Connection: keep-alive
Content-Length: 2
Content-Type: text/plain; charset=utf-8

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 3FAB 170 KB
56 KB 62ms
62ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: 0.code.cotsta.ru
URL: https://0.code.cotsta.ru/dist/a.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f0714c5a62307d23facaadf469366c2f5b11be5a54d0e962dd93399f5a7a48ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57442
x-xss-protection: 0
server: cafe
etag: 13422498666661997977
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 16 Aug 2022 13:05:32 GMT

POST
H/1.1 200
OK / Show response
t.cotsta.ru/v4/track/tag/ Frame 3FAB 2 B
196 B 28ms
28ms XHR
text/plain 168.119.79.238
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://t.cotsta.ru/v4/track/tag/?v=1&time__offset=729&event=start_auction&ex_pl_id=/21830442390,22434891267/korrespondent.net_amx_/300x250_bs&pl_id=364
Requested by: Host: 0.code.cotsta.ru
URL: https://0.code.cotsta.ru/dist/a.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 168.119.79.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.238.79.119.168.clients.your-server.de
Software: nginx/1.14.1 /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://korrespondent.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 16 Aug 2022 13:05:32 GMT
Server: nginx/1.14.1
Connection: keep-alive
Content-Length: 2
Content-Type: text/plain; charset=utf-8

GET
H2

200

1 Show response
mc.yandex.com/watch/61684903/ Frame 3FAB
Redirect Chain

https://mc.yandex.com/watch/61684903?wmode=7&page-url=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14...
https://mc.yandex.com/watch/61684903/1?wmode=7&page-url=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A...

331 B
413 B

66ms
66ms

XHR
application/json

2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/61684903/1?wmode=7&page-url=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Anlzej4hetqp77kpsc2e48%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A870%3Acn%3A1%3Adp%3A0%3Als%3A393081872149%3Ahid%3A958686927%3Az%3A0%3Ai%3A20220816130532%3Aet%3A1660655133%3Ac%3A1%3Arn%3A534516308%3Arqn%3A1%3Au%3A1660655133195433051%3Aw%3A300x250%3As%3A1600x1200x24%3Ask%3A1%3Aifr%3A1%3Acpf%3A1%3Antf%3A1%3Ans%3A1660655131164%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C5%2C0%2C5%2C5%2C0%2C5%3Awv%3A2%3Aco%3A0%3Arqnl%3A1%3Ast%3A1660655133%3At%3A&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29rqnl%281%29ti%282%29

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

bb9debf62cf49b5b21e9ccb40f4a5ad95dfbecacd327b8346e74499a52ab232b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:32 GMT
x-content-type-options: nosniff
last-modified: Tue, 16-Aug-2022 13:05:32 GMT
strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
access-control-allow-origin: https://korrespondent.net
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 331
x-xss-protection: 1; mode=block
expires: Tue, 16-Aug-2022 13:05:32 GMT

Redirect headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:32 GMT
last-modified: Tue, 16-Aug-2022 13:05:32 GMT
location: /watch/61684903/1?wmode=7&page-url=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Anlzej4hetqp77kpsc2e48%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A870%3Acn%3A1%3Adp%3A0%3Als%3A393081872149%3Ahid%3A958686927%3Az%3A0%3Ai%3A20220816130532%3Aet%3A1660655133%3Ac%3A1%3Arn%3A534516308%3Arqn%3A1%3Au%3A1660655133195433051%3Aw%3A300x250%3As%3A1600x1200x24%3Ask%3A1%3Aifr%3A1%3Acpf%3A1%3Antf%3A1%3Ans%3A1660655131164%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C5%2C0%2C5%2C5%2C0%2C5%3Awv%3A2%3Aco%3A0%3Arqnl%3A1%3Ast%3A1660655133%3At%3A&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29rqnl%281%29ti%282%29
strict-transport-security: max-age=31536000
access-control-allow-origin: https://korrespondent.net
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
expires: Tue, 16-Aug-2022 13:05:32 GMT

GET
DATA 200
OK truncated
/ Frame EB72 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a1ef3d3ae5f563bd9b05d778c8cb5261ff05eb0dc32de1d27f78fdc111ed2107

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 Tzu4yK7voohnc8Kpyt2VtvPm1YI7OPTLjPNmXMiLocBgqLdCfbHLQZqi13fiD-ly8D3Sa3J-9699YjyAKlSL0d_abLzk6CSSPoL_pg_T0op3ApC3idtDGUHvrFsodjtonQhgpzxwvcDORWeg7_2g5vFoBkjs-Dgnwx5Za7FgBkGpEcnZOWE9Md9DKCxlQPG86R1sG...
cdn4.telegram-cdn.org/file/ Frame EB72 1 KB
2 KB 52ms
18ms Image
image/jpeg 34.111.35.152
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn4.telegram-cdn.org/file/Tzu4yK7voohnc8Kpyt2VtvPm1YI7OPTLjPNmXMiLocBgqLdCfbHLQZqi13fiD-ly8D3Sa3J-9699YjyAKlSL0d_abLzk6CSSPoL_pg_T0op3ApC3idtDGUHvrFsodjtonQhgpzxwvcDORWeg7_2g5vFoBkjs-Dgnwx5Za7FgBkGpEcnZOWE9Md9DKCxlQPG86R1sGZzSM4UehJno3A_teldg9BplpmZnG-hQyx6xPRd2KA3Y8VOsRI9qSP5w46WEVAhFMtH80VjEBRMRgKAT31d9w6GP7mG1E_rWDdQyYPz9vknutTZXF0E_uo3hy0trCDdvPGkbWcyWAgis3Otbdw.jpg

Requested by

Host: t.me
URL: https://t.me/operativnoZSU/36424?embed=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.111.35.152 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

152.35.111.34.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

4896030f998208bf001883e816a7bcfa9e982fac5ed6a004c7889baa55b0fb18

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; sandbox
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://t.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

content-security-policy: default-src 'none'; sandbox
via: 1.1 google
x-content-type-options: nosniff
age: 6115
date: Tue, 16 Aug 2022 11:23:37 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1486
x-xss-protection: 1; mode=block
server: nginx/1.18.0
x-frame-options: DENY
etag: "91d6fb85785b681e0bb3067b6070103c0bb3548f"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
cache-control: public,max-age=7200
accept-ranges: bytes, bytes

GET
H2 200 lVjgjPytqWRNcQdakBj3g89WMd_sJ8CY1aIgVVu9P-uJbECxFWzMKTn-nF4H1alc1OZKKZipHe48UfxRCCPR_PVPHC7X8oaV03SrOFExBO66NtJf-UUvzTGcdlW52F7YftrrezqPW5CGygNj80pRr96BMhnF_zzACMrDFqrSdv81dlyUBHPR_aOzcxzhpDwAJPZPx...
cdn4.telegram-cdn.org/file/ Frame EB72 119 KB
119 KB 56ms
22ms Image
image/jpeg 34.111.35.152
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn4.telegram-cdn.org/file/lVjgjPytqWRNcQdakBj3g89WMd_sJ8CY1aIgVVu9P-uJbECxFWzMKTn-nF4H1alc1OZKKZipHe48UfxRCCPR_PVPHC7X8oaV03SrOFExBO66NtJf-UUvzTGcdlW52F7YftrrezqPW5CGygNj80pRr96BMhnF_zzACMrDFqrSdv81dlyUBHPR_aOzcxzhpDwAJPZPxjJBvaanaUwYDet9ul94zcP-IxTy2aZfuPOOQ9YAQz7i1cxSEu8zCSn9bA_PEjhMVeYooZg8CQAebe9mfSEbKNM3hm05BY7jMisWa9uGNKmSxJZXJtR4A8LxTZBryfC1Zqfmp3lF3ia0RkG71w.jpg

Requested by

Host: t.me
URL: https://t.me/operativnoZSU/36424?embed=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.111.35.152 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

152.35.111.34.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

feb4a9fe946191164b38e960693b7cd27fc0d6eac7840b1b03da034e948d9fa9

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; sandbox
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://t.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

content-security-policy: default-src 'none'; sandbox
via: 1.1 google
x-content-type-options: nosniff
age: 6115
date: Tue, 16 Aug 2022 11:23:37 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 121504
x-xss-protection: 1; mode=block
server: nginx/1.18.0
x-frame-options: DENY
etag: "a32b126cf7bd2f2d31f5b3c619cd1b968d9dda9b"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
cache-control: public,max-age=7200
accept-ranges: bytes, bytes

GET
H2 200 R6h8OAjSRL6ku9jW6DkjUPvWVcBwt3R6IhCwl8XE6_RMPSW3yEgyLbqYI_HrEyVT2gzFCU2aPAdX44itF8mUSSBAZBnycOWwELLewRWfKKAHpvbTiJg8hPVF60hGxeyd2IY4ef_jEXwbEd4DDzuOXYjAlhFUJ3GDVLCV7jAF-j5wgpNUY1_6vxP0MokSRW81glvOZ...
cdn4.telegram-cdn.org/file/ Frame EB72 84 KB
84 KB 92ms
59ms Image
image/jpeg 34.111.35.152
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn4.telegram-cdn.org/file/R6h8OAjSRL6ku9jW6DkjUPvWVcBwt3R6IhCwl8XE6_RMPSW3yEgyLbqYI_HrEyVT2gzFCU2aPAdX44itF8mUSSBAZBnycOWwELLewRWfKKAHpvbTiJg8hPVF60hGxeyd2IY4ef_jEXwbEd4DDzuOXYjAlhFUJ3GDVLCV7jAF-j5wgpNUY1_6vxP0MokSRW81glvOZlJTvr5VzwHLvcX9GCitdQFASKpzHnr__ABKvRhm8jNR2t6hdfwPPURiPwRYu0fspgYnYD34e1oYnYhwUFZ0O4LBKcOfWhslth6zs4yPDbObQOPTwaeNVvMaibrZnLu2rT-b6Yi7WGhq05qoVg.jpg

Requested by

Host: t.me
URL: https://t.me/operativnoZSU/36424?embed=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.111.35.152 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

152.35.111.34.bc.googleusercontent.com

Software

nginx/1.18.0 /

Resource Hash

0ce10fcd56cb2d0924a1b6c7bb9473eda4107a5268c831e253e810510a048c0f

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; sandbox
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://t.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

content-security-policy: default-src 'none'; sandbox
via: 1.1 google
x-content-type-options: nosniff
date: Tue, 16 Aug 2022 13:05:32 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 85531
x-xss-protection: 1; mode=block
server: nginx/1.18.0
x-frame-options: DENY
etag: "0119f0b05888869b49f463fe9e524bb4f11f415c"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Accept-Ranges, Content-Range, Content-Length
cache-control: public,max-age=7200
accept-ranges: bytes, bytes

GET
H2 200 F09F94A5.png
telegram.org/img/emoji/40/ Frame EB72 3 KB
3 KB 30ms
29ms Image
image/png 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://telegram.org/img/emoji/40/F09F94A5.png
Requested by: Host: t.me
URL: https://t.me/operativnoZSU/36424?embed=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),
Reverse DNS
Software: nginx/1.18.0 /
Resource Hash: 90b4abfa7281f9465c5d65947c7a035d414ec1add2729ad1a2a5dc2bb7bf9878

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://t.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:32 GMT
last-modified: Fri, 01 Nov 2019 00:04:50 GMT
server: nginx/1.18.0
etag: "5dbb76a2-a15"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=345600
accept-ranges: bytes
content-length: 2581
expires: Sat, 20 Aug 2022 13:05:32 GMT

GET
DATA 200
OK truncated
/ Frame EB72 683 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b5c639313a20041c6986df07dae08542d6e26be05464cadce13a51141b8a8886

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame EB72 15 KB
15 KB 16ms
15ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://t.me
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Thu, 11 Aug 2022 08:01:51 GMT
x-content-type-options: nosniff
age: 450221
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 11 Aug 2023 08:01:51 GMT

GET
H3 200 KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2
fonts.gstatic.com/s/roboto/v30/ Frame EB72 10 KB
10 KB 18ms
18ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3728fbdd191d75bad5b83a838dfe2fc15f84c2aaa36ffa573321275847db31a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://t.me
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 14 Aug 2022 19:04:26 GMT
x-content-type-options: nosniff
age: 151266
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9840
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:39 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 14 Aug 2023 19:04:26 GMT

GET
H3 200 VdGBAYIAV6gnpUpoWwNkYvrugw9RuM064ZsPrfqk33YqOjLBxkUhdkeuqyIMwGYkDA.119.woff2
fonts.gstatic.com/s/mplusrounded1c/v15/ Frame EB72 18 KB
18 KB 19ms
19ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/mplusrounded1c/v15/VdGBAYIAV6gnpUpoWwNkYvrugw9RuM064ZsPrfqk33YqOjLBxkUhdkeuqyIMwGYkDA.119.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=M+PLUS+Rounded+1c:wght@700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

319eb578634347f8bd6df61778b659ebe74e827b6395e114b084c3dbe613d854

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://t.me
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 09 Aug 2022 17:15:18 GMT
x-content-type-options: nosniff
age: 589814
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18600
x-xss-protection: 0
last-modified: Tue, 26 Apr 2022 15:31:35 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 09 Aug 2023 17:15:18 GMT

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame EB72 16 KB
16 KB 21ms
21ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://t.me
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 10 Aug 2022 20:10:25 GMT
x-content-type-options: nosniff
age: 492907
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 10 Aug 2023 20:10:25 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu5mxKOzY.woff2
fonts.gstatic.com/s/roboto/v30/ Frame EB72 9 KB
9 KB 22ms
22ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu5mxKOzY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

495d38d4b9741e8aa4204002414069e2d8db9f3c60b60e195e4d74381462dee9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://t.me
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 21:51:35 GMT
x-content-type-options: nosniff
age: 54837
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9628
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 15 Aug 2023 21:51:35 GMT

POST
H2 200 36424 Show response
t.me/operativnoZSU/ Frame EB72 4 B
187 B 29ms
28ms XHR
application/json 2001:67c:4e8:f004::9
TELEGRAM

General

Check archive.org

Show headers Download Go to

Full URL

https://t.me/operativnoZSU/36424?embed=1

Requested by

Host: t.me
URL: https://t.me/operativnoZSU/36424?embed=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:67c:4e8:f004::9 , Virgin Islands (British), ASN62041 (TELEGRAM, VG),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b

Security Headers

Name	Value
Strict-Transport-Security	max-age=35768000

Request headers

Referer: https://t.me/operativnoZSU/36424?embed=1
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:32 GMT
content-encoding: gzip
server: nginx/1.18.0
strict-transport-security: max-age=35768000
content-type: application/json; charset=utf-8
cache-control: no-store
content-length: 24

GET
H2 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ Frame 3FAB 2 KB
1 KB 374ms
26ms XHR
application/json 151.101.193.229
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20220816

Requested by

Host: 0.code.cotsta.ru
URL: https://0.code.cotsta.ru/dist/p4.41.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.229 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

ab468dfe133af18bba5ab1235d40a0e1ef6290cb756ff2a702005c01827bfbf4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://korrespondent.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
age: 36271
x-jsd-version: 1.0.1433
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 800
etag: W/"66b-Kz0gGhbLN9+u5LWo2iSKJKk6Vuc"
x-served-by: cache-fra19144-FRA, cache-hhn4075-HHN
x-jsd-version-type: version
date: Tue, 16 Aug 2022 13:05:33 GMT
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

POST
H2 200 adjson Show response
ads.betweendigital.com/ Frame 3FAB 2 B
220 B 526ms
526ms XHR
application/json 188.42.196.115
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.betweendigital.com/adjson?t=prebid
Requested by: Host: 0.code.cotsta.ru
URL: https://0.code.cotsta.ru/dist/p4.41.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 188.42.196.115 , Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer: https://korrespondent.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://korrespondent.net
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-encoding: gzip
vary: Accept-Encoding
content-type: application/json

POST
H/1.1 200
OK / Show response
ad.mail.ru/hbid_prebid/ Frame 3FAB 85 B
391 B 283ms
72ms XHR
application/json 2a00:1148:db00::17
MAILRU-AS Mail.Ru

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.mail.ru/hbid_prebid/
Requested by: Host: 0.code.cotsta.ru
URL: https://0.code.cotsta.ru/dist/p4.41.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a00:1148:db00::17 , Russian Federation, ASN47764 (MAILRU-AS Mail.Ru, RU),
Reverse DNS
Software: nginx /
Resource Hash: ba0ab3bea0bcd2b6b145386570c80d6e168ab4705775cb9eb078c5074d96b436

Request headers

Referer: https://korrespondent.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 16 Aug 2022 13:05:32 GMT
Server: nginx
Transfer-Encoding: chunked
Content-Type: application/json
Access-Control-Allow-Origin: https://korrespondent.net
Cache-Control: private, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 3FAB 0
219 B 187ms
24ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=33&wv=4.41.0&cb=95763955482

Requested by

Host: 0.code.cotsta.ru
URL: https://0.code.cotsta.ru/dist/p4.41.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://korrespondent.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Aug 2022 13:05:32 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://korrespondent.net
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

GET
H2 200 adjson Show response
ssp.otm-r.com/ Frame 3FAB 2 B
303 B 147ms
29ms XHR
application/javascript 159.69.59.100
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssp.otm-r.com/adjson?tz=0&w=300&h=250&s=23110&bidid=86574d171d67b6&transactionid=5dc041e3-f015-4881-90bd-1359cb21ea99&auctionid=b83763bd-2ea7-4d48-b717-617a24649c77&bidfloor=undefined
Requested by: Host: 0.code.cotsta.ru
URL: https://0.code.cotsta.ru/dist/p4.41.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 159.69.59.100 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.100.59.69.159.clients.your-server.de
Software: nginx/1.17.10 /
Resource Hash: 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer: https://korrespondent.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:32 GMT
server: nginx/1.17.10
vary: Origin
content-type: application/javascript
access-control-allow-origin: https://korrespondent.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 2
expires: 0

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 3FAB 145 B
1 KB 159ms
103ms XHR
application/json 185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: 0.code.cotsta.ru
URL: https://0.code.cotsta.ru/dist/p4.41.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4cc09b98218cbf43c1495eca4051f2ec3f300fbee017efee606b90228138ec2a

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://korrespondent.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:32 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 14e3b417-6b82-4c43-966b-65bc04604c03
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://korrespondent.net
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ Frame 3FAB 0
179 B 79ms
24ms XHR
text/plain 185.184.8.90
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: 0.code.cotsta.ru
URL: https://0.code.cotsta.ru/dist/p4.41.0.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, PL),
Reverse DNS: ip-185-184-8-90.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://korrespondent.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://korrespondent.net
date: Tue, 16 Aug 2022 13:05:32 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

GET
H2 200 advert.gif
mc.yandex.com/metrika/ Frame 3FAB 43 B
112 B 64ms
64ms Image
image/gif 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/metrika/advert.gif

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:32 GMT
last-modified: Mon, 15 Aug 2022 15:05:51 GMT
etag: "62fa369f-2b"
strict-transport-security: max-age=31536000
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
content-length: 43
expires: Tue, 16 Aug 2022 14:05:32 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame EF00 0
0 48ms
47ms Image
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQ-lLRv1pepfTsTxQ6akAXrky8dl16BHMuVzzJ5S2XVkPhudEHVI7QzkY_V24YUUBVBCidT6roRJl3kky5j-pt8IOR_1g
Requested by: Host: aad76d0bec8e37c4236218635c06b50b.safeframe.googlesyndication.com
URL: https://aad76d0bec8e37c4236218635c06b50b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aad76d0bec8e37c4236218635c06b50b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame EF00 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2f3c3b86317402d3727e0eb1417790cf5485dd96e397374de4d1920dd3fb373f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 206
Partial Content 480_650.mp4
cdn.mox.tv/data/poY7y70BITeTugc/1138/video/1744/ 679 KB
679 KB 49ms
48ms Media
video/mp4 185.180.223.91
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.mox.tv/data/poY7y70BITeTugc/1138/video/1744/480_650.mp4
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.180.223.91 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 185-180-223-91.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: edd2846b1b16603703617a2f932ccb932b5688d0e14aaeb07cf68447aa7c24f5

Request headers

Referer: https://korrespondent.net/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Range: bytes=52363264-

Response headers

Date: Tue, 16 Aug 2022 13:05:32 GMT
Last-Modified: Thu, 02 Sep 2021 16:24:30 GMT
Server: nginx/1.14.0 (Ubuntu)
Access-Control-Allow-Origin: *
ETag: "6130fabe-3299a49"
Content-Type: video/mp4
Content-Range: bytes 52363264-53058120/53058121
Connection: keep-alive
Content-Length: 694857

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208150101/ Frame 3FAB 341 KB
120 KB 42ms
42ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208150101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8610050614645263&plah=korrespondent.net&bust=31068965

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f47773a10e9761af2c12f7c7f1271ff44c0936128bcfae599849482acb4241d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 122625
x-xss-protection: 0
server: cafe
etag: 3263486895773008557
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 16 Aug 2022 13:05:32 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame EBAA 0
0 54ms
54ms Image
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022081101&jk=3264014519547007&bg=!LyylLGjNAAa4hXTbmIU7ACkAdvg8WnpN98-_Gf531Z-ECg1F0xxLHUdt23WLB89ckbxRtEkIZcQBaQIAAACMUgAAAAJoAQeZAvyIR9oOv7I9R-XkvAAmLXD_JUxOB8CSt0Luij5m_49_tekzrjsfeYnvN6rU4Q0agCUMY5G2-QJFFHhVK3fnvmU3lgKX4wVP9g-i6ABZVNtQQ_zjwy6eI7LXFX4fDa5zdDU_-uQjybKwCBLp54VSA5nHpFFHKYHkvZe1rtpMCRlSdUduCF2IgCrXM_vqeKgw0mBNdP3O6h4RjHznQZeVCJHoAdsoDAJRJg2ZAe9j5t5lgd65vRR9Pr0sB7yHEc-rgtg7PkDhxRNpaDyBQYYdMOIzBburtMY0QFHR3gInLErv7dSWROkW67nNxAyFvvu9AQzpzoOp9Y9tUPIY3aNJiik2BnfNLNUbVdburgLi2HH-4ZRl6x-SfHwegKlLaSluB1DS1yEDFLRewSW3vF2JZyFyWx6sZu4cZaMXtK_wGBGyk_1dJOErcT5U5SU_Iky77RXgvmAgj-e65hzUwSRF1gWFL7pOfeyHgyqVbEuyGjYfUz4Q8IrNI2Ap7W4r5YFAn7qx3JzQZK5MydZLB1eQYVT3m9oHGhXA_kFFH3gDI0u-z1yYmCaYU_srs60xOr16Z-Bu0nP-9euDs39yn_L878wAbqB2KOSwn5OiEv09EzlU4eidcTyKzt0tx9kHsTffVeqEIuyCMJ9c7AfGZF8FTf9dqHbbPya9CXESOuU1cblR72eh14XR3MqNhoCSK0_rKi6ZqiYXlB9od9CRZ8P3rTGeA2LmIq8oQQR_JMLfk3Ykhet9epa57VwLwJc3siV-N2aAfqvb32j-epvEUS6g5hyWLodf5FfXxwJSSxbifsnDvBoKpkWfEsgGKw8k4QdtkFUE0vr3PliuO7ozdr8oRA68d_7Pk6NNil6mWI9TjvR24CSuIVNpL4Ixc3WXfGhE44Bk9lzipRoPR8uKhhFNT8fNHHNW46eyaEAwuczWpG5PWvbsy9OAY-PCna2HVOg_HpesBuypzfdp5MQOUUCOSZDgAbWXVC0Cc3M2CCchushGNUi2t3dZr0DQZ29CAg
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

GET
H3 200 cookie.js Show response
partner.googleadservices.com/gampad/ Frame 3FAB 221 B
229 B 24ms
23ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=korrespondent.net&callback=_gfp_s_&client=ca-pub-8610050614645263&cookie=ID%3D7d1d3a232bbb798f%3AT%3D1660655130%3AS%3DALNI_MaRb-A0QJAXYI5Y5wkNt4HWivBT2w

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208150101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8610050614645263&plah=korrespondent.net&bust=31068965

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

cafe /

Resource Hash

0c4544c53dd08f87c8c5f8c5bdbca18d00fa15d4b64e42f6054a7071a58fd34f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 206
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 3FAB 107 B
122 B 48ms
47ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=korrespondent.net

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 16 Aug 2022 13:05:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 3FAB 107 B
122 B 27ms
25ms Script
application/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=korrespondent.net

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 16 Aug 2022 13:05:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3FAB 0
20 B 55ms
54ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&tn=DIV&id=achernar_1554_166065513062fb961a37c9c&cls=achernar__wrapper%20achernar__fixed%20achernar__fixedToLeft%20achernar__fixedToBottom&ign=false&pw=1600&ph=1200&x=0&y=1060.8

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:32 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 8C7F 0
16 B 115ms
114ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8610050614645263&output=html&adk=1812271804&adf=3407270560&plat=1%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660655132776&bpp=4&bdt=1613&idt=84&shv=r20220811&mjsv=m202208150101&ptt=9&saldr=aa&cookie=ID%3D7d1d3a232bbb798f%3AT%3D1660655130%3AS%3DALNI_MaRb-A0QJAXYI5Y5wkNt4HWivBT2w&nras=1&correlator=2419754494839&frm=23&ife=1&pv=2&ga_vid=2006371786.1660655130&ga_sid=1660655133&ga_hid=1450592146&ga_fc=1&nhd=2&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&isw=300&ish=250&ifk=1191222534&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068487%2C31068965%2C44764002&oid=2&pvsid=4265567016599518&tmod=1431816359&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32772&bc=31&ifi=1&uci=1.kc6m2i7jzmeb&btvi=1&fsb=1&dtd=104

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://korrespondent.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 16 Aug 2022 13:05:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 3FAB 14 KB
11 KB 89ms
88ms XHR
application/json 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220811&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d75ec3676e6925adf36264645e7c2fc821b0fd7a8b27a4b53573d4d58e4cebdd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 16 Aug 2022 13:05:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11119
x-xss-protection: 0

GET
H3 200 /
googleads.g.doubleclick.net/pagead/live/interaction/ Frame 095F 42 B
65 B 92ms
92ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ltt /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:32 GMT
x-content-type-options: nosniff
server: ltt
timing-allow-origin: *
x-frame-options: SAMEORIGIN
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Oy6hyfNY.js Show response
tpc.googlesyndication.com/sodar/ Frame 095F 41 KB
15 KB 30ms
29ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Oy6hyfNY.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.525.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b2ea1c9f3587781b58285cf64279e67f6329a3924fb93f81529f1826e2f4d16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 10:58:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7609
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15406
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
expires: Wed, 16 Aug 2023 10:58:43 GMT

GET
H2 200 magic.png
bgstats.mox.tv/ Frame 095F 0
65 B 63ms
59ms Image
image/png 167.71.9.19
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bgstats.mox.tv/magic.png
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 167.71.9.19 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:33 GMT
server: nginx/1.14.0 (Ubuntu)
content-length: 0
content-type: image/png

GET
H2 200 tracking
ad.mox.tv/delivery/video/ Frame 095F 51 B
51 B 150ms
146ms Image
text/html 190.2.151.10
WORLDSTREAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.mox.tv/delivery/video/tracking?vast=tracker&vsp=dk9HNkdZNFAwSUlLWDFYVGZyQkpZdWhyUXhYdTJYU291dFdRbzFZVStGM1ZFZHh1K0NwRWdJaWhtZkJML0Z3Q3RTaG1kVnhSV0ZaYXk0UWtxNXJGRlU5WnBkcXZGNEZ0ZDhrNWE0WGtxbWRIdFJxcHR0SUhORmRjT2JONE04a1FWdm91NWpYekJkaFpyc3ovbUh3QlRrYTNoRWw2RGxDSlFPaVBFREFQdDR0RU1La1ZMbDZEVjhnNkFnbDZTdVQzdi9jc2lidTA4bUZINzdFV1ZxQWU3aWdzdmVJMG45UC9zRWxRUmhxV29USmx3UHZpV3RsM29aOGVUUEsrRGt0TA%3D%3D&cb=1660655131
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 190.2.151.10 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 190-2-151-10.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 16 Aug 2022 13:05:33 GMT
content-encoding: gzip
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H3 200 adview
pubads.g.doubleclick.net/gampad/live/ Frame 095F 0
0 76ms
72ms Image
text/html 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pubads.g.doubleclick.net/gampad/live/adview?ai=C4qSYG5b7YrGEOqaSxwLuoLPwDPPj3-Brjdjd75cQsJAfEAEggM_UfGCVgoCAlAegAYjmoKoByAEFqQKtlUR5CQmxPuACAKgDAZgEAKoE8QJP0Eio67Fpm--beKCV4g3ptflHHH0GAf4SN5Gl9MZJn-sRukinQkE58h0Qk1Zzh5vc_rcFD4AX3MGTmMufTAcVvpvczCz8WUAezKsgU5W_rPbybyFvayPp5HWb2yR6ufQVzU8zuTG8oIyYbHqLCWcMk7xZN593uNqXhOGE1PPkjLZFwn4TYKA9HSYgrOpOfGxh0Hv72vVDecQ-fy8yahvrRgG3pyoOGyZDyfH9qYUBu89k9hBPQ1rBQDOTT0RbEuhk60OyxQQ9lFJ5uPtdjfhTpx7gi1dlj1vh_W6BnCHC0DV2iSUgkLuQhenNedQGHJextWqLNv3AsUt6zZ1LqIyQ5Sl78WldLVQzEYbRrCBLyqc8cxgfxoXvp5W1BmCSR2P9E-bM-aRf44m7-tmfLHrs0t9W-oYdw6HbSHlkMvmenOkrHXciYxRLRNVfhWLgi8CcP0eRA1A9RsN2_zOyf8CgSgurVUWmNHQvDmeTDmyta0zABMW8irv8A-AEAaAGVIAH4Jnf1QKoB47OG6gHk9gbqAec3BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcEEPKOGKgIAdIIEQiA4YAQEAEYHTICqgI6AoBA8ggbYWR4LXN1YnN5bi0yOTYwMDYzNTQwMjEyNzI4gAoDyAsBwhMGGIjmoKoB2BMM0BUB4hYCCAGAFwGyFx4KHAgAEhRwdWItMTI5MDk5NTkwMTkwNTU4OBi7iXY&sigh=37pLy19Fixk&cmd=Ch1jYS12aWRlby1wdWItMTI5MDk5NTkwMTkwNTU4OBAAGAI&uach_m=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s65-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

GET
H3 200 /
googleads.g.doubleclick.net/pagead/live/interaction/ Frame 095F 42 B
65 B 174ms
171ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/live/interaction/?ai=C39HRG5b7YrGEOqaSxwLuoLPwDPPj3-Brjdjd75cQsJAfEAEggM_UfGCVgoCAlAegAYjmoKoByAEFqQKtlUR5CQmxPuACAKgDAZgEAKoE8QJP0Eio67Fpm--beKCV4g3ptflHHH0GAf4SN5Gl9MZJn-sRukinQkE58h0Qk1Zzh5vc_rcFD4AX3MGTmMufTAcVvpvczCz8WUAezKsgU5W_rPbybyFvayPp5HWb2yR6ufQVzU8zuTG8oIyYbHqLCWcMk7xZN593uNqXhOGE1PPkjLZFwn4TYKA9HSYgrOpOfGxh0Hv72vVDecQ-fy8yahvrRgG3pyoOGyZDyfH9qYUBu89k9hBPQ1rBQDOTT0RbEuhk60OyxQQ9lFJ5uPtdjfhTpx7gi1dlj1vh_W6BnCHC0DV2iSUgkLuQhenNedQGHJextWqLNv3AsUt6zZ1LqIyQ5Sl78WldLVQzEYbRrCBLyqc8cxgfxoXvp5W1BmCSR2P9E-bM-aRf44m7-tmfLHrs0t9W-oYdw6HbSHlkMvmenOkrHXciYxRLRNVfhWLgi8CcP0eRA1A9RsN2_zOyf8CgSgurVUWmNHQvDmeTDmyta0zABMW8irv8A-AEAYgF5NamtkGgBlSAB-CZ39UCqAeOzhuoB5PYG6gHnNwbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcBqAgB0ggRCIDhgBAQARgdMgKqAjoCgEDyCBthZHgtc3Vic3luLTI5NjAwNjM1NDAyMTI3MjiACgPICwHYEwzQFQHiFgIIAfgWAYAXAQ&sigh=D_GJQCDkGfQ&cmd=Ch1jYS12aWRlby1wdWItMTI5MDk5NTkwMTkwNTU4OBAAGAI&label=vast_creativeview&ad_mt=0&acvw=sv%3D932%26cb%3Dima%26e%3D19%26nas%3D1%26sdk%3Dh%26p%3D1146,330,1489,940%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26at%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D0%26pst%3D-1%26dur%3D39241%26vmtime%3D-1%26is%3D274%26cs%3D274%26c%3D0.15%26mc%3D0.15%26nc%3D0.15%26mv%3D0%26nv%3D0%26lte%3D0.15%26ces%26femt%3D1134%26femvt%3D0%26emc%3D4%26emuc%3D0%26emb%3D0,0,0,0,3%26avms%3Dexc%26qi%3D646087803%26psm%3D-2147483648%26psv%3D0%26psfv%3D0%26psa%3D0%26ptlt%3D1737%26pngs%3D9,14,15%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26ss%3D0.01%26t%3D1660655132404

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ltt /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:33 GMT
x-content-type-options: nosniff
server: ltt
timing-allow-origin: *
x-frame-options: SAMEORIGIN
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 tracking
ad.mox.tv/delivery/video/ Frame 095F 51 B
51 B 173ms
169ms Image
text/html 190.2.151.10
WORLDSTREAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.mox.tv/delivery/video/tracking?vast=events&token=K1FCdU9SNTdZYnBRWXF6RkNIOENRdnl5ZVhjdGg5aDRyUUlqOGI2UlZyTFlJWUJGMVM4MTBubEpvb2YvVDFSV3ZYS0lDMkdsUUZZclc4ei9iSnF4TDlQMnBKL2pRVm5WMXo3dkZGNHh4MmJQczB4b0FJT3o1NGd5cnBJdCsyWTVLeG1iVksvOXVod0ZOZUlPR2JBQmVmaXVsaWZrSTZ6N01IR0JZZGZ2QWhGODBjSGpGWkRiRE05VHRlUXJra1ZRR3RGV2RuaHhOUUlBZ2dHRVBSbUo0UT09&cb=1660655131
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 190.2.151.10 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 190-2-151-10.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 16 Aug 2022 13:05:33 GMT
content-encoding: gzip
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 095F 42 B
64 B 104ms
101ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvjhtkz3nJ81oc-BSuN6qTQv5DNWLFSQpxYwBBhMr5rV7CPQzauDCAcZMjXyNZjlKqIE_KBoOXoKe6demKMFO0hvNXXt25DYoLGNOLJjC2228uYDqCnQuhLXTWDIUlmSKQJproAFYQsi2jhzKPxHZcVOh8TAAL3I1Jtjt5Cq20&sai=AMfl-YTZ8Mzbuz7Fxx_Syn-kyhBJa5S8K0qcdsQsTv2QQXWKYnh5QJxWu9AADhEVGAqDdMG1eqE9EMfUtdnxEUy14-PMNAvKprHtUvcWCBpyMg6tzhh-s6uPu-0DTck&sig=Cg0ArKJSzGkp25A5gCGrEAE&cid=CAASF-RoGr5snm0HZEIwEQwAE51HPYZitPkc&id=lidarv&acvw=sv%3D932%26cb%3Dima%26e%3D15%26nas%3D1%26sdk%3Dh%26p%3D1146,330,1489,940%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D0%26pst%3D-1%26dur%3D39241%26vmtime%3D-1%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D274%26ic%3D274%26cs%3D274%26c%3D0.15%26mc%3D0.15%26nc%3D0.15%26mv%3D0%26nv%3D0%26lte%3D0.15%26ces%26femt%3D1134%26femvt%3D0%26emc%3D4%26emuc%3D0%26emb%3D0,0,0,0,3%26avms%3Dexc%26qi%3D646087803%26psm%3D-2147483648%26psv%3D0%26psfv%3D0%26psa%3D0%26ptlt%3D1738%26pngs%3D9,14,15%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0.01%26t%3D1660655132404&avm=1

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/live/interaction/ Frame 095F 42 B
65 B 175ms
172ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/live/interaction/?ai=C39HRG5b7YrGEOqaSxwLuoLPwDPPj3-Brjdjd75cQsJAfEAEggM_UfGCVgoCAlAegAYjmoKoByAEFqQKtlUR5CQmxPuACAKgDAZgEAKoE8QJP0Eio67Fpm--beKCV4g3ptflHHH0GAf4SN5Gl9MZJn-sRukinQkE58h0Qk1Zzh5vc_rcFD4AX3MGTmMufTAcVvpvczCz8WUAezKsgU5W_rPbybyFvayPp5HWb2yR6ufQVzU8zuTG8oIyYbHqLCWcMk7xZN593uNqXhOGE1PPkjLZFwn4TYKA9HSYgrOpOfGxh0Hv72vVDecQ-fy8yahvrRgG3pyoOGyZDyfH9qYUBu89k9hBPQ1rBQDOTT0RbEuhk60OyxQQ9lFJ5uPtdjfhTpx7gi1dlj1vh_W6BnCHC0DV2iSUgkLuQhenNedQGHJextWqLNv3AsUt6zZ1LqIyQ5Sl78WldLVQzEYbRrCBLyqc8cxgfxoXvp5W1BmCSR2P9E-bM-aRf44m7-tmfLHrs0t9W-oYdw6HbSHlkMvmenOkrHXciYxRLRNVfhWLgi8CcP0eRA1A9RsN2_zOyf8CgSgurVUWmNHQvDmeTDmyta0zABMW8irv8A-AEAYgF5NamtkGgBlSAB-CZ39UCqAeOzhuoB5PYG6gHnNwbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcBqAgB0ggRCIDhgBAQARgdMgKqAjoCgEDyCBthZHgtc3Vic3luLTI5NjAwNjM1NDAyMTI3MjiACgPICwHYEwzQFQHiFgIIAfgWAYAXAQ&sigh=D_GJQCDkGfQ&cmd=Ch1jYS12aWRlby1wdWItMTI5MDk5NTkwMTkwNTU4OBAAGAI&label=part2viewed&ad_mt=0&acvw=sv%3D932%26cb%3Dima%26e%3D0%26nas%3D1%26sdk%3Dh%26p%3D1146,330,1489,940%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D0%26pst%3D-1%26dur%3D39241%26vmtime%3D-1%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D274%26i0%3D274%26ic%3D0%26cs%3D274%26c%3D0.15%26mc%3D0.15%26nc%3D0.15%26mv%3D0%26nv%3D0%26lte%3D0.15%26ces%26femt%3D1134%26femvt%3D0%26emc%3D4%26emuc%3D0%26emb%3D0,0,0,0,3%26avms%3Dexc%26qi%3D646087803%26psm%3D-2147483648%26psv%3D0%26psfv%3D0%26psa%3D0%26ptlt%3D1739%26pngs%3D9,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0.01%26t%3D1660655132404

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ltt /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:33 GMT
x-content-type-options: nosniff
server: ltt
timing-allow-origin: *
x-frame-options: SAMEORIGIN
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 tracking
ad.mox.tv/delivery/video/ Frame 095F 51 B
51 B 173ms
171ms Image
text/html 190.2.151.10
WORLDSTREAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.mox.tv/delivery/video/tracking?vast=events&token=WWYxYXJmTWlhbGRjK1g0TUR4ZTVlSW1pcXBOdnNoUnJDVTMzcXlDeGRsNnRuWTdrV3JDTWxiZmZXTUtWamY5M1A4L1hPMWZiRk1hR3kyR25lZlRzUVdqNFhJckE4cG9XamtaeTduWWptS1VqT0VqT1BLb3B4SHVVNk1paWtzWkJWK0xJdXVqRVBxenF5UE16RGg4cGFsNU5sT21jNkhNU3lNNStNMkN1MTJmdkREdW5Vb2dEa0oycnljb3BnUDk3dE81U05CbVBBb1BJMTEzYVZhdGQ0Zz09&cb=1660655131
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 190.2.151.10 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 190-2-151-10.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 16 Aug 2022 13:05:33 GMT
content-encoding: gzip
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 095F 0
20 B 118ms
116ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?evt=showui&format=TRUEVIEW&lid=143&sdkv=h.3.525.0&e=44750823%2C44754420%2C44760950%2C44762904%2C44765701%2C44767130&id=ima_html5&c=4069220768159998&domain=korrespondent.net

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/live/interaction/ Frame 095F 42 B
65 B 235ms
233ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/live/interaction/?ai=C39HRG5b7YrGEOqaSxwLuoLPwDPPj3-Brjdjd75cQsJAfEAEggM_UfGCVgoCAlAegAYjmoKoByAEFqQKtlUR5CQmxPuACAKgDAZgEAKoE8QJP0Eio67Fpm--beKCV4g3ptflHHH0GAf4SN5Gl9MZJn-sRukinQkE58h0Qk1Zzh5vc_rcFD4AX3MGTmMufTAcVvpvczCz8WUAezKsgU5W_rPbybyFvayPp5HWb2yR6ufQVzU8zuTG8oIyYbHqLCWcMk7xZN593uNqXhOGE1PPkjLZFwn4TYKA9HSYgrOpOfGxh0Hv72vVDecQ-fy8yahvrRgG3pyoOGyZDyfH9qYUBu89k9hBPQ1rBQDOTT0RbEuhk60OyxQQ9lFJ5uPtdjfhTpx7gi1dlj1vh_W6BnCHC0DV2iSUgkLuQhenNedQGHJextWqLNv3AsUt6zZ1LqIyQ5Sl78WldLVQzEYbRrCBLyqc8cxgfxoXvp5W1BmCSR2P9E-bM-aRf44m7-tmfLHrs0t9W-oYdw6HbSHlkMvmenOkrHXciYxRLRNVfhWLgi8CcP0eRA1A9RsN2_zOyf8CgSgurVUWmNHQvDmeTDmyta0zABMW8irv8A-AEAYgF5NamtkGgBlSAB-CZ39UCqAeOzhuoB5PYG6gHnNwbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcBqAgB0ggRCIDhgBAQARgdMgKqAjoCgEDyCBthZHgtc3Vic3luLTI5NjAwNjM1NDAyMTI3MjiACgPICwHYEwzQFQHiFgIIAfgWAYAXAQ&sigh=D_GJQCDkGfQ&cmd=Ch1jYS12aWRlby1wdWItMTI5MDk5NTkwMTkwNTU4OBAAGAI&label=admute&ad_mt=0&acvw=sv%3D932%26cb%3Dima%26e%3D10%26nas%3D1%26sdk%3Dh%26p%3D1146,330,1489,940%26tos%3D0,0,0,0,13%26mtos%3D0,0,0,0,13%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D13%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D13%26pst%3D-1%26dur%3D39241%26vmtime%3D-1%26dvs%3D0%26dfvs%3D0%26dvpt%3D13%26is%3D274%26i0%3D274%26ic%3D4096%26cs%3D4370%26c%3D0.15%26mc%3D0.15%26nc%3D0.15%26mv%3D0%26nv%3D0%26lte%3D0.15%26ces%26femt%3D1134%26femvt%3D0%26emc%3D4%26emuc%3D0%26emb%3D0,0,0,0,3%26avms%3Dexc%26qi%3D646087803%26psm%3D-2147483648%26psv%3D0%26psfv%3D0%26psa%3D0%26ptlt%3D1742%26pngs%3D9,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,13&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0.01%26t%3D1660655132404

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ltt /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:33 GMT
x-content-type-options: nosniff
server: ltt
timing-allow-origin: *
x-frame-options: SAMEORIGIN
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ 427 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b7d818c698d26d9d34c00c94853c93b34abb2fd53e97c415fafb9e84df993f31

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 415 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9c51b3bb0c5188de2571ed94d9432b85693241de3e05e5e82247dd8a45d4d03f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H2 200 all
csm.eu.criteo.net/ Frame C32F 0
127 B 25ms
25ms Ping
text/plain 178.250.0.162
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.162 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 16 Aug 2022 13:05:32 GMT
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0
strict-transport-security: max-age=31536000; preload;

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 3FAB 17 KB
6 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 16 Aug 2022 13:05:33 GMT

GET
H3 200 hhrtBw21.html Show response
tpc.googlesyndication.com/sodar/ Frame 5E5B 23 KB
9 KB 30ms
28ms Document
text/html 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/hhrtBw21.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Oy6hyfNY.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

861aed070db50ce0da9928455deff784c115b44540b09450f225ff7cff0c7429

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://imasdk.googleapis.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 441738
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8727
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 11 Aug 2022 10:23:15 GMT
expires: Fri, 11 Aug 2023 10:23:15 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 799E 13 KB
5 KB 24ms
20ms Document
text/html 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://korrespondent.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1509
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 16 Aug 2022 12:40:24 GMT
expires: Wed, 16 Aug 2023 12:40:24 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame A9E1 783 B
534 B 55ms
51ms Document
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

33a57ab78c1643c6a75ec39665d90a469259c9e1baba806459d67972916d2552

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-PbWJLleTp7CxlYpE5l1Ygg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://korrespondent.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-PbWJLleTp7CxlYpE5l1Ygg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 16 Aug 2022 13:05:33 GMT
expires: Tue, 16 Aug 2022 13:05:33 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 ppA1fI0VetKp8Yjs2tI4w37711CBJFVOi33fKYbLAYg.js Show response
pagead2.googlesyndication.com/bg/ Frame 5E5B 36 KB
14 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/ppA1fI0VetKp8Yjs2tI4w37711CBJFVOi33fKYbLAYg.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/hhrtBw21.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a690357c8d157ad2a9f188ecdad238c37efbd7508124554e8b7ddf2986cb0188

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 12:58:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 399
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13955
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 16 Aug 2023 12:58:54 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame A7A6 42 B
64 B 57ms
57ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvM41GrS5rDP06FDkUaZpGw5Dk1DBv18QuJQ1WdTgsNQkBMgzdpzG0PWKYc0bRHz617T0smr9yk2yh1sU8MykZZrxg9lSBy8dGfl68sAPwhHq5tIxgHCMwXCUfNL9_gPfA8AV57XJ2Fg7_t&sai=AMfl-YTyEnUgpKKibr2C_vEgXDXFCsMbFt_ZCM9mscG4eKD8vdXANTIUSYGzlIleZmYuxUZb53jMqz_pEbzBVnLlIvhJhm3JRZEUBYIg24to3CrSXF6U4Ij_1GtW30E&sig=Cg0ArKJSzI7efFRbhud7EAE&cid=CAASF-RoL_hmKU2vp02Stj_aO0Lp3xS4BbvS&id=ampim&o=970,408&d=300,600&ss=1600,1200&bs=1600,1200&mcvt=1009&mtos=0,0,1009,1009,1009&tos=0,0,1009,0,0&tfs=550&tls=1559&g=100&h=100&tt=1559&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=4266777488

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ppA1fI0VetKp8Yjs2tI4w37711CBJFVOi33fKYbLAYg.js Show response
pagead2.googlesyndication.com/bg/ Frame 799E 36 KB
14 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/ppA1fI0VetKp8Yjs2tI4w37711CBJFVOi33fKYbLAYg.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a690357c8d157ad2a9f188ecdad238c37efbd7508124554e8b7ddf2986cb0188

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 12:58:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 399
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13955
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 16 Aug 2023 12:58:54 GMT

GET
H2 200 9e136ca2097160d7970e.js Show response
yastatic.net/partner-code-bundles/632048/ Frame 3FAB 36 KB
10 KB 156ms
44ms Script
text/javascript 2a02:6b8:20::215
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://yastatic.net/partner-code-bundles/632048/9e136ca2097160d7970e.js

Requested by

Host: yandex.ru
URL: https://yandex.ru/ads/system/header-bidding.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8:20::215 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

87e582b7b6cff186991b8ee9bf6539e74254c9711eb6b3982ade355b89fb19d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=43200000; includeSubDomains;

Request headers

Referer: https://korrespondent.net/
Origin: https://korrespondent.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:33 GMT
content-encoding: br
vary: Accept-Encoding
nel: {"report_to": "network-errors", "max_age": 7200, "success_fraction": 0.001, "failure_fraction": 0.01}
content-length: 10151
last-modified: Mon, 15 Aug 2022 17:52:32 GMT
server: nginx/1.17.9
etag: "2b98b34e8570b5fad1ba07df55a184de"
x-robots-tag: noindex, noarchive, nofollow
strict-transport-security: max-age=43200000; includeSubDomains;
report-to: { "group": "network-errors", "max_age": 7200, "endpoints": [ { "url": "https://dr.yandex.net/nel"}]}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=946708560
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 15 Aug 2052 19:40:50 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame A9E1 0
0 49ms
49ms Image
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220811&jk=4265567016599518&rc=
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame FB26 42 B
64 B 101ms
100ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsufi43rbrQ3ozh6QR_vRmq7Xp5tgHF2GwWdpPeUAfCRY6MN58ajd-HoOHA11FedUa57lP2P4rzciz2MKILlcKY4C__mATqJAGayd0koXVmGaDswZIRJFv3BsNBoKac0KqEWB4l6YJy1EPmi&sai=AMfl-YTyPmuJww7Cjw_2qam_nlhBKGvKWV_bQXNMpxS9MMLzw3qir-LLI6iRzHCUU6Jv3VxRSarRfhXBwi9tsnIm7EVPaZidGw51RQYlMLjKIw68DK6R9fVRYKiQLFg&sig=Cg0ArKJSzA0bbdFqxebaEAE&cid=CAASF-RoOP5sLm6WXhrmnGEiJipczbalsgHb&id=ampim&o=0,920&d=336,280&ss=1600,1200&bs=1600,1200&mcvt=1002&mtos=0,0,1002,1002,1002&tos=0,0,1002,0,0&tfs=244&tls=1246&g=100&h=100&tt=1246&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=2632305383

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK / Show response
t.cotsta.ru/v4/track/tag/ Frame 3FAB 2 B
196 B 467ms
467ms XHR
text/plain 168.119.79.238
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://t.cotsta.ru/v4/track/tag/?v=1&time__offset=1328&event=end_auction&ex_pl_id=/21830442390,22434891267/korrespondent.net_amx_/300x250_bs&pl_id=364
Requested by: Host: 0.code.cotsta.ru
URL: https://0.code.cotsta.ru/dist/a.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 168.119.79.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.238.79.119.168.clients.your-server.de
Software: nginx/1.14.1 /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://korrespondent.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 16 Aug 2022 13:05:33 GMT
Server: nginx/1.14.1
Connection: keep-alive
Content-Length: 2
Content-Type: text/plain; charset=utf-8

POST
H/1.1 200
OK / Show response
t.cotsta.ru/v4/track/tag/ Frame 3FAB 2 B
196 B 268ms
268ms XHR
text/plain 168.119.79.238
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://t.cotsta.ru/v4/track/tag/?v=1&time__offset=1329&event=display_creative&ex_pl_id=/21830442390,22434891267/korrespondent.net_amx_/300x250_bs&pl_id=364
Requested by: Host: 0.code.cotsta.ru
URL: https://0.code.cotsta.ru/dist/a.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 168.119.79.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.238.79.119.168.clients.your-server.de
Software: nginx/1.14.1 /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://korrespondent.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 16 Aug 2022 13:05:33 GMT
Server: nginx/1.14.1
Connection: keep-alive
Content-Length: 2
Content-Type: text/plain; charset=utf-8

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 3FAB 107 B
122 B 46ms
45ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=korrespondent.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 16 Aug 2022 13:05:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 3FAB 107 B
122 B 74ms
73ms Script
application/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=korrespondent.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 16 Aug 2022 13:05:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

POST
H/1.1 200
OK / Show response
t.cotsta.ru/v4/track/tag/ Frame 3FAB 2 B
196 B 163ms
56ms XHR
text/plain 168.119.79.238
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://t.cotsta.ru/v4/track/tag/?v=1&time__offset=1338&event=ad_loading&ex_pl_id=/21830442390,22434891267/korrespondent.net_amx_/300x250_bs&pl_id=364
Requested by: Host: 0.code.cotsta.ru
URL: https://0.code.cotsta.ru/dist/a.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 168.119.79.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.238.79.119.168.clients.your-server.de
Software: nginx/1.14.1 /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://korrespondent.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 16 Aug 2022 13:05:33 GMT
Server: nginx/1.14.1
Connection: keep-alive
Content-Length: 2
Content-Type: text/plain; charset=utf-8

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 3FAB 20 KB
9 KB 70ms
70ms XHR
text/plain 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4265567016599518&correlator=1406063202060937&eid=31060545%2C31067707%2C31068211%2C44770639%2C44764002&output=ldjh&gdfp_req=1&vrg=2022081101&ptt=17&impl=fifs&iu_parts=21830442390%3A22434891267%2Ckorrespondent.net_amx_%2C300x250_bs&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x300%7C300x250%7C336x280&ifi=2&adks=3370371700&sfv=1-0-38&fsapi=false&prev_scp=minjs_test%3Drefresh_yes%26stat_hour%3D17&cust_params=amznbid%3D0%26amznp%3D0&sc=1&cookie=ID%3D7d1d3a232bbb798f-22cb4efde6d5000c%3AT%3D1660655130%3ART%3D1660655132%3AS%3DALNI_MYGZUlfV2ZbIvkHFo-aOd14Jkx3Fg&cdm=korrespondent.net&abxe=1&dt=1660655133215&lmt=1660655133&dlt=1660655131164&idt=1509&adxs=370&adys=1612&biw=1600&bih=1200&isw=300&ish=250&scr_x=0&scr_y=0&btvi=1&ucis=4ke4qgf1upbw&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&nhd=2&url=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&top=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&frm=23&vis=1&psz=300x-1&msz=300x-1&fws=768&ohw=0&ea=0&ga_vid=2006371786.1660655130&ga_sid=1660655133&ga_hid=1450592146&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

cafe /

Resource Hash

eb8687be7ceff97862d515d8c6191b7c0a97c465f587150a975aeb495d52b73b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:33 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9355
x-xss-protection: 0
google-lineitem-id: 5693555703
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138349696118
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://korrespondent.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
2d404526208c1999cf8967291396cc8a.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 6645 6 KB
3 KB 97ms
24ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2d404526208c1999cf8967291396cc8a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://korrespondent.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 16 Aug 2022 13:05:33 GMT
expires: Wed, 16 Aug 2023 13:05:33 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 204 playback
s.youtube.com/api/stats/ Frame 095F 0
0 115ms
31ms Image
text/html 2a00:1450:400c:c08::8a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.youtube.com/api/stats/playback?ns=yt&fexp=44750823%2C44754420%2C44760950%2C44762904%2C44765701%2C44767130&el=adunit&cpn=GIag2j7ROo_Tb9iO&docid=PtD5Q9c-2zA&visitordata=Cgt4TXJzYlRKZS1YZw%253D%253D&ver=2&cmt=0.223&fmt=18&rt=0.000&adformat=2_2_1&euri=https%3A%2F%2Fkorrespondent.net%2F&len=39.242&vtype=gvp&c=web_gvp_ads&cver=h.0.0.0&cbr=Chrome&cbrver=104.0.5112.79&cos=Win32&cosver=537.36&cplatform=desktop&mos=1&volume=0&delay=28&rtn=10
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c08::8a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 8FFC 0
0 54ms
54ms Fetch
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsum2Hm20zByaTBDpdPwGyXo48i1jwBgsy-_Qc9iS-xvmtvFgMc8OTmURN0TFSpOyaZawZng_1JLqmPkr3gICw0_1q0LjDZ12_b4J3NPOZ-GNeyP8xxBn8gesy0SasMeB3PnPW4zsIgMAM-qNQWSkJXGOZ4_u7pRoc06vkGCOgr8hJpjnVi_E4tSk3PAc5zalK_1IDXg5yL7f32NUoaN6THQAG6EYdJ_j43ORnEQGaXHy_bMigCEjK_Kf_VMZwUaSNQ-XbKkwjb21s_O8UE9mORMw-iAJKnM9-k4OOpQuZaeUvLfkIae9zdWDL7rfC6111rpvT3z5_EfO_FulzayObcVyk2xJPwSu4nfZLr871SxTcx6FrzJGBayKTc&sai=AMfl-YTucTn9SPuxFtzXflXyrRakQerDjFT0W-5yEioN2E3-dhRzhWjTNqPW23kCFTy27yySY6y6FQAQgXhS1VQzQcK6qBpgWnJQjSH6CS-V_YxYCAWyTUGb_1wgd1hJnA&sig=Cg0ArKJSzAeF_T-h3vQjEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 16 Aug 2022 13:05:33 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 t.js Show response
mediawoot.com/ Frame 8FFC 52 KB
15 KB 150ms
42ms Script
application/javascript 13.224.189.79
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mediawoot.com/t.js?i=g18zrl66q1278cu7c5ytl&cb=3061051660655133312
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.79 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-79.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b318e5876213045715769fbd7687c0c0c8aa53bef9c839b43f2cc48a3221e418

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: yMS32Gpcl2yEXRyrboLAK0ArDVAf6BYD
content-encoding: gzip
last-modified: Fri, 12 Aug 2022 10:40:39 GMT
server: AmazonS3
age: 8492
etag: W/"2b3e71038b5f0ef285a6c04c4163aa23"
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront)
date: Tue, 16 Aug 2022 10:45:55 GMT
x-amz-cf-pop: FRA2-C1
x-amz-cf-id: yQ4PjUikx_vSJLenbO9L9mRFfVjOFlP4Y9cmTwYVWPTcXPZ1Y6DRyA==

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8FFC 140 KB
43 KB 2312ms
2311ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

75bf5c0112a41f871dc47c5e98deef6dc7db8e94178bf0c853f3a09415f6d338

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44015
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1660137096112928"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 16 Aug 2022 13:05:35 GMT

POST
H/1.1 200
OK / Show response
t.cotsta.ru/v4/track/tag/ Frame 3FAB 2 B
196 B 95ms
37ms XHR
text/plain 168.119.79.238
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://t.cotsta.ru/v4/track/tag/?v=1&time__offset=1439&event=filled_render&ex_pl_id=/21830442390,22434891267/korrespondent.net_amx_/300x250_bs&pl_id=364
Requested by: Host: 0.code.cotsta.ru
URL: https://0.code.cotsta.ru/dist/a.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 168.119.79.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.238.79.119.168.clients.your-server.de
Software: nginx/1.14.1 /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://korrespondent.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 16 Aug 2022 13:05:33 GMT
Server: nginx/1.14.1
Connection: keep-alive
Content-Length: 2
Content-Type: text/plain; charset=utf-8

GET
H2 200 tracking
ad.mox.tv/delivery/ Frame EBAA 51 B
51 B 33ms
30ms Image
text/html 190.2.151.10
WORLDSTREAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.mox.tv/delivery/tracking?hash=eUtWMkJ0clZ4QlFqT2pWTnRCd2FCMU44dGIxemc0Z3pvL2dGUTBJRkpxZnJ0d0hYRE1QSzBVemRhTDN5RmQ5Z2tGV3B0R0xqVHZIb2xobEk4bm9jY1R2aWdoTDJXK3dHTWVvaTNQVUs1V2dkbWhKU25mWXZhWmFQOVBqQUhJVmQ4ZkxJdzNRT2I3QkkrVDFTSE5RTFZDN2xVeWV4ZHhqR01DeUZhS2F0V1dXRnBuYnBicVM4d0JqNnhjdXplalNlL1c1azdkQ0h2Z1VWRTl4dVFLQTdVQldHR2taeEVMalJ2Ykd0RmMzME1oT3pLSnhHcmE2UitsalNxVUZyWlpaVg%3D%3D&params=WU5hbjdEMFYwSjFoSjB4VmZOWlNFUT09
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 190.2.151.10 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 190-2-151-10.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 16 Aug 2022 13:05:33 GMT
content-encoding: gzip
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 799E 0
12 B 16ms
16ms Image
text/plain 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?8w1VRQ
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:33 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5E5B 0
20 B 52ms
51ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=36&t=2&li=v_h.3.525.0&bgai=BV7EtG5b7YrGEOqaSxwLuoLPwDAAAAAA4AboFEwic9e25tsv5AhUr_tUKHejzDL8&bg=!np2lndnNAAa4hXTbmIU7ACkAdvg8WvHkwO1ABotT8mu0WickEkkDzL1qNB3LaChgpI5Vempu5CL-8AIAAADAUgAAAAJoAQcKALsaLhkrBUqsd7WUU9Fi0vDONhOvQ2QhoAubLaHPdrB7brFynxYtWW4RGdJ7fmDT8rmpErBWSiT9atTYW8DyVfrKJRZAMJ6Wj88fBkdW9h-DYSNkC8W84Y29iHbEFJ-o5viimd2RxBL8agWqeBYJXiibirDW2-5QD34vYmHzC7ZRDr35kKj37R1t7KKedwjeOM7wwW1z84oGl4SXcDLU7E4JxcbelPszqwafUS9G6mpAG4odnqDKem58Fw0kmQJ7BtZjbjh5mFFlXwNNHnK0mxW0RNHfUhxbQAjAtUHgL3E4DSSN6l5GTMpzpT6CttRLjVvbj2ctFQSBaZd3iEEk4EuqdEdOAfPKVSUJ-qbRqp9bjr0HLzWy5Z6tWWvAnFdDX-zpN8L16l9hBH_7nguK_G0bMaVenQO3rhGGoXdCRAamO1quqIL3m0sBDT2Xsy_axSRi_zdnvxcn6NijE3blGEUNA_6tVPtbWhgP3d6OLffVO3JaPxx2RaN-jZESZyG836a2Yd9EFEHe2rLa3EjRWXPD8Eq2xq4FOIfTxrA0As-g0VJ-VZRzfkiRtt4twMs1Y76UzYSYalH_MoKLYTfIJF_1yU4I3qWEekqxIF8ngOOBkTldVbk6WXREBdj1KxO6Au_H1FqemoxDWF072-9Rx_I9PCA7I_v1-5lKtLvH1gRYHxS2usIgJ-wmLOWUbNzSbGeO3hXcT87v4DVpw8ZFCp-nmZutL1bv7WsnW3sUrsIE3JeNEJBG1ziGYmUwtOpVm5JFuRoYfQzY5Oqz45dFtHGhtc7hRpcsoAYC6rTYqb5fUXd1QIg-8b9IcKI_FGcDZx6ekqzbJd7Vcnah5uif-43S_csFpFU72VjHEDgltOP4r_np_g79TQ0ZsUvj-ImhpZwJxxKPqbmTnEtzmAv_C-_V_sU5SV0AvDiNjt7Xl4Xqnl_RMF3Mh7QCzoMHQssYIs0ayWDf62w8i9G0bwXoc-HeAJWpRIi-Fym57CkkSxdU7iXK8wqZlYcb6-tyAhrReBODD3chraEoEhdPZtsylegu5F0roIpAksCasOSOt_NliZVmyYEhw1DtvMK5yGYyur-6SJ8PONSgm4c

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ 375 KB
125 KB 49ms
49ms Script
text/javascript 2a00:1450:400e:80c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: ad.mox.tv
URL: https://ad.mox.tv/js/moxplayer/moxplayer.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:80c::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5ee00fad2265577bc5be56bc69c1e8c1071a4b201a5b9bd523c7204a54c31a28

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 127726
x-xss-protection: 0
expires: Tue, 16 Aug 2022 13:05:33 GMT

GET
H/1.1 206
Partial Content 480_650.mp4
cdn.mox.tv/data/poY7y70BITeTugc/1138/video/1744/ 132 KB
0 49ms
48ms Media
video/mp4 185.180.223.91
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.mox.tv/data/poY7y70BITeTugc/1138/video/1744/480_650.mp4
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.180.223.91 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 185-180-223-91.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash

Request headers

Referer: https://korrespondent.net/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Range: bytes=65536-

Response headers

Date: Tue, 16 Aug 2022 13:05:33 GMT
Last-Modified: Thu, 02 Sep 2021 16:24:30 GMT
Server: nginx/1.14.0 (Ubuntu)
Access-Control-Allow-Origin: *
ETag: "6130fabe-3299a49"
Content-Type: video/mp4
Content-Range: bytes 65536-53058120/53058121
Connection: keep-alive
Content-Length: 52992585

GET
H/1.1 206
Partial Content 480_650.mp4
cdn.mox.tv/data/poY7y70BITeTugc/1138/video/1744/ 144 KB
0 68ms
23ms Media
video/mp4 185.180.223.91
WORLDSTREAM

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.mox.tv/data/poY7y70BITeTugc/1138/video/1744/480_650.mp4
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.180.223.91 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 185-180-223-91.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash

Request headers

Referer: https://korrespondent.net/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Range: bytes=196608-

Response headers

Date: Tue, 16 Aug 2022 13:05:33 GMT
Last-Modified: Thu, 02 Sep 2021 16:24:30 GMT
Server: nginx/1.14.0 (Ubuntu)
Access-Control-Allow-Origin: *
ETag: "6130fabe-3299a49"
Content-Type: video/mp4
Content-Range: bytes 196608-53058120/53058121
Connection: keep-alive
Content-Length: 52861513

GET
H2 200 g18zrl66q1278cu7c5ytl.json Show response
mediawoot.com/c/ Frame 8FFC 2 KB
2 KB 53ms
16ms Fetch
application/octet-stream 13.224.189.79
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mediawoot.com/c/g18zrl66q1278cu7c5ytl.json
Requested by: Host: mediawoot.com
URL: https://mediawoot.com/t.js?i=g18zrl66q1278cu7c5ytl&cb=3061051660655133312
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.79 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-79.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ead57b4a59e7d890408606fb6a388db8691e840a538d2b673b6a826ead64455e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-amz-version-id: H21d2acTXKGHZnO_QI9J9fzJ2knU66s5
via: 1.1 59d92388a3a66e5f245f384a437fa024.cloudfront.net (CloudFront)
etag: "49b028150d325a8b352384f92b7ae98b"
age: 29303
x-cache: Hit from cloudfront
content-length: 1565
last-modified: Thu, 07 Apr 2022 09:52:34 GMT
server: AmazonS3
date: Tue, 16 Aug 2022 05:01:37 GMT
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
access-control-expose-headers: *
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
x-amz-cf-id: MHCT1Sh8VBCBxPz_tJayCfOM1YupaWnb-w2muPxmnuFPCsF3M7Lw4Q==

GET
H3 200 bridge3.525.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame DDF1 635 KB
205 KB 44ms
43ms Document
text/html 2a00:1450:400e:80c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.525.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:80c::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d47d16bf34e4c557ae13192bf351083ee15c9bed72a139fb1e14272d7b391230

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://korrespondent.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 470866
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 210284
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Thu, 11 Aug 2022 02:17:47 GMT
expires: Fri, 11 Aug 2023 02:17:47 GMT
last-modified: Thu, 11 Aug 2022 01:58:48 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 1A95 83 KB
28 KB 38ms
37ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: mediawoot.com
URL: https://mediawoot.com/t.js?i=g18zrl66q1278cu7c5ytl&cb=3061051660655133312

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

sffe /

Resource Hash

2cd70243017eddd6d2f7394662040bc749411928b1e8277dce04b5cc8364eb64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28649
x-xss-protection: 0
server: sffe
etag: "1305 / 286 of 1000 / last-modified: 1660648126"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 16 Aug 2022 13:05:33 GMT

GET
H2 200 prebid6.15.0.js Show response
hb.adpone.com/ Frame 1A95 368 KB
103 KB 404ms
54ms Script
application/javascript 104.26.10.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid6.15.0.js
Requested by: Host: mediawoot.com
URL: https://mediawoot.com/t.js?i=g18zrl66q1278cu7c5ytl&cb=3061051660655133312
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.10.25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c732adb13b1be3b4e9283988a26cdf5153eefe90b9797f8e70fe2a6378affbe4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:33 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2903
x-amz-request-id: EMZ3GWYEJY1MYFGH
x-amz-id-2: ZdP2b0HW017FcCYirWXwlPbgywzVVEdf9Z1m9ijJFcEQnYwMeWjBO23s+TaP+pAodTg5ulcuTQs=
last-modified: Wed, 30 Mar 2022 09:13:54 GMT
server: cloudflare
etag: W/"ead6e8c23bf835688215d35a6b357336"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NSicaZhDMzKMnmE%2Bo4t8MGML96%2FamglNpZ3fQqfb9FhQGgYPiY%2BI4q%2FvmshpSkUkxAcEQap4sKET22hTIjYWbSDVTluqT%2FEfVspiYNznFwsemjMMVUvpXlcM9Tze3Gc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
x-amz-version-id: xeKiFDHa4caZh3hM.m43HLu9jNtrHamp
cf-ray: 73ba61daeb34bb53-FRA

GET
H2 200 p.html Show response
mediawoot.com/r/ Frame B131 9 KB
3 KB 42ms
42ms Document
text/html 13.224.189.79
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mediawoot.com/r/p.html?f=qhnmckig&e=1518846443599
Requested by: Host: mediawoot.com
URL: https://mediawoot.com/t.js?i=g18zrl66q1278cu7c5ytl&cb=3061051660655133312
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.79 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-79.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f674fbfa6f56c98338eb149698212609bb1f23a407b9c5f5661587fbd7852f6b

Request headers

Referer: https://korrespondent.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 41251
content-encoding: gzip
content-type: text/html
date: Tue, 16 Aug 2022 01:53:11 GMT
etag: W/"5cf55433b12622d72185936eb7379e13"
last-modified: Wed, 08 Jun 2022 20:58:01 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront)
x-amz-cf-id: p9A6dSH4HCxrQbgsLatqVmXiDMzhH7u8MqbV6PGw6PRgilKbaVIJKg==
x-amz-cf-pop: FRA2-C1
x-amz-version-id: oz6fpl87UspghpuOURN0N_mgHQvwK1bf
x-cache: Hit from cloudfront

GET
H2 200 p.html Show response
mediawoot.com/r/ Frame 1C51 9 KB
3 KB 42ms
41ms Document
text/html 13.224.189.79
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mediawoot.com/r/p.html?f=yvmanyrg&e=1518846443599
Requested by: Host: mediawoot.com
URL: https://mediawoot.com/t.js?i=g18zrl66q1278cu7c5ytl&cb=3061051660655133312
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.79 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-79.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f674fbfa6f56c98338eb149698212609bb1f23a407b9c5f5661587fbd7852f6b

Request headers

Referer: https://korrespondent.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 41251
content-encoding: gzip
content-type: text/html
date: Tue, 16 Aug 2022 01:53:11 GMT
etag: W/"5cf55433b12622d72185936eb7379e13"
last-modified: Wed, 08 Jun 2022 20:58:01 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront)
x-amz-cf-id: N-sC7ffNygXqD-5NSeJxh2gXZ8IQCcQ6gz9FUaatwjUoVxmkvFOTmA==
x-amz-cf-pop: FRA2-C1
x-amz-version-id: oz6fpl87UspghpuOURN0N_mgHQvwK1bf
x-cache: Hit from cloudfront

GET
H2 200 p.html Show response
mediawoot.com/r/ Frame 4377 9 KB
3 KB 43ms
41ms Document
text/html 13.224.189.79
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mediawoot.com/r/p.html?f=wsfijg&e=1518846443599
Requested by: Host: mediawoot.com
URL: https://mediawoot.com/t.js?i=g18zrl66q1278cu7c5ytl&cb=3061051660655133312
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.79 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-79.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f674fbfa6f56c98338eb149698212609bb1f23a407b9c5f5661587fbd7852f6b

Request headers

Referer: https://korrespondent.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 41251
content-encoding: gzip
content-type: text/html
date: Tue, 16 Aug 2022 01:53:11 GMT
etag: W/"5cf55433b12622d72185936eb7379e13"
last-modified: Wed, 08 Jun 2022 20:58:01 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront)
x-amz-cf-id: ZX8zPFPC7bYmxxYX7SnymD3xTW2lw7dRMl29ml-mYFcu37r9JgWA3w==
x-amz-cf-pop: FRA2-C1
x-amz-version-id: oz6fpl87UspghpuOURN0N_mgHQvwK1bf
x-cache: Hit from cloudfront

GET
H2 200 p.html Show response
mediawoot.com/r/ Frame EA4D 9 KB
3 KB 44ms
43ms Document
text/html 13.224.189.79
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mediawoot.com/r/p.html?f=luzlkxf&e=1518846443599
Requested by: Host: mediawoot.com
URL: https://mediawoot.com/t.js?i=g18zrl66q1278cu7c5ytl&cb=3061051660655133312
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.79 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-79.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f674fbfa6f56c98338eb149698212609bb1f23a407b9c5f5661587fbd7852f6b

Request headers

Referer: https://korrespondent.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 41251
content-encoding: gzip
content-type: text/html
date: Tue, 16 Aug 2022 01:53:11 GMT
etag: W/"5cf55433b12622d72185936eb7379e13"
last-modified: Wed, 08 Jun 2022 20:58:01 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront)
x-amz-cf-id: YUuWX7cgSs5RYVgbW3HhZ5Ilu7yxAW0dOVJkKLFu2HXVZkssZY2uYQ==
x-amz-cf-pop: FRA2-C1
x-amz-version-id: oz6fpl87UspghpuOURN0N_mgHQvwK1bf
x-cache: Hit from cloudfront

GET
H2 200 p.html Show response
mediawoot.com/r/ Frame B7E4 9 KB
3 KB 42ms
41ms Document
text/html 13.224.189.79
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mediawoot.com/r/p.html?f=zxmhozdtyy&e=1518846443599
Requested by: Host: mediawoot.com
URL: https://mediawoot.com/t.js?i=g18zrl66q1278cu7c5ytl&cb=3061051660655133312
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.79 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-79.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f674fbfa6f56c98338eb149698212609bb1f23a407b9c5f5661587fbd7852f6b

Request headers

Referer: https://korrespondent.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 41251
content-encoding: gzip
content-type: text/html
date: Tue, 16 Aug 2022 01:53:11 GMT
etag: W/"5cf55433b12622d72185936eb7379e13"
last-modified: Wed, 08 Jun 2022 20:58:01 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront)
x-amz-cf-id: rtC0GNecXHkCno6EtBu7SBXhXfhmdURPEle2rNDyyRDqBF-zDZINOA==
x-amz-cf-pop: FRA2-C1
x-amz-version-id: oz6fpl87UspghpuOURN0N_mgHQvwK1bf
x-cache: Hit from cloudfront

GET
H2 200 p.html Show response
mediawoot.com/r/ Frame 1BB0 9 KB
3 KB 42ms
41ms Document
text/html 13.224.189.79
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mediawoot.com/r/p.html?f=mylhifuyj&e=1518846443599
Requested by: Host: mediawoot.com
URL: https://mediawoot.com/t.js?i=g18zrl66q1278cu7c5ytl&cb=3061051660655133312
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.79 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-79.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f674fbfa6f56c98338eb149698212609bb1f23a407b9c5f5661587fbd7852f6b

Request headers

Referer: https://korrespondent.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 41251
content-encoding: gzip
content-type: text/html
date: Tue, 16 Aug 2022 01:53:11 GMT
etag: W/"5cf55433b12622d72185936eb7379e13"
last-modified: Wed, 08 Jun 2022 20:58:01 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront)
x-amz-cf-id: PBh9EyoT_ymzZ0a2T-wXhosksaewmsUtZ3vuM-uSeO0amIaYbAbUvQ==
x-amz-cf-pop: FRA2-C1
x-amz-version-id: oz6fpl87UspghpuOURN0N_mgHQvwK1bf
x-cache: Hit from cloudfront

GET
H2 200 p.html Show response
mediawoot.com/r/ Frame D017 9 KB
3 KB 41ms
41ms Document
text/html 13.224.189.79
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mediawoot.com/r/p.html?f=erxcabou&e=1518846443599
Requested by: Host: mediawoot.com
URL: https://mediawoot.com/t.js?i=g18zrl66q1278cu7c5ytl&cb=3061051660655133312
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.79 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-79.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f674fbfa6f56c98338eb149698212609bb1f23a407b9c5f5661587fbd7852f6b

Request headers

Referer: https://korrespondent.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 41251
content-encoding: gzip
content-type: text/html
date: Tue, 16 Aug 2022 01:53:11 GMT
etag: W/"5cf55433b12622d72185936eb7379e13"
last-modified: Wed, 08 Jun 2022 20:58:01 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront)
x-amz-cf-id: -H_XSXeQKwjaQCw2LyIUuQJhTcVxAhyOUxmhqWy_FkmCirlRtdzHmw==
x-amz-cf-pop: FRA2-C1
x-amz-version-id: oz6fpl87UspghpuOURN0N_mgHQvwK1bf
x-cache: Hit from cloudfront

GET
H2 200 p.html Show response
mediawoot.com/r/ Frame B593 9 KB
3 KB 49ms
48ms Document
text/html 13.224.189.79
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mediawoot.com/r/p.html?f=mbbobmskc&e=1518846443599
Requested by: Host: mediawoot.com
URL: https://mediawoot.com/t.js?i=g18zrl66q1278cu7c5ytl&cb=3061051660655133312
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.79 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-79.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f674fbfa6f56c98338eb149698212609bb1f23a407b9c5f5661587fbd7852f6b

Request headers

Referer: https://korrespondent.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 41251
content-encoding: gzip
content-type: text/html
date: Tue, 16 Aug 2022 01:53:11 GMT
etag: W/"5cf55433b12622d72185936eb7379e13"
last-modified: Wed, 08 Jun 2022 20:58:01 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront)
x-amz-cf-id: Fj0gme-cn8IdLiJvHIQ7gwZFAnm-whzVnJplT6UN7tB1iPffLSRmQw==
x-amz-cf-pop: FRA2-C1
x-amz-version-id: oz6fpl87UspghpuOURN0N_mgHQvwK1bf
x-cache: Hit from cloudfront

GET
H2 200 p.html Show response
mediawoot.com/r/ Frame 2899 9 KB
3 KB 47ms
46ms Document
text/html 13.224.189.79
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mediawoot.com/r/p.html?f=gmyjtldt&e=1518846443599
Requested by: Host: mediawoot.com
URL: https://mediawoot.com/t.js?i=g18zrl66q1278cu7c5ytl&cb=3061051660655133312
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.79 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-79.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f674fbfa6f56c98338eb149698212609bb1f23a407b9c5f5661587fbd7852f6b

Request headers

Referer: https://korrespondent.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 41251
content-encoding: gzip
content-type: text/html
date: Tue, 16 Aug 2022 01:53:11 GMT
etag: W/"5cf55433b12622d72185936eb7379e13"
last-modified: Wed, 08 Jun 2022 20:58:01 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront)
x-amz-cf-id: dMwlCbBPrIE_XgH4XWkL8X8X0XCZNs2sohPOnQKoeKbVR9dr9mIPNw==
x-amz-cf-pop: FRA2-C1
x-amz-version-id: oz6fpl87UspghpuOURN0N_mgHQvwK1bf
x-cache: Hit from cloudfront

GET
H2 200 p.html Show response
mediawoot.com/r/ Frame 7C3C 9 KB
3 KB 43ms
43ms Document
text/html 13.224.189.79
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mediawoot.com/r/p.html?f=heahfpe&e=1518846443599
Requested by: Host: mediawoot.com
URL: https://mediawoot.com/t.js?i=g18zrl66q1278cu7c5ytl&cb=3061051660655133312
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.79 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-79.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f674fbfa6f56c98338eb149698212609bb1f23a407b9c5f5661587fbd7852f6b

Request headers

Referer: https://korrespondent.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 41251
content-encoding: gzip
content-type: text/html
date: Tue, 16 Aug 2022 01:53:11 GMT
etag: W/"5cf55433b12622d72185936eb7379e13"
last-modified: Wed, 08 Jun 2022 20:58:01 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront)
x-amz-cf-id: kLiwN-kewPnMHWWJBR8UwAZMgk9yvan8FTsq3GTOGiuZ-lVDXTz69g==
x-amz-cf-pop: FRA2-C1
x-amz-version-id: oz6fpl87UspghpuOURN0N_mgHQvwK1bf
x-cache: Hit from cloudfront

GET
H2 200 p.html Show response
mediawoot.com/r/ Frame 034E 9 KB
3 KB 49ms
48ms Document
text/html 13.224.189.79
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mediawoot.com/r/p.html?f=deznrj&e=1518846443599
Requested by: Host: mediawoot.com
URL: https://mediawoot.com/t.js?i=g18zrl66q1278cu7c5ytl&cb=3061051660655133312
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.79 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-79.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f674fbfa6f56c98338eb149698212609bb1f23a407b9c5f5661587fbd7852f6b

Request headers

Referer: https://korrespondent.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 41251
content-encoding: gzip
content-type: text/html
date: Tue, 16 Aug 2022 01:53:11 GMT
etag: W/"5cf55433b12622d72185936eb7379e13"
last-modified: Wed, 08 Jun 2022 20:58:01 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront)
x-amz-cf-id: lgeBW-umvdWxkB58spKAk9j-b6rFERaZDJ6gTO4cW-Id-tqclCnbbQ==
x-amz-cf-pop: FRA2-C1
x-amz-version-id: oz6fpl87UspghpuOURN0N_mgHQvwK1bf
x-cache: Hit from cloudfront

GET
H2 200 p.html Show response
mediawoot.com/r/ Frame 4B7A 9 KB
3 KB 47ms
47ms Document
text/html 13.224.189.79
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mediawoot.com/r/p.html?f=zckvaaxfk&e=1518846443599
Requested by: Host: mediawoot.com
URL: https://mediawoot.com/t.js?i=g18zrl66q1278cu7c5ytl&cb=3061051660655133312
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.79 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-79.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f674fbfa6f56c98338eb149698212609bb1f23a407b9c5f5661587fbd7852f6b

Request headers

Referer: https://korrespondent.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 41251
content-encoding: gzip
content-type: text/html
date: Tue, 16 Aug 2022 01:53:11 GMT
etag: W/"5cf55433b12622d72185936eb7379e13"
last-modified: Wed, 08 Jun 2022 20:58:01 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront)
x-amz-cf-id: 8GwfOzmIkRprajZIW4c04tYSFZ4H08qHAN_wFhzwRxVzOHwnxz7BAA==
x-amz-cf-pop: FRA2-C1
x-amz-version-id: oz6fpl87UspghpuOURN0N_mgHQvwK1bf
x-cache: Hit from cloudfront

GET
H2 200 p.html Show response
mediawoot.com/r/ Frame EACA 9 KB
3 KB 46ms
46ms Document
text/html 13.224.189.79
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mediawoot.com/r/p.html?f=votimejzv&e=1518846443599
Requested by: Host: mediawoot.com
URL: https://mediawoot.com/t.js?i=g18zrl66q1278cu7c5ytl&cb=3061051660655133312
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.79 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-79.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f674fbfa6f56c98338eb149698212609bb1f23a407b9c5f5661587fbd7852f6b

Request headers

Referer: https://korrespondent.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 41251
content-encoding: gzip
content-type: text/html
date: Tue, 16 Aug 2022 01:53:11 GMT
etag: W/"5cf55433b12622d72185936eb7379e13"
last-modified: Wed, 08 Jun 2022 20:58:01 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront)
x-amz-cf-id: PGu4FwobjHsrD6qGRTiVAKt3ULPlGTlVsNXMTHZ5N7nnqTtaPpDsEQ==
x-amz-cf-pop: FRA2-C1
x-amz-version-id: oz6fpl87UspghpuOURN0N_mgHQvwK1bf
x-cache: Hit from cloudfront

GET
H2 200 p.html Show response
mediawoot.com/r/ Frame 8A72 9 KB
3 KB 42ms
42ms Document
text/html 13.224.189.79
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mediawoot.com/r/p.html?f=avonrza&e=1518846443599
Requested by: Host: mediawoot.com
URL: https://mediawoot.com/t.js?i=g18zrl66q1278cu7c5ytl&cb=3061051660655133312
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.189.79 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-189-79.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f674fbfa6f56c98338eb149698212609bb1f23a407b9c5f5661587fbd7852f6b

Request headers

Referer: https://korrespondent.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 41251
content-encoding: gzip
content-type: text/html
date: Tue, 16 Aug 2022 01:53:11 GMT
etag: W/"5cf55433b12622d72185936eb7379e13"
last-modified: Wed, 08 Jun 2022 20:58:01 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 0e75d8f2d484ce463fc04f5c422aa178.cloudfront.net (CloudFront)
x-amz-cf-id: XHLwkO37DdYrASmmZcfKDeUc0GK95X9HC6yv8ppSBKKqNiRNSl5kWA==
x-amz-cf-pop: FRA2-C1
x-amz-version-id: oz6fpl87UspghpuOURN0N_mgHQvwK1bf
x-cache: Hit from cloudfront

GET
H3 200 pubads_impl_2022081101.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 1A95 388 KB
132 KB 16ms
15ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js?cb=31068970

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

sffe /

Resource Hash

48bd457befd1682d1e21bd4327a12799559ecc1308da5413b21ee60d2e6c0dde

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 08:48:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 15409
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 135472
x-xss-protection: 0
last-modified: Thu, 11 Aug 2022 08:35:49 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 16 Aug 2023 08:48:44 GMT

GET
H2 200 prebid6.15.0.js Show response
hb.adpone.com/ Frame B131 368 KB
103 KB 110ms
52ms Script
application/javascript 104.26.10.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid6.15.0.js
Requested by: Host: mediawoot.com
URL: https://mediawoot.com/r/p.html?f=qhnmckig&e=1518846443599
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.10.25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c732adb13b1be3b4e9283988a26cdf5153eefe90b9797f8e70fe2a6378affbe4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:33 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2903
x-amz-request-id: EMZ3GWYEJY1MYFGH
x-amz-id-2: ZdP2b0HW017FcCYirWXwlPbgywzVVEdf9Z1m9ijJFcEQnYwMeWjBO23s+TaP+pAodTg5ulcuTQs=
last-modified: Wed, 30 Mar 2022 09:13:54 GMT
server: cloudflare
etag: W/"ead6e8c23bf835688215d35a6b357336"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kSzsK9wRLWsiNcBp8l9TQbOW516JBzhrGZiIFHNPSJeRqYVr%2FYTB5DTAHD2avjnkRecN8PL4Y1%2BbnXXKyX1DvFG2VsU9NLwGNGmVIoEGOmJYrx%2B4XwqAXX4FRt%2BrE6Q%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
x-amz-version-id: xeKiFDHa4caZh3hM.m43HLu9jNtrHamp
cf-ray: 73ba61daeb3abb53-FRA

GET
H2 200 prebid6.15.0.js Show response
hb.adpone.com/ Frame 1C51 368 KB
103 KB 100ms
53ms Script
application/javascript 104.26.10.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid6.15.0.js
Requested by: Host: mediawoot.com
URL: https://mediawoot.com/r/p.html?f=yvmanyrg&e=1518846443599
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.10.25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c732adb13b1be3b4e9283988a26cdf5153eefe90b9797f8e70fe2a6378affbe4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:33 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2903
x-amz-request-id: EMZ3GWYEJY1MYFGH
x-amz-id-2: ZdP2b0HW017FcCYirWXwlPbgywzVVEdf9Z1m9ijJFcEQnYwMeWjBO23s+TaP+pAodTg5ulcuTQs=
last-modified: Wed, 30 Mar 2022 09:13:54 GMT
server: cloudflare
etag: W/"ead6e8c23bf835688215d35a6b357336"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bW7e0VXtp%2FU2MH2dJc2rEuyc7InY1hpSoK49NmeCHpasuOmpAQdL3TCAWRhyoeUEWEoxFVG63zn%2BsMzhKiOTgSgjTD8%2Fj1nDNFENrowh0h3Uukl5KiRR0RtvIjNI2c8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
x-amz-version-id: xeKiFDHa4caZh3hM.m43HLu9jNtrHamp
cf-ray: 73ba61daeb35bb53-FRA

GET
H2 200 prebid6.15.0.js Show response
hb.adpone.com/ Frame 4377 368 KB
103 KB 88ms
53ms Script
application/javascript 104.26.10.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid6.15.0.js
Requested by: Host: mediawoot.com
URL: https://mediawoot.com/r/p.html?f=wsfijg&e=1518846443599
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.10.25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c732adb13b1be3b4e9283988a26cdf5153eefe90b9797f8e70fe2a6378affbe4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:33 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2903
x-amz-request-id: EMZ3GWYEJY1MYFGH
x-amz-id-2: ZdP2b0HW017FcCYirWXwlPbgywzVVEdf9Z1m9ijJFcEQnYwMeWjBO23s+TaP+pAodTg5ulcuTQs=
last-modified: Wed, 30 Mar 2022 09:13:54 GMT
server: cloudflare
etag: W/"ead6e8c23bf835688215d35a6b357336"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vgL1KGE58t25bcJaHnM7brbdO%2F2B5ZQ0ZUekLIv9ybKsXTF6nO5KPolHuFV7PjT0QJAlK%2BDMPiQt%2FaWukIwHAcjtV34m9EVZPbOi5OUpgAzQsxnwUSE9DKdykj0Mxpk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
x-amz-version-id: xeKiFDHa4caZh3hM.m43HLu9jNtrHamp
cf-ray: 73ba61daeb38bb53-FRA

GET
H2 200 prebid6.15.0.js Show response
hb.adpone.com/ Frame EA4D 368 KB
103 KB 75ms
51ms Script
application/javascript 104.26.10.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid6.15.0.js
Requested by: Host: mediawoot.com
URL: https://mediawoot.com/r/p.html?f=luzlkxf&e=1518846443599
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.10.25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c732adb13b1be3b4e9283988a26cdf5153eefe90b9797f8e70fe2a6378affbe4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:33 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2903
x-amz-request-id: EMZ3GWYEJY1MYFGH
x-amz-id-2: ZdP2b0HW017FcCYirWXwlPbgywzVVEdf9Z1m9ijJFcEQnYwMeWjBO23s+TaP+pAodTg5ulcuTQs=
last-modified: Wed, 30 Mar 2022 09:13:54 GMT
server: cloudflare
etag: W/"ead6e8c23bf835688215d35a6b357336"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R1Lvnd3gbN9BaHZRtHlRVkjnCcyFdPhTvqlVFZedNdeejIIvaHuiLuTnZiFANvLfy5OT%2Bo%2FTs8s0i8oZUapGVPbnpz%2BjMa7phyN4ABDEDyEGo792%2FaHlPJFEDb7xMbM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
x-amz-version-id: xeKiFDHa4caZh3hM.m43HLu9jNtrHamp
cf-ray: 73ba61daeb3bbb53-FRA

GET
H2 200 prebid6.15.0.js Show response
hb.adpone.com/ Frame B7E4 368 KB
103 KB 36ms
35ms Script
application/javascript 104.26.10.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid6.15.0.js
Requested by: Host: mediawoot.com
URL: https://mediawoot.com/r/p.html?f=zxmhozdtyy&e=1518846443599
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.10.25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c732adb13b1be3b4e9283988a26cdf5153eefe90b9797f8e70fe2a6378affbe4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:33 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2903
x-amz-request-id: EMZ3GWYEJY1MYFGH
x-amz-id-2: ZdP2b0HW017FcCYirWXwlPbgywzVVEdf9Z1m9ijJFcEQnYwMeWjBO23s+TaP+pAodTg5ulcuTQs=
last-modified: Wed, 30 Mar 2022 09:13:54 GMT
server: cloudflare
etag: W/"ead6e8c23bf835688215d35a6b357336"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EcZMbMkxSLrGSP%2BuKIvl%2FAkSzGRMjE1ZUPgOJtpCwDHIFXGcFlhjmnZa7ZqFL55nVrY8ncpIsxN9Vc%2Bwx1WhB%2FcvJ8DFDuT8Nxd%2FUiQizScwDAyX6YrH9WGL84lOkMY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
x-amz-version-id: xeKiFDHa4caZh3hM.m43HLu9jNtrHamp
cf-ray: 73ba61daeb3dbb53-FRA

GET
H2 200 prebid6.15.0.js Show response
hb.adpone.com/ Frame 1BB0 368 KB
103 KB 42ms
36ms Script
application/javascript 104.26.10.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid6.15.0.js
Requested by: Host: mediawoot.com
URL: https://mediawoot.com/r/p.html?f=mylhifuyj&e=1518846443599
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.10.25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c732adb13b1be3b4e9283988a26cdf5153eefe90b9797f8e70fe2a6378affbe4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:33 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2903
x-amz-request-id: EMZ3GWYEJY1MYFGH
x-amz-id-2: ZdP2b0HW017FcCYirWXwlPbgywzVVEdf9Z1m9ijJFcEQnYwMeWjBO23s+TaP+pAodTg5ulcuTQs=
last-modified: Wed, 30 Mar 2022 09:13:54 GMT
server: cloudflare
etag: W/"ead6e8c23bf835688215d35a6b357336"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u82R400FUMXLHG2jTlYg4AqTnAsz11zkSlpqpDL8CQCD25T%2F0RQIRo8u0sXR54HhQAkjjls2zvxhOs7ThcJqgbh4AGMerE9F%2BntDVQ4ZQiQYA%2FDI04yl6hEUHlgWeLk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
x-amz-version-id: xeKiFDHa4caZh3hM.m43HLu9jNtrHamp
cf-ray: 73ba61db0b5fbb53-FRA

GET
H2 200 prebid6.15.0.js Show response
hb.adpone.com/ Frame D017 368 KB
103 KB 46ms
43ms Script
application/javascript 104.26.10.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid6.15.0.js
Requested by: Host: mediawoot.com
URL: https://mediawoot.com/r/p.html?f=erxcabou&e=1518846443599
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.10.25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c732adb13b1be3b4e9283988a26cdf5153eefe90b9797f8e70fe2a6378affbe4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:33 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2903
x-amz-request-id: EMZ3GWYEJY1MYFGH
x-amz-id-2: ZdP2b0HW017FcCYirWXwlPbgywzVVEdf9Z1m9ijJFcEQnYwMeWjBO23s+TaP+pAodTg5ulcuTQs=
last-modified: Wed, 30 Mar 2022 09:13:54 GMT
server: cloudflare
etag: W/"ead6e8c23bf835688215d35a6b357336"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DWznY%2BZwZAOdgBlt7FtbVL5EYJXj0NeSd6Pl7kaoJ0ydfa4eG47PdpsS0DFwDAvKERSpB6Kv1ov9IOhwLwzqfZQxgujMLzaC9qiFN78zXc3wrZRCTuIraHe1tLhSs8M%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
x-amz-version-id: xeKiFDHa4caZh3hM.m43HLu9jNtrHamp
cf-ray: 73ba61db2b98bb53-FRA

GET
H2 200 prebid6.15.0.js Show response
hb.adpone.com/ Frame B593 368 KB
103 KB 38ms
32ms Script
application/javascript 104.26.10.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid6.15.0.js
Requested by: Host: mediawoot.com
URL: https://mediawoot.com/r/p.html?f=mbbobmskc&e=1518846443599
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.10.25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c732adb13b1be3b4e9283988a26cdf5153eefe90b9797f8e70fe2a6378affbe4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:33 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2903
x-amz-request-id: EMZ3GWYEJY1MYFGH
x-amz-id-2: ZdP2b0HW017FcCYirWXwlPbgywzVVEdf9Z1m9ijJFcEQnYwMeWjBO23s+TaP+pAodTg5ulcuTQs=
last-modified: Wed, 30 Mar 2022 09:13:54 GMT
server: cloudflare
etag: W/"ead6e8c23bf835688215d35a6b357336"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tZLsaJK9DegqR6oW%2B0%2BTkunrTHaEyVN6IRnxJxhMTR7ax5ZQoepasxoKubXQhvJURmBUau1qjeK2BWJ9p8tnUw5yUrYNB6v%2ByQQMyFSqOblQSJO5fyimuiHV7VMHsNM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
x-amz-version-id: xeKiFDHa4caZh3hM.m43HLu9jNtrHamp
cf-ray: 73ba61db3bbbbb53-FRA

GET
H2 200 prebid6.15.0.js Show response
hb.adpone.com/ Frame 2899 368 KB
103 KB 47ms
46ms Script
application/javascript 104.26.10.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid6.15.0.js
Requested by: Host: mediawoot.com
URL: https://mediawoot.com/r/p.html?f=gmyjtldt&e=1518846443599
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.10.25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c732adb13b1be3b4e9283988a26cdf5153eefe90b9797f8e70fe2a6378affbe4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:33 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2903
x-amz-request-id: EMZ3GWYEJY1MYFGH
x-amz-id-2: ZdP2b0HW017FcCYirWXwlPbgywzVVEdf9Z1m9ijJFcEQnYwMeWjBO23s+TaP+pAodTg5ulcuTQs=
last-modified: Wed, 30 Mar 2022 09:13:54 GMT
server: cloudflare
etag: W/"ead6e8c23bf835688215d35a6b357336"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EhIL70hVGfN0e%2B8lxwriBRg4Ohp1CJLbje7LrhzkOiGh4ZbvOvIzhClHSk7A%2F702NAbpYGKwEVAF0YipJ6vewGOkEAQ6cf8bO1LWgA0KKgRYKu1f38wpaQGm4fD877g%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
x-amz-version-id: xeKiFDHa4caZh3hM.m43HLu9jNtrHamp
cf-ray: 73ba61db5be0bb53-FRA

GET
H2 200 prebid6.15.0.js Show response
hb.adpone.com/ Frame 7C3C 368 KB
103 KB 39ms
39ms Script
application/javascript 104.26.10.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid6.15.0.js
Requested by: Host: mediawoot.com
URL: https://mediawoot.com/r/p.html?f=heahfpe&e=1518846443599
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.10.25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c732adb13b1be3b4e9283988a26cdf5153eefe90b9797f8e70fe2a6378affbe4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:34 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2903
x-amz-request-id: EMZ3GWYEJY1MYFGH
x-amz-id-2: ZdP2b0HW017FcCYirWXwlPbgywzVVEdf9Z1m9ijJFcEQnYwMeWjBO23s+TaP+pAodTg5ulcuTQs=
last-modified: Wed, 30 Mar 2022 09:13:54 GMT
server: cloudflare
etag: W/"ead6e8c23bf835688215d35a6b357336"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MvpqOExjPzeUGU94ymiOfyEoVZjfHP72dz7gAiQxfc%2F%2FMwNuWse9HBMigyfxu8KoVCy0T3pQwmRGg7ha9%2FJpKDF0MCfU24CNNeiz7MzPAqAb9d85BBEOsouJDZzoM7M%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
x-amz-version-id: xeKiFDHa4caZh3hM.m43HLu9jNtrHamp
cf-ray: 73ba61db6c0fbb53-FRA

GET
H2 200 prebid6.15.0.js Show response
hb.adpone.com/ Frame 034E 368 KB
103 KB 36ms
35ms Script
application/javascript 104.26.10.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid6.15.0.js
Requested by: Host: mediawoot.com
URL: https://mediawoot.com/r/p.html?f=deznrj&e=1518846443599
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.10.25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c732adb13b1be3b4e9283988a26cdf5153eefe90b9797f8e70fe2a6378affbe4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:34 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2904
x-amz-request-id: EMZ3GWYEJY1MYFGH
x-amz-id-2: ZdP2b0HW017FcCYirWXwlPbgywzVVEdf9Z1m9ijJFcEQnYwMeWjBO23s+TaP+pAodTg5ulcuTQs=
last-modified: Wed, 30 Mar 2022 09:13:54 GMT
server: cloudflare
etag: W/"ead6e8c23bf835688215d35a6b357336"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9MqfoN6gqG8Sck61MwzUVbMS9d0twTxOlIv8I9YioI%2BpTQsO%2B0Wf7E1No6z1lZY8YbsabFf5lJgJQWGlHzkpuxStm122Rus0yqZ7QbjKQkFkKNubRYJrx1CeUA5H67I%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
x-amz-version-id: xeKiFDHa4caZh3hM.m43HLu9jNtrHamp
cf-ray: 73ba61db7c34bb53-FRA

GET
H2 200 prebid6.15.0.js Show response
hb.adpone.com/ Frame 4B7A 368 KB
103 KB 47ms
39ms Script
application/javascript 104.26.10.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid6.15.0.js
Requested by: Host: mediawoot.com
URL: https://mediawoot.com/r/p.html?f=zckvaaxfk&e=1518846443599
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.10.25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c732adb13b1be3b4e9283988a26cdf5153eefe90b9797f8e70fe2a6378affbe4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:34 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2904
x-amz-request-id: EMZ3GWYEJY1MYFGH
x-amz-id-2: ZdP2b0HW017FcCYirWXwlPbgywzVVEdf9Z1m9ijJFcEQnYwMeWjBO23s+TaP+pAodTg5ulcuTQs=
last-modified: Wed, 30 Mar 2022 09:13:54 GMT
server: cloudflare
etag: W/"ead6e8c23bf835688215d35a6b357336"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J8wVnBI0oH6oiN4SMEPoVJ7%2FFSSnEdqljhvO%2BnPg0CE3fnLm5rJkegNc5MAG0kzCEKHjuiSYJpRQVxByLNG%2Bs4WpvRnHydaXPSWXgOhNGE0iogR5PcxA1SRO7ikpQlk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
x-amz-version-id: xeKiFDHa4caZh3hM.m43HLu9jNtrHamp
cf-ray: 73ba61dbac71bb53-FRA

GET
H2 200 prebid6.15.0.js Show response
hb.adpone.com/ Frame EACA 368 KB
103 KB 49ms
44ms Script
application/javascript 104.26.10.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid6.15.0.js
Requested by: Host: mediawoot.com
URL: https://mediawoot.com/r/p.html?f=votimejzv&e=1518846443599
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.10.25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c732adb13b1be3b4e9283988a26cdf5153eefe90b9797f8e70fe2a6378affbe4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:34 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2904
x-amz-request-id: EMZ3GWYEJY1MYFGH
x-amz-id-2: ZdP2b0HW017FcCYirWXwlPbgywzVVEdf9Z1m9ijJFcEQnYwMeWjBO23s+TaP+pAodTg5ulcuTQs=
last-modified: Wed, 30 Mar 2022 09:13:54 GMT
server: cloudflare
etag: W/"ead6e8c23bf835688215d35a6b357336"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i2i%2FoZLon5%2BRAMXWXh8U8LPfIEZ9huAIHp6Y0N8%2FCABbYZGVVfYrJn9U6wUzkNsYBSWF%2Buxvnl9IOWSiCYJblAivThQIa3%2FE0qKNQqZvHh3cm%2BYC%2F%2BRDs6BCmoZXjCM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
x-amz-version-id: xeKiFDHa4caZh3hM.m43HLu9jNtrHamp
cf-ray: 73ba61dbac7cbb53-FRA

GET
H2 200 prebid6.15.0.js Show response
hb.adpone.com/ Frame 8A72 368 KB
103 KB 34ms
33ms Script
application/javascript 104.26.10.25
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.adpone.com/prebid6.15.0.js
Requested by: Host: mediawoot.com
URL: https://mediawoot.com/r/p.html?f=avonrza&e=1518846443599
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.10.25 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c732adb13b1be3b4e9283988a26cdf5153eefe90b9797f8e70fe2a6378affbe4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:34 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2904
x-amz-request-id: EMZ3GWYEJY1MYFGH
x-amz-id-2: ZdP2b0HW017FcCYirWXwlPbgywzVVEdf9Z1m9ijJFcEQnYwMeWjBO23s+TaP+pAodTg5ulcuTQs=
last-modified: Wed, 30 Mar 2022 09:13:54 GMT
server: cloudflare
etag: W/"ead6e8c23bf835688215d35a6b357336"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hU%2BeEFGkoL6Xwv4U%2FdlwvUoA1DpJwAvb3nsXgL%2B38QojFsR8b74aGVoZxjaRxLl%2FHZ4X8vI8OoojoHpM1J4ZVnM9Tx%2BpHldvuFz2Dhl2vHcPeAe3gQfwEPvLEJ0P%2B%2Bk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
x-amz-version-id: xeKiFDHa4caZh3hM.m43HLu9jNtrHamp
cf-ray: 73ba61dbbc7fbb53-FRA

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 3FAB 0
0 52ms
52ms Image
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20220811&jk=4265567016599518&bg=!DwylDEjNAAa4hXTbmIU7ACkAdvg8Wi2Fgt8k_Px5RqdAUc6HHn-bdCU14krtHCvfXj7J4LmXnibHuQIAAADkUgAAAAJoAQeZAxYcflV9qPjHUiqWB5tdEBwhfxqMKOVKDq9I66baM5Gl0YAXn5rVu8gx7uCi2noPS4q0-qab90snVf9Mw8WiUYktvP1bs_LFDnVSohvv2UPZbnWnLAPYYcl7GgFTeueTjgbiGbtPDJPglzREzEO4zxzp_SwzCpfWcox8ObunvWXZcckUno6ozgQ7r2YMMJIQ-SOd6NHWHluqxumcK65Yi1fjWH8PAwT9CQyYOi_uLCf9KhD6QYNiCVEn7Hbd7tqW1a6GmCNc5SwGUo4ps8ODlCEwIafEOpOH5p_koHCHQCt9iMfMEudmmOiEItqQW43bCXLs1IMUHNJDZfJLh5VjRK1pihlywK2S0mTzJbRugPXKZqzqdyPQAjM6EyAWSUl87CLTntgsyvyy8qk_SDeYA_LAGC7H9AAE-sA23cQYApysQiSUvJvfvilcJqInXHlPOTI22JjspCh6pWf2E8ZM3PYRZuzzNVI0LZkvZxPXSo9NyL_b3F528puvSOvhcwV5BbaIRWufYR6TEJAPyVfvC35cxAowzkuK3lsxeaxn56pbZ3HxQLWVP60jc1Vt-QRJBlfMvPR-jOYF3aCMfh37R1WUSLN-CyrSaRBqas5iYX7WWD-narXM1zb_cxahduQXry4ZT6alw50YWof9XUrO0W6D4INClTf8tBOSkIRhSNr3C0UKTNuzcQV4N0LFh1VY58QKnmH4Xgt8yTuouMkkr_jYzwk10EDy05XkoMJXkMZVicDmoq6OaIogPIaO1ZGjGtaZBtPDe9VYJ9rqmL4mc9hL2Vi2MjP7UAxXJwtXhGkZzyZ1QynT8LnrxQq415_el49yPDsfKwLEA54BFjgiOrPlFsZSyYfEICVzcdkInVy04ig_eB3dWTB6XdbCsQrKbWo7U_PrQwyju6dTeBZkdrYDV--FIThdBXrokxRDzeSzM4S2s18m4iRBAACg4m47DchJimRj3Wgui_xQDnq63wK8lA-69_aWdPuSyj2j_Cg9LlhNVA8zbWk3w34KIvxp-QkXab8lEOJCSVC0zKJEeWpmWDPWV7nY
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

OPTIONS
H2 200 openrtb
adx.adform.net/adx/ Frame 0
0 122ms
36ms Preflight 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://mediawoot.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://mediawoot.com
access-control-max-age: 86400
allow: POST,OPTIONS
cache-control: no-cache, no-store, must-revalidate, no-transform
date: Tue, 16 Aug 2022 13:05:34 GMT
expires: -1
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ Frame B7E4 36 B
309 B 166ms
114ms XHR
application/json 104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=676744&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%22166ac4ae77ac9a%22%2C%22site%22%3A%7B%22ref%22%3A%22https%3A%2F%2Fkorrespondent.net%2F%22%2C%22page%22%3A%22https%3A%2F%2Fkorrespondent.net%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A1%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%226.15.0%22%2C%22userIds%22%3A%5B%5D%2C%22fpd%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2225600cbcd0d7eb%22%2C%22banner%22%3A%7B%22topframe%22%3A0%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22676744%22%2C%22sid%22%3A%22300x250%22%7D%7D%5D%7D%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22adpone.com%22%2C%22sid%22%3A%22163dad3ab48d8d41e65b%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%7D%7D
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2903c151f90fbeea6161a4f329f44ac36489268a8e61c62ad8141140d2ed3c3f

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Aug 2022 13:05:34 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 36
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KHAPA6c5gGuhp9wUWG53nfi%2BBf1zOtF2JOJNnLYXEGpCCxsoJ%2Feye0kGJjHFyl02UVsOflsNaPcEwXhglcqY1E%2F5crnt8i4GVgfi6yj9GQW42D3q3DYC1us8hOPSQszB%2F9vaQ1W6"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://mediawoot.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 73ba61dcb8ae9b4b-FRA
expires: 0

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame B7E4 0
214 B 26ms
25ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=6.15.0&cb=60360569158

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Aug 2022 13:05:33 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://mediawoot.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ Frame B7E4 94 B
743 B 97ms
48ms XHR
application/json 72.251.249.14
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_6.15.0
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.14 Amsterdam, Netherlands, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash: 9482fc3a91a616471b441fe6d5b79deaed92eba1bcaf4c3d04290df2fe5f2c3b

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 16 Aug 2022 13:05:34 GMT
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://mediawoot.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 98

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame B7E4 0
406 B 178ms
101ms XHR
text/plain 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/json

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:34 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://mediawoot.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame B7E4 0
335 B 159ms
30ms XHR
application/json 185.86.138.121
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.121 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:33 GMT
vary: Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://mediawoot.com
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 0

GET
H2 200 arj Show response
adpone-d.openx.net/w/1.0/ Frame B7E4 73 B
376 B 123ms
26ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://adpone-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fkorrespondent.net%2F&ch=windows-1252&res=1600x1200x24&ifr=true&tz=0&tws=undefined&be=1&bc=hb_pb_3.0.3&dddid=a965316d-48e1-46e3-8c15-965576176e5c&nocache=1660655134134&schain=1.0%2C1!adpone.com%2C163dad3ab48d8d41e65b%2C1%2C%2C%2C&aus=300x250&divids=adpn-adtag-1660655133894&aucs=adpn-adtag-1660655133894&auid=544062056
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: aa66c613125eacfbe148ed0adff3980002acda629ce8ef81336b1903a00573f8

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:34 GMT
content-encoding: gzip
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://mediawoot.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame B7E4 145 B
1 KB 164ms
164ms XHR
application/json 185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

86c16c76c730322e55e041f3f97e5c80253da9c0b0607ee2bea0f69615433cdb

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:34 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 3f9e9daf-742b-4af4-b35c-0ed4550b4c04
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://mediawoot.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame B7E4 316 B
1 KB 189ms
97ms XHR
application/json 2602:803:c004:200::141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=201784&zone_id=2055862&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,163dad3ab48d8d41e65b,1,,,&rf=korrespondent.net&tg_i.ref=https%3A%2F%2Fkorrespondent.net%2F&tg_i.pbadslot=adpn-adtag-1660655133894&tk_flint=pbjs_lite_v6.15.0&x_source.tid=a965316d-48e1-46e3-8c15-965576176e5c&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.45847091813766316
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 2602:803:c004:200::141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 174a79ae10dc3429ea2e47dae1bb511c4a95a2715c0add9f0bab4373c580dc26

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:34 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://mediawoot.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 316
Expires: Wed, 17 Sep 1975 21:32:10 GMT

OPTIONS
H2 200 openrtb
adx.adform.net/adx/ Frame 0
0 85ms
37ms Preflight 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://korrespondent.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://korrespondent.net
access-control-max-age: 86400
allow: POST,OPTIONS
cache-control: no-cache, no-store, must-revalidate, no-transform
date: Tue, 16 Aug 2022 13:05:34 GMT
expires: -1
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 1A95 0
218 B 24ms
23ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=6.15.0&cb=42003463360

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://korrespondent.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Aug 2022 13:05:33 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://korrespondent.net
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 1A95 13 KB
7 KB 216ms
172ms XHR
application/json 185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

86001a6014993e04b820d5f205055eb1fad00200b0044177c5ae8b84f88e9def

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://korrespondent.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 16 Aug 2022 13:05:34 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 38e9541d-1952-478c-8efa-c6284f112740
Server: nginx/1.21.3
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://korrespondent.net
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 1A95 540 B
1 KB 218ms
153ms XHR
application/json 2602:803:c004:200::141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=201784&zone_id=2055862&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,163dad3ab48d8d41e65b,1,,,&rf=korrespondent.net&kw=%D0%A3%D0%BA%D1%80%D0%B0%D0%B8%D0%BD%D1%81%D0%BA%D0%B8%D0%B5%2C%D0%92%D0%B0%D0%B3%D0%BD%D0%B5%D1%80%2C%D0%9F%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%BE%D0%B9%2C%D0%A0%D0%BE%D1%81%D1%81%D0%B8%D1%8F%D0%BD%D0%B5%2C%D1%80%D0%B0%D1%81%D0%BF%D0%BE%D0%BB%D0%BE%D0%B6%D0%B5%D0%BD%D0%B8%D0%B9%2C%D0%B2%D0%BE%D0%B9%D0%BD%D0%B0%2C%D0%BE%D0%BA%D0%BA%D1%83%D0%BF%D0%B0%D1%86%D0%B8%D1%8F%2C%D0%9B%D1%83%D0%B3%D0%B0%D0%BD%D1%81%D0%BA%D0%B0%D1%8F%D0%BE%D0%B1%D0%BB%D0%B0%D1%81%D1%82%D1%8C%2C%D0%92%D0%A1%D0%A3%2C%D1%80%D1%83%D1%81%D1%81%D0%BA%D0%B8%D0%B5%D0%BE%D0%BA%D0%BA%D1%83%D0%BF%D0%B0%D0%BD%D1%82%D1%8B%2C%D0%9F%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%B0%D1%8F%2C%D0%92%D0%BE%D0%B9%D0%BD%D0%B0%D1%81%D0%A0%D0%BE%D1%81%D1%81%D0%B8%D0%B5%D0%B9%2C%D0%A7%D0%92%D0%9A%D0%92%D0%B0%D0%B3%D0%BD%D0%B5%D1%80%D0%B0%2C%D0%92%D0%BE%D0%B9%D0%BD%D0%B0%D0%B2%D0%A3%D0%BA%D1%80%D0%B0%D0%B8%D0%BD%D0%B5&tg_i.ref=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&tg_i.page=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&tg_i.domain=korrespondent.net&tg_i.pbadslot=%2F21671350435%2C22654422242%2F300x250-korrespondent.net&tk_flint=pbjs_lite_v6.15.0&x_source.tid=031df988-898b-4856-b177-d08cc14a8d7d&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F21671350435%2C22654422242%2F300x250-korrespondent.net&slots=1&rand=0.8389376638051536
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 2602:803:c004:200::141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 8d7a85e9bb7517f971263a03fc87ddbe317f432ea2a85729b66df4f9ceda1230

Request headers

Referer: https://korrespondent.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:34 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://korrespondent.net
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 540
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 1A95 0
339 B 127ms
30ms XHR
application/json 185.86.138.121
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.121 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://korrespondent.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:33 GMT
vary: Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://korrespondent.net
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 0

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ Frame 1A95 94 B
748 B 139ms
75ms XHR
application/json 72.251.249.14
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_6.15.0
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.14 Amsterdam, Netherlands, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash: 9ca2c8b7c4f20961db7ddbb4b88d63ca4926fcb0d5175c874f0b863995a0f668

Request headers

Referer: https://korrespondent.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 16 Aug 2022 13:05:34 GMT
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://korrespondent.net
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 99

GET
H2 200 arj Show response
adpone-d.openx.net/w/1.0/ Frame 1A95 73 B
166 B 92ms
30ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://adpone-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&ch=UTF-8&res=1600x1200x24&ifr=true&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=031df988-898b-4856-b177-d08cc14a8d7d&nocache=1660655134168&schain=1.0%2C1!adpone.com%2C163dad3ab48d8d41e65b%2C1%2C%2C%2C&aus=300x250&divids=%252F21671350435%252C22654422242%252F300x250-korrespondent.net&aucs=%252F21671350435%252C22654422242%252F300x250-korrespondent.net&auid=544062056
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: aaf6f80ea70c962a47fde429a215254489e0b89332c02d913d2d24c9347b4787

Request headers

Referer: https://korrespondent.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:34 GMT
content-encoding: gzip
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://korrespondent.net
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 78
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame 1A95 0
409 B 215ms
137ms XHR
text/plain 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://korrespondent.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/json

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:34 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://korrespondent.net
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ Frame 1A95 37 B
331 B 192ms
184ms XHR
application/json 104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=676744&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%22150734413c71161%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi%22%2C%22ref%22%3A%22https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi%22%2C%22domain%22%3A%22korrespondent.net%22%2C%22publisher%22%3A%7B%22domain%22%3A%22korrespondent.net%22%7D%2C%22keywords%22%3A%22%D0%A3%D0%BA%D1%80%D0%B0%D0%B8%D0%BD%D1%81%D0%BA%D0%B8%D0%B5%2C%D0%92%D0%B0%D0%B3%D0%BD%D0%B5%D1%80%2C%D0%9F%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%BE%D0%B9%2C%D0%A0%D0%BE%D1%81%D1%81%D0%B8%D1%8F%D0%BD%D0%B5%2C%D1%80%D0%B0%D1%81%D0%BF%D0%BE%D0%BB%D0%BE%D0%B6%D0%B5%D0%BD%D0%B8%D0%B9%2C%D0%B2%D0%BE%D0%B9%D0%BD%D0%B0%2C%D0%BE%D0%BA%D0%BA%D1%83%D0%BF%D0%B0%D1%86%D0%B8%D1%8F%2C%D0%9B%D1%83%D0%B3%D0%B0%D0%BD%D1%81%D0%BA%D0%B0%D1%8F%D0%BE%D0%B1%D0%BB%D0%B0%D1%81%D1%82%D1%8C%2C%D0%92%D0%A1%D0%A3%2C%D1%80%D1%83%D1%81%D1%81%D0%BA%D0%B8%D0%B5%D0%BE%D0%BA%D0%BA%D1%83%D0%BF%D0%B0%D0%BD%D1%82%D1%8B%2C%D0%9F%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%B0%D1%8F%2C%D0%92%D0%BE%D0%B9%D0%BD%D0%B0%D1%81%D0%A0%D0%BE%D1%81%D1%81%D0%B8%D0%B5%D0%B9%2C%D0%A7%D0%92%D0%9A%D0%92%D0%B0%D0%B3%D0%BD%D0%B5%D1%80%D0%B0%2C%D0%92%D0%BE%D0%B9%D0%BD%D0%B0%D0%B2%D0%A3%D0%BA%D1%80%D0%B0%D0%B8%D0%BD%D0%B5%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A1%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%226.15.0%22%2C%22userIds%22%3A%5B%5D%2C%22fpd%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22168ff5f06086c84%22%2C%22banner%22%3A%7B%22topframe%22%3A0%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22676744%22%2C%22sid%22%3A%22300x250%22%7D%7D%5D%7D%2C%22ext%22%3A%7B%22dfp_ad_unit_code%22%3A%22%2F21671350435%2C22654422242%2F300x250-korrespondent.net%22%2C%22gpid%22%3A%22%2F21671350435%2C22654422242%2F300x250-korrespondent.net%22%7D%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22adpone.com%22%2C%22sid%22%3A%22163dad3ab48d8d41e65b%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%7D%7D
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 693399db8f4ab6020cd90165ddc8b760043d71ad179f31096d3c6646430ca651

Request headers

Referer: https://korrespondent.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Aug 2022 13:05:34 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 37
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jkrRJW4GavA%2B5KM6LVeNx%2FEKYfW8Hjj6sigAjGZ%2FVZUWUktbZJm007HEe0rvbKCK4AG4xyPViTy6hZ1i6TB94BcdJtBsgPRxA7HhC0VJHEDRlc3ZnPmmQKy2IEh4osb%2Ba24YTlS9"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://korrespondent.net
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 73ba61dcb8b19b4b-FRA
expires: 0

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 1C51 316 B
1 KB 208ms
148ms XHR
application/json 2602:803:c004:200::141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=201784&zone_id=2055862&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,163dad3ab48d8d41e65b,1,,,&rf=korrespondent.net&tg_i.ref=https%3A%2F%2Fkorrespondent.net%2F&tg_i.pbadslot=adpn-adtag-1660655133848&tk_flint=pbjs_lite_v6.15.0&x_source.tid=51979130-0b1c-4283-9aff-00139f3b0474&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.34210199949020237
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 2602:803:c004:200::141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 6724a2e9a14fabad1de2b5ad7c2e41f978c70b8bc024c6eaf5adfebf4489b13f

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:34 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://mediawoot.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 316
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 1C51 0
214 B 24ms
24ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=6.15.0&cb=20695912250

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Aug 2022 13:05:33 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://mediawoot.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

GET
H2 200 arj Show response
adpone-d.openx.net/w/1.0/ Frame 1C51 73 B
145 B 73ms
29ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://adpone-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fkorrespondent.net%2F&ch=windows-1252&res=1600x1200x24&ifr=true&tz=0&tws=undefined&be=1&bc=hb_pb_3.0.3&dddid=51979130-0b1c-4283-9aff-00139f3b0474&nocache=1660655134188&schain=1.0%2C1!adpone.com%2C163dad3ab48d8d41e65b%2C1%2C%2C%2C&aus=300x250&divids=adpn-adtag-1660655133848&aucs=adpn-adtag-1660655133848&auid=544062056
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 6a3d0041aa732b3fcb93911ca75ed17157208791c6fecb5bedb5f6c9ab065c7b

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:34 GMT
content-encoding: gzip
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://mediawoot.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ Frame 1C51 36 B
311 B 102ms
101ms XHR
application/json 104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=676744&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%2279888feee929e5%22%2C%22site%22%3A%7B%22ref%22%3A%22https%3A%2F%2Fkorrespondent.net%2F%22%2C%22page%22%3A%22https%3A%2F%2Fkorrespondent.net%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A1%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%226.15.0%22%2C%22userIds%22%3A%5B%5D%2C%22fpd%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2281cb84fc63bb76%22%2C%22banner%22%3A%7B%22topframe%22%3A0%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22676744%22%2C%22sid%22%3A%22300x250%22%7D%7D%5D%7D%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22adpone.com%22%2C%22sid%22%3A%22163dad3ab48d8d41e65b%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%7D%7D
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c28da0d2b885a6cedc6923b7df986b2568ef27e08cab2b84708f1a59b2702d6a

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Aug 2022 13:05:34 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 36
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AFF0Mu%2BAALPzQGyfethQcxC43HB%2BFo06TVEjQxUqIkykx5d2MuPjo5vDM3QCn6jsIUbiodbRAwOSdJoo%2FqWIRwvl045LQjw8z2M6L6Wpz%2F0zElcWhUy1dGUw8QVATxaaATMeVpDT"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://mediawoot.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 73ba61dcc8d79b4b-FRA
expires: 0

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 1C51 12 KB
7 KB 193ms
139ms XHR
application/json 185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

551e1264a0ed88f0bb0e03b08dab2c5ca2077563c2078389d01a32e7958be378

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 16 Aug 2022 13:05:34 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 510d9df7-b915-4f66-9654-b6a22f63428c
Server: nginx/1.21.3
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://mediawoot.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 1C51 0
335 B 101ms
29ms XHR
application/json 185.86.138.121
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.121 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:33 GMT
vary: Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://mediawoot.com
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 0

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ Frame 1C51 94 B
743 B 96ms
41ms XHR
application/json 72.251.249.14
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_6.15.0
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.14 Amsterdam, Netherlands, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash: fec247cc0476fd7fa8795632bb7776b9a097d982f54982b7cf6cf27e152704e4

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 16 Aug 2022 13:05:34 GMT
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://mediawoot.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 98

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame 1C51 0
406 B 180ms
103ms XHR
text/plain 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/json

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:34 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://mediawoot.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

OPTIONS
H2 200 openrtb
adx.adform.net/adx/ Frame 0
0 63ms
36ms Preflight 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://mediawoot.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://mediawoot.com
access-control-max-age: 86400
allow: POST,OPTIONS
cache-control: no-cache, no-store, must-revalidate, no-transform
date: Tue, 16 Aug 2022 13:05:34 GMT
expires: -1
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains

OPTIONS
H2 200 openrtb
adx.adform.net/adx/ Frame 0
0 52ms
36ms Preflight 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://mediawoot.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://mediawoot.com
access-control-max-age: 86400
allow: POST,OPTIONS
cache-control: no-cache, no-store, must-revalidate, no-transform
date: Tue, 16 Aug 2022 13:05:34 GMT
expires: -1
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 4377 0
335 B 104ms
29ms XHR
application/json 185.86.138.121
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.121 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:33 GMT
vary: Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://mediawoot.com
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 0

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 4377 0
214 B 24ms
24ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=6.15.0&cb=54124872164

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Aug 2022 13:05:33 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://mediawoot.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

GET
H2 200 arj Show response
adpone-d.openx.net/w/1.0/ Frame 4377 73 B
145 B 60ms
30ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://adpone-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fkorrespondent.net%2F&ch=windows-1252&res=1600x1200x24&ifr=true&tz=0&tws=undefined&be=1&bc=hb_pb_3.0.3&dddid=55bdc67a-ecc3-415a-af2e-5e17d973919f&nocache=1660655134201&schain=1.0%2C1!adpone.com%2C163dad3ab48d8d41e65b%2C1%2C%2C%2C&aus=300x250&divids=adpn-adtag-1660655133861&aucs=adpn-adtag-1660655133861&auid=544062056
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: f89a4771b08e0793cc6d9337d5cfd17ef7084ce332141d0c9a170bf900f329c2

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:34 GMT
content-encoding: gzip
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://mediawoot.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame 4377 0
406 B 200ms
122ms XHR
text/plain 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/json

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:34 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://mediawoot.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ Frame 4377 36 B
636 B 70ms
70ms XHR
application/json 104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=676744&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%229e7f26214552bd%22%2C%22site%22%3A%7B%22ref%22%3A%22https%3A%2F%2Fkorrespondent.net%2F%22%2C%22page%22%3A%22https%3A%2F%2Fkorrespondent.net%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A1%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%226.15.0%22%2C%22userIds%22%3A%5B%5D%2C%22fpd%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22108864c7d6a60ca%22%2C%22banner%22%3A%7B%22topframe%22%3A0%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22676744%22%2C%22sid%22%3A%22300x250%22%7D%7D%5D%7D%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22adpone.com%22%2C%22sid%22%3A%22163dad3ab48d8d41e65b%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%7D%7D
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 572b319ee85a86084ba5af3cd631f6af5c279f182159d0aacd486eef9b612d3c

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Aug 2022 13:05:34 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 36
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZMOlrorJKA1yzDj74iDyC6ISabJJ0bqz1njXLKmwlUXJ0yLxlrCV%2FVN%2F8o0vRYzvCYlTRJq1sh8sIIpA51Zxg4Ex5bZBA9jt3k57ubzcFG%2Fz3yHirozUc27k0LlPZlPNgCR4rDMe"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://mediawoot.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 73ba61dcd8f49b4b-FRA
expires: 0

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 4377 145 B
1 KB 325ms
278ms XHR
application/json 185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

fa525ccd6d3cb31e24e3c37cfeb4d9427628fa978d33bc5ce2c5f4853ebc465a

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:34 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: a3b32079-a901-447f-ac49-9dce8986ab04
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://mediawoot.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 4377 316 B
1 KB 154ms
107ms XHR
application/json 2602:803:c004:200::141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=201784&zone_id=2055862&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,163dad3ab48d8d41e65b,1,,,&rf=korrespondent.net&tg_i.ref=https%3A%2F%2Fkorrespondent.net%2F&tg_i.pbadslot=adpn-adtag-1660655133861&tk_flint=pbjs_lite_v6.15.0&x_source.tid=55bdc67a-ecc3-415a-af2e-5e17d973919f&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.343143058637166
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c004:200::141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 9d56d4735b3c5244dd0788778a01d5a5d1e2acf77143c41c795b957bc31d8c47

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:34 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://mediawoot.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 316
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ Frame 4377 94 B
746 B 100ms
48ms XHR
application/json 72.251.249.14
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_6.15.0
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.14 Amsterdam, Netherlands, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash: a36aa127cc7661143c7a892cea704ef2f60e636bfef2666a8f75c1111dc1dcab

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 16 Aug 2022 13:05:34 GMT
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://mediawoot.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 100

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame B131 171 B
555 B 165ms
89ms XHR
application/json 185.86.138.121
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.121 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:33 GMT
content-encoding: br
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://mediawoot.com
cache-control: no-cache,no-store
transfer-encoding: chunked
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame B131 0
214 B 25ms
24ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=6.15.0&cb=67631386026

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Aug 2022 13:05:33 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://mediawoot.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame B131 12 KB
7 KB 224ms
175ms XHR
application/json 185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

cdee990bb78bab7343f4517e56cf4f67aa56dafe133a12a9f0f7ba3a552f04be

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 16 Aug 2022 13:05:34 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 26401397-514a-4d3c-93e1-74e4bb8f565d
Server: nginx/1.21.3
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://mediawoot.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame B131 316 B
1 KB 165ms
114ms XHR
application/json 2602:803:c004:200::141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=201784&zone_id=2055862&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,163dad3ab48d8d41e65b,1,,,&rf=korrespondent.net&tg_i.ref=https%3A%2F%2Fkorrespondent.net%2F&tg_i.pbadslot=adpn-adtag-1660655133838&tk_flint=pbjs_lite_v6.15.0&x_source.tid=9def4e96-e92d-4c10-b80d-1415469f6e03&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.9199125632833012
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 2602:803:c004:200::141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 3969a39354cf12ab1f880a46327036880012a125afc99deafeb568ea75ac5f71

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:34 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://mediawoot.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 316
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 arj Show response
adpone-d.openx.net/w/1.0/ Frame B131 73 B
145 B 36ms
29ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://adpone-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fkorrespondent.net%2F&ch=windows-1252&res=1600x1200x24&ifr=true&tz=0&tws=undefined&be=1&bc=hb_pb_3.0.3&dddid=9def4e96-e92d-4c10-b80d-1415469f6e03&nocache=1660655134220&schain=1.0%2C1!adpone.com%2C163dad3ab48d8d41e65b%2C1%2C%2C%2C&aus=300x250&divids=adpn-adtag-1660655133838&aucs=adpn-adtag-1660655133838&auid=544062056
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 1fffc45d4154b329791829ed47d576f2cfce1f3825a32d5ec6d4ab2a689dc632

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:34 GMT
content-encoding: gzip
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://mediawoot.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame B131 0
406 B 173ms
105ms XHR
text/plain 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/json

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:34 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://mediawoot.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ Frame B131 37 B
315 B 72ms
69ms XHR
application/json 104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=676744&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%2213170b8f686d8cd%22%2C%22site%22%3A%7B%22ref%22%3A%22https%3A%2F%2Fkorrespondent.net%2F%22%2C%22page%22%3A%22https%3A%2F%2Fkorrespondent.net%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A1%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%226.15.0%22%2C%22userIds%22%3A%5B%5D%2C%22fpd%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22148d92e67d8e3d9%22%2C%22banner%22%3A%7B%22topframe%22%3A0%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22676744%22%2C%22sid%22%3A%22300x250%22%7D%7D%5D%7D%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22adpone.com%22%2C%22sid%22%3A%22163dad3ab48d8d41e65b%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%7D%7D
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 22630cd01c94bdef052772dea5252aea2fe20da742ff4bca0ac4410b1ba6f834

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Aug 2022 13:05:34 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 37
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y6oeiNmbHKc7URPz7e86FaEUaNlaHD%2FThXP9gWYGzO9pluSDvI74ttGMCzvmVwFcmTp2yFpWU5dIQo9Do8BP%2BtkXmO6yld8FgFcHud9YUswgSAVI8ft%2Fjn9E5PIywWrvxM%2B3mM9S"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://mediawoot.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 73ba61dd093e9b4b-FRA
expires: 0

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ Frame B131 93 B
744 B 113ms
73ms XHR
application/json 72.251.249.14
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_6.15.0
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.14 Amsterdam, Netherlands, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash: 40454eeec71cd936bf826c8cf3fe8b4d5720a7e7845b8f18cc02fc124ba180fa

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 16 Aug 2022 13:05:34 GMT
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://mediawoot.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 99

OPTIONS
H2 200 openrtb
adx.adform.net/adx/ Frame 0
0 41ms
35ms Preflight 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://mediawoot.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://mediawoot.com
access-control-max-age: 86400
allow: POST,OPTIONS
cache-control: no-cache, no-store, must-revalidate, no-transform
date: Tue, 16 Aug 2022 13:05:34 GMT
expires: -1
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains

OPTIONS
H2 200 openrtb
adx.adform.net/adx/ Frame 0
0 44ms
35ms Preflight 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://mediawoot.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://mediawoot.com
access-control-max-age: 86400
allow: POST,OPTIONS
cache-control: no-cache, no-store, must-revalidate, no-transform
date: Tue, 16 Aug 2022 13:05:34 GMT
expires: -1
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2 200 arj Show response
adpone-d.openx.net/w/1.0/ Frame EA4D 73 B
145 B 36ms
28ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://adpone-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fkorrespondent.net%2F&ch=windows-1252&res=1600x1200x24&ifr=true&tz=0&tws=undefined&be=1&bc=hb_pb_3.0.3&dddid=5b563afb-de62-47b2-909e-cdedd747a7f5&nocache=1660655134237&schain=1.0%2C1!adpone.com%2C163dad3ab48d8d41e65b%2C1%2C%2C%2C&aus=300x250&divids=adpn-adtag-1660655133872&aucs=adpn-adtag-1660655133872&auid=544062056
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 564be5212072b6b74a90bb9f63ef9821fd16d5619039c85b0e605d827e115247

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:34 GMT
content-encoding: gzip
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://mediawoot.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame EA4D 0
407 B 152ms
100ms XHR
text/plain 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/json

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:34 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://mediawoot.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ Frame EA4D 36 B
310 B 108ms
101ms XHR
application/json 104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=676744&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%225ef6a133531b39%22%2C%22site%22%3A%7B%22ref%22%3A%22https%3A%2F%2Fkorrespondent.net%2F%22%2C%22page%22%3A%22https%3A%2F%2Fkorrespondent.net%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A1%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%226.15.0%22%2C%22userIds%22%3A%5B%5D%2C%22fpd%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%226c129088ece261%22%2C%22banner%22%3A%7B%22topframe%22%3A0%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22676744%22%2C%22sid%22%3A%22300x250%22%7D%7D%5D%7D%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22adpone.com%22%2C%22sid%22%3A%22163dad3ab48d8d41e65b%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%7D%7D
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d101152585754db8c1a22970a3a37893b5fc9256a11ec09b9c740947f3398a74

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Aug 2022 13:05:34 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 36
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EPcuHJV4OsWQosj7S7q%2F69D%2F3vroxX0RS23EQDaAxplH6rBM50%2BCZE3YWcama8R8m2UVcqkAjM12GChNM77nMvPKcty34guUUdnMNfF1X%2F5IsmzehLZs6u7WK3D1DTJxQtPR4dyY"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://mediawoot.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 73ba61dd196f9b4b-FRA
expires: 0

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame EA4D 0
335 B 84ms
30ms XHR
application/json 185.86.138.121
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.121 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:33 GMT
vary: Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://mediawoot.com
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 0

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ Frame EA4D 94 B
744 B 80ms
47ms XHR
application/json 72.251.249.14
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_6.15.0
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.14 Amsterdam, Netherlands, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash: 91b40ff6f3bbbbafc299402feaec4a24eee9299637b8bcf06aed78b6399ca673

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 16 Aug 2022 13:05:34 GMT
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://mediawoot.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 99

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame EA4D 12 KB
7 KB 188ms
144ms XHR
application/json 185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

245372ef0e3b2e73c248fcb56699b5d6049939ee6856cc5f223d067353784186

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 16 Aug 2022 13:05:34 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 9f2ed1eb-5004-46a5-9326-01f8d99a7cc9
Server: nginx/1.21.3
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://mediawoot.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame EA4D 0
214 B 27ms
23ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=6.15.0&cb=3055156828

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Aug 2022 13:05:33 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://mediawoot.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame EA4D 316 B
1 KB 167ms
112ms XHR
application/json 2602:803:c004:200::141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=201784&zone_id=2055862&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,163dad3ab48d8d41e65b,1,,,&rf=korrespondent.net&tg_i.ref=https%3A%2F%2Fkorrespondent.net%2F&tg_i.pbadslot=adpn-adtag-1660655133872&tk_flint=pbjs_lite_v6.15.0&x_source.tid=5b563afb-de62-47b2-909e-cdedd747a7f5&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.5420197957815576
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 2602:803:c004:200::141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 11d6124e0cde23bd1272989747aab709243f89cbf831caae0d3d34fb1f2f4e31

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:34 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://mediawoot.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 316
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ Frame 1BB0 36 B
310 B 101ms
100ms XHR
application/json 104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=676744&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%221b2d0bdc4176e8%22%2C%22site%22%3A%7B%22ref%22%3A%22https%3A%2F%2Fkorrespondent.net%2F%22%2C%22page%22%3A%22https%3A%2F%2Fkorrespondent.net%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A1%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%226.15.0%22%2C%22userIds%22%3A%5B%5D%2C%22fpd%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%222f6919059a8897%22%2C%22banner%22%3A%7B%22topframe%22%3A0%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22676744%22%2C%22sid%22%3A%22300x250%22%7D%7D%5D%7D%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22adpone.com%22%2C%22sid%22%3A%22163dad3ab48d8d41e65b%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%7D%7D
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d7c57035f2e89bccc3f3882bf77e8a0483643209b83e311713d362d1d33f19a6

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Aug 2022 13:05:34 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 36
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=64WbTXssMwmzveBdQDLNsBh6MYLoOOmH0bNmFKIbwiR4JBov0Rw0d3Ldo147tWmk%2Bf3rZ3%2F7gZs8mCkO%2FPm5UVyywRec1WqXeM8aTqA8ou%2FgKuCzPzpjOLCrQzBz5Vo0vlQTEoJL"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://mediawoot.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 73ba61dd29849b4b-FRA
expires: 0

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 1BB0 0
335 B 71ms
29ms XHR
application/json 185.86.138.121
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.121 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:33 GMT
vary: Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://mediawoot.com
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 0

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 1BB0 12 KB
7 KB 188ms
138ms XHR
application/json 185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

69865e8609a7cac7b8fe6b337b53b873298e092cd573ade6fd0f00c69d8320ba

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 16 Aug 2022 13:05:34 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 438aa346-7491-4226-b3a7-3a608680c1bc
Server: nginx/1.21.3
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://mediawoot.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 1BB0 316 B
1 KB 196ms
121ms XHR
application/json 2602:803:c004:200::141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=201784&zone_id=2055862&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,163dad3ab48d8d41e65b,1,,,&rf=korrespondent.net&tg_i.ref=https%3A%2F%2Fkorrespondent.net%2F&tg_i.pbadslot=adpn-adtag-1660655133908&tk_flint=pbjs_lite_v6.15.0&x_source.tid=49fcb3d4-b28d-4a71-8c2b-cc090466ce31&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.7783072947484282
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 2602:803:c004:200::141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 6f3c98f0620c90dcceae4a2063306747165b950cd354f25f9b0aac3b57072e49

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:34 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://mediawoot.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 316
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 arj Show response
adpone-d.openx.net/w/1.0/ Frame 1BB0 73 B
145 B 33ms
29ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://adpone-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fkorrespondent.net%2F&ch=windows-1252&res=1600x1200x24&ifr=true&tz=0&tws=undefined&be=1&bc=hb_pb_3.0.3&dddid=49fcb3d4-b28d-4a71-8c2b-cc090466ce31&nocache=1660655134254&schain=1.0%2C1!adpone.com%2C163dad3ab48d8d41e65b%2C1%2C%2C%2C&aus=300x250&divids=adpn-adtag-1660655133908&aucs=adpn-adtag-1660655133908&auid=544062056
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 1c0dd8777c7acef39a5075227122fb2ec9b37cf12893cca3523797e149aa5ab8

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:34 GMT
content-encoding: gzip
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://mediawoot.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 1BB0 0
214 B 25ms
22ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=6.15.0&cb=35510282587

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Aug 2022 13:05:33 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://mediawoot.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame 1BB0 0
406 B 140ms
101ms XHR
text/plain 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/json

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:34 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://mediawoot.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ Frame 1BB0 94 B
744 B 84ms
51ms XHR
application/json 72.251.249.14
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_6.15.0
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.14 Amsterdam, Netherlands, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash: 0e8710fbe22a12f0f4293a268f372efaca9012aaf301a1078601ad510a0b3084

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 16 Aug 2022 13:05:34 GMT
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://mediawoot.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 99

OPTIONS
H2 200 openrtb
adx.adform.net/adx/ Frame 0
0 39ms
36ms Preflight 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://mediawoot.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://mediawoot.com
access-control-max-age: 86400
allow: POST,OPTIONS
cache-control: no-cache, no-store, must-revalidate, no-transform
date: Tue, 16 Aug 2022 13:05:34 GMT
expires: -1
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains

OPTIONS
H2 200 openrtb
adx.adform.net/adx/ Frame 0
0 36ms
36ms Preflight 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://mediawoot.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://mediawoot.com
access-control-max-age: 86400
allow: POST,OPTIONS
cache-control: no-cache, no-store, must-revalidate, no-transform
date: Tue, 16 Aug 2022 13:05:34 GMT
expires: -1
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ Frame D017 94 B
744 B 94ms
50ms XHR
application/json 72.251.249.14
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_6.15.0
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.14 Amsterdam, Netherlands, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash: acee7a966ffb2ef38e1fa0c8c494a1e8764d6525f390a111f9cdcd3f0bb17023

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 16 Aug 2022 13:05:34 GMT
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://mediawoot.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 99

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ Frame D017 36 B
310 B 100ms
99ms XHR
application/json 104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=676744&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%223eb4a7e6b2d0b3%22%2C%22site%22%3A%7B%22ref%22%3A%22https%3A%2F%2Fkorrespondent.net%2F%22%2C%22page%22%3A%22https%3A%2F%2Fkorrespondent.net%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A1%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%226.15.0%22%2C%22userIds%22%3A%5B%5D%2C%22fpd%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22496f12ef82937e%22%2C%22banner%22%3A%7B%22topframe%22%3A0%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22676744%22%2C%22sid%22%3A%22300x250%22%7D%7D%5D%7D%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22adpone.com%22%2C%22sid%22%3A%22163dad3ab48d8d41e65b%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%7D%7D
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c89d0e71b0384be1778963b0e0f9b70855b384e2632c89c0dc5d1e42423ac7e

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Aug 2022 13:05:34 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 36
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=96oqlTJX9yD%2FYphCf4kKqVH9pNvDI91r36fm%2BWNgkFPx2YHhO0WzqGQ6YzdcPYgUiBJPrApYnOyg%2BblL2iesKTz7h7a9lPUhZIXNa1Od9tSpLQRUjQ%2BOUUru2J6cAtWFiQsegyiA"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://mediawoot.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 73ba61dd39949b4b-FRA
expires: 0

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame D017 144 B
1 KB 368ms
164ms XHR
application/json 185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

7856a7449935f86b1e1128623db10463e1bc2a751509440bfcb66331cf3f7b88

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:34 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 3d56178f-63b5-4f50-bf99-43edd0301d9e
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://mediawoot.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 144
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame D017 316 B
1 KB 284ms
125ms XHR
application/json 2602:803:c004:200::141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=201784&zone_id=2055862&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,163dad3ab48d8d41e65b,1,,,&rf=korrespondent.net&tg_i.ref=https%3A%2F%2Fkorrespondent.net%2F&tg_i.pbadslot=adpn-adtag-1660655133921&tk_flint=pbjs_lite_v6.15.0&x_source.tid=67d8e75f-af6e-4655-8e51-b10457380ce5&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.30162462105449306
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c004:200::141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 65dbab2a2977f200d2c3deac028127e7ed9693720fc2032494b08ba894e422c1

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:34 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://mediawoot.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 316
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame D017 0
335 B 109ms
76ms XHR
application/json 185.86.138.121
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.121 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:33 GMT
vary: Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://mediawoot.com
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 0

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame D017 0
406 B 137ms
105ms XHR
text/plain 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/json

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:34 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://mediawoot.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

GET
H3 200 arj Show response
adpone-d.openx.net/w/1.0/ Frame D017 73 B
101 B 119ms
75ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://adpone-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fkorrespondent.net%2F&ch=windows-1252&res=1600x1200x24&ifr=true&tz=0&tws=undefined&be=1&bc=hb_pb_3.0.3&dddid=67d8e75f-af6e-4655-8e51-b10457380ce5&nocache=1660655134266&schain=1.0%2C1!adpone.com%2C163dad3ab48d8d41e65b%2C1%2C%2C%2C&aus=300x250&divids=adpn-adtag-1660655133921&aucs=adpn-adtag-1660655133921&auid=544062056
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: f26b937bbc37f6f401f7f10ab43e36dd1e4708dcad4e716943904ef004d82700

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:34 GMT
content-encoding: gzip
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://mediawoot.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame D017 0
214 B 25ms
24ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=6.15.0&cb=86084721038

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Aug 2022 13:05:33 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://mediawoot.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame 3FAB 87 KB
28 KB 24ms
24ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: 0.code.cotsta.ru
URL: https://0.code.cotsta.ru/dist/p4.41.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

aeb925bb204a686701ed5795fc9a381422a479fca1cacbe35de200ac65319988

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:34 GMT
content-encoding: gzip
last-modified: Tue, 02 Aug 2022 12:51:23 GMT
server: nginx
etag: W/"62e91dcb-15b76"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 17 Aug 2022 13:05:34 GMT

OPTIONS
H2 200 openrtb
adx.adform.net/adx/ Frame 0
0 36ms
36ms Preflight 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://mediawoot.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://mediawoot.com
access-control-max-age: 86400
allow: POST,OPTIONS
cache-control: no-cache, no-store, must-revalidate, no-transform
date: Tue, 16 Aug 2022 13:05:34 GMT
expires: -1
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains

GET
H3 200 arj Show response
adpone-d.openx.net/w/1.0/ Frame 2899 73 B
101 B 101ms
76ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://adpone-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fkorrespondent.net%2F&ch=windows-1252&res=1600x1200x24&ifr=true&tz=0&tws=undefined&be=1&bc=hb_pb_3.0.3&dddid=483b9ff8-500d-4257-8dfc-8ca5b0b74568&nocache=1660655134285&schain=1.0%2C1!adpone.com%2C163dad3ab48d8d41e65b%2C1%2C%2C%2C&aus=300x250&divids=adpn-adtag-1660655133959&aucs=adpn-adtag-1660655133959&auid=544062056
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: a4d16243c030458dc9736ca798cbcdaa640bcdf19e6c67c63d3f629f3704e394

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:34 GMT
content-encoding: gzip
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://mediawoot.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame 2899 0
406 B 115ms
104ms XHR
text/plain 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/json

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:34 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://mediawoot.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ Frame 2899 94 B
744 B 64ms
44ms XHR
application/json 72.251.249.14
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_6.15.0
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.14 Amsterdam, Netherlands, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash: 84b025d4f6155d02f1293800b343764f08b8feaa37157d6c7daeb6352e3b5669

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 16 Aug 2022 13:05:34 GMT
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://mediawoot.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 99

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 2899 316 B
1 KB 281ms
110ms XHR
application/json 2602:803:c004:200::141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=201784&zone_id=2055862&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,163dad3ab48d8d41e65b,1,,,&rf=korrespondent.net&tg_i.ref=https%3A%2F%2Fkorrespondent.net%2F&tg_i.pbadslot=adpn-adtag-1660655133959&tk_flint=pbjs_lite_v6.15.0&x_source.tid=483b9ff8-500d-4257-8dfc-8ca5b0b74568&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.6417741545014999
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 2602:803:c004:200::141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 634d11aa7be2760cf7c883b77def676c8766c0fd6f2142ce36dde1b14554fcd5

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:34 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://mediawoot.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 316
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 2899 0
335 B 45ms
29ms XHR
application/json 185.86.138.121
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.121 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:33 GMT
vary: Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://mediawoot.com
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 0

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 2899 12 KB
7 KB 322ms
140ms XHR
application/json 185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

045cfb9a382d3265e8fac7552fa0419cb7b1712e177742a448b05a5addbe21b9

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 16 Aug 2022 13:05:34 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 44b542fe-14d5-42d1-8b32-91daaaa5cbcd
Server: nginx/1.21.3
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://mediawoot.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 cygnus Show response
htlb.casalemedia.com/ Frame 2899 37 B
569 B 169ms
135ms XHR
application/json 104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=676744&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%221399354a74e8eff%22%2C%22site%22%3A%7B%22ref%22%3A%22https%3A%2F%2Fkorrespondent.net%2F%22%2C%22page%22%3A%22https%3A%2F%2Fkorrespondent.net%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A1%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%226.15.0%22%2C%22userIds%22%3A%5B%5D%2C%22fpd%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22147b59b6c864ba6%22%2C%22banner%22%3A%7B%22topframe%22%3A0%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22676744%22%2C%22sid%22%3A%22300x250%22%7D%7D%5D%7D%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22adpone.com%22%2C%22sid%22%3A%22163dad3ab48d8d41e65b%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%7D%7D
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b2c1acc724dbca1e4bfdf8441a0b1003dfb7ca9f12980a23fb42060e3bc4deb0

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Aug 2022 13:05:34 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 37
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fgE4COxeXpWD%2B9zLX9JZQVGwRFxmJRcs0zUBFE6aPb5npjZIG2eq9oOQ3RI0vzybBFwwWhfA15ChazwqZa6TP%2BrxFXwjEvOHIVJnJ%2FnulYOeIrAczoG72UHoiyarll8rlacu0G%2BI"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://mediawoot.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 73ba61ddaefbd5e9-CDG
expires: 0

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 2899 0
214 B 24ms
23ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=6.15.0&cb=74319405861

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Aug 2022 13:05:34 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://mediawoot.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

OPTIONS
H2 200 openrtb
adx.adform.net/adx/ Frame 0
0 35ms
35ms Preflight 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://mediawoot.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://mediawoot.com
access-control-max-age: 86400
allow: POST,OPTIONS
cache-control: no-cache, no-store, must-revalidate, no-transform
date: Tue, 16 Aug 2022 13:05:34 GMT
expires: -1
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ Frame B593 94 B
742 B 73ms
48ms XHR
application/json 72.251.249.14
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_6.15.0
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.14 Amsterdam, Netherlands, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash: 6a7285e623cd29692201667dfa9508624ef509a94dda536fde611f7ce8ebc304

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 16 Aug 2022 13:05:34 GMT
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://mediawoot.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 97

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame B593 0
406 B 101ms
99ms XHR
text/plain 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/json

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:34 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://mediawoot.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

GET
H3 200 arj Show response
adpone-d.openx.net/w/1.0/ Frame B593 72 B
100 B 85ms
75ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://adpone-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fkorrespondent.net%2F&ch=windows-1252&res=1600x1200x24&ifr=true&tz=0&tws=undefined&be=1&bc=hb_pb_3.0.3&dddid=402e8bd5-c839-46cc-a6e2-f13325dc8557&nocache=1660655134301&schain=1.0%2C1!adpone.com%2C163dad3ab48d8d41e65b%2C1%2C%2C%2C&aus=300x250&divids=adpn-adtag-1660655133946&aucs=adpn-adtag-1660655133946&auid=544062056
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 52dbee4f429e8fd9afb59f375538cd17a3e467d060dfabf87d79e16f62fcdc12

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:34 GMT
content-encoding: gzip
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://mediawoot.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 78
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame B593 0
214 B 25ms
24ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=6.15.0&cb=70597357075

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Aug 2022 13:05:33 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://mediawoot.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame B593 316 B
1 KB 259ms
104ms XHR
application/json 2602:803:c004:200::141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=201784&zone_id=2055862&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,163dad3ab48d8d41e65b,1,,,&rf=korrespondent.net&tg_i.ref=https%3A%2F%2Fkorrespondent.net%2F&tg_i.pbadslot=adpn-adtag-1660655133946&tk_flint=pbjs_lite_v6.15.0&x_source.tid=402e8bd5-c839-46cc-a6e2-f13325dc8557&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.15793199973919148
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 2602:803:c004:200::141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: f7b3b0d6fdf18fd8991ea9c6abeb6be4c2c2a53ac4dade59acaf9861c0ac87f5

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:34 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://mediawoot.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 316
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame B593 0
335 B 52ms
30ms XHR
application/json 185.86.138.121
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.121 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:33 GMT
vary: Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://mediawoot.com
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 0

GET
H3 200 cygnus Show response
htlb.casalemedia.com/ Frame B593 37 B
606 B 147ms
127ms XHR
application/json 104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=676744&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%2213181da1ca9bb96%22%2C%22site%22%3A%7B%22ref%22%3A%22https%3A%2F%2Fkorrespondent.net%2F%22%2C%22page%22%3A%22https%3A%2F%2Fkorrespondent.net%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A1%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%226.15.0%22%2C%22userIds%22%3A%5B%5D%2C%22fpd%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2214da5b07cd2d1e5%22%2C%22banner%22%3A%7B%22topframe%22%3A0%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22676744%22%2C%22sid%22%3A%22300x250%22%7D%7D%5D%7D%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22adpone.com%22%2C%22sid%22%3A%22163dad3ab48d8d41e65b%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%7D%7D
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f1f8e2ce2202a6ce7cfd01f52b13ab5c1cdb1d666222ef9bcf3f6e9031b4985

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Aug 2022 13:05:34 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 37
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UKbM9olaGgMwsiAtNxGHV5X4f1gDW7AlGUBJgaLZe6JKpYemEqVYMWe6%2FUjdXBDD%2F08L8Kxx5zjMr5N%2FDcpU5UyFpxwquGQEbuFU8HKWT3kjpLCKiH%2BWfGSR6DClZx48TiBIFczp"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://mediawoot.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 73ba61ddaf08d5e9-CDG
expires: 0

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame B593 145 B
1 KB 330ms
149ms XHR
application/json 185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

c8000c500af82c88bb3705260345e8880c1974664d74bc8d2c11e0cf411e2a4b

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:34 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: f1e12ff3-71e5-4215-9713-c9a3a276e43a
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://mediawoot.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

OPTIONS
H2 200 openrtb
adx.adform.net/adx/ Frame 0
0 37ms
37ms Preflight 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://mediawoot.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://mediawoot.com
access-control-max-age: 86400
allow: POST,OPTIONS
cache-control: no-cache, no-store, must-revalidate, no-transform
date: Tue, 16 Aug 2022 13:05:34 GMT
expires: -1
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains

GET
H3 200 cygnus Show response
htlb.casalemedia.com/ Frame 7C3C 36 B
568 B 178ms
165ms XHR
application/json 104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=676744&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%221378376295b807%22%2C%22site%22%3A%7B%22ref%22%3A%22https%3A%2F%2Fkorrespondent.net%2F%22%2C%22page%22%3A%22https%3A%2F%2Fkorrespondent.net%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A1%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%226.15.0%22%2C%22userIds%22%3A%5B%5D%2C%22fpd%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%222c456d08402f52%22%2C%22banner%22%3A%7B%22topframe%22%3A0%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22676744%22%2C%22sid%22%3A%22300x250%22%7D%7D%5D%7D%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22adpone.com%22%2C%22sid%22%3A%22163dad3ab48d8d41e65b%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%7D%7D
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 019585e1846fc56d5d458ce2a859b908464516832fdeb1571b019d3ea47ac690

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Aug 2022 13:05:34 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 36
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i2YIMHiVzbS7hO4l4jfdC7RTsYQwNqTMdk%2FdwEXK0P5xYNH8N0WIWYcNzhOHzQqbfxQjX7DQTzQtF14CuCbqKnQe4uhb1%2FfhrqvK0BHq6Iv1VNYHZw%2FojhXSzOKCtFY099swoh54"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://mediawoot.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 73ba61ddaf00d5e9-CDG
expires: 0

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame 7C3C 0
406 B 148ms
89ms XHR
text/plain 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/json

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:34 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://mediawoot.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 7C3C 171 B
555 B 167ms
154ms XHR
application/json 185.86.138.121
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.121 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:33 GMT
content-encoding: br
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://mediawoot.com
cache-control: no-cache,no-store
transfer-encoding: chunked
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 7C3C 0
214 B 24ms
23ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=6.15.0&cb=53148413280

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Aug 2022 13:05:33 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://mediawoot.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 7C3C 145 B
1 KB 321ms
147ms XHR
application/json 185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

d6b5320953143ba16ee2784df40610947d0ffabebda5307dc74e285d8297f07d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:34 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 56f03291-6046-446f-87a5-568d4914be1b
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://mediawoot.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ Frame 7C3C 94 B
743 B 104ms
80ms XHR
application/json 72.251.249.14
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_6.15.0
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.14 Amsterdam, Netherlands, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash: 5c8da4caf6e731507bb23807a86d3117a5dab0aae9c416d87a8b2b6611b7b4e4

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 16 Aug 2022 13:05:34 GMT
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://mediawoot.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 98

GET
H3 200 arj Show response
adpone-d.openx.net/w/1.0/ Frame 7C3C 73 B
101 B 75ms
75ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://adpone-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fkorrespondent.net%2F&ch=windows-1252&res=1600x1200x24&ifr=true&tz=0&tws=undefined&be=1&bc=hb_pb_3.0.3&dddid=0d84eb4d-cdd3-4137-86e9-1bff201e6abc&nocache=1660655134315&schain=1.0%2C1!adpone.com%2C163dad3ab48d8d41e65b%2C1%2C%2C%2C&aus=300x250&divids=adpn-adtag-1660655133975&aucs=adpn-adtag-1660655133975&auid=544062056
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: f65f71eb33720bd6f4065e2a20c37f0e9464743052e7a84847ce3525a9a3db2c

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:34 GMT
content-encoding: gzip
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://mediawoot.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 7C3C 316 B
1 KB 256ms
103ms XHR
application/json 2602:803:c004:200::141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=201784&zone_id=2055862&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,163dad3ab48d8d41e65b,1,,,&rf=korrespondent.net&tg_i.ref=https%3A%2F%2Fkorrespondent.net%2F&tg_i.pbadslot=adpn-adtag-1660655133975&tk_flint=pbjs_lite_v6.15.0&x_source.tid=0d84eb4d-cdd3-4137-86e9-1bff201e6abc&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.06907429172829138
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 2602:803:c004:200::141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 24a2d79f03080ec0a76bf8c689e1e233a5e2f5c999064458d9cf55bb30643f84

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:34 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://mediawoot.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 316
Expires: Wed, 17 Sep 1975 21:32:10 GMT

OPTIONS
H2 200 openrtb
adx.adform.net/adx/ Frame 0
0 39ms
38ms Preflight 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://mediawoot.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://mediawoot.com
access-control-max-age: 86400
allow: POST,OPTIONS
cache-control: no-cache, no-store, must-revalidate, no-transform
date: Tue, 16 Aug 2022 13:05:34 GMT
expires: -1
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains

GET
H3 200 cygnus Show response
htlb.casalemedia.com/ Frame 4B7A 36 B
571 B 135ms
133ms XHR
application/json 104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=676744&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%22103c1d570e022c%22%2C%22site%22%3A%7B%22ref%22%3A%22https%3A%2F%2Fkorrespondent.net%2F%22%2C%22page%22%3A%22https%3A%2F%2Fkorrespondent.net%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A1%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%226.15.0%22%2C%22userIds%22%3A%5B%5D%2C%22fpd%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%222f63a959ecd422%22%2C%22banner%22%3A%7B%22topframe%22%3A0%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22676744%22%2C%22sid%22%3A%22300x250%22%7D%7D%5D%7D%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22adpone.com%22%2C%22sid%22%3A%22163dad3ab48d8d41e65b%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%7D%7D
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 57f85b0b3c7d7bb20345f5bbb60a1c5ca9f01c17fb3807562880c8325cb39665

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Aug 2022 13:05:34 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 36
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e6aMhBHWFY%2B1FWeI3aeuuBIVM5w3OV31Cn5jaJaeUPTsxGe1Pin0e9qXQvlKR74piYkWhMdU%2BZWRF2X%2Fx%2FA62MJPt9J%2FjrjSCMZJsVuTEE%2BnbAlfLEJe3zWRcr5r8hVD%2B5OFdMh0"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://mediawoot.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 73ba61ddaf0bd5e9-CDG
expires: 0

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 4B7A 0
214 B 25ms
23ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=6.15.0&cb=26376546541

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Aug 2022 13:05:33 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://mediawoot.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame 4B7A 0
406 B 124ms
44ms XHR
text/plain 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/json

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:34 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://mediawoot.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 4B7A 11 KB
6 KB 295ms
132ms XHR
application/json 185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4966bb806b7bd902380c56edcda5296875d9e6f559d0be745048b9fcc75954c9

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 16 Aug 2022 13:05:34 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 0102122c-6be7-453e-a8a6-988b8230b2bf
Server: nginx/1.21.3
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://mediawoot.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ Frame 4B7A 94 B
744 B 89ms
46ms XHR
application/json 72.251.249.14
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_6.15.0
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.14 Amsterdam, Netherlands, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash: f004ef7cd624e949e0ed6c156d10d41e0ba879ae932ab42a110267645fb98dd5

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 16 Aug 2022 13:05:34 GMT
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://mediawoot.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 99

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 4B7A 316 B
1 KB 257ms
116ms XHR
application/json 2602:803:c004:200::141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=201784&zone_id=2055862&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,163dad3ab48d8d41e65b,1,,,&rf=korrespondent.net&tg_i.ref=https%3A%2F%2Fkorrespondent.net%2F&tg_i.pbadslot=adpn-adtag-1660655134000&tk_flint=pbjs_lite_v6.15.0&x_source.tid=b937567c-31c9-42cc-ad88-7114db3373b2&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.44125938093540573
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 2602:803:c004:200::141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 27c5ed62876b189dee5e38ae5b17dc2794efb817c356db8e6dec84798e1813fb

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:34 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://mediawoot.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 316
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 4B7A 0
335 B 37ms
30ms XHR
application/json 185.86.138.121
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.121 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:33 GMT
vary: Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://mediawoot.com
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 0

GET
H3 200 arj Show response
adpone-d.openx.net/w/1.0/ Frame 4B7A 73 B
101 B 81ms
81ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://adpone-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fkorrespondent.net%2F&ch=windows-1252&res=1600x1200x24&ifr=true&tz=0&tws=undefined&be=1&bc=hb_pb_3.0.3&dddid=b937567c-31c9-42cc-ad88-7114db3373b2&nocache=1660655134328&schain=1.0%2C1!adpone.com%2C163dad3ab48d8d41e65b%2C1%2C%2C%2C&aus=300x250&divids=adpn-adtag-1660655134000&aucs=adpn-adtag-1660655134000&auid=544062056
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4a530d495204ef00574df2302ecd32c3f7de825ba00e8da4fd16d63111150092

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:34 GMT
content-encoding: gzip
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://mediawoot.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

OPTIONS
H2 200 openrtb
adx.adform.net/adx/ Frame 0
0 36ms
36ms Preflight 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://mediawoot.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://mediawoot.com
access-control-max-age: 86400
allow: POST,OPTIONS
cache-control: no-cache, no-store, must-revalidate, no-transform
date: Tue, 16 Aug 2022 13:05:34 GMT
expires: -1
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains

GET
H3 200 cygnus Show response
htlb.casalemedia.com/ Frame 8A72 36 B
569 B 130ms
128ms XHR
application/json 104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=676744&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%221b5080d2c5a6b2%22%2C%22site%22%3A%7B%22ref%22%3A%22https%3A%2F%2Fkorrespondent.net%2F%22%2C%22page%22%3A%22https%3A%2F%2Fkorrespondent.net%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A1%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%226.15.0%22%2C%22userIds%22%3A%5B%5D%2C%22fpd%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22254ff940d47959%22%2C%22banner%22%3A%7B%22topframe%22%3A0%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22676744%22%2C%22sid%22%3A%22300x250%22%7D%7D%5D%7D%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22adpone.com%22%2C%22sid%22%3A%22163dad3ab48d8d41e65b%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%7D%7D
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 70e33a2fb00d8ab161e46161fe4a3bd01d99a2265d17fd1c16e53cf73a2c5580

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Aug 2022 13:05:34 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 36
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z6AAF6FS4IWUaXLegaPwbxN0evwJe%2BgNr%2FJhIHicR4bb66wqfTNQ%2FQDkT3A7be6l6iO7KLEM1DjxKs%2FHFvC8lKfMQMNczSxhOkGkE349MCxLJXDseQFSrtSxPtP2x1Xx1ZkUWwlM"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://mediawoot.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 73ba61ddbf36d5e9-CDG
expires: 0

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 8A72 171 B
555 B 124ms
66ms XHR
application/json 185.86.138.121
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.121 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:34 GMT
content-encoding: br
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://mediawoot.com
cache-control: no-cache,no-store
transfer-encoding: chunked
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 8A72 12 KB
7 KB 390ms
195ms XHR
application/json 185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

1457901b8d87f6896475d17332522d4b00a0ee7e9861563d7bb20937c6a94f81

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 16 Aug 2022 13:05:34 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 7ae451eb-91c5-41c0-a109-f22035714825
Server: nginx/1.21.3
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://mediawoot.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 8A72 0
214 B 23ms
23ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=6.15.0&cb=41139257727

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Aug 2022 13:05:33 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://mediawoot.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame 8A72 0
406 B 116ms
44ms XHR
text/plain 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/json

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:34 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://mediawoot.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 8A72 316 B
770 B 253ms
115ms XHR
application/json 2602:803:c004:200::141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=201784&zone_id=2055862&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,163dad3ab48d8d41e65b,1,,,&rf=korrespondent.net&tg_i.ref=https%3A%2F%2Fkorrespondent.net%2F&tg_i.pbadslot=adpn-adtag-1660655134018&tk_flint=pbjs_lite_v6.15.0&x_source.tid=6ad6fae3-0c88-42db-8fd5-be85d98db18b&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.5034195544923619
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 2602:803:c004:200::141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 20a222ba87d1283ff25c69afadda25501bcb4c8e9599a8c61362c30307ebb243

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:34 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://mediawoot.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 316
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H3 200 arj Show response
adpone-d.openx.net/w/1.0/ Frame 8A72 73 B
101 B 91ms
80ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://adpone-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fkorrespondent.net%2F&ch=windows-1252&res=1600x1200x24&ifr=true&tz=0&tws=undefined&be=1&bc=hb_pb_3.0.3&dddid=6ad6fae3-0c88-42db-8fd5-be85d98db18b&nocache=1660655134340&schain=1.0%2C1!adpone.com%2C163dad3ab48d8d41e65b%2C1%2C%2C%2C&aus=300x250&divids=adpn-adtag-1660655134018&aucs=adpn-adtag-1660655134018&auid=544062056
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 42e2396c26d163da2399fed7ab66a0305910bc8ae436800176ab4b265c60751d

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:34 GMT
content-encoding: gzip
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://mediawoot.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ Frame 8A72 94 B
744 B 99ms
72ms XHR
application/json 72.251.249.14
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_6.15.0
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.14 Amsterdam, Netherlands, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash: d5067a2cd80078c8f0f475acb7dbb3edcb422af436f4a69a1a719e654a8dee77

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 16 Aug 2022 13:05:34 GMT
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://mediawoot.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 99

OPTIONS
H2 200 openrtb
adx.adform.net/adx/ Frame 0
0 65ms
16ms Preflight 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://mediawoot.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://mediawoot.com
access-control-max-age: 86400
allow: POST,OPTIONS
cache-control: no-cache, no-store, must-revalidate, no-transform
date: Tue, 16 Aug 2022 13:05:34 GMT
expires: -1
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame EACA 0
214 B 48ms
3ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=6.15.0&cb=84993701054

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Aug 2022 13:05:34 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://mediawoot.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame EACA 0
335 B 93ms
30ms XHR
application/json 185.86.138.121
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.121 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:33 GMT
vary: Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://mediawoot.com
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 0

GET
H3 200 arj Show response
adpone-d.openx.net/w/1.0/ Frame EACA 73 B
101 B 102ms
77ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://adpone-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fkorrespondent.net%2F&ch=windows-1252&res=1600x1200x24&ifr=true&tz=0&tws=undefined&be=1&bc=hb_pb_3.0.3&dddid=de131139-aa04-4a56-a9b1-ce3e4480e1ee&nocache=1660655134350&schain=1.0%2C1!adpone.com%2C163dad3ab48d8d41e65b%2C1%2C%2C%2C&aus=300x250&divids=adpn-adtag-1660655134009&aucs=adpn-adtag-1660655134009&auid=544062056
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 5154ae952fc07c13c127696feb01f68401e99ec5cb866bd5cd98a1d49a672ec7

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:34 GMT
content-encoding: gzip
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://mediawoot.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame EACA 316 B
770 B 317ms
109ms XHR
application/json 2602:803:c004:200::141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=201784&zone_id=2055862&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,163dad3ab48d8d41e65b,1,,,&rf=korrespondent.net&tg_i.ref=https%3A%2F%2Fkorrespondent.net%2F&tg_i.pbadslot=adpn-adtag-1660655134009&tk_flint=pbjs_lite_v6.15.0&x_source.tid=de131139-aa04-4a56-a9b1-ce3e4480e1ee&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.6448150733507536
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c004:200::141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: f1990fd894bfc162a0b884023c12adf7074ea82d5d086db855cbc1d6e3e6b1b6

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:34 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://mediawoot.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 316
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame EACA 0
406 B 101ms
63ms XHR
text/plain 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/json

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:34 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://mediawoot.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ Frame EACA 94 B
743 B 90ms
48ms XHR
application/json 72.251.249.14
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_6.15.0
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.14 Amsterdam, Netherlands, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash: 9292583011000768f1f8c0b1d9c34472f62cb5c579779fd24484277005734c37

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 16 Aug 2022 13:05:34 GMT
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://mediawoot.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 98

GET
H3 200 cygnus Show response
htlb.casalemedia.com/ Frame EACA 36 B
571 B 134ms
97ms XHR
application/json 104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=676744&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%2213664c2eeab6cb%22%2C%22site%22%3A%7B%22ref%22%3A%22https%3A%2F%2Fkorrespondent.net%2F%22%2C%22page%22%3A%22https%3A%2F%2Fkorrespondent.net%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A1%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%226.15.0%22%2C%22userIds%22%3A%5B%5D%2C%22fpd%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2214322aea30ca475%22%2C%22banner%22%3A%7B%22topframe%22%3A0%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22676744%22%2C%22sid%22%3A%22300x250%22%7D%7D%5D%7D%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22adpone.com%22%2C%22sid%22%3A%22163dad3ab48d8d41e65b%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%7D%7D
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6d3dacce2668e2411eba50c01af665e6ff53dd901070ae391ef2569e1b15931e

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Aug 2022 13:05:34 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 36
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h15UopRQe%2F9aF1eoMxkBCxdil%2BBG7SGmYBp%2B7LZsn00VYzOks177f%2FTDPPJ4zH371ZqHU3JvNXr0h1rcMqnbXoxVaxfEX%2FA%2FGhOFNvvCIwQt3RBlIenjEGJBbajuYidqGRSOPt8r"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://mediawoot.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 73ba61de0ff5d5e9-CDG
expires: 0

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame EACA 145 B
1 KB 460ms
203ms XHR
application/json 185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

449beabc2835a30cd5e7ed760fce4a183095a04bf0dd6b657242e091ad370f9e

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:34 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: d8cf76ba-737d-4c4a-8390-319787aca22c
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://mediawoot.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

OPTIONS
H2 200 openrtb
adx.adform.net/adx/ Frame 0
0 76ms
7ms Preflight 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://mediawoot.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://mediawoot.com
access-control-max-age: 86400
allow: POST,OPTIONS
cache-control: no-cache, no-store, must-revalidate, no-transform
date: Tue, 16 Aug 2022 13:05:34 GMT
expires: -1
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains

POST
H2 204 openrtb Show response
adx.adform.net/adx/ Frame 034E 0
406 B 89ms
64ms XHR
text/plain 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/json

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:34 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://mediawoot.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

GET
H3 200 arj Show response
adpone-d.openx.net/w/1.0/ Frame 034E 73 B
101 B 155ms
110ms XHR
application/json 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://adpone-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fkorrespondent.net%2F&ch=windows-1252&res=1600x1200x24&ifr=true&tz=0&tws=undefined&be=1&bc=hb_pb_3.0.3&dddid=1ce6ae3a-2427-45bd-8648-d821bee225ee&nocache=1660655134362&schain=1.0%2C1!adpone.com%2C163dad3ab48d8d41e65b%2C1%2C%2C%2C&aus=300x250&divids=adpn-adtag-1660655133986&aucs=adpn-adtag-1660655133986&auid=544062056
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: df6bbc5bec8539d17b3ee4c9d5cf472af24286c888eb41cf06b5ee6cbef5879d

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:34 GMT
content-encoding: gzip
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://mediawoot.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 034E 0
214 B 70ms
0ms XHR
text/plain 178.250.2.131
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=6.15.0&cb=58431352941

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.2.131 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

bidder.am5.vip.prod.criteo.com

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Aug 2022 13:05:33 GMT
server: Finatra
vary: Origin
access-control-allow-origin: https://mediawoot.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

GET
H3 200 cygnus Show response
htlb.casalemedia.com/ Frame 034E 36 B
563 B 159ms
111ms XHR
application/json 104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=676744&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%227aa2a8cf45f7e8%22%2C%22site%22%3A%7B%22ref%22%3A%22https%3A%2F%2Fkorrespondent.net%2F%22%2C%22page%22%3A%22https%3A%2F%2Fkorrespondent.net%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A1%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%226.15.0%22%2C%22userIds%22%3A%5B%5D%2C%22fpd%22%3Atrue%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%228b4ce1af8dc7c3%22%2C%22banner%22%3A%7B%22topframe%22%3A0%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22676744%22%2C%22sid%22%3A%22300x250%22%7D%7D%5D%7D%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22adpone.com%22%2C%22sid%22%3A%22163dad3ab48d8d41e65b%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22user%22%3A%7B%7D%7D
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1f98c43ff994c6925709d7fc8ac52a9668e17732923a5bf302dd5445e90f6a13

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 16 Aug 2022 13:05:34 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 36
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=971vEbqezoPpBTUWZ1GnNc9tL0ka5ej3FI3Pw%2FzFSmpm4bqVXXUCg7HQWI6Dc5mjgwk8PEIOCMpCa91yenTKqgbs8ZAfqgwu6x5ROaavNDOQVFIytFv2kCVq0c0B0UD8TNfM3i2G"}],"group":"cf-nel","max_age":604800}
content-type: application/json
access-control-allow-origin: https://mediawoot.com
cache-control: no-cache
access-control-allow-credentials: true
cf-ray: 73ba61de2837d5e9-CDG
expires: 0

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ Frame 034E 0
335 B 85ms
29ms XHR
application/json 185.86.138.121
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.121 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:34 GMT
vary: Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://mediawoot.com
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8
content-length: 0

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ Frame 034E 316 B
770 B 310ms
112ms XHR
application/json 2602:803:c004:200::141
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17210&site_id=201784&zone_id=2055862&size_id=15&p_pos=atf&rp_schain=1.0,1!adpone.com,163dad3ab48d8d41e65b,1,,,&rf=korrespondent.net&tg_i.ref=https%3A%2F%2Fkorrespondent.net%2F&tg_i.pbadslot=adpn-adtag-1660655133986&tk_flint=pbjs_lite_v6.15.0&x_source.tid=1ce6ae3a-2427-45bd-8648-d821bee225ee&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.39628664265684477
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 2602:803:c004:200::141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: eb6b2aa8c55d73b7698c418c653753b5d23c70922090441e97ca1c78fdda5f75

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:34 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://mediawoot.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 316
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame 034E 144 B
1 KB 400ms
147ms XHR
application/json 185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

c230c1676e6dd8136503b05abc655a22e5391cb1eb2c29abacaa61441964baff

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:34 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 2a9d82dc-42d4-4766-80ab-c6425f277b0b
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://mediawoot.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 144
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ Frame 034E 94 B
742 B 109ms
56ms XHR
application/json 72.251.249.14
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_6.15.0
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.14 Amsterdam, Netherlands, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash: b73925b6121d1a9574b1d92d51dc646821914cc697fad734258b4177152ec515

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 16 Aug 2022 13:05:34 GMT
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://mediawoot.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap1ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 97

GET
H/1.1 200
OK 75d02d930b.html Show response
tm.ad-srv.net/tm/a/container/html/ Frame F05B 4 KB
2 KB 156ms
65ms Script
text/html 94.130.160.79
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tm.ad-srv.net/tm/a/container/html/75d02d930b.html?liuid=fd208cb733&cguid=f52ab6ea57&click=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3Fmu8def8TlD-By_7R6qmKPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUP9Z4kkc6no0Kw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgAViUgiQAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521MBeghwjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjA0M0CGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDQz%2Fbn%3D96624%2Fclickenc%3D&eVS=10264&eVR=https%3A%2F%2Fkorrespondent.net%2F&rnd=2006781265
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.130.160.79 Karlsruhe, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.79.160.130.94.clients.your-server.de
Software: nginx /
Resource Hash: 7810b3bdaa07516c7bcc05d2d454ff59f0b3e02b88f1b455ac62a9688fa085b3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:34 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=utf-8
Expires: 0

GET
H/1.1 200
OK trk.js Show response
cdn.adnxs.com/v/s/224/ Frame F05B 85 KB
29 KB 79ms
15ms Script
application/x-javascript 151.101.65.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adnxs.com/v/s/224/trk.js
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: c652cb3dcc3b49133285c42c49b296c3a3af4f9fceffde1022a6e3539e2422b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:34 GMT
Content-Encoding: gzip
Age: 14962024
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 29216
X-Served-By: cache-lga21929-LGA, cache-hhn4053-HHN
Access-Control-Allow-Origin: *, *
Last-Modified: Thu, 24 Feb 2022 08:58:20 GMT
Server: AkamaiNetStorage
X-Timer: S1660655135.547984,VS0,VE0
ETag: "80cd3e09497c9fa4207d756c9d41697c:1645693100.060631"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Via: 1.1 varnish, 1.1 varnish
Expires: Fri, 24 Feb 2023 08:58:29 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
X-Cache-Hits: 980508, 9377759

GET
H/1.1 200
OK it
ams3-ib.adnxs.com/ Frame F05B 0
813 B 97ms
30ms Image
text/html 185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ams3-ib.adnxs.com/it?an_audit=0&referrer=https%253A%252F%252Fkorrespondent.net%252F&e=wqT_3QLBCvD9QQUAAAMA1gAFAQierO6XBhDW8cm8pMfnxgoYw9-bksKpjqAhKjYJmu8def8TlD8Rgcv-0eqpij8ZAAAAQDMz4z8hxUmz3EbBiz8p9aEL6lvmlD8xAAAAQOF6lD8wy4ipCjiYUEDKTkgCUJP8-WZYk8KLAWAAaLTYsAF48PIFgAEBigEDVVNEkgEDRVVSmAGsAqAB-gGoAQGwAQC4AQHAAQXIAQLQAQDYAQDgAQDwAQCKAnd1ZignYScsIDQ1MjUzNjIsIDE2NjA2NTUxMzQpO3VmKCdpJywgNDEyNjE2OSwgMTY2MDY1NTEzNCk7dWYoJ2cnLCAxMTQ5Mzg4NyxCOwAwcicsIDIxNTkwNzg1OTY9APC2kgL9AyFZV1hHaWdqRmlJMFRFSlA4LVdZWUFDQ1R3b3NCTUFBNEFFQUFTTXBPVU11SXFRcFlBR0RMQm1nQWNBQjRBSUFCQUlnQkFKQUJBWmdCQWFBQkFhZ0JBYkFCQUxrQmtlOEs4T0Y2bERfQkFlckFKVFFuNXBRX3lRRUFBQUFBQUFEd1A5a0I2LUkyR3NCYjd6X2dBZG5yLXdIMUFRclhvenlZQWdDZ0FnRzFBZ0FBQUFDOUFnATnwVURBQWdESUFnRFFBZ0RZQWdEZ0FnRG9BZ0Q0QWdHQUF3R1lBd0c2QXdsQlRWTXpPall3TkRQZ0E0WXZnQVNidmRrRGlBU2N2ZGtEa0FRQW1BUUJ3UVFBAVoFAQhNa0UFCAUBGERZQkFEeEIFDAkBKGlBV2JMNmtGNi1JDbgQLXhCUUEVATx3UVY3Rks1SDRYcVVQOGtGERkMOERfUi4oAAgyUVUNG_BDRHdQLUFGLVFfd0JmX0R2UVg0QmJLYWxBS0NCZ05GVlZLSUJnQ1FCZ0dZQmdDaEJuc1Vya2ZoZXBRX3FBWUVzZ1lrQ1ENSwxBQUFFHYwARx0MAEkdDDx1QVlLmgKZASFNQmVnaHdqMgEC2Gs4S0xBU0FBS0FBeGV4U3VSLUY2bEQ4NkNVRk5Vek02TmpBME0wQ0dMMG5yNGpZYXdGdnZQMUUBfAkBBEZrCQgBAQBHPUwARx0YAEgdGAxIZ0FpLhUC8Nd3Li7YAgDgApuFTuoCGmh0dHBzOi8va29ycmVzcG9uZGVudC5uZXQvgAMAiAMBkAMAmAMXoAMBqgMAwAOsAsgDANgD9_4u4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDDE5My4yNy4xNC4xMKgEALIEEAgAEAEYrAIg-gEoADAAOAK4BADABADIBADSBA8xMDA1OCNBTVMzOjYwNDPaBAIIAeAEAfAEk_z5ZogFAZgFAKAF____________AcAFAMkFAAAAAAAA8D_SBQkJAAAJDnDYBQHgBQHwBbCiAvoFBAgAEACQBgCYBgC4BgDBBgkjKPA_0Aa7M9oGFgoQCREZAVwQABgA4AYB8gYCCACABwGIBwCgBwG6Bw8BSEwYACAAMAA4vwZAAMgH8PIF0gcNCRE6ATgI2gcGCSdo4AcA6gcCCADwB4yiAooIAhAAlQgAAIA_mAgB&s=84adf47dab04b9ea6e2ce00543b3aa06edd67608

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:34 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: e5b1c8ad-0a3b-4f7c-86d2-d218d2a34bd8
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK 75d02d930b.html Show response
tm.ad-srv.net/tm/a/container/html/ Frame 395B 4 KB
2 KB 159ms
78ms Script
text/html 94.130.160.79
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tm.ad-srv.net/tm/a/container/html/75d02d930b.html?liuid=fd208cb733&cguid=f52ab6ea57&click=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3Fmu8def8TlD-By_7R6qmKPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUP0VJlOaZGFkzw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgABSXRbAAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521Khf4hQjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjAwMUCGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDAx%2Fbn%3D96382%2Fclickenc%3D&eVS=10264&eVR=https%3A%2F%2Fkorrespondent.net%2F&rnd=387137574
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.130.160.79 Karlsruhe, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.79.160.130.94.clients.your-server.de
Software: nginx /
Resource Hash: e3520d56f514f28d97f9c642d71aa23828a45f5677b78ebe5e44453db424044f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:34 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=utf-8
Expires: 0

GET
H/1.1 200
OK trk.js Show response
cdn.adnxs.com/v/s/224/ Frame 395B 85 KB
29 KB 70ms
16ms Script
application/x-javascript 151.101.65.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adnxs.com/v/s/224/trk.js
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: c652cb3dcc3b49133285c42c49b296c3a3af4f9fceffde1022a6e3539e2422b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:34 GMT
Content-Encoding: gzip
Age: 14962024
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 29216
X-Served-By: cache-lga21929-LGA, cache-hhn4059-HHN
Access-Control-Allow-Origin: *, *
Last-Modified: Thu, 24 Feb 2022 08:58:20 GMT
Server: AkamaiNetStorage
X-Timer: S1660655135.548527,VS0,VE0
ETag: "80cd3e09497c9fa4207d756c9d41697c:1645693100.060631"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Via: 1.1 varnish, 1.1 varnish
Expires: Fri, 24 Feb 2023 08:58:29 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
X-Cache-Hits: 980508, 4633352

GET
H/1.1 200
OK it
ams3-ib.adnxs.com/ Frame 395B 0
813 B 86ms
28ms Image
text/html 185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ams3-ib.adnxs.com/it?an_audit=0&referrer=https%253A%252F%252Fkorrespondent.net%252F&e=wqT_3QLBCvD9QQUAAAMA1gAFAQierO6XBhDFktG0npPGrDMYw9-bksKpjqAhKjYJmu8def8TlD8Rgcv-0eqpij8ZAAAAQDMz4z8hxUmz3EbBiz8p9aEL6lvmlD8xAAAAQOF6lD8wy4ipCjiYUEDKTkgCUJP8-WZYk8KLAWAAaLTYsAF4_vAFgAEBigEDVVNEkgEDRVVSmAGsAqAB-gGoAQGwAQC4AQHAAQXIAQLQAQDYAQDgAQDwAQCKAnd1ZignYScsIDQ1MjUzNjIsIDE2NjA2NTUxMzQpO3VmKCdpJywgNDEyNjE2OSwgMTY2MDY1NTEzNCk7dWYoJ2cnLCAxMTQ5Mzg4NyxCOwAwcicsIDIxNTkwNzg1OTY9APC2kgL9AyFzR1VUdHdqRmlJMFRFSlA4LVdZWUFDQ1R3b3NCTUFBNEFFQUFTTXBPVU11SXFRcFlBR0RMQm1nQWNBQjRBSUFCQUlnQkFKQUJBWmdCQWFBQkFhZ0JBYkFCQUxrQmtlOEs4T0Y2bERfQkFlckFKVFFuNXBRX3lRRUFBQUFBQUFEd1A5a0I2LUkyR3NCYjd6X2dBZG5yLXdIMUFRclhvenlZQWdDZ0FnRzFBZ0FBQUFDOUFnATnwVURBQWdESUFnRFFBZ0RZQWdEZ0FnRG9BZ0Q0QWdHQUF3R1lBd0c2QXdsQlRWTXpPall3TURIZ0E0WXZnQVNidmRrRGlBU2N2ZGtEa0FRQW1BUUJ3UVFBAVoFAQhNa0UFCAUBGERZQkFEeEIFDAkBKGlBWHhMcWtGNi1JDbgMLXhCUQkcAQE8d1FWN0ZLNUg0WHFVUDhrRgEUAQEMOERfUi4oAAgyUVUBF_BGQUFBRHdQLUFGLVFfd0JmX0R2UVg0QmJLYWxBS0NCZ05GVlZLSUJnQ1FCZ0dZQmdDaEJuc1Vya2ZoZXBRX3FBWUVzZ1lrQ1EBSAkBAEUdjABHHQwASR0MPHVBWUuaApkBIUtoZjRoUWoyAQLgazhLTEFTQUFLQUF4ZXhTdVItRjZsRDg2Q1VGTlV6TTZOakF3TVVDR0wwbnI0allhd0Z2dlAxRUFBEQIERmsRCghBQUc9TABHHRgASB0YDEhnQWkuFQLw13cuLtgCAOACm4VO6gIaaHR0cHM6Ly9rb3JyZXNwb25kZW50Lm5ldC-AAwCIAwGQAwCYAxegAwGqAwDAA6wCyAMA2AP3_i7gAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQMMTkzLjI3LjE0LjEwqAQAsgQQCAAQARisAiD6ASgAMAA4ArgEAMAEAMgEANIEDzEwMDU4I0FNUzM6NjAwMdoEAggB4AQB8AST_PlmiAUBmAUAoAX___________8BwAUAyQUAAAAAAADwP9IFCQkAAAkOcNgFAeAFAfAFsKIC-gUECAAQAJAGAJgGALgGAMEGCSMo8D_QBrsz2gYWChAJERkBXBAAGADgBgHyBgIIAIAHAYgHAKAHAboHDwFITBgAIAAwADi_BkAAyAf-8AXSBw0JEToBOAjaBwYJJ2jgBwDqBwIIAPAHjKICiggCEACVCAAAgD-YCAE.&s=df220f23b15a6b403a8a7b799ec894d6a3b64984

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:34 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 7c2180f7-41e6-401c-a969-1476811ee898
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK 75d02d930b.html Show response
tm.ad-srv.net/tm/a/container/html/ Frame 8D0E 4 KB
2 KB 153ms
76ms Script
text/html 94.130.160.79
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tm.ad-srv.net/tm/a/container/html/75d02d930b.html?liuid=fd208cb733&cguid=f52ab6ea57&click=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3Fmu8def8TlD-By_7R6qmKPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUPyZXAqiBMUdhw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgAQSROKgAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521NRf9iAjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjAzOUCGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDM5%2Fbn%3D96578%2Fclickenc%3D&eVS=10264&eVR=https%3A%2F%2Fkorrespondent.net%2F&rnd=1185122883
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.130.160.79 Karlsruhe, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.79.160.130.94.clients.your-server.de
Software: nginx /
Resource Hash: f71a77dbe67b91f1024e67caf663077e2e5fb8abda74f0c9b8a5c33b3d45d4aa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:34 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=utf-8
Expires: 0

GET
H/1.1 200
OK trk.js Show response
cdn.adnxs.com/v/s/224/ Frame 8D0E 85 KB
29 KB 100ms
24ms Script
application/x-javascript 151.101.65.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adnxs.com/v/s/224/trk.js
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: c652cb3dcc3b49133285c42c49b296c3a3af4f9fceffde1022a6e3539e2422b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:34 GMT
Content-Encoding: gzip
Age: 14962023
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 29216
X-Served-By: cache-lga21978-LGA, cache-cdg20764-CDG
Access-Control-Allow-Origin: *, *
Last-Modified: Thu, 24 Feb 2022 08:58:20 GMT
Server: AkamaiNetStorage
X-Timer: S1660655135.577798,VS0,VE0
ETag: "80cd3e09497c9fa4207d756c9d41697c:1645693100.060631"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Via: 1.1 varnish, 1.1 varnish
Expires: Fri, 24 Feb 2023 08:58:29 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
X-Cache-Hits: 848232, 1730733

GET
H/1.1 200
OK it
ams3-ib.adnxs.com/ Frame 8D0E 0
813 B 77ms
23ms Image
text/html 185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ams3-ib.adnxs.com/it?an_audit=0&referrer=https%253A%252F%252Fkorrespondent.net%252F&e=wqT_3QLBCvD9QQUAAAMA1gAFAQierO6XBhCmronAmrDMo2EYw9-bksKpjqAhKjYJmu8def8TlD8Rgcv-0eqpij8ZAAAAQDMz4z8hxUmz3EbBiz8p9aEL6lvmlD8xAAAAQOF6lD8wy4ipCjiYUEDKTkgCUJP8-WZYk8KLAWAAaLTYsAF4wvIFgAEBigEDVVNEkgEDRVVSmAGsAqAB-gGoAQGwAQC4AQHAAQXIAQLQAQDYAQDgAQDwAQCKAnd1ZignYScsIDQ1MjUzNjIsIDE2NjA2NTUxMzQpO3VmKCdpJywgNDEyNjE2OSwgMTY2MDY1NTEzNCk7dWYoJ2cnLCAxMTQ5Mzg4NyxCOwAwcicsIDIxNTkwNzg1OTY9APC2kgL9AyFZbVY3akFqRmlJMFRFSlA4LVdZWUFDQ1R3b3NCTUFBNEFFQUFTTXBPVU11SXFRcFlBR0RMQm1nQWNBQjRBSUFCQUlnQkFKQUJBWmdCQWFBQkFhZ0JBYkFCQUxrQmtlOEs4T0Y2bERfQkFlckFKVFFuNXBRX3lRRUFBQUFBQUFEd1A5a0I2LUkyR3NCYjd6X2dBZG5yLXdIMUFRclhvenlZQWdDZ0FnRzFBZ0FBQUFDOUFnATnwVURBQWdESUFnRFFBZ0RZQWdEZ0FnRG9BZ0Q0QWdHQUF3R1lBd0c2QXdsQlRWTXpPall3TXpuZ0E0WXZnQVNidmRrRGlBU2N2ZGtEa0FRQW1BUUJ3UVFBAVoFAQhNa0UFCAUBGERZQkFEeEIFDAkBKGlBV1hMNmtGNi1JDbgMLXhCUQkcAQE8d1FWN0ZLNUg0WHFVUDhrRgEUAQEMOERfUi4oAAgyUVUBF_BGQUFBRHdQLUFGLVFfd0JmX0R2UVg0QmJLYWxBS0NCZ05GVlZLSUJnQ1FCZ0dZQmdDaEJuc1Vya2ZoZXBRX3FBWUVzZ1lrQ1EBSAkBAEUdjABHHQwASR0MNHVBWUuaApkBIU5SZjlpOgEC2Gs4S0xBU0FBS0FBeGV4U3VSLUY2bEQ4NkNVRk5Vek02TmpBek9VQ0dMMG5yNGpZYXdGdnZQMUUJfgEBBEZrAQYJAQBHPUwARx0YAEgdGAxIZ0FpLhUC8Nd3Li7YAgDgApuFTuoCGmh0dHBzOi8va29ycmVzcG9uZGVudC5uZXQvgAMAiAMBkAMAmAMXoAMBqgMAwAOsAsgDANgD9_4u4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDDE5My4yNy4xNC4xMKgEALIEEAgAEAEYrAIg-gEoADAAOAK4BADABADIBADSBA8xMDA1OCNBTVMzOjYwMznaBAIIAeAEAfAEk_z5ZogFAZgFAKAF____________AcAFAMkFAAAAAAAA8D_SBQkJAAAJDnDYBQHgBQHwBbCiAvoFBAgAEACQBgCYBgC4BgDBBgkjKPA_0Aa7M9oGFgoQCREZAVwQABgA4AYB8gYCCACABwGIBwCgBwG6Bw8BSEwYACAAMAA4vwZAAMgHwvIF0gcNCRE6ATgI2gcGCSdo4AcA6gcCCADwB4yiAooIAhAAlQgAAIA_mAgB&s=02db6572e689d0fbea95be2d5900ec5b567dbfde

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:34 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 1d8d2cc2-ea7f-4866-b44a-18a5548613d6
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame 3FAB 87 KB
28 KB 95ms
30ms XHR
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

aeb925bb204a686701ed5795fc9a381422a479fca1cacbe35de200ac65319988

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:34 GMT
content-encoding: gzip
last-modified: Tue, 02 Aug 2022 12:51:23 GMT
server: nginx
etag: W/"62e91dcb-15b76"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 17 Aug 2022 13:05:34 GMT

GET
H/1.1 200
OK 75d02d930b.html Show response
tm.ad-srv.net/tm/a/container/html/ Frame EAC6 4 KB
2 KB 122ms
61ms Script
text/html 94.130.160.79
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tm.ad-srv.net/tm/a/container/html/75d02d930b.html?liuid=fd208cb733&cguid=f52ab6ea57&click=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3FywHhN4T7kj8mIw4ZcDWJPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUP3DWELS0rZcdw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgAdSLiIgAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521MBedhwjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjAxNkCGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDE2%2Fbn%3D96473%2Fclickenc%3D&eVS=10264&eVR=https%3A%2F%2Fkorrespondent.net%2F&rnd=1808871071
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.130.160.79 Karlsruhe, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.79.160.130.94.clients.your-server.de
Software: nginx /
Resource Hash: 41223a541c746eb9defa702938338ca2e97448569b2bd7ea3e5bb66ba41a9a63

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:34 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=utf-8
Expires: 0

GET
H/1.1 200
OK trk.js Show response
cdn.adnxs.com/v/s/224/ Frame EAC6 85 KB
29 KB 79ms
24ms Script
application/x-javascript 151.101.65.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adnxs.com/v/s/224/trk.js
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: c652cb3dcc3b49133285c42c49b296c3a3af4f9fceffde1022a6e3539e2422b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:34 GMT
Content-Encoding: gzip
Age: 14962023
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 29216
X-Served-By: cache-lga21978-LGA, cache-cdg20753-CDG
Access-Control-Allow-Origin: *, *
Last-Modified: Thu, 24 Feb 2022 08:58:20 GMT
Server: AkamaiNetStorage
X-Timer: S1660655135.579639,VS0,VE0
ETag: "80cd3e09497c9fa4207d756c9d41697c:1645693100.060631"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Via: 1.1 varnish, 1.1 varnish
Expires: Fri, 24 Feb 2023 08:58:29 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
X-Cache-Hits: 848232, 119743

GET
H/1.1 200
OK it
ams3-ib.adnxs.com/ Frame EAC6 0
813 B 86ms
33ms Image
text/html 185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ams3-ib.adnxs.com/it?an_audit=0&referrer=https%253A%252F%252Fkorrespondent.net%252F&e=wqT_3QLBCvD9QQUAAAMA1gAFAQierO6XBhDwrMOgy7bryx0Yw9-bksKpjqAhKjYJywHhN4T7kj8RJiMOGXA1iT8ZAAAAQDMz4z8hxUmz3EbBiz8p9aEL6lvmlD8xAAAAQOF6lD8wy4ipCjiYUEDKTkgCUJP8-WZYk8KLAWAAaLTYsAF42fEFgAEBigEDVVNEkgEDRVVSmAGsAqAB-gGoAQGwAQC4AQHAAQXIAQLQAQDYAQDgAQDwAQCKAnd1ZignYScsIDQ1MjUzNjIsIDE2NjA2NTUxMzQpO3VmKCdpJywgNDEyNjE2OSwgMTY2MDY1NTEzNCk7dWYoJ2cnLCAxMTQ5Mzg4NyxCOwAwcicsIDIxNTkwNzg1OTY9APC2kgL9AyFSbVVuZXdqRmlJMFRFSlA4LVdZWUFDQ1R3b3NCTUFBNEFFQUFTTXBPVU11SXFRcFlBR0RMQm1nQWNBQjRBSUFCQUlnQkFKQUJBWmdCQWFBQkFhZ0JBYkFCQUxrQmtlOEs4T0Y2bERfQkFlckFKVFFuNXBRX3lRRUFBQUFBQUFEd1A5a0I2LUkyR3NCYjd6X2dBZG5yLXdIMUFRclhvenlZQWdDZ0FnRzFBZ0FBQUFDOUFnATnwVURBQWdESUFnRFFBZ0RZQWdEZ0FnRG9BZ0Q0QWdHQUF3R1lBd0c2QXdsQlRWTXpPall3TVRiZ0E0WXZnQVNidmRrRGlBU2N2ZGtEa0FRQW1BUUJ3UVFBAVoFAQhNa0UFCAUBGERZQkFEeEIFDAkBKGlBV0FMNmtGNi1JDbgMLXhCUQkcAQE8d1FWN0ZLNUg0WHFVUDhrRgEUAQEMOERfUi4oAAgyUVUBF_BGQUFBRHdQLUFGLVFfd0JmX0R2UVg0QmJLYWxBS0NCZ05GVlZLSUJnQ1FCZ0dZQmdDaEJuc1Vya2ZoZXBRX3FBWUVzZ1lrQ1EBSAkBAEUdjABHHQwASR0MNHVBWUuaApkBIU1CZWRoOgEC2Gs4S0xBU0FBS0FBeGV4U3VSLUY2bEQ4NkNVRk5Vek02TmpBeE5rQ0dMMG5yNGpZYXdGdnZQMUUJfgEBBEZrAQYJAQBHPUwARx0YAEgdGAxIZ0FpLhUC8Nd3Li7YAgDgApuFTuoCGmh0dHBzOi8va29ycmVzcG9uZGVudC5uZXQvgAMAiAMBkAMAmAMXoAMBqgMAwAOsAsgDANgD9_4u4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDDE5My4yNy4xNC4xMKgEALIEEAgAEAEYrAIg-gEoADAAOAK4BADABADIBADSBA8xMDA1OCNBTVMzOjYwMTbaBAIIAeAEAfAEk_z5ZogFAZgFAKAF____________AcAFAMkFAAAAAAAA8D_SBQkJAAAJDnDYBQHgBQHwBbCiAvoFBAgAEACQBgCYBgC4BgDBBgkjKPA_0Aa7M9oGFgoQCREZAVwQABgA4AYB8gYCCACABwGIBwCgBwG6Bw8BSEwYACAAMAA4vwZAAMgH2fEF0gcNCRE6ATgI2gcGCSdo4AcA6gcCCADwB4yiAooIAhAAlQgAAIA_mAgB&s=1f8186272b66a5bf1fec66192cc2393e5c1240bc

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:34 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 73f65faa-da55-4291-b00c-bcb1596c17e1
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 1A95 107 B
122 B 43ms
42ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=korrespondent.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js?cb=31068970

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 16 Aug 2022 13:05:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 1A95 107 B
122 B 35ms
34ms Script
application/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=korrespondent.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js?cb=31068970

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 16 Aug 2022 13:05:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 1A95 51 KB
12 KB 319ms
319ms XHR
text/plain 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3678178603685707&correlator=2084911913894656&eid=31068926%2C31068970&output=ldjh&gdfp_req=1&vrg=2022081101&ptt=17&impl=fifs&iu_parts=21671350435%3A22654422242%2C300x250-korrespondent.net&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ifi=1&adks=1907443763&sfv=1-0-38&fsapi=false&prev_scp=hb_format_appnexus%3Dbanner%26hb_size_appnexus%3D300x250%26hb_pb_appnexus%3D0.01%26hb_adid_appnexus%3D18ca9ec960cffce%26hb_bidder_appnexus%3Dappnexus%26hb_format%3Dbanner%26hb_size%3D300x250%26hb_pb%3D0.01%26hb_adid%3D18ca9ec960cffce%26hb_bidder%3Dappnexus&eri=1&sc=1&cookie=ID%3D7d1d3a232bbb798f%3AT%3D1660655130%3AS%3DALNI_MaRb-A0QJAXYI5Y5wkNt4HWivBT2w&cdm=korrespondent.net&abxe=1&dt=1660655134527&lmt=1660655134&dlt=1660655133535&idt=498&adxs=970&adys=1737&biw=1600&bih=1200&isw=300&ish=250&scr_x=0&scr_y=0&btvi=1&ucis=bnbbuvc6fi3u&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&nhd=4&url=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&top=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&frm=23&vis=1&psz=300x250&msz=300x0&fws=256&ohw=0&ea=0&ga_vid=2006371786.1660655130&ga_sid=1660655135&ga_hid=2065332441&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js?cb=31068970

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

cafe /

Resource Hash

46d760daef77a6d17732f8a1a7104ab77c062760d0e0a217a87697719cc6eeaa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:34 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12414
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://korrespondent.net
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 1A95 14 KB
11 KB 75ms
74ms XHR
application/json 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022081101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js?cb=31068970

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ec0d9d016b77a4c7a95385b6fe88d1e806a74f9ed28d965a8a827f078bb2086e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 16 Aug 2022 13:05:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11264
x-xss-protection: 0

GET
H2 200 container.html Show response
4727df7502fc5e8b0b921b1f5d01cbac.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame E886 6 KB
3 KB 88ms
23ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4727df7502fc5e8b0b921b1f5d01cbac.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=4

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js?cb=31068970

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://korrespondent.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 16 Aug 2022 13:05:34 GMT
expires: Wed, 16 Aug 2023 13:05:34 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 1A95 17 KB
6 KB 132ms
132ms Script
text/javascript 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js?cb=31068970

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 16 Aug 2022 13:05:34 GMT

GET
H/1.1 200
OK 75d02d930b.html Show response
tm.ad-srv.net/tm/a/container/html/ Frame 5752 4 KB
2 KB 203ms
95ms Script
text/html 94.130.160.79
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tm.ad-srv.net/tm/a/container/html/75d02d930b.html?liuid=fd208cb733&cguid=f52ab6ea57&click=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3FywHhN4T7kj8mIw4ZcDWJPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUP1vdUX_lDYVcw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgAMSKnDAAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521MhcqiAjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjEwOECGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MTA4%2Fbn%3D96930%2Fclickenc%3D&eVS=10264&eVR=https%3A%2F%2Fkorrespondent.net%2F&rnd=2118300996
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.130.160.79 Karlsruhe, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.79.160.130.94.clients.your-server.de
Software: nginx /
Resource Hash: 6879cddaa5d64594ca57e540a786a68ce5e0a42ce987568e4f0929e44f5d73f9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:34 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=utf-8
Expires: 0

GET
H/1.1 200
OK trk.js Show response
cdn.adnxs.com/v/s/224/ Frame 5752 85 KB
29 KB 25ms
24ms Script
application/x-javascript 151.101.65.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adnxs.com/v/s/224/trk.js
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: c652cb3dcc3b49133285c42c49b296c3a3af4f9fceffde1022a6e3539e2422b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:34 GMT
Content-Encoding: gzip
Age: 14962023
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 29216
X-Served-By: cache-lga21978-LGA, cache-cdg20753-CDG
Access-Control-Allow-Origin: *, *
Last-Modified: Thu, 24 Feb 2022 08:58:20 GMT
Server: AkamaiNetStorage
X-Timer: S1660655135.633204,VS0,VE0
ETag: "80cd3e09497c9fa4207d756c9d41697c:1645693100.060631"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Via: 1.1 varnish, 1.1 varnish
Expires: Fri, 24 Feb 2023 08:58:29 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
X-Cache-Hits: 848232, 119744

GET
H/1.1 200
OK it
ams3-ib.adnxs.com/ Frame 5752 0
813 B 23ms
23ms Image
text/html 185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ams3-ib.adnxs.com/it?an_audit=0&referrer=https%253A%252F%252Fkorrespondent.net%252F&e=wqT_3QLBCvD9QQUAAAMA1gAFAQierO6XBhDbusf617zDwlwYw9-bksKpjqAhKjYJywHhN4T7kj8RJiMOGXA1iT8ZAAAAQDMz4z8hxUmz3EbBiz8p9aEL6lvmlD8xAAAAQOF6lD8wy4ipCjiYUEDKTkgCUJP8-WZYk8KLAWAAaLTYsAF4ovUFgAEBigEDVVNEkgEDRVVSmAGsAqAB-gGoAQGwAQC4AQHAAQXIAQLQAQDYAQDgAQDwAQCKAnd1ZignYScsIDQ1MjUzNjIsIDE2NjA2NTUxMzQpO3VmKCdpJywgNDEyNjE2OSwgMTY2MDY1NTEzNCk7dWYoJ2cnLCAxMTQ5Mzg4NyxCOwAwcicsIDIxNTkwNzg1OTY9APC2kgL9AyFwR1gwc1FqRmlJMFRFSlA4LVdZWUFDQ1R3b3NCTUFBNEFFQUFTTXBPVU11SXFRcFlBR0RMQm1nQWNBQjRBSUFCQUlnQkFKQUJBWmdCQWFBQkFhZ0JBYkFCQUxrQmtlOEs4T0Y2bERfQkFlckFKVFFuNXBRX3lRRUFBQUFBQUFEd1A5a0I2LUkyR3NCYjd6X2dBZG5yLXdIMUFRclhvenlZQWdDZ0FnRzFBZ0FBQUFDOUFnATnwVURBQWdESUFnRFFBZ0RZQWdEZ0FnRG9BZ0Q0QWdHQUF3R1lBd0c2QXdsQlRWTXpPall4TURqZ0E0WXZnQVNidmRrRGlBU2N2ZGtEa0FRQW1BUUJ3UVFBAVoFAQhNa0UFCAUBGERZQkFEeEIFDAkBKGlBWGNMNmtGNi1JDbgMLXhCUQkcAQE8d1FWN0ZLNUg0WHFVUDhrRgEUAQEMOERfUi4oAAgyUVUBF_BGQUFBRHdQLUFGLVFfd0JmX0R2UVg0QmJLYWxBS0NCZ05GVlZLSUJnQ1FCZ0dZQmdDaEJuc1Vya2ZoZXBRX3FBWUVzZ1lrQ1EBSAkBAEUdjABHHQwASR0MPHVBWUuaApkBIU1oY3FpQWoyAQLYazhLTEFTQUFLQUF4ZXhTdVItRjZsRDg2Q1VGTlV6TTZOakV3T0VDR0wwbnI0allhd0Z2dlAxRQl-AQEERmsBBgkBAEc9TABHHRgASB0YDEhnQWkuFQLw13cuLtgCAOACm4VO6gIaaHR0cHM6Ly9rb3JyZXNwb25kZW50Lm5ldC-AAwCIAwGQAwCYAxegAwGqAwDAA6wCyAMA2AP3_i7gAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQMMTkzLjI3LjE0LjEwqAQAsgQQCAAQARisAiD6ASgAMAA4ArgEAMAEAMgEANIEDzEwMDU4I0FNUzM6NjEwONoEAggB4AQB8AST_PlmiAUBmAUAoAX___________8BwAUAyQUAAAAAAADwP9IFCQkAAAkOcNgFAeAFAfAFsKIC-gUECAAQAJAGAJgGALgGAMEGCSMo8D_QBrsz2gYWChAJERkBXBAAGADgBgHyBgIIAIAHAYgHAKAHAboHDwFITBgAIAAwADi_BkAAyAei9QXSBw0JEToBOAjaBwYJJ2jgBwDqBwIIAPAHjKICiggCEACVCAAAgD-YCAE.&s=b44e316fcdeb4768672b3f7d8609be82f627a5a0

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:34 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 9c336a35-7df8-486b-956c-03ae3ecce8aa
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK script.js Show response
acdn.adnxs-simple.com/strikeforce/ Frame 7844 118 KB
42 KB 194ms
33ms Script
application/javascript 23.35.236.188
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs-simple.com/strikeforce/script.js
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.188 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-188.deploy.static.akamaitechnologies.com
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: a991cef8e1b302989f94dad4a0e23a70dd561b60d2b41f58ed87228f0051f9c5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:34 GMT
Content-Encoding: gzip
Last-Modified: Wed, 10 Aug 2022 13:16:00 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "62f3af90-1d8e8"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=86402
Connection: keep-alive
Content-Length: 42145
Expires: Wed, 17 Aug 2022 13:05:36 GMT

GET
H/1.1 200
OK trk.js Show response
cdn.adnxs.com/v/s/224/ Frame 7844 85 KB
29 KB 25ms
24ms Script
application/x-javascript 151.101.65.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adnxs.com/v/s/224/trk.js
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: c652cb3dcc3b49133285c42c49b296c3a3af4f9fceffde1022a6e3539e2422b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:34 GMT
Content-Encoding: gzip
Age: 14962023
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 29216
X-Served-By: cache-lga21978-LGA, cache-cdg20764-CDG
Access-Control-Allow-Origin: *, *
Last-Modified: Thu, 24 Feb 2022 08:58:20 GMT
Server: AkamaiNetStorage
X-Timer: S1660655135.641151,VS0,VE0
ETag: "80cd3e09497c9fa4207d756c9d41697c:1645693100.060631"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Via: 1.1 varnish, 1.1 varnish
Expires: Fri, 24 Feb 2023 08:58:29 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
X-Cache-Hits: 848232, 1730736

GET
H/1.1 200
OK it
ams3-ib.adnxs.com/ Frame 7844 0
813 B 25ms
25ms Image
text/html 185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ams3-ib.adnxs.com/it?an_audit=0&referrer=https%253A%252F%252Fkorrespondent.net%252F&e=wqT_3QLPBPBMTwIAAAMA1gAFAQierO6XBhCyzo_2nuq0r0kYw9-bksKpjqAhKjYJDW3tpzEPWD8RuEqGPmG0Uz8ZAAAAQDMz4z8huEqGPmG0Uz8pDW0JJAAxARv0dQHhepQ_MMuIqQo4mFBA9ghIW1Ca59WwAViTwosBYABotNiwAXit9AWAAQGKAQNVU0SSAQNFVVKYAawCoAH6AagBAbABALgBAcABBcgBAtABANgBAOABAPABAJICDENNYncrUm9RclFvPdgCAOACm4VO6gIaaHR0cHM6Ly9rb3JyZXNwb25kZW50Lm5ldC-AAwCIAwGQAwCYAxegAwGqAycaFTUyODY4OTUzNjE0MzExNjg4MThfMSoEODM0MzoINTY1MjI4MjLAA6wCyAMA2AP3_i7gAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQMMTkzLjI3LjE0LjEwqAQAsgQQCAAQARisAiD6ASgAMAA4ArgEAMAEAMgEANoEAggB4AQB8ASa59WwAYgFAZgFAKAF6uPbnb6U9O8DwAUAyQUAAAAAAADwP9IFCQkAAAAAAAAAANgFAeAFAfAFipND-gUECAAQAJAGAJgGALgGAMEGAAEiMADwP9AGnuoD2gYWChAFER0BYBAAGADgBgHyBgIIAIAHAYgHAKAHAboHDwgFGkQgADAAOL8GQADIB630BdIHDQkROwE4CNoHBgknaOAHAOoHAggA8AeMogKKCAIQAJUIAACAP5gIAQ..&s=a463a3b3b640c828bc92d62f5bcde81e0298878f

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:34 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: e6181280-81f1-40fe-8a8b-10247418c67c
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

request.php Show response
ad.ad-srv.net/ Frame ECB5
Redirect Chain

https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2F...
https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2F...

5 KB
2 KB

117ms
57ms

Document
text/html

138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dyvmanyrg%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3Fmu8def8TlD-By_7R6qmKPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUP9Z4kkc6no0Kw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgAViUgiQAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521MBeghwjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjA0M0CGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDQz%2Fbn%3D96624%2Fclickenc%3D&uidRedirect=1
Requested by: Host: tm.ad-srv.net
URL: https://tm.ad-srv.net/tm/a/container/html/75d02d930b.html?liuid=fd208cb733&cguid=f52ab6ea57&click=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3Fmu8def8TlD-By_7R6qmKPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUP9Z4kkc6no0Kw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgAViUgiQAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521MBeghwjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjA0M0CGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDQz%2Fbn%3D96624%2Fclickenc%3D&eVS=10264&eVR=https%3A%2F%2Fkorrespondent.net%2F&rnd=2006781265
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: a357ed3a291660de456a3548718d53202194bbcd84888c7c41cd312f1c58a3f8

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 1801
Content-Type: text/html; charset=utf-8
Date: Tue, 16 Aug 2022 13:05:34 GMT
Expires: Tue, 16 Aug 2022 14:05:34 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
X-NEORY-SubId: 99284700079871401467939012053025

Redirect headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Tue, 16 Aug 2022 13:05:34 GMT
Expires: Tue, 16 Aug 2022 14:05:34 +0200
Location: request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dyvmanyrg%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3Fmu8def8TlD-By_7R6qmKPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUP9Z4kkc6no0Kw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgAViUgiQAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521MBeghwjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjA0M0CGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDQz%2Fbn%3D96624%2Fclickenc%3D&uidRedirect=1
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame DA8B 52 KB
17 KB 57ms
15ms Document
text/html 151.101.65.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=1821409
Requested by: Host: mediawoot.com
URL: https://mediawoot.com/r/p.html?f=yvmanyrg&e=1518846443599
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 30237
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Tue, 16 Aug 2022 13:05:34 GMT
ETag: W/"623de86a-cf34"
Expires: Wed, 03 Aug 2022 04:41:10 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 2, 485106
X-Served-By: cache-lga21945-LGA, cache-hhn4066-HHN
X-Timer: S1660655135.688086,VS0,VE0

GET
H/1.1 200
OK rd_log Show response
ams3-ib.adnxs.com/ Frame F05B 0
813 B 23ms
22ms Script
text/html 185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ams3-ib.adnxs.com/rd_log?an_audit=0&referrer=https%3A%2F%2Fkorrespondent.net%2F&e=wqT_3QLYDPD9WAYAAAMA1gAFAQierO6XBhDW8cm8pMfnxgoYw9-bksKpjqAhKjYJmu8def8TlD8Rgcv-0eqpij8ZAAAAQDMz4z8hxUmz3EbBiz8p9aEL6lvmlD8xAAAAQOF6lD8wy4ipCjiYUEDKTkgCUJP8-WZYk8KLAWAAaLTYsAF48PIFgAEBigEDVVNEkgEDRVVSmAGsAqAB-gGoAQGwAQC4AQHAAQXIAQLQAQDYAQDgAQDwAQCKAnd1ZignYScsIDQ1MjUzNjIsIDE2NjA2NTUxMzQpO3VmKCdpJywgNDEyNjE2OSwgMTY2MDY1NTEzNCk7dWYoJ2cnLCAxMTQ5Mzg4NyxCOwAwcicsIDIxNTkwNzg1OTY9APC2kgL9AyFZV1hHaWdqRmlJMFRFSlA4LVdZWUFDQ1R3b3NCTUFBNEFFQUFTTXBPVU11SXFRcFlBR0RMQm1nQWNBQjRBSUFCQUlnQkFKQUJBWmdCQWFBQkFhZ0JBYkFCQUxrQmtlOEs4T0Y2bERfQkFlckFKVFFuNXBRX3lRRUFBQUFBQUFEd1A5a0I2LUkyR3NCYjd6X2dBZG5yLXdIMUFRclhvenlZQWdDZ0FnRzFBZ0FBQUFDOUFnATnwVURBQWdESUFnRFFBZ0RZQWdEZ0FnRG9BZ0Q0QWdHQUF3R1lBd0c2QXdsQlRWTXpPall3TkRQZ0E0WXZnQVNidmRrRGlBU2N2ZGtEa0FRQW1BUUJ3UVFBAVoFAQhNa0UFCAUBGERZQkFEeEIFDAkBKGlBV2JMNmtGNi1JDbgQLXhCUUEVATx3UVY3Rks1SDRYcVVQOGtGERkMOERfUi4oAAgyUVUNG_BDRHdQLUFGLVFfd0JmX0R2UVg0QmJLYWxBS0NCZ05GVlZLSUJnQ1FCZ0dZQmdDaEJuc1Vya2ZoZXBRX3FBWUVzZ1lrQ1ENSwxBQUFFHYwARx0MAEkdDDx1QVlLmgKZASFNQmVnaHdqMgEC2Gs4S0xBU0FBS0FBeGV4U3VSLUY2bEQ4NkNVRk5Vek02TmpBME0wQ0dMMG5yNGpZYXdGdnZQMUUBfAkBBEZrCQgBAQBHPUwARx0YAEgdGAxIZ0FpLhUC2HcuLtgCAOACm4VO6gIaaHR0cHM6Ly9rb3JyZXNwb25kZW50Lm5ldC_yAhEKBkFEVl9JRBIHNDVlPzTyAhIKBkNQR19JRBIIMW0ZGPICCgoFQ1ABFBgBMPICDQoIATYMRlJFUREQHFJFTV9VU0VSBRAADwkgNENPREUSAzYxNfICFgoIAVQFEkQKZmQyMDhjYjczM_ICCwoHQ1AJGBwA8gIQCgVJTwFmAAdtsBjyAg4KB0lPCSEJSzgTCg9DVVNUT01fTU9ERUwBLhQA8gIaChYyFgAgTEVBRl9OQU1FAR0IHgoaNh0ACEFTVAE-EElGSUVEASEcDQoIU1BMSVQBTfCwATCAAwCIAwGQAwCYAxegAwGqAwDAA6wCyAMA2AP3_i7gAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQMMTkzLjI3LjE0LjEwqAQAsgQQCAAQARisAiD6ASgAMAA4ArgEAMAEAMgEANIEDzEwMDU4I0FNUzM6NjA0M9oEAggB4AQB8AST_PlmiAUBmAUAoAX___________8BwAUAyQUAAAAAAADwP9IFCQkABQx4AADYBQHgBQHwBbCiAvoFBAgAEACQBgCYBgC4BgDBBgkkKPA_0Aa7M9oGFgoQCREZAVwQABgA4AYB8gYCCACABwGIBwCgBwG6Bw8BSAgYACABtjC_BkAAyAfw8gXSBw0JEToBOAjaBwYJJ2jgBwDqBwIIAPAHjKICiggCEACVCAAAgD-YCAE.&s=f3fe04b4ee782ccf0f568346af48f6e418211cfb&bdref=https%3A%2F%2Fkorrespondent.net%2F&bdtop=true&bdifs=2&bstk=https%3A%2F%2Fkorrespondent.net%2F,https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dyvmanyrg%26e%3D1518846443599,https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dyvmanyrg%26e%3D1518846443599&

Requested by

Host: mediawoot.com
URL: https://mediawoot.com/r/p.html?f=yvmanyrg&e=1518846443599

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:34 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 7f48da9b-b225-425b-b81f-add03baabf75
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

request.php Show response
ad.ad-srv.net/ Frame 240C
Redirect Chain

https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2F...
https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2F...

5 KB
2 KB

113ms
56ms

Document
text/html

138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dluzlkxf%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3FywHhN4T7kj8mIw4ZcDWJPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUP3DWELS0rZcdw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgAdSLiIgAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521MBedhwjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjAxNkCGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDE2%2Fbn%3D96473%2Fclickenc%3D&uidRedirect=1
Requested by: Host: tm.ad-srv.net
URL: https://tm.ad-srv.net/tm/a/container/html/75d02d930b.html?liuid=fd208cb733&cguid=f52ab6ea57&click=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3FywHhN4T7kj8mIw4ZcDWJPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUP3DWELS0rZcdw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgAdSLiIgAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521MBedhwjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjAxNkCGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDE2%2Fbn%3D96473%2Fclickenc%3D&eVS=10264&eVR=https%3A%2F%2Fkorrespondent.net%2F&rnd=1808871071
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 415fa72687e9727c2976f929bdf27d1f8f009b28a11a3f86556d21ae8ec35394

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 1799
Content-Type: text/html; charset=utf-8
Date: Tue, 16 Aug 2022 13:05:34 GMT
Expires: Tue, 16 Aug 2022 14:05:34 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
X-NEORY-SubId: 44045500079871201467939012053025

Redirect headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Tue, 16 Aug 2022 13:05:34 GMT
Expires: Tue, 16 Aug 2022 14:05:34 +0200
Location: request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dluzlkxf%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3FywHhN4T7kj8mIw4ZcDWJPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUP3DWELS0rZcdw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgAdSLiIgAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521MBedhwjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjAxNkCGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDE2%2Fbn%3D96473%2Fclickenc%3D&uidRedirect=1
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame F4DA 52 KB
17 KB 54ms
15ms Document
text/html 151.101.65.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=1821409
Requested by: Host: mediawoot.com
URL: https://mediawoot.com/r/p.html?f=luzlkxf&e=1518846443599
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 30237
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Tue, 16 Aug 2022 13:05:34 GMT
ETag: W/"623de86a-cf34"
Expires: Wed, 03 Aug 2022 04:41:10 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 2, 485108
X-Served-By: cache-lga21945-LGA, cache-hhn4066-HHN
X-Timer: S1660655135.705915,VS0,VE0

GET
H/1.1 200
OK rd_log Show response
ams3-ib.adnxs.com/ Frame EAC6 0
813 B 24ms
23ms Script
text/html 185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ams3-ib.adnxs.com/rd_log?an_audit=0&referrer=https%3A%2F%2Fkorrespondent.net%2F&e=wqT_3QLYDPD9WAYAAAMA1gAFAQierO6XBhDwrMOgy7bryx0Yw9-bksKpjqAhKjYJywHhN4T7kj8RJiMOGXA1iT8ZAAAAQDMz4z8hxUmz3EbBiz8p9aEL6lvmlD8xAAAAQOF6lD8wy4ipCjiYUEDKTkgCUJP8-WZYk8KLAWAAaLTYsAF42fEFgAEBigEDVVNEkgEDRVVSmAGsAqAB-gGoAQGwAQC4AQHAAQXIAQLQAQDYAQDgAQDwAQCKAnd1ZignYScsIDQ1MjUzNjIsIDE2NjA2NTUxMzQpO3VmKCdpJywgNDEyNjE2OSwgMTY2MDY1NTEzNCk7dWYoJ2cnLCAxMTQ5Mzg4NyxCOwAwcicsIDIxNTkwNzg1OTY9APC2kgL9AyFSbVVuZXdqRmlJMFRFSlA4LVdZWUFDQ1R3b3NCTUFBNEFFQUFTTXBPVU11SXFRcFlBR0RMQm1nQWNBQjRBSUFCQUlnQkFKQUJBWmdCQWFBQkFhZ0JBYkFCQUxrQmtlOEs4T0Y2bERfQkFlckFKVFFuNXBRX3lRRUFBQUFBQUFEd1A5a0I2LUkyR3NCYjd6X2dBZG5yLXdIMUFRclhvenlZQWdDZ0FnRzFBZ0FBQUFDOUFnATnwVURBQWdESUFnRFFBZ0RZQWdEZ0FnRG9BZ0Q0QWdHQUF3R1lBd0c2QXdsQlRWTXpPall3TVRiZ0E0WXZnQVNidmRrRGlBU2N2ZGtEa0FRQW1BUUJ3UVFBAVoFAQhNa0UFCAUBGERZQkFEeEIFDAkBKGlBV0FMNmtGNi1JDbgMLXhCUQkcAQE8d1FWN0ZLNUg0WHFVUDhrRgEUAQEMOERfUi4oAAgyUVUBF_BGQUFBRHdQLUFGLVFfd0JmX0R2UVg0QmJLYWxBS0NCZ05GVlZLSUJnQ1FCZ0dZQmdDaEJuc1Vya2ZoZXBRX3FBWUVzZ1lrQ1EBSAkBAEUdjABHHQwASR0MNHVBWUuaApkBIU1CZWRoOgEC2Gs4S0xBU0FBS0FBeGV4U3VSLUY2bEQ4NkNVRk5Vek02TmpBeE5rQ0dMMG5yNGpZYXdGdnZQMUUJfgEBBEZrAQYJAQBHPUwARx0YAEgdGAxIZ0FpLhUC2HcuLtgCAOACm4VO6gIaaHR0cHM6Ly9rb3JyZXNwb25kZW50Lm5ldC_yAhEKBkFEVl9JRBIHNDVlPzTyAhIKBkNQR19JRBIIMW0ZGPICCgoFQ1ABFBgBMPICDQoIATYMRlJFUREQHFJFTV9VU0VSBRAADwkgNENPREUSAzYxNfICFgoIAVQFEkQKZmQyMDhjYjczM_ICCwoHQ1AJGBwA8gIQCgVJTwFmAAdtsBjyAg4KB0lPCSEJSzgTCg9DVVNUT01fTU9ERUwBLhQA8gIaChYyFgAgTEVBRl9OQU1FAR0IHgoaNh0ACEFTVAE-EElGSUVEASEcDQoIU1BMSVQBTfCwATCAAwCIAwGQAwCYAxegAwGqAwDAA6wCyAMA2AP3_i7gAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQMMTkzLjI3LjE0LjEwqAQAsgQQCAAQARisAiD6ASgAMAA4ArgEAMAEAMgEANIEDzEwMDU4I0FNUzM6NjAxNtoEAggB4AQB8AST_PlmiAUBmAUAoAX___________8BwAUAyQUAAAAAAADwP9IFCQkABQx4AADYBQHgBQHwBbCiAvoFBAgAEACQBgCYBgC4BgDBBgkkKPA_0Aa7M9oGFgoQCREZAVwQABgA4AYB8gYCCACABwGIBwCgBwG6Bw8BSAgYACABtjC_BkAAyAfZ8QXSBw0JEToBOAjaBwYJJ2jgBwDqBwIIAPAHjKICiggCEACVCAAAgD-YCAE.&s=f7f26513a6824575e589a57ac2bf37f7d83fb506&bdref=https%3A%2F%2Fkorrespondent.net%2F&bdtop=true&bdifs=2&bstk=https%3A%2F%2Fkorrespondent.net%2F,https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dluzlkxf%26e%3D1518846443599,https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dluzlkxf%26e%3D1518846443599&

Requested by

Host: mediawoot.com
URL: https://mediawoot.com/r/p.html?f=luzlkxf&e=1518846443599

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:34 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 70bafb8c-9217-4937-b71f-3fed6cd5e68a
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

request.php Show response
ad.ad-srv.net/ Frame 99FA
Redirect Chain

https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2F...
https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2F...

5 KB
2 KB

112ms
54ms

Document
text/html

138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dmylhifuyj%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3Fmu8def8TlD-By_7R6qmKPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUPyZXAqiBMUdhw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgAQSROKgAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521NRf9iAjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjAzOUCGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDM5%2Fbn%3D96578%2Fclickenc%3D&uidRedirect=1
Requested by: Host: tm.ad-srv.net
URL: https://tm.ad-srv.net/tm/a/container/html/75d02d930b.html?liuid=fd208cb733&cguid=f52ab6ea57&click=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3Fmu8def8TlD-By_7R6qmKPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUPyZXAqiBMUdhw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgAQSROKgAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521NRf9iAjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjAzOUCGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDM5%2Fbn%3D96578%2Fclickenc%3D&eVS=10264&eVR=https%3A%2F%2Fkorrespondent.net%2F&rnd=1185122883
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: cdcc0d31470f6b7c8f7b43f00b790c9e0e44b9a1f63958c284b72e6ba3c56d7f

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 1803
Content-Type: text/html; charset=utf-8
Date: Tue, 16 Aug 2022 13:05:34 GMT
Expires: Tue, 16 Aug 2022 14:05:34 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
X-NEORY-SubId: 39020200079871301467939012053025

Redirect headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Tue, 16 Aug 2022 13:05:34 GMT
Expires: Tue, 16 Aug 2022 14:05:34 +0200
Location: request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dmylhifuyj%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3Fmu8def8TlD-By_7R6qmKPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUPyZXAqiBMUdhw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgAQSROKgAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521NRf9iAjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjAzOUCGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDM5%2Fbn%3D96578%2Fclickenc%3D&uidRedirect=1
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame A8F8 52 KB
17 KB 47ms
15ms Document
text/html 151.101.65.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=1821409
Requested by: Host: mediawoot.com
URL: https://mediawoot.com/r/p.html?f=mylhifuyj&e=1518846443599
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 30238
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Tue, 16 Aug 2022 13:05:34 GMT
ETag: W/"623de86a-cf34"
Expires: Wed, 03 Aug 2022 04:41:10 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 2, 486740
X-Served-By: cache-lga21945-LGA, cache-hhn4060-HHN
X-Timer: S1660655135.708069,VS0,VE0

GET
H/1.1 200
OK rd_log Show response
ams3-ib.adnxs.com/ Frame 8D0E 0
813 B 23ms
23ms Script
text/html 185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ams3-ib.adnxs.com/rd_log?an_audit=0&referrer=https%3A%2F%2Fkorrespondent.net%2F&e=wqT_3QLYDPD9WAYAAAMA1gAFAQierO6XBhCmronAmrDMo2EYw9-bksKpjqAhKjYJmu8def8TlD8Rgcv-0eqpij8ZAAAAQDMz4z8hxUmz3EbBiz8p9aEL6lvmlD8xAAAAQOF6lD8wy4ipCjiYUEDKTkgCUJP8-WZYk8KLAWAAaLTYsAF4wvIFgAEBigEDVVNEkgEDRVVSmAGsAqAB-gGoAQGwAQC4AQHAAQXIAQLQAQDYAQDgAQDwAQCKAnd1ZignYScsIDQ1MjUzNjIsIDE2NjA2NTUxMzQpO3VmKCdpJywgNDEyNjE2OSwgMTY2MDY1NTEzNCk7dWYoJ2cnLCAxMTQ5Mzg4NyxCOwAwcicsIDIxNTkwNzg1OTY9APC2kgL9AyFZbVY3akFqRmlJMFRFSlA4LVdZWUFDQ1R3b3NCTUFBNEFFQUFTTXBPVU11SXFRcFlBR0RMQm1nQWNBQjRBSUFCQUlnQkFKQUJBWmdCQWFBQkFhZ0JBYkFCQUxrQmtlOEs4T0Y2bERfQkFlckFKVFFuNXBRX3lRRUFBQUFBQUFEd1A5a0I2LUkyR3NCYjd6X2dBZG5yLXdIMUFRclhvenlZQWdDZ0FnRzFBZ0FBQUFDOUFnATnwVURBQWdESUFnRFFBZ0RZQWdEZ0FnRG9BZ0Q0QWdHQUF3R1lBd0c2QXdsQlRWTXpPall3TXpuZ0E0WXZnQVNidmRrRGlBU2N2ZGtEa0FRQW1BUUJ3UVFBAVoFAQhNa0UFCAUBGERZQkFEeEIFDAkBKGlBV1hMNmtGNi1JDbgMLXhCUQkcAQE8d1FWN0ZLNUg0WHFVUDhrRgEUAQEMOERfUi4oAAgyUVUBF_BGQUFBRHdQLUFGLVFfd0JmX0R2UVg0QmJLYWxBS0NCZ05GVlZLSUJnQ1FCZ0dZQmdDaEJuc1Vya2ZoZXBRX3FBWUVzZ1lrQ1EBSAkBAEUdjABHHQwASR0MNHVBWUuaApkBIU5SZjlpOgEC2Gs4S0xBU0FBS0FBeGV4U3VSLUY2bEQ4NkNVRk5Vek02TmpBek9VQ0dMMG5yNGpZYXdGdnZQMUUJfgEBBEZrAQYJAQBHPUwARx0YAEgdGAxIZ0FpLhUC2HcuLtgCAOACm4VO6gIaaHR0cHM6Ly9rb3JyZXNwb25kZW50Lm5ldC_yAhEKBkFEVl9JRBIHNDVlP2zyAhIKBkNQR19JRBIIMTE0OTM4ODfyAgoKBUNQARQYATDyAg0KCAE2DEZSRVEREBxSRU1fVVNFUgUQAA8JIDRDT0RFEgM2MTXyAhYKCAFUBRJECmZkMjA4Y2I3MzPyAgsKB0NQCRgcAPICEAoFSU8BZgAHbbAY8gIOCgdJTwkhCUs4EwoPQ1VTVE9NX01PREVMAS4UAPICGgoWMhYAIExFQUZfTkFNRQEdCB4KGjYdAAhBU1QBPhBJRklFRAEhHA0KCFNQTElUAU3wsAEwgAMAiAMBkAMAmAMXoAMBqgMAwAOsAsgDANgD9_4u4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDDE5My4yNy4xNC4xMKgEALIEEAgAEAEYrAIg-gEoADAAOAK4BADABADIBADSBA8xMDA1OCNBTVMzOjYwMznaBAIIAeAEAfAEk_z5ZogFAZgFAKAF____________AcAFAMkFAAAAAAAA8D_SBQkJAAUMeAAA2AUB4AUB8AWwogL6BQQIABAAkAYAmAYAuAYAwQYJJCjwP9AGuzPaBhYKEAkRGQFcEAAYAOAGAfIGAggAgAcBiAcAoAcBugcPAUgIGAAgAbYwvwZAAMgHwvIF0gcNCRE6ATgI2gcGCSdo4AcA6gcCCADwB4yiAooIAhAAlQgAAIA_mAgB&s=0ef79ec505f5c85d90d80891a05517af8a39ab7c&bdref=https%3A%2F%2Fkorrespondent.net%2F&bdtop=true&bdifs=2&bstk=https%3A%2F%2Fkorrespondent.net%2F,https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dmylhifuyj%26e%3D1518846443599,https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dmylhifuyj%26e%3D1518846443599&

Requested by

Host: mediawoot.com
URL: https://mediawoot.com/r/p.html?f=mylhifuyj&e=1518846443599

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:34 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: edbae439-896f-4d9d-b9b8-8c4a2cc2c96a
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

request.php Show response
ad.ad-srv.net/ Frame 93E3
Redirect Chain

https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2F...
https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2F...

5 KB
2 KB

177ms
75ms

Document
text/html

138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dqhnmckig%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3Fmu8def8TlD-By_7R6qmKPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUP0VJlOaZGFkzw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgABSXRbAAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521Khf4hQjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjAwMUCGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDAx%2Fbn%3D96382%2Fclickenc%3D&uidRedirect=1
Requested by: Host: tm.ad-srv.net
URL: https://tm.ad-srv.net/tm/a/container/html/75d02d930b.html?liuid=fd208cb733&cguid=f52ab6ea57&click=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3Fmu8def8TlD-By_7R6qmKPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUP0VJlOaZGFkzw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgABSXRbAAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521Khf4hQjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjAwMUCGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDAx%2Fbn%3D96382%2Fclickenc%3D&eVS=10264&eVR=https%3A%2F%2Fkorrespondent.net%2F&rnd=387137574
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: ac767d3b257f18757c4675082116cbe11374651106d06d77de36d7bb6a9249f0

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 1802
Content-Type: text/html; charset=utf-8
Date: Tue, 16 Aug 2022 13:05:34 GMT
Expires: Tue, 16 Aug 2022 14:05:34 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
X-NEORY-SubId: 19324500079871501467939012053025

Redirect headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Tue, 16 Aug 2022 13:05:34 GMT
Expires: Tue, 16 Aug 2022 14:05:34 +0200
Location: request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dqhnmckig%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3Fmu8def8TlD-By_7R6qmKPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUP0VJlOaZGFkzw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgABSXRbAAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521Khf4hQjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjAwMUCGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDAx%2Fbn%3D96382%2Fclickenc%3D&uidRedirect=1
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 02A9 52 KB
17 KB 64ms
24ms Document
text/html 151.101.65.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=1821409
Requested by: Host: mediawoot.com
URL: https://mediawoot.com/r/p.html?f=qhnmckig&e=1518846443599
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 30239
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Tue, 16 Aug 2022 13:05:34 GMT
ETag: W/"623de86a-cf34"
Expires: Wed, 03 Aug 2022 04:41:10 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 1, 293410
X-Served-By: cache-lga21947-LGA, cache-cdg20745-CDG
X-Timer: S1660655135.723467,VS0,VE0

GET
H/1.1 200
OK rd_log Show response
ams3-ib.adnxs.com/ Frame 395B 0
813 B 24ms
22ms Script
text/html 185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ams3-ib.adnxs.com/rd_log?an_audit=0&referrer=https%3A%2F%2Fkorrespondent.net%2F&e=wqT_3QLYDPD9WAYAAAMA1gAFAQierO6XBhDFktG0npPGrDMYw9-bksKpjqAhKjYJmu8def8TlD8Rgcv-0eqpij8ZAAAAQDMz4z8hxUmz3EbBiz8p9aEL6lvmlD8xAAAAQOF6lD8wy4ipCjiYUEDKTkgCUJP8-WZYk8KLAWAAaLTYsAF4_vAFgAEBigEDVVNEkgEDRVVSmAGsAqAB-gGoAQGwAQC4AQHAAQXIAQLQAQDYAQDgAQDwAQCKAnd1ZignYScsIDQ1MjUzNjIsIDE2NjA2NTUxMzQpO3VmKCdpJywgNDEyNjE2OSwgMTY2MDY1NTEzNCk7dWYoJ2cnLCAxMTQ5Mzg4NyxCOwAwcicsIDIxNTkwNzg1OTY9APC2kgL9AyFzR1VUdHdqRmlJMFRFSlA4LVdZWUFDQ1R3b3NCTUFBNEFFQUFTTXBPVU11SXFRcFlBR0RMQm1nQWNBQjRBSUFCQUlnQkFKQUJBWmdCQWFBQkFhZ0JBYkFCQUxrQmtlOEs4T0Y2bERfQkFlckFKVFFuNXBRX3lRRUFBQUFBQUFEd1A5a0I2LUkyR3NCYjd6X2dBZG5yLXdIMUFRclhvenlZQWdDZ0FnRzFBZ0FBQUFDOUFnATnwVURBQWdESUFnRFFBZ0RZQWdEZ0FnRG9BZ0Q0QWdHQUF3R1lBd0c2QXdsQlRWTXpPall3TURIZ0E0WXZnQVNidmRrRGlBU2N2ZGtEa0FRQW1BUUJ3UVFBAVoFAQhNa0UFCAUBGERZQkFEeEIFDAkBKGlBWHhMcWtGNi1JDbgMLXhCUQkcAQE8d1FWN0ZLNUg0WHFVUDhrRgEUAQEMOERfUi4oAAgyUVUBF_BGQUFBRHdQLUFGLVFfd0JmX0R2UVg0QmJLYWxBS0NCZ05GVlZLSUJnQ1FCZ0dZQmdDaEJuc1Vya2ZoZXBRX3FBWUVzZ1lrQ1EBSAkBAEUdjABHHQwASR0MPHVBWUuaApkBIUtoZjRoUWoyAQLgazhLTEFTQUFLQUF4ZXhTdVItRjZsRDg2Q1VGTlV6TTZOakF3TVVDR0wwbnI0allhd0Z2dlAxRUFBEQIERmsRCghBQUc9TABHHRgASB0YDEhnQWkuFQLYdy4u2AIA4AKbhU7qAhpodHRwczovL2tvcnJlc3BvbmRlbnQubmV0L_ICEQoGQURWX0lEEgc0NWU_NPICEgoGQ1BHX0lEEggxbRkY8gIKCgVDUAEUGAEw8gINCggBNgxGUkVRERAcUkVNX1VTRVIFEAAPCSA0Q09ERRIDNjE18gIWCggBVAUSRApmZDIwOGNiNzMz8gILCgdDUAkYHADyAhAKBUlPAWYAB22wGPICDgoHSU8JIQlLOBMKD0NVU1RPTV9NT0RFTAEuFADyAhoKFjIWACBMRUFGX05BTUUBHQgeCho2HQAIQVNUAT4QSUZJRUQBIRwNCghTUExJVAFN8LABMIADAIgDAZADAJgDF6ADAaoDAMADrALIAwDYA_f-LuADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBAwxOTMuMjcuMTQuMTCoBACyBBAIABABGKwCIPoBKAAwADgCuAQAwAQAyAQA0gQPMTAwNTgjQU1TMzo2MDAx2gQCCAHgBAHwBJP8-WaIBQGYBQCgBf___________wHABQDJBQAAAAAAAPA_0gUJCQAFDHgAANgFAeAFAfAFsKIC-gUECAAQAJAGAJgGALgGAMEGCSQo8D_QBrsz2gYWChAJERkBXBAAGADgBgHyBgIIAIAHAYgHAKAHAboHDwFICBgAIAG2ML8GQADIB_7wBdIHDQkROgE4CNoHBgknaOAHAOoHAggA8AeMogKKCAIQAJUIAACAP5gIAQ..&s=d6d5d9fcb9589e7a3236334e9f56aafd155d7e09&bdref=https%3A%2F%2Fkorrespondent.net%2F&bdtop=true&bdifs=2&bstk=https%3A%2F%2Fkorrespondent.net%2F,https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dqhnmckig%26e%3D1518846443599,https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dqhnmckig%26e%3D1518846443599&

Requested by

Host: mediawoot.com
URL: https://mediawoot.com/r/p.html?f=qhnmckig&e=1518846443599

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:34 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 74223234-1f85-40dc-ab1b-9c8c3d813968
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK vevent
ams3-ib.adnxs.com/ Frame F05B 0
833 B 25ms
25ms Ping
text/html 185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ams3-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fkorrespondent.net%2F&e=wqT_3QLBCvD9QQUAAAMA1gAFAQierO6XBhDW8cm8pMfnxgoYw9-bksKpjqAhKjYJmu8def8TlD8Rgcv-0eqpij8ZAAAAQDMz4z8hxUmz3EbBiz8p9aEL6lvmlD8xAAAAQOF6lD8wy4ipCjiYUEDKTkgCUJP8-WZYk8KLAWAAaLTYsAF48PIFgAEBigEDVVNEkgEDRVVSmAGsAqAB-gGoAQGwAQC4AQHAAQXIAQLQAQDYAQDgAQDwAQCKAnd1ZignYScsIDQ1MjUzNjIsIDE2NjA2NTUxMzQpO3VmKCdpJywgNDEyNjE2OSwgMTY2MDY1NTEzNCk7dWYoJ2cnLCAxMTQ5Mzg4NyxCOwAwcicsIDIxNTkwNzg1OTY9APC2kgL9AyFZV1hHaWdqRmlJMFRFSlA4LVdZWUFDQ1R3b3NCTUFBNEFFQUFTTXBPVU11SXFRcFlBR0RMQm1nQWNBQjRBSUFCQUlnQkFKQUJBWmdCQWFBQkFhZ0JBYkFCQUxrQmtlOEs4T0Y2bERfQkFlckFKVFFuNXBRX3lRRUFBQUFBQUFEd1A5a0I2LUkyR3NCYjd6X2dBZG5yLXdIMUFRclhvenlZQWdDZ0FnRzFBZ0FBQUFDOUFnATnwVURBQWdESUFnRFFBZ0RZQWdEZ0FnRG9BZ0Q0QWdHQUF3R1lBd0c2QXdsQlRWTXpPall3TkRQZ0E0WXZnQVNidmRrRGlBU2N2ZGtEa0FRQW1BUUJ3UVFBAVoFAQhNa0UFCAUBGERZQkFEeEIFDAkBKGlBV2JMNmtGNi1JDbgQLXhCUUEVATx3UVY3Rks1SDRYcVVQOGtGERkMOERfUi4oAAgyUVUNG_BDRHdQLUFGLVFfd0JmX0R2UVg0QmJLYWxBS0NCZ05GVlZLSUJnQ1FCZ0dZQmdDaEJuc1Vya2ZoZXBRX3FBWUVzZ1lrQ1ENSwxBQUFFHYwARx0MAEkdDDx1QVlLmgKZASFNQmVnaHdqMgEC2Gs4S0xBU0FBS0FBeGV4U3VSLUY2bEQ4NkNVRk5Vek02TmpBME0wQ0dMMG5yNGpZYXdGdnZQMUUBfAkBBEZrCQgBAQBHPUwARx0YAEgdGAxIZ0FpLhUC8Nd3Li7YAgDgApuFTuoCGmh0dHBzOi8va29ycmVzcG9uZGVudC5uZXQvgAMAiAMBkAMAmAMXoAMBqgMAwAOsAsgDANgD9_4u4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDDE5My4yNy4xNC4xMKgEALIEEAgAEAEYrAIg-gEoADAAOAK4BADABADIBADSBA8xMDA1OCNBTVMzOjYwNDPaBAIIAeAEAfAEk_z5ZogFAZgFAKAF____________AcAFAMkFAAAAAAAA8D_SBQkJAAAJDnDYBQHgBQHwBbCiAvoFBAgAEACQBgCYBgC4BgDBBgkjKPA_0Aa7M9oGFgoQCREZAVwQABgA4AYB8gYCCACABwGIBwCgBwG6Bw8BSEwYACAAMAA4vwZAAMgH8PIF0gcNCRE6ATgI2gcGCSdo4AcA6gcCCADwB4yiAooIAhAAlQgAAIA_mAgB&s=84adf47dab04b9ea6e2ce00543b3aa06edd67608&type=nv&nvt=5&jm=1003&px=0&py=0&bw=300&bh=250&sid=7701041261294738870&vd=ct~0|rr~0&sv=224&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=21644363&sw=1600&sh=1200&pw=300&ph=250&ww=300&wh=250&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/224/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:34 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: b3319e63-83df-48f5-a9b4-e3249dc6c55b
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://mediawoot.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK vevent
ams3-ib.adnxs.com/ Frame EAC6 0
833 B 23ms
23ms Ping
text/html 185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ams3-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fkorrespondent.net%2F&e=wqT_3QLBCvD9QQUAAAMA1gAFAQierO6XBhDwrMOgy7bryx0Yw9-bksKpjqAhKjYJywHhN4T7kj8RJiMOGXA1iT8ZAAAAQDMz4z8hxUmz3EbBiz8p9aEL6lvmlD8xAAAAQOF6lD8wy4ipCjiYUEDKTkgCUJP8-WZYk8KLAWAAaLTYsAF42fEFgAEBigEDVVNEkgEDRVVSmAGsAqAB-gGoAQGwAQC4AQHAAQXIAQLQAQDYAQDgAQDwAQCKAnd1ZignYScsIDQ1MjUzNjIsIDE2NjA2NTUxMzQpO3VmKCdpJywgNDEyNjE2OSwgMTY2MDY1NTEzNCk7dWYoJ2cnLCAxMTQ5Mzg4NyxCOwAwcicsIDIxNTkwNzg1OTY9APC2kgL9AyFSbVVuZXdqRmlJMFRFSlA4LVdZWUFDQ1R3b3NCTUFBNEFFQUFTTXBPVU11SXFRcFlBR0RMQm1nQWNBQjRBSUFCQUlnQkFKQUJBWmdCQWFBQkFhZ0JBYkFCQUxrQmtlOEs4T0Y2bERfQkFlckFKVFFuNXBRX3lRRUFBQUFBQUFEd1A5a0I2LUkyR3NCYjd6X2dBZG5yLXdIMUFRclhvenlZQWdDZ0FnRzFBZ0FBQUFDOUFnATnwVURBQWdESUFnRFFBZ0RZQWdEZ0FnRG9BZ0Q0QWdHQUF3R1lBd0c2QXdsQlRWTXpPall3TVRiZ0E0WXZnQVNidmRrRGlBU2N2ZGtEa0FRQW1BUUJ3UVFBAVoFAQhNa0UFCAUBGERZQkFEeEIFDAkBKGlBV0FMNmtGNi1JDbgMLXhCUQkcAQE8d1FWN0ZLNUg0WHFVUDhrRgEUAQEMOERfUi4oAAgyUVUBF_BGQUFBRHdQLUFGLVFfd0JmX0R2UVg0QmJLYWxBS0NCZ05GVlZLSUJnQ1FCZ0dZQmdDaEJuc1Vya2ZoZXBRX3FBWUVzZ1lrQ1EBSAkBAEUdjABHHQwASR0MNHVBWUuaApkBIU1CZWRoOgEC2Gs4S0xBU0FBS0FBeGV4U3VSLUY2bEQ4NkNVRk5Vek02TmpBeE5rQ0dMMG5yNGpZYXdGdnZQMUUJfgEBBEZrAQYJAQBHPUwARx0YAEgdGAxIZ0FpLhUC8Nd3Li7YAgDgApuFTuoCGmh0dHBzOi8va29ycmVzcG9uZGVudC5uZXQvgAMAiAMBkAMAmAMXoAMBqgMAwAOsAsgDANgD9_4u4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDDE5My4yNy4xNC4xMKgEALIEEAgAEAEYrAIg-gEoADAAOAK4BADABADIBADSBA8xMDA1OCNBTVMzOjYwMTbaBAIIAeAEAfAEk_z5ZogFAZgFAKAF____________AcAFAMkFAAAAAAAA8D_SBQkJAAAJDnDYBQHgBQHwBbCiAvoFBAgAEACQBgCYBgC4BgDBBgkjKPA_0Aa7M9oGFgoQCREZAVwQABgA4AYB8gYCCACABwGIBwCgBwG6Bw8BSEwYACAAMAA4vwZAAMgH2fEF0gcNCRE6ATgI2gcGCSdo4AcA6gcCCADwB4yiAooIAhAAlQgAAIA_mAgB&s=1f8186272b66a5bf1fec66192cc2393e5c1240bc&type=nv&nvt=5&jm=1003&px=0&py=0&bw=300&bh=250&sid=7701041261294738870&vd=ct~0|rr~0&sv=224&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=21644363&sw=1600&sh=1200&pw=300&ph=250&ww=300&wh=250&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/224/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:34 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 92971a24-1c82-49d1-a854-f6760e2093ff
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://mediawoot.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK vevent
ams3-ib.adnxs.com/ Frame 8D0E 0
833 B 25ms
24ms Ping
text/html 185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ams3-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fkorrespondent.net%2F&e=wqT_3QLBCvD9QQUAAAMA1gAFAQierO6XBhCmronAmrDMo2EYw9-bksKpjqAhKjYJmu8def8TlD8Rgcv-0eqpij8ZAAAAQDMz4z8hxUmz3EbBiz8p9aEL6lvmlD8xAAAAQOF6lD8wy4ipCjiYUEDKTkgCUJP8-WZYk8KLAWAAaLTYsAF4wvIFgAEBigEDVVNEkgEDRVVSmAGsAqAB-gGoAQGwAQC4AQHAAQXIAQLQAQDYAQDgAQDwAQCKAnd1ZignYScsIDQ1MjUzNjIsIDE2NjA2NTUxMzQpO3VmKCdpJywgNDEyNjE2OSwgMTY2MDY1NTEzNCk7dWYoJ2cnLCAxMTQ5Mzg4NyxCOwAwcicsIDIxNTkwNzg1OTY9APC2kgL9AyFZbVY3akFqRmlJMFRFSlA4LVdZWUFDQ1R3b3NCTUFBNEFFQUFTTXBPVU11SXFRcFlBR0RMQm1nQWNBQjRBSUFCQUlnQkFKQUJBWmdCQWFBQkFhZ0JBYkFCQUxrQmtlOEs4T0Y2bERfQkFlckFKVFFuNXBRX3lRRUFBQUFBQUFEd1A5a0I2LUkyR3NCYjd6X2dBZG5yLXdIMUFRclhvenlZQWdDZ0FnRzFBZ0FBQUFDOUFnATnwVURBQWdESUFnRFFBZ0RZQWdEZ0FnRG9BZ0Q0QWdHQUF3R1lBd0c2QXdsQlRWTXpPall3TXpuZ0E0WXZnQVNidmRrRGlBU2N2ZGtEa0FRQW1BUUJ3UVFBAVoFAQhNa0UFCAUBGERZQkFEeEIFDAkBKGlBV1hMNmtGNi1JDbgMLXhCUQkcAQE8d1FWN0ZLNUg0WHFVUDhrRgEUAQEMOERfUi4oAAgyUVUBF_BGQUFBRHdQLUFGLVFfd0JmX0R2UVg0QmJLYWxBS0NCZ05GVlZLSUJnQ1FCZ0dZQmdDaEJuc1Vya2ZoZXBRX3FBWUVzZ1lrQ1EBSAkBAEUdjABHHQwASR0MNHVBWUuaApkBIU5SZjlpOgEC2Gs4S0xBU0FBS0FBeGV4U3VSLUY2bEQ4NkNVRk5Vek02TmpBek9VQ0dMMG5yNGpZYXdGdnZQMUUJfgEBBEZrAQYJAQBHPUwARx0YAEgdGAxIZ0FpLhUC8Nd3Li7YAgDgApuFTuoCGmh0dHBzOi8va29ycmVzcG9uZGVudC5uZXQvgAMAiAMBkAMAmAMXoAMBqgMAwAOsAsgDANgD9_4u4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDDE5My4yNy4xNC4xMKgEALIEEAgAEAEYrAIg-gEoADAAOAK4BADABADIBADSBA8xMDA1OCNBTVMzOjYwMznaBAIIAeAEAfAEk_z5ZogFAZgFAKAF____________AcAFAMkFAAAAAAAA8D_SBQkJAAAJDnDYBQHgBQHwBbCiAvoFBAgAEACQBgCYBgC4BgDBBgkjKPA_0Aa7M9oGFgoQCREZAVwQABgA4AYB8gYCCACABwGIBwCgBwG6Bw8BSEwYACAAMAA4vwZAAMgHwvIF0gcNCRE6ATgI2gcGCSdo4AcA6gcCCADwB4yiAooIAhAAlQgAAIA_mAgB&s=02db6572e689d0fbea95be2d5900ec5b567dbfde&type=nv&nvt=5&jm=1003&px=0&py=0&bw=300&bh=250&sid=7701041261294738870&vd=ct~0|rr~0&sv=224&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=21644363&sw=1600&sh=1200&pw=300&ph=250&ww=300&wh=250&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/224/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:34 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: cdff94a1-4880-4e31-93aa-7f7a374ea094
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://mediawoot.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK vevent
ams3-ib.adnxs.com/ Frame 395B 0
833 B 23ms
23ms Ping
text/html 185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ams3-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fkorrespondent.net%2F&e=wqT_3QLBCvD9QQUAAAMA1gAFAQierO6XBhDFktG0npPGrDMYw9-bksKpjqAhKjYJmu8def8TlD8Rgcv-0eqpij8ZAAAAQDMz4z8hxUmz3EbBiz8p9aEL6lvmlD8xAAAAQOF6lD8wy4ipCjiYUEDKTkgCUJP8-WZYk8KLAWAAaLTYsAF4_vAFgAEBigEDVVNEkgEDRVVSmAGsAqAB-gGoAQGwAQC4AQHAAQXIAQLQAQDYAQDgAQDwAQCKAnd1ZignYScsIDQ1MjUzNjIsIDE2NjA2NTUxMzQpO3VmKCdpJywgNDEyNjE2OSwgMTY2MDY1NTEzNCk7dWYoJ2cnLCAxMTQ5Mzg4NyxCOwAwcicsIDIxNTkwNzg1OTY9APC2kgL9AyFzR1VUdHdqRmlJMFRFSlA4LVdZWUFDQ1R3b3NCTUFBNEFFQUFTTXBPVU11SXFRcFlBR0RMQm1nQWNBQjRBSUFCQUlnQkFKQUJBWmdCQWFBQkFhZ0JBYkFCQUxrQmtlOEs4T0Y2bERfQkFlckFKVFFuNXBRX3lRRUFBQUFBQUFEd1A5a0I2LUkyR3NCYjd6X2dBZG5yLXdIMUFRclhvenlZQWdDZ0FnRzFBZ0FBQUFDOUFnATnwVURBQWdESUFnRFFBZ0RZQWdEZ0FnRG9BZ0Q0QWdHQUF3R1lBd0c2QXdsQlRWTXpPall3TURIZ0E0WXZnQVNidmRrRGlBU2N2ZGtEa0FRQW1BUUJ3UVFBAVoFAQhNa0UFCAUBGERZQkFEeEIFDAkBKGlBWHhMcWtGNi1JDbgMLXhCUQkcAQE8d1FWN0ZLNUg0WHFVUDhrRgEUAQEMOERfUi4oAAgyUVUBF_BGQUFBRHdQLUFGLVFfd0JmX0R2UVg0QmJLYWxBS0NCZ05GVlZLSUJnQ1FCZ0dZQmdDaEJuc1Vya2ZoZXBRX3FBWUVzZ1lrQ1EBSAkBAEUdjABHHQwASR0MPHVBWUuaApkBIUtoZjRoUWoyAQLgazhLTEFTQUFLQUF4ZXhTdVItRjZsRDg2Q1VGTlV6TTZOakF3TVVDR0wwbnI0allhd0Z2dlAxRUFBEQIERmsRCghBQUc9TABHHRgASB0YDEhnQWkuFQLw13cuLtgCAOACm4VO6gIaaHR0cHM6Ly9rb3JyZXNwb25kZW50Lm5ldC-AAwCIAwGQAwCYAxegAwGqAwDAA6wCyAMA2AP3_i7gAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQMMTkzLjI3LjE0LjEwqAQAsgQQCAAQARisAiD6ASgAMAA4ArgEAMAEAMgEANIEDzEwMDU4I0FNUzM6NjAwMdoEAggB4AQB8AST_PlmiAUBmAUAoAX___________8BwAUAyQUAAAAAAADwP9IFCQkAAAkOcNgFAeAFAfAFsKIC-gUECAAQAJAGAJgGALgGAMEGCSMo8D_QBrsz2gYWChAJERkBXBAAGADgBgHyBgIIAIAHAYgHAKAHAboHDwFITBgAIAAwADi_BkAAyAf-8AXSBw0JEToBOAjaBwYJJ2jgBwDqBwIIAPAHjKICiggCEACVCAAAgD-YCAE.&s=df220f23b15a6b403a8a7b799ec894d6a3b64984&type=nv&nvt=5&jm=1003&px=0&py=0&bw=300&bh=250&sid=7701041261294738870&vd=ct~0|rr~0&sv=224&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=21644363&sw=1600&sh=1200&pw=300&ph=250&ww=300&wh=250&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/224/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:34 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 13de4a05-4a17-4882-938b-a27948ee9b70
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://mediawoot.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK 75d02d930b.html Show response
tm.ad-srv.net/tm/a/container/html/ Frame 0942 4 KB
2 KB 199ms
89ms Script
text/html 94.130.160.79
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tm.ad-srv.net/tm/a/container/html/75d02d930b.html?liuid=fd208cb733&cguid=f52ab6ea57&click=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3Fmu8def8TlD-By_7R6qmKPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUPxjQBsbXN2Niw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgARyVegQAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521MBejhwjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjA3MECGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDcw%2Fbn%3D96742%2Fclickenc%3D&eVS=10264&eVR=https%3A%2F%2Fkorrespondent.net%2F&rnd=1800529018
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 94.130.160.79 Karlsruhe, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.79.160.130.94.clients.your-server.de
Software: nginx /
Resource Hash: 90cc872b631d6440b61b9352d57cd1411b6212092d93a139870bf22d93847da5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:34 GMT
Content-Encoding: gzip
Server: nginx
Transfer-Encoding: chunked
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=utf-8
Expires: 0

GET
H/1.1 200
OK trk.js Show response
cdn.adnxs.com/v/s/224/ Frame 0942 85 KB
29 KB 26ms
24ms Script
application/x-javascript 151.101.65.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adnxs.com/v/s/224/trk.js
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: c652cb3dcc3b49133285c42c49b296c3a3af4f9fceffde1022a6e3539e2422b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:34 GMT
Content-Encoding: gzip
Age: 14962023
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 29216
X-Served-By: cache-lga21978-LGA, cache-cdg20764-CDG
Access-Control-Allow-Origin: *, *
Last-Modified: Thu, 24 Feb 2022 08:58:20 GMT
Server: AkamaiNetStorage
X-Timer: S1660655135.768849,VS0,VE0
ETag: "80cd3e09497c9fa4207d756c9d41697c:1645693100.060631"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Via: 1.1 varnish, 1.1 varnish
Expires: Fri, 24 Feb 2023 08:58:29 GMT
Cache-Control: max-age=31536000
Accept-Ranges: bytes
X-Cache-Hits: 848232, 1730737

GET
H/1.1 200
OK it
ams3-ib.adnxs.com/ Frame 0942 0
813 B 199ms
198ms Image
text/html 185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ams3-ib.adnxs.com/it?an_audit=0&referrer=https%253A%252F%252Fkorrespondent.net%252F&e=wqT_3QLBCvD9QQUAAAMA1gAFAQierO6XBhCYoJuw_PrNsWIYw9-bksKpjqAhKjYJmu8def8TlD8Rgcv-0eqpij8ZAAAAQDMz4z8hxUmz3EbBiz8p9aEL6lvmlD8xAAAAQOF6lD8wy4ipCjiYUEDKTkgCUJP8-WZYk8KLAWAAaLTYsAF45vMFgAEBigEDVVNEkgEDRVVSmAGsAqAB-gGoAQGwAQC4AQHAAQXIAQLQAQDYAQDgAQDwAQCKAnd1ZignYScsIDQ1MjUzNjIsIDE2NjA2NTUxMzQpO3VmKCdpJywgNDEyNjE2OSwgMTY2MDY1NTEzNCk7dWYoJ2cnLCAxMTQ5Mzg4NyxCOwAwcicsIDIxNTkwNzg1OTY9APC2kgL9AyFmR1ZsbWdqRmlJMFRFSlA4LVdZWUFDQ1R3b3NCTUFBNEFFQUFTTXBPVU11SXFRcFlBR0RMQm1nQWNBQjRBSUFCQUlnQkFKQUJBWmdCQWFBQkFhZ0JBYkFCQUxrQmtlOEs4T0Y2bERfQkFlckFKVFFuNXBRX3lRRUFBQUFBQUFEd1A5a0I2LUkyR3NCYjd6X2dBZG5yLXdIMUFRclhvenlZQWdDZ0FnRzFBZ0FBQUFDOUFnATnwVURBQWdESUFnRFFBZ0RZQWdEZ0FnRG9BZ0Q0QWdHQUF3R1lBd0c2QXdsQlRWTXpPall3TnpEZ0E0WXZnQVNidmRrRGlBU2N2ZGtEa0FRQW1BUUJ3UVFBAVoFAQhNa0UFCAUBGERZQkFEeEIFDAkBKGlBVzJMNmtGNi1JDbgMLXhCUQkcAQE8d1FWN0ZLNUg0WHFVUDhrRgEUAQEMOERfUi4oAAgyUVUBF_BGQUFBRHdQLUFGLVFfd0JmX0R2UVg0QmJLYWxBS0NCZ05GVlZLSUJnQ1FCZ0dZQmdDaEJuc1Vya2ZoZXBRX3FBWUVzZ1lrQ1EBSAkBAEUdjABHHQwASR0MPHVBWUuaApkBIU1CZWpod2oyAQLYazhLTEFTQUFLQUF4ZXhTdVItRjZsRDg2Q1VGTlV6TTZOakEzTUVDR0wwbnI0allhd0Z2dlAxRQl-AQEERmsBBgkBAEc9TABHHRgASB0YDEhnQWkuFQLw13cuLtgCAOACm4VO6gIaaHR0cHM6Ly9rb3JyZXNwb25kZW50Lm5ldC-AAwCIAwGQAwCYAxegAwGqAwDAA6wCyAMA2AP3_i7gAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQMMTkzLjI3LjE0LjEwqAQAsgQQCAAQARisAiD6ASgAMAA4ArgEAMAEAMgEANIEDzEwMDU4I0FNUzM6NjA3MNoEAggB4AQB8AST_PlmiAUBmAUAoAX___________8BwAUAyQUAAAAAAADwP9IFCQkAAAkOcNgFAeAFAfAFsKIC-gUECAAQAJAGAJgGALgGAMEGCSMo8D_QBrsz2gYWChAJERkBXBAAGADgBgHyBgIIAIAHAYgHAKAHAboHDwFITBgAIAAwADi_BkAAyAfm8wXSBw0JEToBOAjaBwYJJ2jgBwDqBwIIAPAHjKICiggCEACVCAAAgD-YCAE.&s=af251cffd1f304a09ad9140f4cf9aa44e4e8c166

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:34 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 43079a3e-09c6-4581-80de-9cd1ae11d600
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame DA8B 0
741 B 23ms
22ms Script
text/html 185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels&seller_id=10264&pub_id=1821409&gdpr=0

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=1821409

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:34 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 1ae4e177-f32f-4727-85cc-d8ff5d4e60dc
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame F4DA 0
741 B 22ms
22ms Script
text/html 185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels&seller_id=10264&pub_id=1821409&gdpr=0

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=1821409

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:34 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: de59eb5b-3863-4109-8212-360e2b4d7582
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame A8F8 0
741 B 22ms
22ms Script
text/html 185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels&seller_id=10264&pub_id=1821409&gdpr=0

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=1821409

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:34 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: dadc37ff-d76f-476c-8512-0c50c41d3022
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 02A9 0
741 B 23ms
22ms Script
text/html 185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels&seller_id=10264&pub_id=1821409&gdpr=0

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=1821409

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:34 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 271bd1f3-aed7-4418-aca7-42ff056d8e53
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 9AF5 13 KB
5 KB 16ms
15ms Document
text/html 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://korrespondent.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1510
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 16 Aug 2022 12:40:24 GMT
expires: Wed, 16 Aug 2023 12:40:24 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 3512 783 B
536 B 65ms
64ms Document
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

9f90c0f9336d41a52c74f304120cf5e122a92847d9d929ad4988bc7736d2de70

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-CZ1r07ki3D2D9r5dYC4dzA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://korrespondent.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-CZ1r07ki3D2D9r5dYC4dzA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 16 Aug 2022 13:05:34 GMT
expires: Tue, 16 Aug 2022 13:05:34 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 ppA1fI0VetKp8Yjs2tI4w37711CBJFVOi33fKYbLAYg.js Show response
pagead2.googlesyndication.com/bg/ Frame 9AF5 36 KB
14 KB 16ms
16ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/ppA1fI0VetKp8Yjs2tI4w37711CBJFVOi33fKYbLAYg.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a690357c8d157ad2a9f188ecdad238c37efbd7508124554e8b7ddf2986cb0188

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 12:58:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 400
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13955
x-xss-protection: 0
last-modified: Mon, 08 Aug 2022 16:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 16 Aug 2023 12:58:54 GMT

GET
H/1.1 200
OK request.php Show response
ad.ad-srv.net/ Frame 4308 5 KB
2 KB 180ms
73ms Document
text/html 138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dgmyjtldt%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3FywHhN4T7kj8mIw4ZcDWJPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUP1vdUX_lDYVcw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgAMSKnDAAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521MhcqiAjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjEwOECGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MTA4%2Fbn%3D96930%2Fclickenc%3D
Requested by: Host: tm.ad-srv.net
URL: https://tm.ad-srv.net/tm/a/container/html/75d02d930b.html?liuid=fd208cb733&cguid=f52ab6ea57&click=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3FywHhN4T7kj8mIw4ZcDWJPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUP1vdUX_lDYVcw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgAMSKnDAAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521MhcqiAjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjEwOECGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MTA4%2Fbn%3D96930%2Fclickenc%3D&eVS=10264&eVR=https%3A%2F%2Fkorrespondent.net%2F&rnd=2118300996
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: a7dcb6a5b96bbb61e46f148b57aeb95f34128dc3a8b03b72b98abec6089734ff

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 1800
Content-Type: text/html; charset=utf-8
Date: Tue, 16 Aug 2022 13:05:34 GMT
Expires: Tue, 16 Aug 2022 14:05:34 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
X-NEORY-SubId: 16056800079871901467939012053025

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 5DF3 52 KB
17 KB 25ms
24ms Document
text/html 151.101.65.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=1821409
Requested by: Host: mediawoot.com
URL: https://mediawoot.com/r/p.html?f=gmyjtldt&e=1518846443599
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 30239
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Tue, 16 Aug 2022 13:05:34 GMT
ETag: W/"623de86a-cf34"
Expires: Wed, 03 Aug 2022 04:41:10 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 1, 293411
X-Served-By: cache-lga21947-LGA, cache-cdg20745-CDG
X-Timer: S1660655135.840522,VS0,VE0

GET
H/1.1 200
OK rd_log Show response
ams3-ib.adnxs.com/ Frame 5752 0
813 B 25ms
23ms Script
text/html 185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ams3-ib.adnxs.com/rd_log?an_audit=0&referrer=https%3A%2F%2Fkorrespondent.net%2F&e=wqT_3QLYDPD9WAYAAAMA1gAFAQierO6XBhDbusf617zDwlwYw9-bksKpjqAhKjYJywHhN4T7kj8RJiMOGXA1iT8ZAAAAQDMz4z8hxUmz3EbBiz8p9aEL6lvmlD8xAAAAQOF6lD8wy4ipCjiYUEDKTkgCUJP8-WZYk8KLAWAAaLTYsAF4ovUFgAEBigEDVVNEkgEDRVVSmAGsAqAB-gGoAQGwAQC4AQHAAQXIAQLQAQDYAQDgAQDwAQCKAnd1ZignYScsIDQ1MjUzNjIsIDE2NjA2NTUxMzQpO3VmKCdpJywgNDEyNjE2OSwgMTY2MDY1NTEzNCk7dWYoJ2cnLCAxMTQ5Mzg4NyxCOwAwcicsIDIxNTkwNzg1OTY9APC2kgL9AyFwR1gwc1FqRmlJMFRFSlA4LVdZWUFDQ1R3b3NCTUFBNEFFQUFTTXBPVU11SXFRcFlBR0RMQm1nQWNBQjRBSUFCQUlnQkFKQUJBWmdCQWFBQkFhZ0JBYkFCQUxrQmtlOEs4T0Y2bERfQkFlckFKVFFuNXBRX3lRRUFBQUFBQUFEd1A5a0I2LUkyR3NCYjd6X2dBZG5yLXdIMUFRclhvenlZQWdDZ0FnRzFBZ0FBQUFDOUFnATnwVURBQWdESUFnRFFBZ0RZQWdEZ0FnRG9BZ0Q0QWdHQUF3R1lBd0c2QXdsQlRWTXpPall4TURqZ0E0WXZnQVNidmRrRGlBU2N2ZGtEa0FRQW1BUUJ3UVFBAVoFAQhNa0UFCAUBGERZQkFEeEIFDAkBKGlBWGNMNmtGNi1JDbgMLXhCUQkcAQE8d1FWN0ZLNUg0WHFVUDhrRgEUAQEMOERfUi4oAAgyUVUBF_BGQUFBRHdQLUFGLVFfd0JmX0R2UVg0QmJLYWxBS0NCZ05GVlZLSUJnQ1FCZ0dZQmdDaEJuc1Vya2ZoZXBRX3FBWUVzZ1lrQ1EBSAkBAEUdjABHHQwASR0MPHVBWUuaApkBIU1oY3FpQWoyAQLYazhLTEFTQUFLQUF4ZXhTdVItRjZsRDg2Q1VGTlV6TTZOakV3T0VDR0wwbnI0allhd0Z2dlAxRQl-AQEERmsBBgkBAEc9TABHHRgASB0YDEhnQWkuFQLYdy4u2AIA4AKbhU7qAhpodHRwczovL2tvcnJlc3BvbmRlbnQubmV0L_ICEQoGQURWX0lEEgc0NWU_bPICEgoGQ1BHX0lEEggxMTQ5Mzg4N_ICCgoFQ1ABFBgBMPICDQoIATYMRlJFUREQHFJFTV9VU0VSBRAADwkgNENPREUSAzYxNfICFgoIAVQFEkQKZmQyMDhjYjczM_ICCwoHQ1AJGBwA8gIQCgVJTwFmAAdtsBjyAg4KB0lPCSEJSzgTCg9DVVNUT01fTU9ERUwBLhQA8gIaChYyFgAgTEVBRl9OQU1FAR0IHgoaNh0ACEFTVAE-EElGSUVEASEcDQoIU1BMSVQBTfCwATCAAwCIAwGQAwCYAxegAwGqAwDAA6wCyAMA2AP3_i7gAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQMMTkzLjI3LjE0LjEwqAQAsgQQCAAQARisAiD6ASgAMAA4ArgEAMAEAMgEANIEDzEwMDU4I0FNUzM6NjEwONoEAggB4AQB8AST_PlmiAUBmAUAoAX___________8BwAUAyQUAAAAAAADwP9IFCQkABQx4AADYBQHgBQHwBbCiAvoFBAgAEACQBgCYBgC4BgDBBgkkKPA_0Aa7M9oGFgoQCREZAVwQABgA4AYB8gYCCACABwGIBwCgBwG6Bw8BSAgYACABtjC_BkAAyAei9QXSBw0JEToBOAjaBwYJJ2jgBwDqBwIIAPAHjKICiggCEACVCAAAgD-YCAE.&s=b5cce781dde143e62c39ecc9cde525d7e459da81&bdref=https%3A%2F%2Fkorrespondent.net%2F&bdtop=true&bdifs=2&bstk=https%3A%2F%2Fkorrespondent.net%2F,https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dgmyjtldt%26e%3D1518846443599,https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dgmyjtldt%26e%3D1518846443599&

Requested by

Host: mediawoot.com
URL: https://mediawoot.com/r/p.html?f=gmyjtldt&e=1518846443599

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:34 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 3079217b-0e89-4630-a64c-3fffca4f74a6
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

OPTIONS
H2 204 1a
i.clean.gg/ Frame 0
0 159ms
103ms Preflight
text/plain 34.95.69.49
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clean.gg/1a
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.95.69.49 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 49.69.95.34.bc.googleusercontent.com
Software: nginx/1.21.6 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://mediawoot.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Origin,Accept,X-API-Key
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1728000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/plain; charset=utf-8
date: Tue, 16 Aug 2022 13:05:34 GMT
server: nginx/1.21.6
via: 1.1 google

POST
H3 200 1a Show response
i.clean.gg/ Frame 7844 0
15 B 141ms
108ms XHR
application/octet-stream 34.95.69.49
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clean.gg/1a
Requested by: Host: acdn.adnxs-simple.com
URL: https://acdn.adnxs-simple.com/strikeforce/script.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.95.69.49 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 49.69.95.34.bc.googleusercontent.com
Software: nginx/1.21.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: application/json

Response headers

date: Tue, 16 Aug 2022 13:05:35 GMT
via: 1.1 google
server: nginx/1.21.6
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Origin,Accept,X-API-Key
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/octet-stream
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Range
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 / Show response
track.adform.net/adfscript/ Frame 7844 1 KB
1 KB 55ms
40ms Script
text/javascript 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfscript/?bn=56522822;rtbpid=3;rtbinv=${INV_SRC};rtbwp=0.001468-aSZ8vQ1skFbgS6c1PsWr31SY5KfK0X-a0;rtbr=5286895361431168818_1;rtbcid=${ENC_CID};rtbtpc=${ENC_TPC};rtburl=https%3A%2F%2Fkorrespondent.net%2F;rtbcat=${IAB_CATS};rtbdp=${DATA_PROV};rtbdt=${DATA_TYPE};rtbdc=${DATA_FEE_ENC};rtbplc=${ENC_PLC};rtbrmc=${ENC_RMC};rtbdata=r4mjpOpmxotnsaseszv2DPN21W3o9jwO_X7a0d4jQamh4_SVuZ1wZM576b23k3iDv_8QB0OX4Fz5k_K52ZP9K8Uw76OH3MpZX_W3fRtZZ-NikuIl-lO9NARPRKp7X9VUvkaogUZy2g23SN2zfbA3sxmo6_hx9OmR-yKoBwErk4n-CpQUQ-J09gW7rP5bRJFCKvSlVgyr4PELLhhadhf4SDb_119wm4vvzOJ1K38rCGThQW6FXjSrzw2;rtbtest=0

Requested by

Host: acdn.adnxs-simple.com
URL: https://acdn.adnxs-simple.com/strikeforce/script.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

911513e57820016d6743611c67df4b741ac7ef60436b8b7b2f439b4b30eb78c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:34 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 1003
expires: -1

GET
H3 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012208081650000/ Frame 4039 220 KB
60 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012208081650000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js?cb=31068970

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d2e5722cf0b8d8df31200550801d755733c56d9ca2758b7041fbed009e0c9d08

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 64341
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61502
x-xss-protection: 0
server: sffe
date: Mon, 15 Aug 2022 19:13:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "df13b0b17adb5918"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 15 Aug 2023 19:13:13 GMT

GET
H3 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012208081650000/v0/ Frame 4039 14 KB
5 KB 22ms
19ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012208081650000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js?cb=31068970

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1e14ddde632bad66a3f79d6dc2c6a212d3b1b5cd8100cb6b73984b8797c5ed86

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 64341
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5197
x-xss-protection: 0
server: sffe
date: Mon, 15 Aug 2022 19:13:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "aca8368210f82021"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 15 Aug 2023 19:13:13 GMT

GET
H3 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012208081650000/v0/ Frame 4039 94 KB
28 KB 23ms
21ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012208081650000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js?cb=31068970

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

70fa25d0cd4744b6b91054ad55e3e931dad31cc85915b13e33e4e674426c7cc1

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 64341
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28794
x-xss-protection: 0
server: sffe
date: Mon, 15 Aug 2022 19:13:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "cc093c4134ec5f1e"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 15 Aug 2023 19:13:13 GMT

GET
H3 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012208081650000/v0/ Frame 4039 5 KB
2 KB 26ms
24ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012208081650000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js?cb=31068970

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec61d9fd1b3609a3a53f377ed07059c3dc7d2cb1502022e0623b4ebc1ea0f35e

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 64341
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1913
x-xss-protection: 0
server: sffe
date: Mon, 15 Aug 2022 19:13:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "ef17e6cba96d5668"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 15 Aug 2023 19:13:13 GMT

GET
H3 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012208081650000/v0/ Frame 4039 40 KB
13 KB 26ms
24ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012208081650000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js?cb=31068970

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d200dc372fb333c0ca488fba2a569a686cbf5f1ba0cc0544a4a8c96a4f91de3

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 64341
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12948
x-xss-protection: 0
server: sffe
date: Mon, 15 Aug 2022 19:13:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "08e07a681963ea9f"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 15 Aug 2023 19:13:13 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 4039 6 KB
672 B 54ms
52ms Stylesheet
text/css 2a00:1450:400e:80c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js?cb=31068970

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:80c::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e0be1d222e2e367ac5106f4aee4830c3de18af1d266f8cde53915e11e8b01bfd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 16 Aug 2022 13:01:08 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 16 Aug 2022 13:05:34 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 16 Aug 2022 13:05:34 GMT

GET
H3 200 ru.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 4039 3 KB
3 KB 18ms
16ms Image
image/png 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/ru.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js?cb=31068970

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fed2d61088cba54be39b2069add7103160e31f07c950c0e2e7706d6d6dc9ebf6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 19:13:14 GMT
x-content-type-options: nosniff
server: cafe
age: 64340
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 6726277462267614359
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3041
x-xss-protection: 0
expires: Tue, 16 Aug 2022 19:13:14 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 4039 344 B
379 B 18ms
17ms Image
image/png 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js?cb=31068970

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 19:13:14 GMT
x-content-type-options: nosniff
server: cafe
age: 64340
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 6766994032117382215
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 344
x-xss-protection: 0
expires: Tue, 16 Aug 2022 19:13:14 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 4039 0
0 162ms
161ms Image
text/html 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CBvv3Hpb7YtaxI4iN9u8PiP2E0Avint_ha_Tr7fiGENvZHhABINbmxVhglYKAgJQHoAGG76uVAsgBCeACAKgDAcgDCqoE4QJP0OgMFLlGXe7P1Zhz3XHO_M2Ye8ynIyQSDaSGK8bztRbFHBxe55goOpD2eII3zxGwot4EJSGiHOc0IPVNUU3DGBejusiEoHZo5hZg1_8dMxvXWoo1L6eMumVI7m2FYWPW2vCM-WuxZ3Bmd5FvfWWUzmEdhltwf8FPi9xNayQbjMaXQ1oQrN4PVIcNgvBLEAbRTFRw_kq-IVfDihgztiinIKRkgupsFRj01dRTEoQ9aGd4rauiJCbH2jsye_ywY0V4J2Ds01bNpKSwGkuhhPE5J9ECdAXlrPkti-lv0TwB1UmF-vkGm0_kC5Kc-oFp56cOeuspkS_UoqTYDfywpV7k6MCkkBAnydGX5qQhF4fH_fiEgjYCks3ZHN2sUc9OOH9yV0ylmFpN4A2RWak0EkEg1hfmpMWMa0ZFGvhffHNkq4YG0Gqezz76KkXojHH1JQDcNfCX06bfF6XBMr8C2wqPHMAEn4bZ3NoD4AQBkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBi6AB-KQ1OoBqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQt44D0ggRCIDhgBAQARgdMgKqAjoCgEDyCBthZHgtc3Vic3luLTIwMjAzNDQyNDY4NDgxNTWACgPICwG4E-QD2BMM0BUBmBYBgBcBshceChwIABIUcHViLTIxMjg3NTcxNjc4MTI2NjMY3O1q&sigh=RwSUVkTLR2M&uach_m=[UACH]&template_id=484
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s65-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

GET
H3 200 2076313506083323656
tpc.googlesyndication.com/simgad/8962205216556321758/ Frame 4039 48 KB
48 KB 20ms
20ms Image
image/jpeg 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8962205216556321758/2076313506083323656

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9c8f169f065ae44c814028469c86774cf78a538f351c3f452364d97f4ca6bb04

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Wed, 10 Aug 2022 09:56:10 GMT
x-content-type-options: nosniff
age: 529764
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49359
x-xss-protection: 0
last-modified: Wed, 10 Aug 2022 09:24:06 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 10 Aug 2023 09:56:10 GMT

GET
DATA 200
OK truncated
/ Frame 4039 218 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 23dde3a5c9d1a8285c0f4803ef23ef566d22569b8ac82582e3d08d2453fbd0fe

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 4039 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 10231401bcbe13b1946b9fef63f67bca361c37a41100a33e35876abec6ff9730

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/png

POST
H/1.1 200
OK vevent
ams3-ib.adnxs.com/ Frame 5752 0
833 B 82ms
80ms Ping
text/html 185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ams3-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fkorrespondent.net%2F&e=wqT_3QLBCvD9QQUAAAMA1gAFAQierO6XBhDbusf617zDwlwYw9-bksKpjqAhKjYJywHhN4T7kj8RJiMOGXA1iT8ZAAAAQDMz4z8hxUmz3EbBiz8p9aEL6lvmlD8xAAAAQOF6lD8wy4ipCjiYUEDKTkgCUJP8-WZYk8KLAWAAaLTYsAF4ovUFgAEBigEDVVNEkgEDRVVSmAGsAqAB-gGoAQGwAQC4AQHAAQXIAQLQAQDYAQDgAQDwAQCKAnd1ZignYScsIDQ1MjUzNjIsIDE2NjA2NTUxMzQpO3VmKCdpJywgNDEyNjE2OSwgMTY2MDY1NTEzNCk7dWYoJ2cnLCAxMTQ5Mzg4NyxCOwAwcicsIDIxNTkwNzg1OTY9APC2kgL9AyFwR1gwc1FqRmlJMFRFSlA4LVdZWUFDQ1R3b3NCTUFBNEFFQUFTTXBPVU11SXFRcFlBR0RMQm1nQWNBQjRBSUFCQUlnQkFKQUJBWmdCQWFBQkFhZ0JBYkFCQUxrQmtlOEs4T0Y2bERfQkFlckFKVFFuNXBRX3lRRUFBQUFBQUFEd1A5a0I2LUkyR3NCYjd6X2dBZG5yLXdIMUFRclhvenlZQWdDZ0FnRzFBZ0FBQUFDOUFnATnwVURBQWdESUFnRFFBZ0RZQWdEZ0FnRG9BZ0Q0QWdHQUF3R1lBd0c2QXdsQlRWTXpPall4TURqZ0E0WXZnQVNidmRrRGlBU2N2ZGtEa0FRQW1BUUJ3UVFBAVoFAQhNa0UFCAUBGERZQkFEeEIFDAkBKGlBWGNMNmtGNi1JDbgMLXhCUQkcAQE8d1FWN0ZLNUg0WHFVUDhrRgEUAQEMOERfUi4oAAgyUVUBF_BGQUFBRHdQLUFGLVFfd0JmX0R2UVg0QmJLYWxBS0NCZ05GVlZLSUJnQ1FCZ0dZQmdDaEJuc1Vya2ZoZXBRX3FBWUVzZ1lrQ1EBSAkBAEUdjABHHQwASR0MPHVBWUuaApkBIU1oY3FpQWoyAQLYazhLTEFTQUFLQUF4ZXhTdVItRjZsRDg2Q1VGTlV6TTZOakV3T0VDR0wwbnI0allhd0Z2dlAxRQl-AQEERmsBBgkBAEc9TABHHRgASB0YDEhnQWkuFQLw13cuLtgCAOACm4VO6gIaaHR0cHM6Ly9rb3JyZXNwb25kZW50Lm5ldC-AAwCIAwGQAwCYAxegAwGqAwDAA6wCyAMA2AP3_i7gAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQMMTkzLjI3LjE0LjEwqAQAsgQQCAAQARisAiD6ASgAMAA4ArgEAMAEAMgEANIEDzEwMDU4I0FNUzM6NjEwONoEAggB4AQB8AST_PlmiAUBmAUAoAX___________8BwAUAyQUAAAAAAADwP9IFCQkAAAkOcNgFAeAFAfAFsKIC-gUECAAQAJAGAJgGALgGAMEGCSMo8D_QBrsz2gYWChAJERkBXBAAGADgBgHyBgIIAIAHAYgHAKAHAboHDwFITBgAIAAwADi_BkAAyAei9QXSBw0JEToBOAjaBwYJJ2jgBwDqBwIIAPAHjKICiggCEACVCAAAgD-YCAE.&s=b44e316fcdeb4768672b3f7d8609be82f627a5a0&type=nv&nvt=5&jm=1003&px=0&py=0&bw=300&bh=250&sid=7701041261294738870&vd=ct~0|rr~0&sv=224&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=21644363&sw=1600&sh=1200&pw=300&ph=250&ww=300&wh=250&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/224/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:35 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: bdc6b614-c457-4a27-a662-b8afbd5efb4f
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://mediawoot.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 5DF3 0
741 B 23ms
22ms Script
text/html 185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels&seller_id=10264&pub_id=1821409&gdpr=0

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=1821409

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:35 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: b2152ee7-3ac3-4df2-bb93-faa0bbafa207
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK viewability Show response
ad25.ad-srv.net/ Frame 99FA 0
150 B 114ms
30ms Script
text/html 138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad25.ad-srv.net/viewability?s=39020200079871301467939012053025&a=df6e7727&vb=m
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dmylhifuyj%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3Fmu8def8TlD-By_7R6qmKPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUPyZXAqiBMUdhw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgAQSROKgAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521NRf9iAjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjAzOUCGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDM5%2Fbn%3D96578%2Fclickenc%3D&uidRedirect=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:35 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1

200
OK

request.php Show response
ad.ad-srv.net/ Frame 6BDF
Redirect Chain

https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=61a5d4f56c48fdD3MUNnI6FYA1LGZkZGfjPQA1DoEIgfbf00lZwpdZ3oGm-pjgxZ2eN9...
https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=61a5d4f56c48fdD3MUNnI6FYA1LGZkZGfjPQA1DoEIgfbf00lZwpdZ3oGm-pjgxZ2eN9...

5 KB
2 KB

111ms
54ms

Document
text/html

138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=61a5d4f56c48fdD3MUNnI6FYA1LGZkZGfjPQA1DoEIgfbf00lZwpdZ3oGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=39020200079871301467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fp5ca3cup5eyc2o6%3Ftprde%3D&uidRedirect=1
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dmylhifuyj%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3Fmu8def8TlD-By_7R6qmKPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUPyZXAqiBMUdhw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgAQSROKgAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521NRf9iAjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjAzOUCGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDM5%2Fbn%3D96578%2Fclickenc%3D&uidRedirect=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 53e50f33b8e44604f22c6cc9bd7032df8358cb5cad199f471a27d7d680ea8dd4

Request headers

Referer: https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dmylhifuyj%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3Fmu8def8TlD-By_7R6qmKPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUPyZXAqiBMUdhw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgAQSROKgAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521NRf9iAjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjAzOUCGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDM5%2Fbn%3D96578%2Fclickenc%3D&uidRedirect=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 1570
Content-Type: text/html; charset=utf-8
Date: Tue, 16 Aug 2022 13:05:35 GMT
Expires: Tue, 16 Aug 2022 14:05:35 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
X-NEORY-SubId: 24397500079872301649441012053025

Redirect headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Tue, 16 Aug 2022 13:05:35 GMT
Expires: Tue, 16 Aug 2022 14:05:35 +0200
Location: request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=61a5d4f56c48fdD3MUNnI6FYA1LGZkZGfjPQA1DoEIgfbf00lZwpdZ3oGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=39020200079871301467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fp5ca3cup5eyc2o6%3Ftprde%3D&uidRedirect=1
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache

GET
DATA 200
OK truncated
/ Frame 99FA 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK addDoubleBorder.js Show response
cdn.contentspread.net/cynamics/tools/js/ Frame 99FA 851 B
1 KB 152ms
28ms Script
application/javascript 88.99.70.21
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.contentspread.net/cynamics/tools/js/addDoubleBorder.js
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dmylhifuyj%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3Fmu8def8TlD-By_7R6qmKPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUPyZXAqiBMUdhw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgAQSROKgAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521NRf9iAjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjAzOUCGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDM5%2Fbn%3D96578%2Fclickenc%3D&uidRedirect=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.70.21 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.21.70.99.88.clients.your-server.de
Software: nginx /
Resource Hash: abaa484421865309a7781e540844f1b5260ed131080f8dd9f083d8f18beea107

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:35 GMT
Last-Modified: Tue, 03 May 2016 20:55:13 GMT
Server: nginx
ETag: "57291031-353"
Content-Type: application/javascript
Connection: close
Accept-Ranges: bytes
Content-Length: 851

GET
H2 200 bootstrap.js Show response
s1.adform.net/stoat/626/s1.adform.net/ Frame 7844 33 KB
16 KB 196ms
35ms Script
text/javascript 37.157.2.247
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by: Host: acdn.adnxs-simple.com
URL: https://acdn.adnxs-simple.com/strikeforce/script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.2.247 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 0ce978a7907fdf3a7b393ff68e8c0c17703c7f2eae4772b4bdce769668118dda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:35 GMT
content-encoding: gzip
last-modified: Wed, 27 Jul 2022 07:02:09 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Wed, 17 Aug 2022 16:13:23 GMT

GET
H/1.1 200
OK viewability Show response
ad25.ad-srv.net/ Frame 240C 0
150 B 110ms
30ms Script
text/html 138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad25.ad-srv.net/viewability?s=44045500079871201467939012053025&a=98052122&vb=m
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dluzlkxf%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3FywHhN4T7kj8mIw4ZcDWJPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUP3DWELS0rZcdw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgAdSLiIgAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521MBedhwjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjAxNkCGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDE2%2Fbn%3D96473%2Fclickenc%3D&uidRedirect=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:35 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1

200
OK

request.php Show response
ad.ad-srv.net/ Frame 56DE
Redirect Chain

https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=b42e0c11bdb9nURHeQtJyh0FGA2RGZmRYfjDGA0JHIYAXlBadXAaoGm-pjgxZ2eN9wub...
https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=b42e0c11bdb9nURHeQtJyh0FGA2RGZmRYfjDGA0JHIYAXlBadXAaoGm-pjgxZ2eN9wub...

5 KB
2 KB

123ms
48ms

Document
text/html

138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=b42e0c11bdb9nURHeQtJyh0FGA2RGZmRYfjDGA0JHIYAXlBadXAaoGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=44045500079871201467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fp9a21ezln8dufjv%3Ftprde%3D&uidRedirect=1
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dluzlkxf%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3FywHhN4T7kj8mIw4ZcDWJPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUP3DWELS0rZcdw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgAdSLiIgAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521MBedhwjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjAxNkCGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDE2%2Fbn%3D96473%2Fclickenc%3D&uidRedirect=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: b8a078bc5a6c3627f22aa58228fce4d5718eba63f8bb7240a660480789ac6fb6

Request headers

Referer: https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dluzlkxf%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3FywHhN4T7kj8mIw4ZcDWJPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUP3DWELS0rZcdw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgAdSLiIgAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521MBedhwjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjAxNkCGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDE2%2Fbn%3D96473%2Fclickenc%3D&uidRedirect=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 1568
Content-Type: text/html; charset=utf-8
Date: Tue, 16 Aug 2022 13:05:35 GMT
Expires: Tue, 16 Aug 2022 14:05:35 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
X-NEORY-SubId: 52487000079872401649441012053025

Redirect headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Tue, 16 Aug 2022 13:05:35 GMT
Expires: Tue, 16 Aug 2022 14:05:35 +0200
Location: request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=b42e0c11bdb9nURHeQtJyh0FGA2RGZmRYfjDGA0JHIYAXlBadXAaoGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=44045500079871201467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fp9a21ezln8dufjv%3Ftprde%3D&uidRedirect=1
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache

GET
DATA 200
OK truncated
/ Frame 240C 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK addDoubleBorder.js Show response
cdn.contentspread.net/cynamics/tools/js/ Frame 240C 851 B
1 KB 148ms
28ms Script
application/javascript 88.99.70.21
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.contentspread.net/cynamics/tools/js/addDoubleBorder.js
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dluzlkxf%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3FywHhN4T7kj8mIw4ZcDWJPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUP3DWELS0rZcdw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgAdSLiIgAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521MBedhwjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjAxNkCGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDE2%2Fbn%3D96473%2Fclickenc%3D&uidRedirect=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.70.21 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.21.70.99.88.clients.your-server.de
Software: nginx /
Resource Hash: abaa484421865309a7781e540844f1b5260ed131080f8dd9f083d8f18beea107

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:35 GMT
Last-Modified: Tue, 03 May 2016 20:55:13 GMT
Server: nginx
ETag: "57291031-353"
Content-Type: application/javascript
Connection: close
Accept-Ranges: bytes
Content-Length: 851

GET
H/1.1 200
OK viewability Show response
ad25.ad-srv.net/ Frame ECB5 0
150 B 503ms
376ms Script
text/html 138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad25.ad-srv.net/viewability?s=99284700079871401467939012053025&a=0259ddbf&vb=m
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dyvmanyrg%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3Fmu8def8TlD-By_7R6qmKPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUP9Z4kkc6no0Kw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgAViUgiQAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521MBeghwjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjA0M0CGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDQz%2Fbn%3D96624%2Fclickenc%3D&uidRedirect=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:35 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1

200
OK

request.php Show response
ad.ad-srv.net/ Frame D0FD
Redirect Chain

https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=488d7e08bb01jEPSHZNbIcYg0HwAkRmZkPYZ0HQgSI1FabXmYkpYeloGm-pjgxZ2eN9w...
https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=488d7e08bb01jEPSHZNbIcYg0HwAkRmZkPYZ0HQgSI1FabXmYkpYeloGm-pjgxZ2eN9w...

5 KB
2 KB

174ms
81ms

Document
text/html

138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=488d7e08bb01jEPSHZNbIcYg0HwAkRmZkPYZ0HQgSI1FabXmYkpYeloGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=99284700079871401467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fp8kzgvxbse3un4j%3Ftprde%3D&uidRedirect=1
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dyvmanyrg%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3Fmu8def8TlD-By_7R6qmKPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUP9Z4kkc6no0Kw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgAViUgiQAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521MBeghwjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjA0M0CGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDQz%2Fbn%3D96624%2Fclickenc%3D&uidRedirect=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 93fef8b32bf9abc68437fb83d7b979c743145aca37c844d9bf2748fad65a2191

Request headers

Referer: https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dyvmanyrg%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3Fmu8def8TlD-By_7R6qmKPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUP9Z4kkc6no0Kw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgAViUgiQAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521MBeghwjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjA0M0CGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDQz%2Fbn%3D96624%2Fclickenc%3D&uidRedirect=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 1568
Content-Type: text/html; charset=utf-8
Date: Tue, 16 Aug 2022 13:05:35 GMT
Expires: Tue, 16 Aug 2022 14:05:35 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
X-NEORY-SubId: 40559400079872701649441012053025

Redirect headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Tue, 16 Aug 2022 13:05:35 GMT
Expires: Tue, 16 Aug 2022 14:05:35 +0200
Location: request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=488d7e08bb01jEPSHZNbIcYg0HwAkRmZkPYZ0HQgSI1FabXmYkpYeloGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=99284700079871401467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fp8kzgvxbse3un4j%3Ftprde%3D&uidRedirect=1
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache

GET
DATA 200
OK truncated
/ Frame ECB5 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK addDoubleBorder.js Show response
cdn.contentspread.net/cynamics/tools/js/ Frame ECB5 851 B
1 KB 149ms
28ms Script
application/javascript 88.99.70.21
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.contentspread.net/cynamics/tools/js/addDoubleBorder.js
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dyvmanyrg%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3Fmu8def8TlD-By_7R6qmKPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUP9Z4kkc6no0Kw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgAViUgiQAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521MBeghwjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjA0M0CGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDQz%2Fbn%3D96624%2Fclickenc%3D&uidRedirect=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.70.21 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.21.70.99.88.clients.your-server.de
Software: nginx /
Resource Hash: abaa484421865309a7781e540844f1b5260ed131080f8dd9f083d8f18beea107

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:35 GMT
Last-Modified: Tue, 03 May 2016 20:55:13 GMT
Server: nginx
ETag: "57291031-353"
Content-Type: application/javascript
Connection: close
Accept-Ranges: bytes
Content-Length: 851

GET
H/1.1 200
OK request.php Show response
ad.ad-srv.net/ Frame D851 5 KB
2 KB 152ms
71ms Document
text/html 138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Davonrza%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3Fmu8def8TlD-By_7R6qmKPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUPxjQBsbXN2Niw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgARyVegQAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521MBejhwjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjA3MECGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDcw%2Fbn%3D96742%2Fclickenc%3D
Requested by: Host: tm.ad-srv.net
URL: https://tm.ad-srv.net/tm/a/container/html/75d02d930b.html?liuid=fd208cb733&cguid=f52ab6ea57&click=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3Fmu8def8TlD-By_7R6qmKPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUPxjQBsbXN2Niw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgARyVegQAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521MBejhwjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjA3MECGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDcw%2Fbn%3D96742%2Fclickenc%3D&eVS=10264&eVR=https%3A%2F%2Fkorrespondent.net%2F&rnd=1800529018
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 3f4520d40b04f68db0fba13757a4a6aa9029dab0c4cc1741838e827da45a2b82

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 1799
Content-Type: text/html; charset=utf-8
Date: Tue, 16 Aug 2022 13:05:35 GMT
Expires: Tue, 16 Aug 2022 14:05:35 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
X-NEORY-SubId: 82720000079872201467939012053025

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame A446 52 KB
17 KB 29ms
29ms Document
text/html 151.101.65.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=1821409
Requested by: Host: mediawoot.com
URL: https://mediawoot.com/r/p.html?f=avonrza&e=1518846443599
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 30239
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Tue, 16 Aug 2022 13:05:35 GMT
ETag: W/"623de86a-cf34"
Expires: Wed, 03 Aug 2022 04:41:10 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 1, 293415
X-Served-By: cache-lga21947-LGA, cache-cdg20745-CDG
X-Timer: S1660655135.035925,VS0,VE0

GET
H/1.1 200
OK rd_log Show response
ams3-ib.adnxs.com/ Frame 0942 0
813 B 23ms
22ms Script
text/html 185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ams3-ib.adnxs.com/rd_log?an_audit=0&referrer=https%3A%2F%2Fkorrespondent.net%2F&e=wqT_3QLYDPD9WAYAAAMA1gAFAQierO6XBhCYoJuw_PrNsWIYw9-bksKpjqAhKjYJmu8def8TlD8Rgcv-0eqpij8ZAAAAQDMz4z8hxUmz3EbBiz8p9aEL6lvmlD8xAAAAQOF6lD8wy4ipCjiYUEDKTkgCUJP8-WZYk8KLAWAAaLTYsAF45vMFgAEBigEDVVNEkgEDRVVSmAGsAqAB-gGoAQGwAQC4AQHAAQXIAQLQAQDYAQDgAQDwAQCKAnd1ZignYScsIDQ1MjUzNjIsIDE2NjA2NTUxMzQpO3VmKCdpJywgNDEyNjE2OSwgMTY2MDY1NTEzNCk7dWYoJ2cnLCAxMTQ5Mzg4NyxCOwAwcicsIDIxNTkwNzg1OTY9APC2kgL9AyFmR1ZsbWdqRmlJMFRFSlA4LVdZWUFDQ1R3b3NCTUFBNEFFQUFTTXBPVU11SXFRcFlBR0RMQm1nQWNBQjRBSUFCQUlnQkFKQUJBWmdCQWFBQkFhZ0JBYkFCQUxrQmtlOEs4T0Y2bERfQkFlckFKVFFuNXBRX3lRRUFBQUFBQUFEd1A5a0I2LUkyR3NCYjd6X2dBZG5yLXdIMUFRclhvenlZQWdDZ0FnRzFBZ0FBQUFDOUFnATnwVURBQWdESUFnRFFBZ0RZQWdEZ0FnRG9BZ0Q0QWdHQUF3R1lBd0c2QXdsQlRWTXpPall3TnpEZ0E0WXZnQVNidmRrRGlBU2N2ZGtEa0FRQW1BUUJ3UVFBAVoFAQhNa0UFCAUBGERZQkFEeEIFDAkBKGlBVzJMNmtGNi1JDbgMLXhCUQkcAQE8d1FWN0ZLNUg0WHFVUDhrRgEUAQEMOERfUi4oAAgyUVUBF_BGQUFBRHdQLUFGLVFfd0JmX0R2UVg0QmJLYWxBS0NCZ05GVlZLSUJnQ1FCZ0dZQmdDaEJuc1Vya2ZoZXBRX3FBWUVzZ1lrQ1EBSAkBAEUdjABHHQwASR0MPHVBWUuaApkBIU1CZWpod2oyAQLYazhLTEFTQUFLQUF4ZXhTdVItRjZsRDg2Q1VGTlV6TTZOakEzTUVDR0wwbnI0allhd0Z2dlAxRQl-AQEERmsBBgkBAEc9TABHHRgASB0YDEhnQWkuFQLYdy4u2AIA4AKbhU7qAhpodHRwczovL2tvcnJlc3BvbmRlbnQubmV0L_ICEQoGQURWX0lEEgc0NWU_NPICEgoGQ1BHX0lEEggxbRkY8gIKCgVDUAEUGAEw8gINCggBNgxGUkVRERAcUkVNX1VTRVIFEAAPCSA0Q09ERRIDNjE18gIWCggBVAUSRApmZDIwOGNiNzMz8gILCgdDUAkYHADyAhAKBUlPAWYAB22wGPICDgoHSU8JIQlLOBMKD0NVU1RPTV9NT0RFTAEuFADyAhoKFjIWACBMRUFGX05BTUUBHQgeCho2HQAIQVNUAT4QSUZJRUQBIRwNCghTUExJVAFN8LABMIADAIgDAZADAJgDF6ADAaoDAMADrALIAwDYA_f-LuADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBAwxOTMuMjcuMTQuMTCoBACyBBAIABABGKwCIPoBKAAwADgCuAQAwAQAyAQA0gQPMTAwNTgjQU1TMzo2MDcw2gQCCAHgBAHwBJP8-WaIBQGYBQCgBf___________wHABQDJBQAAAAAAAPA_0gUJCQAFDHgAANgFAeAFAfAFsKIC-gUECAAQAJAGAJgGALgGAMEGCSQo8D_QBrsz2gYWChAJERkBXBAAGADgBgHyBgIIAIAHAYgHAKAHAboHDwFICBgAIAG2ML8GQADIB-bzBdIHDQkROgE4CNoHBgknaOAHAOoHAggA8AeMogKKCAIQAJUIAACAP5gIAQ..&s=ea5d3c36b6f925f9da71476857d39ee8829b2eef&bdref=https%3A%2F%2Fkorrespondent.net%2F&bdtop=true&bdifs=2&bstk=https%3A%2F%2Fkorrespondent.net%2F,https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Davonrza%26e%3D1518846443599,https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Davonrza%26e%3D1518846443599&

Requested by

Host: mediawoot.com
URL: https://mediawoot.com/r/p.html?f=avonrza&e=1518846443599

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:35 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: a6055a74-213c-4ceb-b4c7-6d483ac234b5
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 4039 15 KB
16 KB 16ms
15ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://korrespondent.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Sun, 14 Aug 2022 05:29:41 GMT
x-content-type-options: nosniff
age: 200154
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 14 Aug 2023 05:29:41 GMT

GET
H3 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 4039 15 KB
15 KB 16ms
16ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://korrespondent.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Mon, 15 Aug 2022 11:47:17 GMT
x-content-type-options: nosniff
age: 91098
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15740
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 15 Aug 2023 11:47:17 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 3512 0
0 49ms
48ms Image
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022081101&jk=3678178603685707&rc=
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

GET
H/1.1 200
OK viewability Show response
ad25.ad-srv.net/ Frame 93E3 0
150 B 163ms
55ms Script
text/html 138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad25.ad-srv.net/viewability?s=19324500079871501467939012053025&a=f4b4713f&vb=m
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dqhnmckig%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3Fmu8def8TlD-By_7R6qmKPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUP0VJlOaZGFkzw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgABSXRbAAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521Khf4hQjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjAwMUCGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDAx%2Fbn%3D96382%2Fclickenc%3D&uidRedirect=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:35 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1

200
OK

request.php Show response
ad.ad-srv.net/ Frame B0C4
Redirect Chain

https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=4f3fcc6aa457NUPAKYNbIcYg0HwAkRmZkPYZ0HQgSI1FUmfGB38lbjoGm-pjgxZ2eN9w...
https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=4f3fcc6aa457NUPAKYNbIcYg0HwAkRmZkPYZ0HQgSI1FUmfGB38lbjoGm-pjgxZ2eN9w...

5 KB
2 KB

228ms
118ms

Document
text/html

138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=4f3fcc6aa457NUPAKYNbIcYg0HwAkRmZkPYZ0HQgSI1FUmfGB38lbjoGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=19324500079871501467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fp0oa8z4rhgh6fd1%3Ftprde%3D&uidRedirect=1
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dqhnmckig%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3Fmu8def8TlD-By_7R6qmKPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUP0VJlOaZGFkzw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgABSXRbAAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521Khf4hQjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjAwMUCGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDAx%2Fbn%3D96382%2Fclickenc%3D&uidRedirect=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 2664d724d3ff283ff35557ae0e4b489320a21ef1bda83c9ac2cc178f48baec2c

Request headers

Referer: https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dqhnmckig%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3Fmu8def8TlD-By_7R6qmKPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUP0VJlOaZGFkzw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgABSXRbAAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521Khf4hQjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjAwMUCGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDAx%2Fbn%3D96382%2Fclickenc%3D&uidRedirect=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 1566
Content-Type: text/html; charset=utf-8
Date: Tue, 16 Aug 2022 13:05:35 GMT
Expires: Tue, 16 Aug 2022 14:05:35 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
X-NEORY-SubId: 97672800079872801649441012053025

Redirect headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Tue, 16 Aug 2022 13:05:35 GMT
Expires: Tue, 16 Aug 2022 14:05:35 +0200
Location: request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=4f3fcc6aa457NUPAKYNbIcYg0HwAkRmZkPYZ0HQgSI1FUmfGB38lbjoGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=19324500079871501467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fp0oa8z4rhgh6fd1%3Ftprde%3D&uidRedirect=1
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache

GET
DATA 200
OK truncated
/ Frame 93E3 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK addDoubleBorder.js Show response
cdn.contentspread.net/cynamics/tools/js/ Frame 93E3 851 B
1 KB 122ms
30ms Script
application/javascript 88.99.70.21
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.contentspread.net/cynamics/tools/js/addDoubleBorder.js
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dqhnmckig%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3Fmu8def8TlD-By_7R6qmKPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUP0VJlOaZGFkzw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgABSXRbAAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521Khf4hQjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjAwMUCGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDAx%2Fbn%3D96382%2Fclickenc%3D&uidRedirect=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.70.21 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.21.70.99.88.clients.your-server.de
Software: nginx /
Resource Hash: abaa484421865309a7781e540844f1b5260ed131080f8dd9f083d8f18beea107

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:35 GMT
Last-Modified: Tue, 03 May 2016 20:55:13 GMT
Server: nginx
ETag: "57291031-353"
Content-Type: application/javascript
Connection: close
Accept-Ranges: bytes
Content-Length: 851

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 9AF5 0
12 B 15ms
15ms Image
text/plain 2a00:1450:4001:806::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?tiCGxg
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:35 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

POST
H/1.1 200
OK vevent
ams3-ib.adnxs.com/ Frame 0942 0
833 B 46ms
46ms Ping
text/html 185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ams3-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fkorrespondent.net%2F&e=wqT_3QLBCvD9QQUAAAMA1gAFAQierO6XBhCYoJuw_PrNsWIYw9-bksKpjqAhKjYJmu8def8TlD8Rgcv-0eqpij8ZAAAAQDMz4z8hxUmz3EbBiz8p9aEL6lvmlD8xAAAAQOF6lD8wy4ipCjiYUEDKTkgCUJP8-WZYk8KLAWAAaLTYsAF45vMFgAEBigEDVVNEkgEDRVVSmAGsAqAB-gGoAQGwAQC4AQHAAQXIAQLQAQDYAQDgAQDwAQCKAnd1ZignYScsIDQ1MjUzNjIsIDE2NjA2NTUxMzQpO3VmKCdpJywgNDEyNjE2OSwgMTY2MDY1NTEzNCk7dWYoJ2cnLCAxMTQ5Mzg4NyxCOwAwcicsIDIxNTkwNzg1OTY9APC2kgL9AyFmR1ZsbWdqRmlJMFRFSlA4LVdZWUFDQ1R3b3NCTUFBNEFFQUFTTXBPVU11SXFRcFlBR0RMQm1nQWNBQjRBSUFCQUlnQkFKQUJBWmdCQWFBQkFhZ0JBYkFCQUxrQmtlOEs4T0Y2bERfQkFlckFKVFFuNXBRX3lRRUFBQUFBQUFEd1A5a0I2LUkyR3NCYjd6X2dBZG5yLXdIMUFRclhvenlZQWdDZ0FnRzFBZ0FBQUFDOUFnATnwVURBQWdESUFnRFFBZ0RZQWdEZ0FnRG9BZ0Q0QWdHQUF3R1lBd0c2QXdsQlRWTXpPall3TnpEZ0E0WXZnQVNidmRrRGlBU2N2ZGtEa0FRQW1BUUJ3UVFBAVoFAQhNa0UFCAUBGERZQkFEeEIFDAkBKGlBVzJMNmtGNi1JDbgMLXhCUQkcAQE8d1FWN0ZLNUg0WHFVUDhrRgEUAQEMOERfUi4oAAgyUVUBF_BGQUFBRHdQLUFGLVFfd0JmX0R2UVg0QmJLYWxBS0NCZ05GVlZLSUJnQ1FCZ0dZQmdDaEJuc1Vya2ZoZXBRX3FBWUVzZ1lrQ1EBSAkBAEUdjABHHQwASR0MPHVBWUuaApkBIU1CZWpod2oyAQLYazhLTEFTQUFLQUF4ZXhTdVItRjZsRDg2Q1VGTlV6TTZOakEzTUVDR0wwbnI0allhd0Z2dlAxRQl-AQEERmsBBgkBAEc9TABHHRgASB0YDEhnQWkuFQLw13cuLtgCAOACm4VO6gIaaHR0cHM6Ly9rb3JyZXNwb25kZW50Lm5ldC-AAwCIAwGQAwCYAxegAwGqAwDAA6wCyAMA2AP3_i7gAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQMMTkzLjI3LjE0LjEwqAQAsgQQCAAQARisAiD6ASgAMAA4ArgEAMAEAMgEANIEDzEwMDU4I0FNUzM6NjA3MNoEAggB4AQB8AST_PlmiAUBmAUAoAX___________8BwAUAyQUAAAAAAADwP9IFCQkAAAkOcNgFAeAFAfAFsKIC-gUECAAQAJAGAJgGALgGAMEGCSMo8D_QBrsz2gYWChAJERkBXBAAGADgBgHyBgIIAIAHAYgHAKAHAboHDwFITBgAIAAwADi_BkAAyAfm8wXSBw0JEToBOAjaBwYJJ2jgBwDqBwIIAPAHjKICiggCEACVCAAAgD-YCAE.&s=af251cffd1f304a09ad9140f4cf9aa44e4e8c166&type=nv&nvt=5&jm=1003&px=0&py=0&bw=300&bh=250&sid=7701041261294738870&vd=ct~0|rr~0&sv=224&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=21644363&sw=1600&sh=1200&pw=300&ph=250&ww=300&wh=250&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/224/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:35 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 30916051-993c-4662-9e7c-8e57c3b47bed
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://mediawoot.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK viewability Show response
ad25.ad-srv.net/ Frame 4308 0
150 B 91ms
29ms Script
text/html 138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad25.ad-srv.net/viewability?s=16056800079871901467939012053025&a=db3aeba1&vb=m
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dgmyjtldt%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3FywHhN4T7kj8mIw4ZcDWJPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUP1vdUX_lDYVcw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgAMSKnDAAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521MhcqiAjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjEwOECGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MTA4%2Fbn%3D96930%2Fclickenc%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:35 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK request.php Show response
ad.ad-srv.net/ Frame BD67 5 KB
2 KB 112ms
52ms Document
text/html 138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=bb6af1fb8a2cDBP18YNbIcYg0HwAkRmZkPYZ0HQgSI1XOypXWeXmA9oGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=16056800079871901467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fpj71dd9a07d8amk%3Ftprde%3D
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dgmyjtldt%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3FywHhN4T7kj8mIw4ZcDWJPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUP1vdUX_lDYVcw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgAMSKnDAAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521MhcqiAjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjEwOECGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MTA4%2Fbn%3D96930%2Fclickenc%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: a59fb508d0b1b26622686fa0947eac6f2d0a73447e83f3b7c53a233717a3cf53

Request headers

Referer: https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dgmyjtldt%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3FywHhN4T7kj8mIw4ZcDWJPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUP1vdUX_lDYVcw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgAMSKnDAAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521MhcqiAjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjEwOECGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MTA4%2Fbn%3D96930%2Fclickenc%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 1568
Content-Type: text/html; charset=utf-8
Date: Tue, 16 Aug 2022 13:05:35 GMT
Expires: Tue, 16 Aug 2022 14:05:35 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
X-NEORY-SubId: 25212000079872501649441012053025

GET
DATA 200
OK truncated
/ Frame 4308 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK addDoubleBorder.js Show response
cdn.contentspread.net/cynamics/tools/js/ Frame 4308 851 B
1 KB 233ms
54ms Script
application/javascript 88.99.70.21
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.contentspread.net/cynamics/tools/js/addDoubleBorder.js
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dgmyjtldt%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3FywHhN4T7kj8mIw4ZcDWJPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUP1vdUX_lDYVcw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgAMSKnDAAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521MhcqiAjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjEwOECGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MTA4%2Fbn%3D96930%2Fclickenc%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.70.21 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.21.70.99.88.clients.your-server.de
Software: nginx /
Resource Hash: abaa484421865309a7781e540844f1b5260ed131080f8dd9f083d8f18beea107

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:35 GMT
Last-Modified: Tue, 03 May 2016 20:55:13 GMT
Server: nginx
ETag: "57291031-353"
Content-Type: application/javascript
Connection: close
Accept-Ranges: bytes
Content-Length: 851

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame A446 0
741 B 22ms
22ms Script
text/html 185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels&seller_id=10264&pub_id=1821409&gdpr=0

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=1821409

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:35 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: e45ac9a6-d824-4db9-8172-72c59ef8a5e7
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK viewability Show response
ad25.ad-srv.net/ Frame D851 0
150 B 86ms
30ms Script
text/html 138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad25.ad-srv.net/viewability?s=82720000079872201467939012053025&a=ba08680e&vb=m
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Davonrza%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3Fmu8def8TlD-By_7R6qmKPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUPxjQBsbXN2Niw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgARyVegQAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521MBejhwjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjA3MECGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDcw%2Fbn%3D96742%2Fclickenc%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:35 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK request.php Show response
ad.ad-srv.net/ Frame 0050 5 KB
2 KB 178ms
121ms Document
text/html 138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=24e4676e7329YUR4cQtJyh0FGA2RGZmRYfjDGA0JHIYEdXXi8YYkoGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=82720000079872201467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fpaqc04gfxa9rla6%3Ftprde%3D
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Davonrza%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3Fmu8def8TlD-By_7R6qmKPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUPxjQBsbXN2Niw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgARyVegQAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521MBejhwjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjA3MECGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDcw%2Fbn%3D96742%2Fclickenc%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 48a32f75a15608f916866df8331d2e5d2f64b2d8deddcdede9ccd0631730e076

Request headers

Referer: https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Davonrza%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3Fmu8def8TlD-By_7R6qmKPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUPxjQBsbXN2Niw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgARyVegQAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521MBejhwjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjA3MECGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDcw%2Fbn%3D96742%2Fclickenc%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 1570
Content-Type: text/html; charset=utf-8
Date: Tue, 16 Aug 2022 13:05:35 GMT
Expires: Tue, 16 Aug 2022 14:05:35 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
X-NEORY-SubId: 11565500079872901649441012053025

GET
DATA 200
OK truncated
/ Frame D851 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK addDoubleBorder.js Show response
cdn.contentspread.net/cynamics/tools/js/ Frame D851 851 B
1 KB 137ms
28ms Script
application/javascript 88.99.70.21
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.contentspread.net/cynamics/tools/js/addDoubleBorder.js
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Davonrza%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3Fmu8def8TlD-By_7R6qmKPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUPxjQBsbXN2Niw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgARyVegQAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521MBejhwjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjA3MECGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDcw%2Fbn%3D96742%2Fclickenc%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.70.21 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.21.70.99.88.clients.your-server.de
Software: nginx /
Resource Hash: abaa484421865309a7781e540844f1b5260ed131080f8dd9f083d8f18beea107

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:35 GMT
Last-Modified: Tue, 03 May 2016 20:55:13 GMT
Server: nginx
ETag: "57291031-353"
Content-Type: application/javascript
Connection: close
Accept-Ranges: bytes
Content-Length: 851

GET
H2

200

evergreen-kis-300x250.jpg
media.kaspersky.com/de/affiliates/ Frame 6BDF
Redirect Chain

https://www.awin1.com/cshow.php?s=2519519&v=14098&q=379074&r=559379&pv=0&pref1=24397500079872301649441012053025
https://media.kaspersky.com/de/affiliates/evergreen-kis-300x250.jpg

80 KB
80 KB

268ms
98ms

Image
image/jpeg

185.85.15.31
KL-EXT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://media.kaspersky.com/de/affiliates/evergreen-kis-300x250.jpg

Requested by

Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=61a5d4f56c48fdD3MUNnI6FYA1LGZkZGfjPQA1DoEIgfbf00lZwpdZ3oGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=39020200079871301467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fp5ca3cup5eyc2o6%3Ftprde%3D&uidRedirect=1

Protocol

Server

185.85.15.31 , Germany, ASN200107 (KL-EXT, CH),

Reverse DNS

Software

/ Kaspersky Labs, Kaspersky Labs

Resource Hash

06d9487d0d05b38994c2a06ab9639cfa33afe0c98f89cbb0f3bcefb4cfb0aa84

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Tue, 14 Sep 2021 12:09:27 GMT
server
x-powered-by: Kaspersky Labs, Kaspersky Labs
etag: "1b72585d61a9d71:0"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
x-xss-protection: 1; mode=block
x-server: fr2/FRA4
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 81829
date: Tue, 16 Aug 2022 13:05:35 GMT

Redirect headers

Date: Tue, 16 Aug 2022 13:05:35 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Location: https://media.kaspersky.com/de/affiliates/evergreen-kis-300x250.jpg
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK viewability Show response
ad25.ad-srv.net/ Frame 6BDF 0
150 B 158ms
53ms Script
text/html 138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad25.ad-srv.net/viewability?s=24397500079872301649441012053025&a=d03bd875&vb=m
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=61a5d4f56c48fdD3MUNnI6FYA1LGZkZGfjPQA1DoEIgfbf00lZwpdZ3oGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=39020200079871301467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fp5ca3cup5eyc2o6%3Ftprde%3D&uidRedirect=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:35 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK cshow.php Show response
www.awin1.com/ Frame 8BE7 43 B
703 B 226ms
98ms Document
image/gif 92.123.17.141
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.awin1.com/cshow.php?s=2519519&v=14098&q=379074&r=559379&pv=1&pref1=24397500079872301649441012053025

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

92.123.17.141 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-17-141.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://ad.ad-srv.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Awin-Akamai-Rule-Set: default
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif
Date: Tue, 16 Aug 2022 13:05:35 GMT
Expires: 0
Node: Helix
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Pragma: no-cache
Strict-Transport-Security: max-age=86400

GET
DATA 200
OK truncated
/ Frame 6BDF 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK addDoubleBorder.js Show response
cdn.contentspread.net/hofe/tools/js/ Frame 6BDF 851 B
1 KB 170ms
42ms Script
application/javascript 88.99.70.21
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.contentspread.net/hofe/tools/js/addDoubleBorder.js
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=61a5d4f56c48fdD3MUNnI6FYA1LGZkZGfjPQA1DoEIgfbf00lZwpdZ3oGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=39020200079871301467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fp5ca3cup5eyc2o6%3Ftprde%3D&uidRedirect=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.70.21 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.21.70.99.88.clients.your-server.de
Software: nginx /
Resource Hash: abaa484421865309a7781e540844f1b5260ed131080f8dd9f083d8f18beea107

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:35 GMT
Last-Modified: Fri, 05 Aug 2016 12:57:29 GMT
Server: nginx
ETag: "57a48d39-353"
Content-Type: application/javascript
Connection: close
Accept-Ranges: bytes
Content-Length: 851

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame 7844 5 KB
3 KB 39ms
38ms Script
text/javascript 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?CC=1&bn=56522822;rtbpid=3;rtbinv=${INV_SRC};rtbwp=0.001468-aSZ8vQ1skFbgS6c1PsWr31SY5KfK0X-a0;rtbr=5286895361431168818_1;rtbcid=${ENC_CID};rtbtpc=${ENC_TPC};rtburl=https%3A%2F%2Fkorrespondent.net%2F;rtbcat=${IAB_CATS};rtbdp=${DATA_PROV};rtbdt=${DATA_TYPE};rtbdc=${DATA_FEE_ENC};rtbplc=${ENC_PLC};rtbrmc=${ENC_RMC};rtbdata=r4mjpOpmxotnsaseszv2DPN21W3o9jwO_X7a0d4jQamh4_SVuZ1wZM576b23k3iDv_8QB0OX4Fz5k_K52ZP9K8Uw76OH3MpZX_W3fRtZZ-NikuIl-lO9NARPRKp7X9VUvkaogUZy2g23SN2zfbA3sxmo6_hx9OmR-yKoBwErk4n-CpQUQ-J09gW7rP5bRJFCKvSlVgyr4PELLhhadhf4SDb_119wm4vvzOJ1K38rCGThQW6FXjSrzw2;rtbtest=0;js=1;adfxid=1x;5101;set=en-US|en-US|1600X1200|0|300|250|24|8|3|7|1|;fd=0|0&CREFURL=https%3A%2F%2Fkorrespondent.net

Requested by

Host: acdn.adnxs-simple.com
URL: https://acdn.adnxs-simple.com/strikeforce/script.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

fa482e2eb305bca728f1b389d7dc4a72c050161eed3df8ecc0756461d028c4ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:35 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 2400
expires: -1

POST
H/1.1 200
OK / Show response
t.cotsta.ru/v4/track/tag/ Frame 3FAB 2 B
196 B 30ms
29ms XHR
text/plain 168.119.79.238
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://t.cotsta.ru/v4/track/tag/?v=1&time__offset=1375&event=rendered_adapter&ex_pl_id=/21830442390,22434891267/korrespondent.net_amx_/300x250_bs&pl_id=364
Requested by: Host: 0.code.cotsta.ru
URL: https://0.code.cotsta.ru/dist/a.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 168.119.79.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.238.79.119.168.clients.your-server.de
Software: nginx/1.14.1 /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://korrespondent.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 16 Aug 2022 13:05:35 GMT
Server: nginx/1.14.1
Connection: keep-alive
Content-Length: 2
Content-Type: text/plain; charset=utf-8

GET
H2

200

evergreen-kis-300x250.jpg
media.kaspersky.com/de/affiliates/ Frame 56DE
Redirect Chain

https://www.awin1.com/cshow.php?s=2519519&v=14098&q=379074&r=559379&pv=0&pref1=52487000079872401649441012053025
https://media.kaspersky.com/de/affiliates/evergreen-kis-300x250.jpg

80 KB
80 KB

196ms
33ms

Image
image/jpeg

185.85.15.31
KL-EXT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://media.kaspersky.com/de/affiliates/evergreen-kis-300x250.jpg

Requested by

Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=b42e0c11bdb9nURHeQtJyh0FGA2RGZmRYfjDGA0JHIYAXlBadXAaoGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=44045500079871201467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fp9a21ezln8dufjv%3Ftprde%3D&uidRedirect=1

Protocol

Server

185.85.15.31 , Germany, ASN200107 (KL-EXT, CH),

Reverse DNS

Software

/ Kaspersky Labs, Kaspersky Labs

Resource Hash

06d9487d0d05b38994c2a06ab9639cfa33afe0c98f89cbb0f3bcefb4cfb0aa84

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Tue, 14 Sep 2021 12:09:27 GMT
server
x-powered-by: Kaspersky Labs, Kaspersky Labs
etag: "1b72585d61a9d71:0"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
x-xss-protection: 1; mode=block
x-server: fr2/FRA2
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 81829
date: Tue, 16 Aug 2022 13:05:35 GMT

Redirect headers

Date: Tue, 16 Aug 2022 13:05:35 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Location: https://media.kaspersky.com/de/affiliates/evergreen-kis-300x250.jpg
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Length: 0

GET
H2

200

evergreen-kis-300x250.jpg
media.kaspersky.com/de/affiliates/ Frame BD67
Redirect Chain

https://www.awin1.com/cshow.php?s=2519519&v=14098&q=379074&r=559379&pv=0&pref1=25212000079872501649441012053025
https://media.kaspersky.com/de/affiliates/evergreen-kis-300x250.jpg

80 KB
80 KB

192ms
121ms

Image
image/jpeg

185.85.15.31
KL-EXT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://media.kaspersky.com/de/affiliates/evergreen-kis-300x250.jpg

Requested by

Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=bb6af1fb8a2cDBP18YNbIcYg0HwAkRmZkPYZ0HQgSI1XOypXWeXmA9oGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=16056800079871901467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fpj71dd9a07d8amk%3Ftprde%3D

Protocol

Server

185.85.15.31 , Germany, ASN200107 (KL-EXT, CH),

Reverse DNS

Software

/ Kaspersky Labs, Kaspersky Labs

Resource Hash

06d9487d0d05b38994c2a06ab9639cfa33afe0c98f89cbb0f3bcefb4cfb0aa84

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Tue, 14 Sep 2021 12:09:27 GMT
server
x-powered-by: Kaspersky Labs, Kaspersky Labs
etag: "1b72585d61a9d71:0"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
x-xss-protection: 1; mode=block
x-server: fr2/FRA4
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 81829
date: Tue, 16 Aug 2022 13:05:35 GMT

Redirect headers

Date: Tue, 16 Aug 2022 13:05:35 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Location: https://media.kaspersky.com/de/affiliates/evergreen-kis-300x250.jpg
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK viewability Show response
ad25.ad-srv.net/ Frame 56DE 0
150 B 85ms
29ms Script
text/html 138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad25.ad-srv.net/viewability?s=52487000079872401649441012053025&a=f56666df&vb=m
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=b42e0c11bdb9nURHeQtJyh0FGA2RGZmRYfjDGA0JHIYAXlBadXAaoGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=44045500079871201467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fp9a21ezln8dufjv%3Ftprde%3D&uidRedirect=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:35 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK cshow.php Show response
www.awin1.com/ Frame DEA0 43 B
703 B 157ms
82ms Document
image/gif 92.123.17.141
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.awin1.com/cshow.php?s=2519519&v=14098&q=379074&r=559379&pv=1&pref1=52487000079872401649441012053025

Requested by

Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=b42e0c11bdb9nURHeQtJyh0FGA2RGZmRYfjDGA0JHIYAXlBadXAaoGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=44045500079871201467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fp9a21ezln8dufjv%3Ftprde%3D&uidRedirect=1

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

92.123.17.141 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-17-141.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://ad.ad-srv.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Awin-Akamai-Rule-Set: default
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif
Date: Tue, 16 Aug 2022 13:05:35 GMT
Expires: 0
Node: Helix
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Pragma: no-cache
Strict-Transport-Security: max-age=86400

GET
DATA 200
OK truncated
/ Frame 56DE 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK addDoubleBorder.js Show response
cdn.contentspread.net/hofe/tools/js/ Frame 56DE 851 B
1 KB 122ms
28ms Script
application/javascript 88.99.70.21
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.contentspread.net/hofe/tools/js/addDoubleBorder.js
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=b42e0c11bdb9nURHeQtJyh0FGA2RGZmRYfjDGA0JHIYAXlBadXAaoGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=44045500079871201467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fp9a21ezln8dufjv%3Ftprde%3D&uidRedirect=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.70.21 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.21.70.99.88.clients.your-server.de
Software: nginx /
Resource Hash: abaa484421865309a7781e540844f1b5260ed131080f8dd9f083d8f18beea107

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:35 GMT
Last-Modified: Fri, 05 Aug 2016 12:57:29 GMT
Server: nginx
ETag: "57a48d39-353"
Content-Type: application/javascript
Connection: close
Accept-Ranges: bytes
Content-Length: 851

GET
H/1.1 200
OK viewability Show response
ad25.ad-srv.net/ Frame BD67 0
150 B 114ms
29ms Script
text/html 138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad25.ad-srv.net/viewability?s=25212000079872501649441012053025&a=79c76e34&vb=m
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=bb6af1fb8a2cDBP18YNbIcYg0HwAkRmZkPYZ0HQgSI1XOypXWeXmA9oGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=16056800079871901467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fpj71dd9a07d8amk%3Ftprde%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:35 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK cshow.php Show response
www.awin1.com/ Frame 22CE 43 B
703 B 134ms
62ms Document
image/gif 92.123.17.141
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.awin1.com/cshow.php?s=2519519&v=14098&q=379074&r=559379&pv=1&pref1=25212000079872501649441012053025

Requested by

Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=bb6af1fb8a2cDBP18YNbIcYg0HwAkRmZkPYZ0HQgSI1XOypXWeXmA9oGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=16056800079871901467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fpj71dd9a07d8amk%3Ftprde%3D

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

92.123.17.141 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-17-141.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://ad.ad-srv.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Awin-Akamai-Rule-Set: default
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif
Date: Tue, 16 Aug 2022 13:05:35 GMT
Expires: 0
Node: Helix
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Pragma: no-cache
Strict-Transport-Security: max-age=86400

GET
DATA 200
OK truncated
/ Frame BD67 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK addDoubleBorder.js Show response
cdn.contentspread.net/hofe/tools/js/ Frame BD67 851 B
1 KB 175ms
46ms Script
application/javascript 88.99.70.21
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.contentspread.net/hofe/tools/js/addDoubleBorder.js
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=bb6af1fb8a2cDBP18YNbIcYg0HwAkRmZkPYZ0HQgSI1XOypXWeXmA9oGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=16056800079871901467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fpj71dd9a07d8amk%3Ftprde%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.70.21 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.21.70.99.88.clients.your-server.de
Software: nginx /
Resource Hash: abaa484421865309a7781e540844f1b5260ed131080f8dd9f083d8f18beea107

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:35 GMT
Last-Modified: Fri, 05 Aug 2016 12:57:29 GMT
Server: nginx
ETag: "57a48d39-353"
Content-Type: application/javascript
Connection: close
Accept-Ranges: bytes
Content-Length: 851

GET
H2 200 ac.dc Show response
rock.aimmm.live/ Frame 7844 14 KB
14 KB 153ms
50ms Script
text/html 35.246.207.21
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://rock.aimmm.live/ac.dc?dv2=1361&dv3=1818&as=af

Requested by

Host: acdn.adnxs-simple.com
URL: https://acdn.adnxs-simple.com/strikeforce/script.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.246.207.21 Frankfurt am Main, Germany, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

21.207.246.35.bc.googleusercontent.com

Software

/ PHP/7.4.22

Resource Hash

b6601f9e51bd8099b8cbd3b130a48c199e9a79bf7270a9ca096ac112a9ba8a18

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

x-engine: PHP
date: Tue, 16 Aug 2022 13:05:35 GMT
x-origin: rock-service-666dd6444d-2l988
x-powered-by: PHP/7.4.22
strict-transport-security: max-age=15724800; includeSubDomains
content-type: text/html; charset=UTF-8
x-origin-response-time: 0.016s
request-id: 1e3028c5658e77d6afcf25df0ac71b3f
x-origin-time: Tue, 16 Aug 2022 13:05:35 +0000
access-control-allow-credentials: true

POST
H2 200 /
track.adform.net/csimpr/ Frame 7844 35 B
467 B 37ms
37ms Ping
image/gif 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=56522822&csi=GbFpUBCT6broNSF4PpsLatm5-kJKoCY49NXJjO5puVjrygPkIxxfk0srhEkluTSFZtIYRC-JbGXEW-tO8UbYsmQBbo50IEXs0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:35 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://mediawoot.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2

200

evergreen-kis-300x250.jpg
media.kaspersky.com/de/affiliates/ Frame D0FD
Redirect Chain

https://www.awin1.com/cshow.php?s=2519519&v=14098&q=379074&r=559379&pv=0&pref1=40559400079872701649441012053025
https://media.kaspersky.com/de/affiliates/evergreen-kis-300x250.jpg

80 KB
80 KB

194ms
120ms

Image
image/jpeg

185.85.15.31
KL-EXT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://media.kaspersky.com/de/affiliates/evergreen-kis-300x250.jpg

Requested by

Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=488d7e08bb01jEPSHZNbIcYg0HwAkRmZkPYZ0HQgSI1FabXmYkpYeloGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=99284700079871401467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fp8kzgvxbse3un4j%3Ftprde%3D&uidRedirect=1

Protocol

Server

185.85.15.31 , Germany, ASN200107 (KL-EXT, CH),

Reverse DNS

Software

/ Kaspersky Labs, Kaspersky Labs

Resource Hash

06d9487d0d05b38994c2a06ab9639cfa33afe0c98f89cbb0f3bcefb4cfb0aa84

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Tue, 14 Sep 2021 12:09:27 GMT
server
x-powered-by: Kaspersky Labs, Kaspersky Labs
etag: "1b72585d61a9d71:0"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
x-xss-protection: 1; mode=block
x-server: fr2/FRA3
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 81829
date: Tue, 16 Aug 2022 13:05:35 GMT

Redirect headers

Date: Tue, 16 Aug 2022 13:05:35 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Location: https://media.kaspersky.com/de/affiliates/evergreen-kis-300x250.jpg
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK viewability Show response
ad25.ad-srv.net/ Frame D0FD 0
150 B 131ms
55ms Script
text/html 138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad25.ad-srv.net/viewability?s=40559400079872701649441012053025&a=c2364e13&vb=m
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=488d7e08bb01jEPSHZNbIcYg0HwAkRmZkPYZ0HQgSI1FabXmYkpYeloGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=99284700079871401467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fp8kzgvxbse3un4j%3Ftprde%3D&uidRedirect=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:35 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK cshow.php Show response
www.awin1.com/ Frame 1652 43 B
703 B 131ms
87ms Document
image/gif 92.123.17.141
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.awin1.com/cshow.php?s=2519519&v=14098&q=379074&r=559379&pv=1&pref1=40559400079872701649441012053025

Requested by

Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=488d7e08bb01jEPSHZNbIcYg0HwAkRmZkPYZ0HQgSI1FabXmYkpYeloGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=99284700079871401467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fp8kzgvxbse3un4j%3Ftprde%3D&uidRedirect=1

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

92.123.17.141 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-17-141.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://ad.ad-srv.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Awin-Akamai-Rule-Set: default
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif
Date: Tue, 16 Aug 2022 13:05:35 GMT
Expires: 0
Node: Helix
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Pragma: no-cache
Strict-Transport-Security: max-age=86400

GET
DATA 200
OK truncated
/ Frame D0FD 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK addDoubleBorder.js Show response
cdn.contentspread.net/hofe/tools/js/ Frame D0FD 851 B
1 KB 137ms
28ms Script
application/javascript 88.99.70.21
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.contentspread.net/hofe/tools/js/addDoubleBorder.js
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=488d7e08bb01jEPSHZNbIcYg0HwAkRmZkPYZ0HQgSI1FabXmYkpYeloGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=99284700079871401467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fp8kzgvxbse3un4j%3Ftprde%3D&uidRedirect=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.70.21 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.21.70.99.88.clients.your-server.de
Software: nginx /
Resource Hash: abaa484421865309a7781e540844f1b5260ed131080f8dd9f083d8f18beea107

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:35 GMT
Last-Modified: Fri, 05 Aug 2016 12:57:29 GMT
Server: nginx
ETag: "57a48d39-353"
Content-Type: application/javascript
Connection: close
Accept-Ranges: bytes
Content-Length: 851

GET
H2 200 ThirdParty Show response
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.221/e/2gSBggDQ/i/vCAv.IAAAAAoAA/r:types/ Frame 7844 34 KB
15 KB 45ms
45ms Script
text/javascript 37.157.2.247
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.221/e/2gSBggDQ/i/vCAv.IAAAAAoAA/r:types/ThirdParty
Requested by: Host: acdn.adnxs-simple.com
URL: https://acdn.adnxs-simple.com/strikeforce/script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.2.247 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 06289e11ae03a6a17deb90c51e873bc616e28822001c6d6132069b39aefeb7d9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:35 GMT
content-encoding: gzip
last-modified: Wed, 27 Jul 2022 07:02:09 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Wed, 17 Aug 2022 16:20:18 GMT

GET
H2

200

evergreen-kis-300x250.jpg
media.kaspersky.com/de/affiliates/ Frame B0C4
Redirect Chain

https://www.awin1.com/cshow.php?s=2519519&v=14098&q=379074&r=559379&pv=0&pref1=97672800079872801649441012053025
https://media.kaspersky.com/de/affiliates/evergreen-kis-300x250.jpg

80 KB
80 KB

166ms
142ms

Image
image/jpeg

185.85.15.31
KL-EXT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://media.kaspersky.com/de/affiliates/evergreen-kis-300x250.jpg

Requested by

Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=4f3fcc6aa457NUPAKYNbIcYg0HwAkRmZkPYZ0HQgSI1FUmfGB38lbjoGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=19324500079871501467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fp0oa8z4rhgh6fd1%3Ftprde%3D&uidRedirect=1

Protocol

Server

185.85.15.31 , Germany, ASN200107 (KL-EXT, CH),

Reverse DNS

Software

/ Kaspersky Labs, Kaspersky Labs

Resource Hash

06d9487d0d05b38994c2a06ab9639cfa33afe0c98f89cbb0f3bcefb4cfb0aa84

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Tue, 14 Sep 2021 12:09:27 GMT
server
x-powered-by: Kaspersky Labs, Kaspersky Labs
etag: "1b72585d61a9d71:0"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
x-xss-protection: 1; mode=block
x-server: fr2/FRA3
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 81829
date: Tue, 16 Aug 2022 13:05:35 GMT

Redirect headers

Date: Tue, 16 Aug 2022 13:05:35 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Location: https://media.kaspersky.com/de/affiliates/evergreen-kis-300x250.jpg
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK viewability Show response
ad25.ad-srv.net/ Frame B0C4 0
150 B 85ms
29ms Script
text/html 138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad25.ad-srv.net/viewability?s=97672800079872801649441012053025&a=771e7d9a&vb=m
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=4f3fcc6aa457NUPAKYNbIcYg0HwAkRmZkPYZ0HQgSI1FUmfGB38lbjoGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=19324500079871501467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fp0oa8z4rhgh6fd1%3Ftprde%3D&uidRedirect=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:35 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK cshow.php Show response
www.awin1.com/ Frame AE46 43 B
703 B 92ms
68ms Document
image/gif 92.123.17.141
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.awin1.com/cshow.php?s=2519519&v=14098&q=379074&r=559379&pv=1&pref1=97672800079872801649441012053025

Requested by

Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=4f3fcc6aa457NUPAKYNbIcYg0HwAkRmZkPYZ0HQgSI1FUmfGB38lbjoGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=19324500079871501467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fp0oa8z4rhgh6fd1%3Ftprde%3D&uidRedirect=1

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

92.123.17.141 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-17-141.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://ad.ad-srv.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Awin-Akamai-Rule-Set: default
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif
Date: Tue, 16 Aug 2022 13:05:35 GMT
Expires: 0
Node: Helix
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Pragma: no-cache
Strict-Transport-Security: max-age=86400

GET
DATA 200
OK truncated
/ Frame B0C4 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK addDoubleBorder.js Show response
cdn.contentspread.net/hofe/tools/js/ Frame B0C4 851 B
1 KB 136ms
28ms Script
application/javascript 88.99.70.21
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.contentspread.net/hofe/tools/js/addDoubleBorder.js
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=4f3fcc6aa457NUPAKYNbIcYg0HwAkRmZkPYZ0HQgSI1FUmfGB38lbjoGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=19324500079871501467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fp0oa8z4rhgh6fd1%3Ftprde%3D&uidRedirect=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.70.21 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.21.70.99.88.clients.your-server.de
Software: nginx /
Resource Hash: abaa484421865309a7781e540844f1b5260ed131080f8dd9f083d8f18beea107

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:35 GMT
Last-Modified: Fri, 05 Aug 2016 12:57:29 GMT
Server: nginx
ETag: "57a48d39-353"
Content-Type: application/javascript
Connection: close
Accept-Ranges: bytes
Content-Length: 851

GET
H2

200

evergreen-kis-300x250.jpg
media.kaspersky.com/de/affiliates/ Frame 0050
Redirect Chain

https://www.awin1.com/cshow.php?s=2519519&v=14098&q=379074&r=559379&pv=0&pref1=11565500079872901649441012053025
https://media.kaspersky.com/de/affiliates/evergreen-kis-300x250.jpg

80 KB
80 KB

151ms
76ms

Image
image/jpeg

185.85.15.31
KL-EXT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://media.kaspersky.com/de/affiliates/evergreen-kis-300x250.jpg

Requested by

Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=24e4676e7329YUR4cQtJyh0FGA2RGZmRYfjDGA0JHIYEdXXi8YYkoGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=82720000079872201467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fpaqc04gfxa9rla6%3Ftprde%3D

Protocol

Server

185.85.15.31 , Germany, ASN200107 (KL-EXT, CH),

Reverse DNS

Software

/ Kaspersky Labs, Kaspersky Labs

Resource Hash

06d9487d0d05b38994c2a06ab9639cfa33afe0c98f89cbb0f3bcefb4cfb0aa84

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Tue, 14 Sep 2021 12:09:27 GMT
server
x-powered-by: Kaspersky Labs, Kaspersky Labs
etag: "1b72585d61a9d71:0"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
x-xss-protection: 1; mode=block
x-server: fr2/FRA2
accept-ranges: bytes
alt-svc: h3=":443"; ma=86400
content-length: 81829
date: Tue, 16 Aug 2022 13:05:35 GMT

Redirect headers

Date: Tue, 16 Aug 2022 13:05:35 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Location: https://media.kaspersky.com/de/affiliates/evergreen-kis-300x250.jpg
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK viewability Show response
ad25.ad-srv.net/ Frame 0050 0
150 B 86ms
30ms Script
text/html 138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad25.ad-srv.net/viewability?s=11565500079872901649441012053025&a=06ebfea4&vb=m
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=24e4676e7329YUR4cQtJyh0FGA2RGZmRYfjDGA0JHIYEdXXi8YYkoGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=82720000079872201467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fpaqc04gfxa9rla6%3Ftprde%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:35 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK cshow.php Show response
www.awin1.com/ Frame 4C45 43 B
703 B 98ms
73ms Document
image/gif 92.123.17.141
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.awin1.com/cshow.php?s=2519519&v=14098&q=379074&r=559379&pv=1&pref1=11565500079872901649441012053025

Requested by

Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=24e4676e7329YUR4cQtJyh0FGA2RGZmRYfjDGA0JHIYEdXXi8YYkoGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=82720000079872201467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fpaqc04gfxa9rla6%3Ftprde%3D

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

92.123.17.141 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a92-123-17-141.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://ad.ad-srv.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Awin-Akamai-Rule-Set: default
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif
Date: Tue, 16 Aug 2022 13:05:35 GMT
Expires: 0
Node: Helix
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Pragma: no-cache
Strict-Transport-Security: max-age=86400

GET
DATA 200
OK truncated
/ Frame 0050 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK addDoubleBorder.js Show response
cdn.contentspread.net/hofe/tools/js/ Frame 0050 851 B
1 KB 181ms
50ms Script
application/javascript 88.99.70.21
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.contentspread.net/hofe/tools/js/addDoubleBorder.js
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=24e4676e7329YUR4cQtJyh0FGA2RGZmRYfjDGA0JHIYEdXXi8YYkoGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=82720000079872201467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fpaqc04gfxa9rla6%3Ftprde%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.70.21 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.21.70.99.88.clients.your-server.de
Software: nginx /
Resource Hash: abaa484421865309a7781e540844f1b5260ed131080f8dd9f083d8f18beea107

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:35 GMT
Last-Modified: Fri, 05 Aug 2016 12:57:29 GMT
Server: nginx
ETag: "57a48d39-353"
Content-Type: application/javascript
Connection: close
Accept-Ranges: bytes
Content-Length: 851

GET
H2 200 ac.dc Show response
rock.aimmm.live/ Frame 8DCC 17 KB
17 KB 47ms
47ms Document
text/html 35.246.207.21
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://rock.aimmm.live/ac.dc?dv21&dv91&clickstart=https%3A//track.adform.net/C/%3Fbn%3D56522822%3Bcrtbwp%3D0.001468-aSZ8vQ1skFbgS6c1PsWr31SY5KfK0X-a0%3Bcrtbdata%3Dr4mjpOpmxotnsaseszv2DPN21W3o9jwO_X7a0d4jQamh4_SVuZ1wZM576b23k3iDv_8QB0OX4Fz5k_K52ZP9K8Uw76OH3MpZX_W3fRtZZ-NikuIl-lO9NARPRKp7X9VUvkaogUZy2g23SN2zfbA3sxmo6_hx9OmR-yKoBwErk4n-CpQUQ-J09gW7rP5bRJFCKvSlVgyr4PELLhhadhf4SDb_119wm4vvzOJ1K38rCGThQW6FXjSrzw2%3Badfibeg%3D0%3Bcdata%3D2Pg0_CXpfTuTcD65XEY3PgU9UDv16a4l1BZLVwvmeD9yxWeF9tD9XVAHUyGVomQMsZbYGFZvI2xNBAXGUYRdwsHzWJ8iG5IJY8ubVsNPRzrrygPkIxxfk0srhEkluTSFZtIYRC-JbGXEW-tO8UbYsnTAIT4W6WreQeEimShqzcc1%3B%3BCREFURL%3Dhttps%253a%252f%252fkorrespondent.net%3BC%3D1%3Bcpdir%3D&dv2=1361&dv3=1818&as=af&dv4=16606551354108

Requested by

Host: acdn.adnxs-simple.com
URL: https://acdn.adnxs-simple.com/strikeforce/script.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.246.207.21 Frankfurt am Main, Germany, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

21.207.246.35.bc.googleusercontent.com

Software

/ PHP/7.4.22

Resource Hash

024afefcd87a46088171356cb20bcad296d2c906837e616daa2c7b5bb79906d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
content-type: text/html; charset=UTF-8
date: Tue, 16 Aug 2022 13:05:35 GMT
request-id: acb113a7b806335ec19f2f227f9075f7
strict-transport-security: max-age=15724800; includeSubDomains
x-engine: PHP
x-origin: rock-service-666dd6444d-rzg6h
x-origin-response-time: 0.003s
x-origin-time: Tue, 16 Aug 2022 13:05:35 +0000
x-powered-by: PHP/7.4.22

GET
H2 200 /
event.aimmm.live/roll/ Frame 7844 42 B
221 B 390ms
16ms Image
image/gif 35.246.207.21
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://event.aimmm.live/roll/?tv1=2&dv2=1361&dv3=1818&dv4=16606551354108&tv10=korrespondent.net&tv2=1660655135

Requested by

Host: mediawoot.com
URL: https://mediawoot.com/r/p.html?f=zckvaaxfk&e=1518846443599

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.246.207.21 Frankfurt am Main, Germany, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

21.207.246.35.bc.googleusercontent.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:35 GMT
request-id: bbc574554e8a0f51e17cf1fc160cacfb
content-length: 42
strict-transport-security: max-age=15724800; includeSubDomains
x-request-id: bbc574554e8a0f51e17cf1fc160cacfb
content-type: image/gif

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame CB71 52 KB
17 KB 29ms
29ms Document
text/html 151.101.65.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=1821409
Requested by: Host: mediawoot.com
URL: https://mediawoot.com/r/p.html?f=zckvaaxfk&e=1518846443599
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 30239
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Tue, 16 Aug 2022 13:05:35 GMT
ETag: W/"623de86a-cf34"
Expires: Wed, 03 Aug 2022 04:41:10 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 1, 293422
X-Served-By: cache-lga21947-LGA, cache-cdg20745-CDG
X-Timer: S1660655135.476215,VS0,VE0

GET
H/1.1 200
OK rd_log Show response
ams3-ib.adnxs.com/ Frame 7844 0
813 B 27ms
27ms Script
text/html 185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ams3-ib.adnxs.com/rd_log?an_audit=0&referrer=https%3A%2F%2Fkorrespondent.net%2F&e=wqT_3QL6BvBMegMAAAMA1gAFAQierO6XBhCyzo_2nuq0r0kYw9-bksKpjqAhKjYJDW3tpzEPWD8RuEqGPmG0Uz8ZAAAAQDMz4z8huEqGPmG0Uz8pDW0JJAAxARv0IQPhepQ_MMuIqQo4mFBA9ghIW1Ca59WwAViTwosBYABotNiwAXit9AWAAQGKAQNVU0SSAQNFVVKYAawCoAH6AagBAbABALgBAcABBcgBAtABANgBAOABAPABAJICDENNYncrUm9RclFvPdgCAOACm4VO6gIaaHR0cHM6Ly9rb3JyZXNwb25kZW50Lm5ldC_yAiwKB0VOQ19DUE0SIWFTWjh2UTFza0ZiZ1M2YzFQc1dyMzFTWTVLZkswWC1hMPICiAIKDEVOQ19SVEJfREFUQRL3AXI0bWpwT3BteG90bnNhc2VzenYyRFBOMjFXM285andPX1g3YTBkNGpRYW1oNF9TVnVaMXdaTTU3NmIyM2szaUR2XzhRQjBPWDRGejVrX0s1MlpQOUs4VXc3Nk9IM01wWlhfVzNmUnRaWi1OaWt1SWwtbE85TkFSUFJLcDdYOVZVdmthb2dVWnkyZzIzU04yemZiQTNzeG1vNl9oeDlPbVIteUtvQndFcms0bi1DcFFVUS1KMDlnVzdyUDViUkpGQ0t2U2xWZ3lyNFBFTExoaGFkaGY0U0RiXzExOXdtNHZ2ek9KMUszOHJDR1RoUVc2RlhqU3J6dzLyAgYKBEFESUTyAgsKCUNPT0tJRV9JRIADAIgDAZADAJgDF6ADAaoDAMADrALIAwDYA_f-LuADAOgDAPgDAYAEAJIEDS91dC92My9wcmViaWSYBACiBAwxOTMuMjcuMTQuMTCoBACyBBAIABABGKwCIPoBKAAwADgCuAQAwAQAyAQA2gQCCAHgBAHwBJrn1bABiAUBmAUAoAXq49udvpT07wPABQDJBQAAAAAAAPA_0gUJCQAAAAAAAAAA2AUB4AUB8AWKk0P6BQQIABAAkAYAmAYAuAYAwQYAAAAAAADwP9AGnuoD2gYWChAAAAAAAAAAAAAAAAAAAAAAEAAYAOAGAfIGAggAgAcBiAcAoAcBugcPCAAQABgAIAAwADi_BkAAyAet9AXSBw0JAAAAAAAAAAAQABgA2gcGCAAQABgA4AcA6gcCCADwB4yiAooIAhAAlQgAAIA_mAgB&s=67f1aca85c3ba12eee22255323e35df68e6a0ac1&bdref=https%3A%2F%2Fkorrespondent.net%2F&bdtop=true&bdifs=2&bstk=https%3A%2F%2Fkorrespondent.net%2F,https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dzckvaaxfk%26e%3D1518846443599,https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dzckvaaxfk%26e%3D1518846443599&

Requested by

Host: acdn.adnxs-simple.com
URL: https://acdn.adnxs-simple.com/strikeforce/script.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:35 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: f3a70944-6039-4e93-90dd-36cb81383c5f
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK vevent
ams3-ib.adnxs.com/ Frame 7844 0
833 B 28ms
28ms Ping
text/html 185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ams3-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fkorrespondent.net%2F&e=wqT_3QLPBPBMTwIAAAMA1gAFAQierO6XBhCyzo_2nuq0r0kYw9-bksKpjqAhKjYJDW3tpzEPWD8RuEqGPmG0Uz8ZAAAAQDMz4z8huEqGPmG0Uz8pDW0JJAAxARv0dQHhepQ_MMuIqQo4mFBA9ghIW1Ca59WwAViTwosBYABotNiwAXit9AWAAQGKAQNVU0SSAQNFVVKYAawCoAH6AagBAbABALgBAcABBcgBAtABANgBAOABAPABAJICDENNYncrUm9RclFvPdgCAOACm4VO6gIaaHR0cHM6Ly9rb3JyZXNwb25kZW50Lm5ldC-AAwCIAwGQAwCYAxegAwGqAycaFTUyODY4OTUzNjE0MzExNjg4MThfMSoEODM0MzoINTY1MjI4MjLAA6wCyAMA2AP3_i7gAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQMMTkzLjI3LjE0LjEwqAQAsgQQCAAQARisAiD6ASgAMAA4ArgEAMAEAMgEANoEAggB4AQB8ASa59WwAYgFAZgFAKAF6uPbnb6U9O8DwAUAyQUAAAAAAADwP9IFCQkAAAAAAAAAANgFAeAFAfAFipND-gUECAAQAJAGAJgGALgGAMEGAAEiMADwP9AGnuoD2gYWChAFER0BYBAAGADgBgHyBgIIAIAHAYgHAKAHAboHDwgFGkQgADAAOL8GQADIB630BdIHDQkROwE4CNoHBgknaOAHAOoHAggA8AeMogKKCAIQAJUIAACAP5gIAQ..&s=a463a3b3b640c828bc92d62f5bcde81e0298878f&type=nv&nvt=5&jm=1003&px=0&py=0&bw=300&bh=250&sid=7701041261294738870&vd=ct~0|rr~0&sv=224&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=21644363&sw=1600&sh=1200&pw=300&ph=250&ww=300&wh=250&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/224/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:35 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: a2ce4528-25f4-4ab1-ba9b-5037fc309854
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://mediawoot.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame CB71 0
741 B 23ms
22ms Script
text/html 185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels&seller_id=10264&pub_id=1821409&gdpr=0

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=1821409

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:35 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: d054be64-f50a-4c55-bca9-2ac5646fc46a
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 ac_html5Api.js Show response
rock.aimmm.live/lib/js/ Frame 8DCC 9 KB
10 KB 76ms
75ms Script
application/javascript 35.246.207.21
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://rock.aimmm.live/lib/js/ac_html5Api.js

Requested by

Host: rock.aimmm.live
URL: https://rock.aimmm.live/ac.dc?dv21&dv91&clickstart=https%3A//track.adform.net/C/%3Fbn%3D56522822%3Bcrtbwp%3D0.001468-aSZ8vQ1skFbgS6c1PsWr31SY5KfK0X-a0%3Bcrtbdata%3Dr4mjpOpmxotnsaseszv2DPN21W3o9jwO_X7a0d4jQamh4_SVuZ1wZM576b23k3iDv_8QB0OX4Fz5k_K52ZP9K8Uw76OH3MpZX_W3fRtZZ-NikuIl-lO9NARPRKp7X9VUvkaogUZy2g23SN2zfbA3sxmo6_hx9OmR-yKoBwErk4n-CpQUQ-J09gW7rP5bRJFCKvSlVgyr4PELLhhadhf4SDb_119wm4vvzOJ1K38rCGThQW6FXjSrzw2%3Badfibeg%3D0%3Bcdata%3D2Pg0_CXpfTuTcD65XEY3PgU9UDv16a4l1BZLVwvmeD9yxWeF9tD9XVAHUyGVomQMsZbYGFZvI2xNBAXGUYRdwsHzWJ8iG5IJY8ubVsNPRzrrygPkIxxfk0srhEkluTSFZtIYRC-JbGXEW-tO8UbYsnTAIT4W6WreQeEimShqzcc1%3B%3BCREFURL%3Dhttps%253a%252f%252fkorrespondent.net%3BC%3D1%3Bcpdir%3D&dv2=1361&dv3=1818&as=af&dv4=16606551354108

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.246.207.21 Frankfurt am Main, Germany, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

21.207.246.35.bc.googleusercontent.com

Software

Resource Hash

116cb62ef5b34dd361a49d3e1bb7973d18f15040824a322f855b62d818e2871d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rock.aimmm.live/ac.dc?dv21&dv91&clickstart=https%3A//track.adform.net/C/%3Fbn%3D56522822%3Bcrtbwp%3D0.001468-aSZ8vQ1skFbgS6c1PsWr31SY5KfK0X-a0%3Bcrtbdata%3Dr4mjpOpmxotnsaseszv2DPN21W3o9jwO_X7a0d4jQamh4_SVuZ1wZM576b23k3iDv_8QB0OX4Fz5k_K52ZP9K8Uw76OH3MpZX_W3fRtZZ-NikuIl-lO9NARPRKp7X9VUvkaogUZy2g23SN2zfbA3sxmo6_hx9OmR-yKoBwErk4n-CpQUQ-J09gW7rP5bRJFCKvSlVgyr4PELLhhadhf4SDb_119wm4vvzOJ1K38rCGThQW6FXjSrzw2%3Badfibeg%3D0%3Bcdata%3D2Pg0_CXpfTuTcD65XEY3PgU9UDv16a4l1BZLVwvmeD9yxWeF9tD9XVAHUyGVomQMsZbYGFZvI2xNBAXGUYRdwsHzWJ8iG5IJY8ubVsNPRzrrygPkIxxfk0srhEkluTSFZtIYRC-JbGXEW-tO8UbYsnTAIT4W6WreQeEimShqzcc1%3B%3BCREFURL%3Dhttps%253a%252f%252fkorrespondent.net%3BC%3D1%3Bcpdir%3D&dv2=1361&dv3=1818&as=af&dv4=16606551354108
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:35 GMT
last-modified: Mon, 09 May 2022 13:47:49 GMT
etag: "62791b85-258f"
strict-transport-security: max-age=15724800; includeSubDomains
content-type: application/javascript
access-control-allow-credentials: true
request-id: edcfcb050be81449e47459700b100c8c
content-length: 9615
accept-ranges: bytes

GET
H2 200 createjs-2015.11.26.min.js Show response
rock.aimmm.live/lib/js/ Frame 8DCC 186 KB
187 KB 38ms
38ms Script
application/javascript 35.246.207.21
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://rock.aimmm.live/lib/js/createjs-2015.11.26.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.246.207.21 Frankfurt am Main, Germany, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

21.207.246.35.bc.googleusercontent.com

Software

Resource Hash

575c82f23dbb9285df2f62c7c8121c65d89e8137713110a149067d695975215e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rock.aimmm.live/ac.dc?dv21&dv91&clickstart=https%3A//track.adform.net/C/%3Fbn%3D56522822%3Bcrtbwp%3D0.001468-aSZ8vQ1skFbgS6c1PsWr31SY5KfK0X-a0%3Bcrtbdata%3Dr4mjpOpmxotnsaseszv2DPN21W3o9jwO_X7a0d4jQamh4_SVuZ1wZM576b23k3iDv_8QB0OX4Fz5k_K52ZP9K8Uw76OH3MpZX_W3fRtZZ-NikuIl-lO9NARPRKp7X9VUvkaogUZy2g23SN2zfbA3sxmo6_hx9OmR-yKoBwErk4n-CpQUQ-J09gW7rP5bRJFCKvSlVgyr4PELLhhadhf4SDb_119wm4vvzOJ1K38rCGThQW6FXjSrzw2%3Badfibeg%3D0%3Bcdata%3D2Pg0_CXpfTuTcD65XEY3PgU9UDv16a4l1BZLVwvmeD9yxWeF9tD9XVAHUyGVomQMsZbYGFZvI2xNBAXGUYRdwsHzWJ8iG5IJY8ubVsNPRzrrygPkIxxfk0srhEkluTSFZtIYRC-JbGXEW-tO8UbYsnTAIT4W6WreQeEimShqzcc1%3B%3BCREFURL%3Dhttps%253a%252f%252fkorrespondent.net%3BC%3D1%3Bcpdir%3D&dv2=1361&dv3=1818&as=af&dv4=16606551354108
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:35 GMT
last-modified: Mon, 09 May 2022 13:47:49 GMT
etag: "62791b85-2e8a6"
strict-transport-security: max-age=15724800; includeSubDomains
content-type: application/javascript
access-control-allow-credentials: true
request-id: 5790301342e2059085215acb4d2769d9
content-length: 190630
accept-ranges: bytes

GET
H2 200 /
event.aimmm.live/roll/ Frame 8DCC 42 B
222 B 229ms
16ms Image
image/gif 35.246.207.21
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://event.aimmm.live/roll/?tv1=4&dv2=1361&dv3=1818&dv6=1&dv4=16606551354108&tv10=korrespondent.net&tv40=29604&tv2=1660655135

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.246.207.21 Frankfurt am Main, Germany, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

21.207.246.35.bc.googleusercontent.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rock.aimmm.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:35 GMT
request-id: 5ad78e83a37a135b0d85c84f639cbb3b
content-length: 42
strict-transport-security: max-age=15724800; includeSubDomains
x-request-id: 5ad78e83a37a135b0d85c84f639cbb3b
content-type: image/gif

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 8FFC 0
0 85ms
52ms Fetch
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssQ2WbiuEjNJXyf0yRxkQdWP2UDj1Wq-0moccZnpHwXtWosTvy0AQ-qn696TGXxsPxz6gA2NzEdqs2e69TE7rCF2fJJW2hK7378jSnpDMq1QAyYs9xnWMu2_VbXsAQBKgfNbQt9L5_toWgk-9L9_6umhViLnWdOwOohpoMAk-0FIXyQAhrVZuSOsTXz-j2sqfHQfAOSSwEFzQI1_gXHmcFMfImQA_zLCIGmv3tJr6-KCeO9EXEK06pa07XDpv-6u3bImlvnIIFnr8oUe4HOKO4XBottJ7drboA-FG58kOQPqmkwnPjmLVs7IA1M_mLzLEBc1zd9rUnGQvH7jfWiiY2FDqAn4VRI9qsVaN_gTzI&sai=AMfl-YRWOtmWuZOc3pYlac2aVykQYm7ve1UG5VHaOevNRemo0OWby51qgpjZsDLa8T-NnXBrykQ_udskhoyFcCNHoI6bcR1QUVWB1TEW7kQZEFD_ZfbtyATroSdot0D00A&sig=Cg0ArKJSzL3TmfufBIvoEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s65-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 16 Aug 2022 13:05:35 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Tue, 16 Aug 2022 13:05:35 GMT

GET
DATA 200
OK truncated
/ Frame 8FFC 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 518ce9b9c0ce15f8c2fceb165ceee5247af65b39e1b65651545c1dfe400b397a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type: image/png

POST
H/1.1 200
OK / Show response
t.cotsta.ru/v4/track/tag/ Frame 3FAB 2 B
196 B 28ms
28ms XHR
text/plain 168.119.79.238
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://t.cotsta.ru/v4/track/tag/?v=1&time__offset=3781&event=impression&ex_pl_id=/21830442390,22434891267/korrespondent.net_amx_/300x250_bs&pl_id=364
Requested by: Host: 0.code.cotsta.ru
URL: https://0.code.cotsta.ru/dist/a.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 168.119.79.238 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.238.79.119.168.clients.your-server.de
Software: nginx/1.14.1 /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://korrespondent.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 16 Aug 2022 13:05:35 GMT
Server: nginx/1.14.1
Connection: keep-alive
Content-Length: 2
Content-Type: text/plain; charset=utf-8

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 1A95 0
0 53ms
53ms Image
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022081101&jk=3678178603685707&bg=!AgGlAUXNAAa4hXTbmIU7ACkAdvg8WkFp-6nSBd1KOM2KPp8dd9dC1jjxaKcEdUsOrrzxcCWARKV_mQIAAAEZUgAAAANoAQeZA1_-1YrvrTf9g_PuPgSFDFj0UZ0vIaWJXsIfT-efKp7Mteb87h7BcYdmM2KC3j5ujOgRXJIUi9IzuYBT9gfwKXMuMcssQAiDmKDYDYbGrSv3iHMoaUlrDkYnYP1IlkEwxSFrSTHt3A2QFGNiT8AmwgXRth7iQ7iDNS9oRQGb-WH4eyjuYVj3vJP5J5t_lxDJ_O9VE5wTK5E6Np4qrlcU6mysmxBRLDUQpkuQzMh0B8cJnDS17VDO5fMgjv_PjjHK4fZEr0gGuNqm_NyRv06aLGK5-_TSBKgmFUTpaoCP1oHtamNEY0QoM8QCJR5RUMfHHyFkd-B5XsJRN9L_tm9Jxgw8eD7aGVdNpyTy9tZ2g7aJrlgAq0k1x1-wGHcPw3Oc72uMKn_8QYyJmlULA6GhGWsOUbWi-LYhA0J-edb45Inqcdm4EsdvCg6SXOufkubjpJcbY5hQNmMZuD4E-JXhLywCooSwqcOcMJboScujcHQtxgj11ukZ3ZIEjIJa0lih_pHJBdCPHyNgpnxOozr2k1jWCbgEMrEWPnjZ7E6TY5hUhSlRVEHHj4EgtALrJClWvFiDA1M0bfFMt0kAc7vrRjPuSdy8UaN-AElAm9zk0P51WHyH4wvCGb3ew0uIA_hLjUf1lK0xZ1xoaSirprLGgSBRxA4rYaDaLGP8pQDN7_Yo_h6mXnkDwQeNGIPbOqdgEtVryvf4NZOAcTX1Hxxq1GhAoUfK_VsERxdFoqUAV1KSKu6mOJImoIxk-RJfkhpfK6Bl1kGosDknqCcWdihhbPldcUtv5dPsm-nEq0jG5sMm8DG0GKMi9Uk1wGMaLRrC5oYYWY5781YfZKTFoO-mxxtpFPwmwA1lSOxyuPnQkIy1jydX7BvDZIqT6zZ3FtNcsCbcLwU2CLCGjPFL1-waszIx6xLcVui_Ord4zK1fy6dlY378_iJMFOdtkhdNez3iSLe9sm1WucFNxRabDg-EhVXiHwwhx-jxyKwGFwUnPxFQ38ZROA7TMghFtY2qWhnwkV1Xbx5iscdyIZNjkJYFbhTuQS5KsB3uxHy9VAFXckkSu0wQoLHGsuoC9z4EBNGsPj8-_wzLVaK6ND0adT5xeh8GHVeZQ-u6YZA-7KObinMmE4pzMIht5cvbnMUhsxITIQ
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

POST
H/1.1 200
OK vevent
ams3-ib.adnxs.com/ Frame F05B 0
833 B 34ms
34ms Ping
text/html 185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ams3-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fkorrespondent.net%2F&e=wqT_3QLBCvD9QQUAAAMA1gAFAQierO6XBhDW8cm8pMfnxgoYw9-bksKpjqAhKjYJmu8def8TlD8Rgcv-0eqpij8ZAAAAQDMz4z8hxUmz3EbBiz8p9aEL6lvmlD8xAAAAQOF6lD8wy4ipCjiYUEDKTkgCUJP8-WZYk8KLAWAAaLTYsAF48PIFgAEBigEDVVNEkgEDRVVSmAGsAqAB-gGoAQGwAQC4AQHAAQXIAQLQAQDYAQDgAQDwAQCKAnd1ZignYScsIDQ1MjUzNjIsIDE2NjA2NTUxMzQpO3VmKCdpJywgNDEyNjE2OSwgMTY2MDY1NTEzNCk7dWYoJ2cnLCAxMTQ5Mzg4NyxCOwAwcicsIDIxNTkwNzg1OTY9APC2kgL9AyFZV1hHaWdqRmlJMFRFSlA4LVdZWUFDQ1R3b3NCTUFBNEFFQUFTTXBPVU11SXFRcFlBR0RMQm1nQWNBQjRBSUFCQUlnQkFKQUJBWmdCQWFBQkFhZ0JBYkFCQUxrQmtlOEs4T0Y2bERfQkFlckFKVFFuNXBRX3lRRUFBQUFBQUFEd1A5a0I2LUkyR3NCYjd6X2dBZG5yLXdIMUFRclhvenlZQWdDZ0FnRzFBZ0FBQUFDOUFnATnwVURBQWdESUFnRFFBZ0RZQWdEZ0FnRG9BZ0Q0QWdHQUF3R1lBd0c2QXdsQlRWTXpPall3TkRQZ0E0WXZnQVNidmRrRGlBU2N2ZGtEa0FRQW1BUUJ3UVFBAVoFAQhNa0UFCAUBGERZQkFEeEIFDAkBKGlBV2JMNmtGNi1JDbgQLXhCUUEVATx3UVY3Rks1SDRYcVVQOGtGERkMOERfUi4oAAgyUVUNG_BDRHdQLUFGLVFfd0JmX0R2UVg0QmJLYWxBS0NCZ05GVlZLSUJnQ1FCZ0dZQmdDaEJuc1Vya2ZoZXBRX3FBWUVzZ1lrQ1ENSwxBQUFFHYwARx0MAEkdDDx1QVlLmgKZASFNQmVnaHdqMgEC2Gs4S0xBU0FBS0FBeGV4U3VSLUY2bEQ4NkNVRk5Vek02TmpBME0wQ0dMMG5yNGpZYXdGdnZQMUUBfAkBBEZrCQgBAQBHPUwARx0YAEgdGAxIZ0FpLhUC8Nd3Li7YAgDgApuFTuoCGmh0dHBzOi8va29ycmVzcG9uZGVudC5uZXQvgAMAiAMBkAMAmAMXoAMBqgMAwAOsAsgDANgD9_4u4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDDE5My4yNy4xNC4xMKgEALIEEAgAEAEYrAIg-gEoADAAOAK4BADABADIBADSBA8xMDA1OCNBTVMzOjYwNDPaBAIIAeAEAfAEk_z5ZogFAZgFAKAF____________AcAFAMkFAAAAAAAA8D_SBQkJAAAJDnDYBQHgBQHwBbCiAvoFBAgAEACQBgCYBgC4BgDBBgkjKPA_0Aa7M9oGFgoQCREZAVwQABgA4AYB8gYCCACABwGIBwCgBwG6Bw8BSEwYACAAMAA4vwZAAMgH8PIF0gcNCRE6ATgI2gcGCSdo4AcA6gcCCADwB4yiAooIAhAAlQgAAIA_mAgB&s=84adf47dab04b9ea6e2ce00543b3aa06edd67608&type=pv&jm=1003&px=0&py=0&bw=300&bh=250&sf=1&sid=7701041261294738870&vd=ct~0|rr~5&sv=224&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=21644363&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/224/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:35 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 26b21a0f-594c-45af-93e7-827531859282
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://mediawoot.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame DA8B 0
741 B 23ms
22ms Script
text/html 185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels&seller_id=10264&pub_id=1821409&gdpr=0

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=1821409

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:35 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: a7530156-8b98-461e-bc50-611a95ddd363
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK vevent
ams3-ib.adnxs.com/ Frame 395B 0
833 B 28ms
28ms Ping
text/html 185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ams3-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fkorrespondent.net%2F&e=wqT_3QLBCvD9QQUAAAMA1gAFAQierO6XBhDFktG0npPGrDMYw9-bksKpjqAhKjYJmu8def8TlD8Rgcv-0eqpij8ZAAAAQDMz4z8hxUmz3EbBiz8p9aEL6lvmlD8xAAAAQOF6lD8wy4ipCjiYUEDKTkgCUJP8-WZYk8KLAWAAaLTYsAF4_vAFgAEBigEDVVNEkgEDRVVSmAGsAqAB-gGoAQGwAQC4AQHAAQXIAQLQAQDYAQDgAQDwAQCKAnd1ZignYScsIDQ1MjUzNjIsIDE2NjA2NTUxMzQpO3VmKCdpJywgNDEyNjE2OSwgMTY2MDY1NTEzNCk7dWYoJ2cnLCAxMTQ5Mzg4NyxCOwAwcicsIDIxNTkwNzg1OTY9APC2kgL9AyFzR1VUdHdqRmlJMFRFSlA4LVdZWUFDQ1R3b3NCTUFBNEFFQUFTTXBPVU11SXFRcFlBR0RMQm1nQWNBQjRBSUFCQUlnQkFKQUJBWmdCQWFBQkFhZ0JBYkFCQUxrQmtlOEs4T0Y2bERfQkFlckFKVFFuNXBRX3lRRUFBQUFBQUFEd1A5a0I2LUkyR3NCYjd6X2dBZG5yLXdIMUFRclhvenlZQWdDZ0FnRzFBZ0FBQUFDOUFnATnwVURBQWdESUFnRFFBZ0RZQWdEZ0FnRG9BZ0Q0QWdHQUF3R1lBd0c2QXdsQlRWTXpPall3TURIZ0E0WXZnQVNidmRrRGlBU2N2ZGtEa0FRQW1BUUJ3UVFBAVoFAQhNa0UFCAUBGERZQkFEeEIFDAkBKGlBWHhMcWtGNi1JDbgMLXhCUQkcAQE8d1FWN0ZLNUg0WHFVUDhrRgEUAQEMOERfUi4oAAgyUVUBF_BGQUFBRHdQLUFGLVFfd0JmX0R2UVg0QmJLYWxBS0NCZ05GVlZLSUJnQ1FCZ0dZQmdDaEJuc1Vya2ZoZXBRX3FBWUVzZ1lrQ1EBSAkBAEUdjABHHQwASR0MPHVBWUuaApkBIUtoZjRoUWoyAQLgazhLTEFTQUFLQUF4ZXhTdVItRjZsRDg2Q1VGTlV6TTZOakF3TVVDR0wwbnI0allhd0Z2dlAxRUFBEQIERmsRCghBQUc9TABHHRgASB0YDEhnQWkuFQLw13cuLtgCAOACm4VO6gIaaHR0cHM6Ly9rb3JyZXNwb25kZW50Lm5ldC-AAwCIAwGQAwCYAxegAwGqAwDAA6wCyAMA2AP3_i7gAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQMMTkzLjI3LjE0LjEwqAQAsgQQCAAQARisAiD6ASgAMAA4ArgEAMAEAMgEANIEDzEwMDU4I0FNUzM6NjAwMdoEAggB4AQB8AST_PlmiAUBmAUAoAX___________8BwAUAyQUAAAAAAADwP9IFCQkAAAkOcNgFAeAFAfAFsKIC-gUECAAQAJAGAJgGALgGAMEGCSMo8D_QBrsz2gYWChAJERkBXBAAGADgBgHyBgIIAIAHAYgHAKAHAboHDwFITBgAIAAwADi_BkAAyAf-8AXSBw0JEToBOAjaBwYJJ2jgBwDqBwIIAPAHjKICiggCEACVCAAAgD-YCAE.&s=df220f23b15a6b403a8a7b799ec894d6a3b64984&type=pv&jm=1003&px=0&py=0&bw=300&bh=250&sf=1&sid=7701041261294738870&vd=ct~0|rr~5&sv=224&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=21644363&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/224/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:35 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: c41b7a5c-12ce-4d6c-bde4-e3c210b6391c
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://mediawoot.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK vevent
ams3-ib.adnxs.com/ Frame EAC6 0
833 B 26ms
26ms Ping
text/html 185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ams3-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fkorrespondent.net%2F&e=wqT_3QLBCvD9QQUAAAMA1gAFAQierO6XBhDwrMOgy7bryx0Yw9-bksKpjqAhKjYJywHhN4T7kj8RJiMOGXA1iT8ZAAAAQDMz4z8hxUmz3EbBiz8p9aEL6lvmlD8xAAAAQOF6lD8wy4ipCjiYUEDKTkgCUJP8-WZYk8KLAWAAaLTYsAF42fEFgAEBigEDVVNEkgEDRVVSmAGsAqAB-gGoAQGwAQC4AQHAAQXIAQLQAQDYAQDgAQDwAQCKAnd1ZignYScsIDQ1MjUzNjIsIDE2NjA2NTUxMzQpO3VmKCdpJywgNDEyNjE2OSwgMTY2MDY1NTEzNCk7dWYoJ2cnLCAxMTQ5Mzg4NyxCOwAwcicsIDIxNTkwNzg1OTY9APC2kgL9AyFSbVVuZXdqRmlJMFRFSlA4LVdZWUFDQ1R3b3NCTUFBNEFFQUFTTXBPVU11SXFRcFlBR0RMQm1nQWNBQjRBSUFCQUlnQkFKQUJBWmdCQWFBQkFhZ0JBYkFCQUxrQmtlOEs4T0Y2bERfQkFlckFKVFFuNXBRX3lRRUFBQUFBQUFEd1A5a0I2LUkyR3NCYjd6X2dBZG5yLXdIMUFRclhvenlZQWdDZ0FnRzFBZ0FBQUFDOUFnATnwVURBQWdESUFnRFFBZ0RZQWdEZ0FnRG9BZ0Q0QWdHQUF3R1lBd0c2QXdsQlRWTXpPall3TVRiZ0E0WXZnQVNidmRrRGlBU2N2ZGtEa0FRQW1BUUJ3UVFBAVoFAQhNa0UFCAUBGERZQkFEeEIFDAkBKGlBV0FMNmtGNi1JDbgMLXhCUQkcAQE8d1FWN0ZLNUg0WHFVUDhrRgEUAQEMOERfUi4oAAgyUVUBF_BGQUFBRHdQLUFGLVFfd0JmX0R2UVg0QmJLYWxBS0NCZ05GVlZLSUJnQ1FCZ0dZQmdDaEJuc1Vya2ZoZXBRX3FBWUVzZ1lrQ1EBSAkBAEUdjABHHQwASR0MNHVBWUuaApkBIU1CZWRoOgEC2Gs4S0xBU0FBS0FBeGV4U3VSLUY2bEQ4NkNVRk5Vek02TmpBeE5rQ0dMMG5yNGpZYXdGdnZQMUUJfgEBBEZrAQYJAQBHPUwARx0YAEgdGAxIZ0FpLhUC8Nd3Li7YAgDgApuFTuoCGmh0dHBzOi8va29ycmVzcG9uZGVudC5uZXQvgAMAiAMBkAMAmAMXoAMBqgMAwAOsAsgDANgD9_4u4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDDE5My4yNy4xNC4xMKgEALIEEAgAEAEYrAIg-gEoADAAOAK4BADABADIBADSBA8xMDA1OCNBTVMzOjYwMTbaBAIIAeAEAfAEk_z5ZogFAZgFAKAF____________AcAFAMkFAAAAAAAA8D_SBQkJAAAJDnDYBQHgBQHwBbCiAvoFBAgAEACQBgCYBgC4BgDBBgkjKPA_0Aa7M9oGFgoQCREZAVwQABgA4AYB8gYCCACABwGIBwCgBwG6Bw8BSEwYACAAMAA4vwZAAMgH2fEF0gcNCRE6ATgI2gcGCSdo4AcA6gcCCADwB4yiAooIAhAAlQgAAIA_mAgB&s=1f8186272b66a5bf1fec66192cc2393e5c1240bc&type=pv&jm=1003&px=0&py=0&bw=300&bh=250&sf=1&sid=7701041261294738870&vd=ct~0|rr~5&sv=224&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=21644363&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/224/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:35 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 961b69c1-acd4-4ea8-b2ae-63c0b5c4b49b
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://mediawoot.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK vevent
ams3-ib.adnxs.com/ Frame 8D0E 0
833 B 26ms
26ms Ping
text/html 185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ams3-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fkorrespondent.net%2F&e=wqT_3QLBCvD9QQUAAAMA1gAFAQierO6XBhCmronAmrDMo2EYw9-bksKpjqAhKjYJmu8def8TlD8Rgcv-0eqpij8ZAAAAQDMz4z8hxUmz3EbBiz8p9aEL6lvmlD8xAAAAQOF6lD8wy4ipCjiYUEDKTkgCUJP8-WZYk8KLAWAAaLTYsAF4wvIFgAEBigEDVVNEkgEDRVVSmAGsAqAB-gGoAQGwAQC4AQHAAQXIAQLQAQDYAQDgAQDwAQCKAnd1ZignYScsIDQ1MjUzNjIsIDE2NjA2NTUxMzQpO3VmKCdpJywgNDEyNjE2OSwgMTY2MDY1NTEzNCk7dWYoJ2cnLCAxMTQ5Mzg4NyxCOwAwcicsIDIxNTkwNzg1OTY9APC2kgL9AyFZbVY3akFqRmlJMFRFSlA4LVdZWUFDQ1R3b3NCTUFBNEFFQUFTTXBPVU11SXFRcFlBR0RMQm1nQWNBQjRBSUFCQUlnQkFKQUJBWmdCQWFBQkFhZ0JBYkFCQUxrQmtlOEs4T0Y2bERfQkFlckFKVFFuNXBRX3lRRUFBQUFBQUFEd1A5a0I2LUkyR3NCYjd6X2dBZG5yLXdIMUFRclhvenlZQWdDZ0FnRzFBZ0FBQUFDOUFnATnwVURBQWdESUFnRFFBZ0RZQWdEZ0FnRG9BZ0Q0QWdHQUF3R1lBd0c2QXdsQlRWTXpPall3TXpuZ0E0WXZnQVNidmRrRGlBU2N2ZGtEa0FRQW1BUUJ3UVFBAVoFAQhNa0UFCAUBGERZQkFEeEIFDAkBKGlBV1hMNmtGNi1JDbgMLXhCUQkcAQE8d1FWN0ZLNUg0WHFVUDhrRgEUAQEMOERfUi4oAAgyUVUBF_BGQUFBRHdQLUFGLVFfd0JmX0R2UVg0QmJLYWxBS0NCZ05GVlZLSUJnQ1FCZ0dZQmdDaEJuc1Vya2ZoZXBRX3FBWUVzZ1lrQ1EBSAkBAEUdjABHHQwASR0MNHVBWUuaApkBIU5SZjlpOgEC2Gs4S0xBU0FBS0FBeGV4U3VSLUY2bEQ4NkNVRk5Vek02TmpBek9VQ0dMMG5yNGpZYXdGdnZQMUUJfgEBBEZrAQYJAQBHPUwARx0YAEgdGAxIZ0FpLhUC8Nd3Li7YAgDgApuFTuoCGmh0dHBzOi8va29ycmVzcG9uZGVudC5uZXQvgAMAiAMBkAMAmAMXoAMBqgMAwAOsAsgDANgD9_4u4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDDE5My4yNy4xNC4xMKgEALIEEAgAEAEYrAIg-gEoADAAOAK4BADABADIBADSBA8xMDA1OCNBTVMzOjYwMznaBAIIAeAEAfAEk_z5ZogFAZgFAKAF____________AcAFAMkFAAAAAAAA8D_SBQkJAAAJDnDYBQHgBQHwBbCiAvoFBAgAEACQBgCYBgC4BgDBBgkjKPA_0Aa7M9oGFgoQCREZAVwQABgA4AYB8gYCCACABwGIBwCgBwG6Bw8BSEwYACAAMAA4vwZAAMgHwvIF0gcNCRE6ATgI2gcGCSdo4AcA6gcCCADwB4yiAooIAhAAlQgAAIA_mAgB&s=02db6572e689d0fbea95be2d5900ec5b567dbfde&type=pv&jm=1003&px=0&py=0&bw=300&bh=250&sf=1&sid=7701041261294738870&vd=ct~0|rr~5&sv=224&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=21644363&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/224/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:35 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 61fb0f13-899c-4fd6-bbc0-9be2b20d8946
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://mediawoot.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame F4DA 0
741 B 22ms
22ms Script
text/html 185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels&seller_id=10264&pub_id=1821409&gdpr=0

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=1821409

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:35 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 90b8e245-5f7a-41d5-b71c-5d78d35194ca
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame A8F8 0
741 B 71ms
71ms Script
text/html 185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels&seller_id=10264&pub_id=1821409&gdpr=0

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=1821409

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:35 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 70b14711-b86c-4eb4-931e-fb4a6031f51e
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 02A9 0
741 B 24ms
24ms Script
text/html 185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels&seller_id=10264&pub_id=1821409&gdpr=0

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=1821409

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:35 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 35ae5edd-bdfe-41f0-943c-67fdd18b902c
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 16496861944829.png
rock.aimmm.live/media/live/1361/images/ Frame 8DCC 9 KB
9 KB 34ms
34ms Image
image/png 35.246.207.21
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rock.aimmm.live/media/live/1361/images/16496861944829.png

Requested by

Host: mediawoot.com
URL: https://mediawoot.com/r/p.html?f=zckvaaxfk&e=1518846443599

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.246.207.21 Frankfurt am Main, Germany, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

21.207.246.35.bc.googleusercontent.com

Software

Resource Hash

c5eceae3ffc3d1127522963a35cfe8f6fbdff9d7e22a947889059c58878bbccd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rock.aimmm.live/ac.dc?dv21&dv91&clickstart=https%3A//track.adform.net/C/%3Fbn%3D56522822%3Bcrtbwp%3D0.001468-aSZ8vQ1skFbgS6c1PsWr31SY5KfK0X-a0%3Bcrtbdata%3Dr4mjpOpmxotnsaseszv2DPN21W3o9jwO_X7a0d4jQamh4_SVuZ1wZM576b23k3iDv_8QB0OX4Fz5k_K52ZP9K8Uw76OH3MpZX_W3fRtZZ-NikuIl-lO9NARPRKp7X9VUvkaogUZy2g23SN2zfbA3sxmo6_hx9OmR-yKoBwErk4n-CpQUQ-J09gW7rP5bRJFCKvSlVgyr4PELLhhadhf4SDb_119wm4vvzOJ1K38rCGThQW6FXjSrzw2%3Badfibeg%3D0%3Bcdata%3D2Pg0_CXpfTuTcD65XEY3PgU9UDv16a4l1BZLVwvmeD9yxWeF9tD9XVAHUyGVomQMsZbYGFZvI2xNBAXGUYRdwsHzWJ8iG5IJY8ubVsNPRzrrygPkIxxfk0srhEkluTSFZtIYRC-JbGXEW-tO8UbYsnTAIT4W6WreQeEimShqzcc1%3B%3BCREFURL%3Dhttps%253a%252f%252fkorrespondent.net%3BC%3D1%3Bcpdir%3D&dv2=1361&dv3=1818&as=af&dv4=16606551354108
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:35 GMT
last-modified: Tue, 16 Aug 2022 12:40:17 GMT
etag: "62fb9031-239c"
strict-transport-security: max-age=15724800; includeSubDomains
content-type: image/png
access-control-allow-credentials: true
request-id: f89d2f586117ccf76e6a1fcfc668a0bb
content-length: 9116
accept-ranges: bytes

GET
H2 200 16584538701928.jpg
rock.aimmm.live/media/live/1361/images/ Frame 8DCC 4 KB
5 KB 35ms
34ms Image
image/jpeg 35.246.207.21
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rock.aimmm.live/media/live/1361/images/16584538701928.jpg

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

35.246.207.21 Frankfurt am Main, Germany, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

21.207.246.35.bc.googleusercontent.com

Software

Resource Hash

ba100bd29ea5ad94ef54e1562a3bab56ae3b7866c00149747556bb35c172a389

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rock.aimmm.live/ac.dc?dv21&dv91&clickstart=https%3A//track.adform.net/C/%3Fbn%3D56522822%3Bcrtbwp%3D0.001468-aSZ8vQ1skFbgS6c1PsWr31SY5KfK0X-a0%3Bcrtbdata%3Dr4mjpOpmxotnsaseszv2DPN21W3o9jwO_X7a0d4jQamh4_SVuZ1wZM576b23k3iDv_8QB0OX4Fz5k_K52ZP9K8Uw76OH3MpZX_W3fRtZZ-NikuIl-lO9NARPRKp7X9VUvkaogUZy2g23SN2zfbA3sxmo6_hx9OmR-yKoBwErk4n-CpQUQ-J09gW7rP5bRJFCKvSlVgyr4PELLhhadhf4SDb_119wm4vvzOJ1K38rCGThQW6FXjSrzw2%3Badfibeg%3D0%3Bcdata%3D2Pg0_CXpfTuTcD65XEY3PgU9UDv16a4l1BZLVwvmeD9yxWeF9tD9XVAHUyGVomQMsZbYGFZvI2xNBAXGUYRdwsHzWJ8iG5IJY8ubVsNPRzrrygPkIxxfk0srhEkluTSFZtIYRC-JbGXEW-tO8UbYsnTAIT4W6WreQeEimShqzcc1%3B%3BCREFURL%3Dhttps%253a%252f%252fkorrespondent.net%3BC%3D1%3Bcpdir%3D&dv2=1361&dv3=1818&as=af&dv4=16606551354108
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:35 GMT
last-modified: Tue, 16 Aug 2022 12:40:17 GMT
etag: "62fb9031-11b1"
strict-transport-security: max-age=15724800; includeSubDomains
content-type: image/jpeg
access-control-allow-credentials: true
request-id: 73b08d57cdb8d05480c8e2b92a8fddcb
content-length: 4529
accept-ranges: bytes

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 5DF3 0
741 B 22ms
22ms Script
text/html 185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels&seller_id=10264&pub_id=1821409&gdpr=0

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=1821409

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:36 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 132ae878-0df5-46bc-a751-101ec00be411
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK vevent
ams3-ib.adnxs.com/ Frame 5752 0
833 B 25ms
25ms Ping
text/html 185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ams3-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fkorrespondent.net%2F&e=wqT_3QLBCvD9QQUAAAMA1gAFAQierO6XBhDbusf617zDwlwYw9-bksKpjqAhKjYJywHhN4T7kj8RJiMOGXA1iT8ZAAAAQDMz4z8hxUmz3EbBiz8p9aEL6lvmlD8xAAAAQOF6lD8wy4ipCjiYUEDKTkgCUJP8-WZYk8KLAWAAaLTYsAF4ovUFgAEBigEDVVNEkgEDRVVSmAGsAqAB-gGoAQGwAQC4AQHAAQXIAQLQAQDYAQDgAQDwAQCKAnd1ZignYScsIDQ1MjUzNjIsIDE2NjA2NTUxMzQpO3VmKCdpJywgNDEyNjE2OSwgMTY2MDY1NTEzNCk7dWYoJ2cnLCAxMTQ5Mzg4NyxCOwAwcicsIDIxNTkwNzg1OTY9APC2kgL9AyFwR1gwc1FqRmlJMFRFSlA4LVdZWUFDQ1R3b3NCTUFBNEFFQUFTTXBPVU11SXFRcFlBR0RMQm1nQWNBQjRBSUFCQUlnQkFKQUJBWmdCQWFBQkFhZ0JBYkFCQUxrQmtlOEs4T0Y2bERfQkFlckFKVFFuNXBRX3lRRUFBQUFBQUFEd1A5a0I2LUkyR3NCYjd6X2dBZG5yLXdIMUFRclhvenlZQWdDZ0FnRzFBZ0FBQUFDOUFnATnwVURBQWdESUFnRFFBZ0RZQWdEZ0FnRG9BZ0Q0QWdHQUF3R1lBd0c2QXdsQlRWTXpPall4TURqZ0E0WXZnQVNidmRrRGlBU2N2ZGtEa0FRQW1BUUJ3UVFBAVoFAQhNa0UFCAUBGERZQkFEeEIFDAkBKGlBWGNMNmtGNi1JDbgMLXhCUQkcAQE8d1FWN0ZLNUg0WHFVUDhrRgEUAQEMOERfUi4oAAgyUVUBF_BGQUFBRHdQLUFGLVFfd0JmX0R2UVg0QmJLYWxBS0NCZ05GVlZLSUJnQ1FCZ0dZQmdDaEJuc1Vya2ZoZXBRX3FBWUVzZ1lrQ1EBSAkBAEUdjABHHQwASR0MPHVBWUuaApkBIU1oY3FpQWoyAQLYazhLTEFTQUFLQUF4ZXhTdVItRjZsRDg2Q1VGTlV6TTZOakV3T0VDR0wwbnI0allhd0Z2dlAxRQl-AQEERmsBBgkBAEc9TABHHRgASB0YDEhnQWkuFQLw13cuLtgCAOACm4VO6gIaaHR0cHM6Ly9rb3JyZXNwb25kZW50Lm5ldC-AAwCIAwGQAwCYAxegAwGqAwDAA6wCyAMA2AP3_i7gAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQMMTkzLjI3LjE0LjEwqAQAsgQQCAAQARisAiD6ASgAMAA4ArgEAMAEAMgEANIEDzEwMDU4I0FNUzM6NjEwONoEAggB4AQB8AST_PlmiAUBmAUAoAX___________8BwAUAyQUAAAAAAADwP9IFCQkAAAkOcNgFAeAFAfAFsKIC-gUECAAQAJAGAJgGALgGAMEGCSMo8D_QBrsz2gYWChAJERkBXBAAGADgBgHyBgIIAIAHAYgHAKAHAboHDwFITBgAIAAwADi_BkAAyAei9QXSBw0JEToBOAjaBwYJJ2jgBwDqBwIIAPAHjKICiggCEACVCAAAgD-YCAE.&s=b44e316fcdeb4768672b3f7d8609be82f627a5a0&type=pv&jm=1003&px=0&py=0&bw=300&bh=250&sf=1&sid=7701041261294738870&vd=ct~0|rr~5&sv=224&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=21644363&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/224/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:36 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 24555b7f-91a7-447c-a7c3-a81c2a0efcc3
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://mediawoot.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK viewability Show response
ad25.ad-srv.net/ Frame 99FA 0
150 B 85ms
29ms Script
text/html 138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad25.ad-srv.net/viewability?s=39020200079871301467939012053025&a=df6e7727&vb=v
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dmylhifuyj%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3Fmu8def8TlD-By_7R6qmKPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUPyZXAqiBMUdhw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgAQSROKgAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521NRf9iAjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjAzOUCGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDM5%2Fbn%3D96578%2Fclickenc%3D&uidRedirect=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:36 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK viewability Show response
ad25.ad-srv.net/ Frame 240C 0
150 B 88ms
29ms Script
text/html 138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad25.ad-srv.net/viewability?s=44045500079871201467939012053025&a=98052122&vb=v
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dluzlkxf%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3FywHhN4T7kj8mIw4ZcDWJPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUP3DWELS0rZcdw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgAdSLiIgAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521MBedhwjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjAxNkCGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDE2%2Fbn%3D96473%2Fclickenc%3D&uidRedirect=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:36 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK viewability Show response
ad25.ad-srv.net/ Frame ECB5 0
150 B 152ms
53ms Script
text/html 138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad25.ad-srv.net/viewability?s=99284700079871401467939012053025&a=0259ddbf&vb=v
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dyvmanyrg%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3Fmu8def8TlD-By_7R6qmKPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUP9Z4kkc6no0Kw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgAViUgiQAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521MBeghwjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjA0M0CGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDQz%2Fbn%3D96624%2Fclickenc%3D&uidRedirect=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:36 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame A446 0
741 B 22ms
22ms Script
text/html 185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels&seller_id=10264&pub_id=1821409&gdpr=0

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=1821409

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:36 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: c579dd51-31ed-456e-b543-a209e5b09d0e
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK viewability Show response
ad25.ad-srv.net/ Frame 93E3 0
150 B 87ms
29ms Script
text/html 138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad25.ad-srv.net/viewability?s=19324500079871501467939012053025&a=f4b4713f&vb=v
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dqhnmckig%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3Fmu8def8TlD-By_7R6qmKPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUP0VJlOaZGFkzw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgABSXRbAAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521Khf4hQjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjAwMUCGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MDAx%2Fbn%3D96382%2Fclickenc%3D&uidRedirect=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:36 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK viewability Show response
ad25.ad-srv.net/ Frame 4308 0
150 B 120ms
40ms Script
text/html 138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad25.ad-srv.net/viewability?s=16056800079871901467939012053025&a=db3aeba1&vb=v
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=dr8ahzd60a5l&renderingType=html&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&documentReferer=https%3A%2F%2Fmediawoot.com%2Fr%2Fp.html%3Ff%3Dgmyjtldt%26e%3D1518846443599&ancestorOrigins=https%3A%2F%2Fmediawoot.com%2Chttps%3A%2F%2Fkorrespondent.net&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&extVar[]=XR_SSP:10264&extVar[]=XR_DOM_RTB:korrespondent.net&redirectClick=https%3A%2F%2Fams3-ib.adnxs.com%2Fclick%3FywHhN4T7kj8mIw4ZcDWJPwAAAEAzM-M_xUmz3EbBiz_1oQvqW-aUP1vdUX_lDYVcw-9GIkw5QCEelvtiAAAAAEtESgEYKAAASicAAAIAAAATft4ME-EiAAAAAABVU0QARVVSACwB-gA0LAAAAAABAQUCAAAAANgAMSKnDAAAAAA.%2Fbcr%3DAAAAAAAA8D8%3D%2Fcnd%3D%2521MhcqiAjFiI0TEJP8-WYYk8KLASAAKAAxexSuR-F6lD86CUFNUzM6NjEwOECGL0nr4jYawFvvP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca%3DMTAwNTgjQU1TMzo2MTA4%2Fbn%3D96930%2Fclickenc%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:36 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK viewability Show response
ad25.ad-srv.net/ Frame 6BDF 0
150 B 165ms
57ms Script
text/html 138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad25.ad-srv.net/viewability?s=24397500079872301649441012053025&a=d03bd875&vb=v
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=61a5d4f56c48fdD3MUNnI6FYA1LGZkZGfjPQA1DoEIgfbf00lZwpdZ3oGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=39020200079871301467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fp5ca3cup5eyc2o6%3Ftprde%3D&uidRedirect=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:36 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK viewability Show response
ad25.ad-srv.net/ Frame 56DE 0
150 B 122ms
33ms Script
text/html 138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad25.ad-srv.net/viewability?s=52487000079872401649441012053025&a=f56666df&vb=v
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=b42e0c11bdb9nURHeQtJyh0FGA2RGZmRYfjDGA0JHIYAXlBadXAaoGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=44045500079871201467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fp9a21ezln8dufjv%3Ftprde%3D&uidRedirect=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:36 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK viewability Show response
ad25.ad-srv.net/ Frame BD67 0
150 B 158ms
56ms Script
text/html 138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad25.ad-srv.net/viewability?s=25212000079872501649441012053025&a=79c76e34&vb=v
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=bb6af1fb8a2cDBP18YNbIcYg0HwAkRmZkPYZ0HQgSI1XOypXWeXmA9oGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=16056800079871901467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fpj71dd9a07d8amk%3Ftprde%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:36 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK viewability Show response
ad25.ad-srv.net/ Frame D0FD 0
150 B 141ms
55ms Script
text/html 138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad25.ad-srv.net/viewability?s=40559400079872701649441012053025&a=c2364e13&vb=v
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=488d7e08bb01jEPSHZNbIcYg0HwAkRmZkPYZ0HQgSI1FabXmYkpYeloGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=99284700079871401467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fp8kzgvxbse3un4j%3Ftprde%3D&uidRedirect=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:36 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK viewability Show response
ad25.ad-srv.net/ Frame B0C4 0
150 B 86ms
29ms Script
text/html 138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad25.ad-srv.net/viewability?s=97672800079872801649441012053025&a=771e7d9a&vb=v
Requested by: Host: ad.ad-srv.net
URL: https://ad.ad-srv.net/request.php?zone=zi2oae67mtw4&renderingType=html&extVar[]=DOUBLEBORDER:1&extVar[]=ANIM_AFTER_30S:0&envData=4f3fcc6aa457NUPAKYNbIcYg0HwAkRmZkPYZ0HQgSI1FUmfGB38lbjoGm-pjgxZ2eN9wubTQ8FD6Fnl5aFBuTO1-lYR9nAy8lCttogbt6i7HFZUxMNJinpXB_ZGYmv8ib8Yg4HFBiRHFKy0C2pmYW9YA_8YCuZGA1p0CT9v1dvmXtfG1xFVxFXbbfIeTNr&subid=19324500079871501467939012053025&redirectClick=https%3A%2F%2Fad25.ad-srv.net%2Fc%2Fp0oa8z4rhgh6fd1%3Ftprde%3D&uidRedirect=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:36 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame CB71 0
741 B 23ms
22ms Script
text/html 185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels&seller_id=10264&pub_id=1821409&gdpr=0

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=10264&pub_id=1821409

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:36 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 19bc24c7-683d-418e-b74e-c643c6508c74
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK vevent
ams3-ib.adnxs.com/ Frame 7844 0
833 B 23ms
23ms Ping
text/html 185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ams3-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fkorrespondent.net%2F&e=wqT_3QLPBPBMTwIAAAMA1gAFAQierO6XBhCyzo_2nuq0r0kYw9-bksKpjqAhKjYJDW3tpzEPWD8RuEqGPmG0Uz8ZAAAAQDMz4z8huEqGPmG0Uz8pDW0JJAAxARv0dQHhepQ_MMuIqQo4mFBA9ghIW1Ca59WwAViTwosBYABotNiwAXit9AWAAQGKAQNVU0SSAQNFVVKYAawCoAH6AagBAbABALgBAcABBcgBAtABANgBAOABAPABAJICDENNYncrUm9RclFvPdgCAOACm4VO6gIaaHR0cHM6Ly9rb3JyZXNwb25kZW50Lm5ldC-AAwCIAwGQAwCYAxegAwGqAycaFTUyODY4OTUzNjE0MzExNjg4MThfMSoEODM0MzoINTY1MjI4MjLAA6wCyAMA2AP3_i7gAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQMMTkzLjI3LjE0LjEwqAQAsgQQCAAQARisAiD6ASgAMAA4ArgEAMAEAMgEANoEAggB4AQB8ASa59WwAYgFAZgFAKAF6uPbnb6U9O8DwAUAyQUAAAAAAADwP9IFCQkAAAAAAAAAANgFAeAFAfAFipND-gUECAAQAJAGAJgGALgGAMEGAAEiMADwP9AGnuoD2gYWChAFER0BYBAAGADgBgHyBgIIAIAHAYgHAKAHAboHDwgFGkQgADAAOL8GQADIB630BdIHDQkROwE4CNoHBgknaOAHAOoHAggA8AeMogKKCAIQAJUIAACAP5gIAQ..&s=a463a3b3b640c828bc92d62f5bcde81e0298878f&type=pv&jm=1003|1015&px=0&py=0&bw=300&bh=250&sf=0.65&sid=7701041261294738870&vd=ct~0|rr~5&sv=224&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=21644363&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/224/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:36 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 52c915cb-dd20-4116-9cd6-82ba35f06315
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://mediawoot.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 /
track.adform.net/serving/unload/ Frame 7844 35 B
467 B 37ms
37ms Ping
image/gif 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=845796626578132275@@56522822,677432458895787219,65|1100|0|0|0|0|0|0|0||28|1|||||1|0|0|MdtyjwBk8HVX7EYoWZQhUbB3bWF4jE5p5c0GeM4vTui5ysP3tlyARhhpnBRkvb3lA7z_uuw_WOM1|||11||0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:36 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://mediawoot.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 publishertag.prebid.117.js Show response
static.criteo.net/js/ld/ Frame 1A95 87 KB
28 KB 24ms
24ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.117.js

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

90c9017a8a6447588520f38cd94ba14cdb9839c92626aa06bb8a4a1052c2ab7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:37 GMT
content-encoding: gzip
last-modified: Wed, 29 Dec 2021 12:30:46 GMT
server: nginx
etag: W/"61cc54f6-15c19"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 17 Aug 2022 13:05:37 GMT

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame 152E 3 KB
2 KB 149ms
30ms Document
text/html 23.35.236.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-247.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 1387
Content-Type: text/html; charset=UTF-8
Date: Tue, 16 Aug 2022 13:05:37 GMT
ETag: "e20015-b68-5e4a60c97afb7"
Last-Modified: Mon, 25 Jul 2022 19:18:30 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Server: Apache
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 7E21 52 KB
17 KB 25ms
25ms Document
text/html 151.101.65.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 30242
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Tue, 16 Aug 2022 13:05:37 GMT
ETag: W/"623de86a-cf34"
Expires: Wed, 03 Aug 2022 04:41:10 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 1, 293439
X-Served-By: cache-lga21947-LGA, cache-cdg20745-CDG
X-Timer: S1660655137.492453,VS0,VE0

GET
H2 200 pd Show response
u.openx.net/w/1.0/ Frame 2D87 0
91 B 90ms
26ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 20
content-type: text/html
date: Tue, 16 Aug 2022 13:05:37 GMT
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 228A 281 B
554 B 74ms
17ms Document
text/html 104.109.78.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-78-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Tue, 16 Aug 2022 13:05:37 GMT
ETag: "40014-119-5d32342a551c0"
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H/1.1 204
No Content beacon
ap.lijit.com/ Frame CB63 0
0 24ms
24ms Document
text/plain 72.251.249.14
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/beacon?informer=13406526
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.14 Amsterdam, Netherlands, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Date: Tue, 16 Aug 2022 13:05:37 GMT
Expires: Fri, 20 Mar 2009 00:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Pragma: no-cache
X-Sovrn-Pod: ad_ap1ams1

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 66BE 281 B
554 B 66ms
18ms Document
text/html 104.109.78.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-78-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Tue, 16 Aug 2022 13:05:37 GMT
ETag: "40014-119-5d32342a551c0"
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H/1.1 204
No Content beacon
ap.lijit.com/ Frame D8AE 0
0 23ms
23ms Document
text/plain 72.251.249.14
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/beacon?informer=13406526
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.14 Amsterdam, Netherlands, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Date: Tue, 16 Aug 2022 13:05:37 GMT
Expires: Fri, 20 Mar 2009 00:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Pragma: no-cache
X-Sovrn-Pod: ad_ap1ams1

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame BFF5 52 KB
17 KB 15ms
15ms Document
text/html 151.101.65.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 30240
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Tue, 16 Aug 2022 13:05:37 GMT
ETag: W/"623de86a-cf34"
Expires: Wed, 03 Aug 2022 04:41:10 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 2, 486787
X-Served-By: cache-lga21945-LGA, cache-hhn4060-HHN
X-Timer: S1660655138.502733,VS0,VE0

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame ECC4 3 KB
2 KB 149ms
30ms Document
text/html 23.35.236.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-247.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 1387
Content-Type: text/html; charset=UTF-8
Date: Tue, 16 Aug 2022 13:05:37 GMT
ETag: "e20015-b68-5e4a60c97afb7"
Last-Modified: Mon, 25 Jul 2022 19:18:30 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Server: Apache
Vary: Accept-Encoding

GET
H2 200 pd Show response
u.openx.net/w/1.0/ Frame 4B14 0
80 B 77ms
27ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 20
content-type: text/html
date: Tue, 16 Aug 2022 13:05:37 GMT
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 8F13 281 B
554 B 77ms
18ms Document
text/html 104.109.78.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-78-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Tue, 16 Aug 2022 13:05:37 GMT
ETag: "40014-119-5d32342a551c0"
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H/1.1 204
No Content beacon
ap.lijit.com/ Frame 518C 0
0 50ms
50ms Document
text/plain 72.251.249.14
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/beacon?informer=13406526
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.14 Amsterdam, Netherlands, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Date: Tue, 16 Aug 2022 13:05:37 GMT
Expires: Fri, 20 Mar 2009 00:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Pragma: no-cache
X-Sovrn-Pod: ad_ap1ams1

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 2DA3 52 KB
17 KB 16ms
16ms Document
text/html 151.101.65.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 30240
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Tue, 16 Aug 2022 13:05:37 GMT
ETag: W/"623de86a-cf34"
Expires: Wed, 03 Aug 2022 04:41:10 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 2, 485147
X-Served-By: cache-lga21945-LGA, cache-hhn4066-HHN
X-Timer: S1660655138.508120,VS0,VE0

GET
H2 200 pd Show response
u.openx.net/w/1.0/ Frame 4F87 0
80 B 72ms
27ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 20
content-type: text/html
date: Tue, 16 Aug 2022 13:05:37 GMT
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame F0E5 3 KB
2 KB 157ms
29ms Document
text/html 23.35.236.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-247.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 1387
Content-Type: text/html; charset=UTF-8
Date: Tue, 16 Aug 2022 13:05:37 GMT
ETag: "e20015-b68-5e4a60c97afb7"
Last-Modified: Mon, 25 Jul 2022 19:18:30 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Server: Apache
Vary: Accept-Encoding

GET
H2 200 pd Show response
u.openx.net/w/1.0/ Frame 774D 0
80 B 51ms
28ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 20
content-type: text/html
date: Tue, 16 Aug 2022 13:05:37 GMT
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame ABC7 281 B
554 B 52ms
19ms Document
text/html 104.109.78.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-78-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Tue, 16 Aug 2022 13:05:37 GMT
ETag: "40014-119-5d32342a551c0"
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame A0B8 52 KB
17 KB 15ms
15ms Document
text/html 151.101.65.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 30240
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Tue, 16 Aug 2022 13:05:37 GMT
ETag: W/"623de86a-cf34"
Expires: Wed, 03 Aug 2022 04:41:10 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 2, 485148
X-Served-By: cache-lga21945-LGA, cache-hhn4066-HHN
X-Timer: S1660655138.532878,VS0,VE0

GET
H/1.1 204
No Content beacon
ap.lijit.com/ Frame 7739 0
0 24ms
24ms Document
text/plain 72.251.249.14
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/beacon?informer=13406526
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.14 Amsterdam, Netherlands, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Date: Tue, 16 Aug 2022 13:05:37 GMT
Expires: Fri, 20 Mar 2009 00:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Pragma: no-cache
X-Sovrn-Pod: ad_ap1ams1

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame 29B0 3 KB
2 KB 150ms
31ms Document
text/html 23.35.236.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-247.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 1387
Content-Type: text/html; charset=UTF-8
Date: Tue, 16 Aug 2022 13:05:37 GMT
ETag: "e20015-b68-5e4a60c97afb7"
Last-Modified: Mon, 25 Jul 2022 19:18:30 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Server: Apache
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 7E21 0
741 B 60ms
59ms Script
text/html 185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:37 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 6b4103eb-d621-44ea-9b1f-53099e2fe789
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 pd
u.openx.net/w/1.0/ Frame 1A95 43 B
131 B 27ms
26ms Image
image/gif 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://u.openx.net/w/1.0/pd
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:37 GMT
content-encoding: gzip
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
via: 1.1 google
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame BFF5 0
741 B 27ms
26ms Script
text/html 185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:37 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 66f36094-257f-4bd6-a2f7-214eed7d5882
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 2DA3 0
741 B 41ms
26ms Script
text/html 185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:37 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 13c8c6ba-b92f-4091-81a9-7c4a875bfa16
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame A0B8 0
741 B 22ms
22ms Script
text/html 185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:37 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: f807e30d-de9e-4c07-a683-b2156fd74563
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 228A 31 KB
10 KB 17ms
16ms Script
text/html 104.109.78.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-78-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: c3d3e53145b2e47ef3c4a2a08c8a644b8acf51380859a40d48a39447646e9a02

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:37 GMT
Content-Encoding: gzip
Last-Modified: Tue, 12 Jul 2022 20:44:25 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=54489
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9450
Expires: Wed, 17 Aug 2022 04:13:46 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 66BE 31 KB
10 KB 18ms
16ms Script
text/html 104.109.78.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-78-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: c3d3e53145b2e47ef3c4a2a08c8a644b8acf51380859a40d48a39447646e9a02

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:37 GMT
Content-Encoding: gzip
Last-Modified: Tue, 12 Jul 2022 20:44:25 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=54489
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9450
Expires: Wed, 17 Aug 2022 04:13:46 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 8F13 31 KB
10 KB 16ms
16ms Script
text/html 104.109.78.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-78-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: c3d3e53145b2e47ef3c4a2a08c8a644b8acf51380859a40d48a39447646e9a02

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:37 GMT
Content-Encoding: gzip
Last-Modified: Tue, 12 Jul 2022 20:44:25 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=54489
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9450
Expires: Wed, 17 Aug 2022 04:13:46 GMT

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 86E0 281 B
554 B 41ms
41ms Document
text/html 104.109.78.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-78-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Tue, 16 Aug 2022 13:05:37 GMT
ETag: "40014-119-5d32342a551c0"
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 7AAB 52 KB
17 KB 15ms
15ms Document
text/html 151.101.65.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 30240
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Tue, 16 Aug 2022 13:05:37 GMT
ETag: W/"623de86a-cf34"
Expires: Wed, 03 Aug 2022 04:41:10 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 2, 485150
X-Served-By: cache-lga21945-LGA, cache-hhn4066-HHN
X-Timer: S1660655138.649114,VS0,VE0

GET
H3 200 pd Show response
u.openx.net/w/1.0/ Frame 9EF5 0
35 B 54ms
53ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 20
content-type: text/html
date: Tue, 16 Aug 2022 13:05:37 GMT
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H/1.1 204
No Content beacon
ap.lijit.com/ Frame CC3D 0
0 23ms
23ms Document
text/plain 72.251.249.14
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/beacon?informer=13406526
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.14 Amsterdam, Netherlands, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Date: Tue, 16 Aug 2022 13:05:37 GMT
Expires: Fri, 20 Mar 2009 00:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Pragma: no-cache
X-Sovrn-Pod: ad_ap1ams1

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame 9806 3 KB
2 KB 44ms
28ms Document
text/html 23.35.236.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-247.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 1387
Content-Type: text/html; charset=UTF-8
Date: Tue, 16 Aug 2022 13:05:37 GMT
ETag: "e20015-b68-5e4a60c97afb7"
Last-Modified: Mon, 25 Jul 2022 19:18:30 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Server: Apache
Vary: Accept-Encoding

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame ABC7 31 KB
10 KB 42ms
39ms Script
text/html 104.109.78.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-78-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: c3d3e53145b2e47ef3c4a2a08c8a644b8acf51380859a40d48a39447646e9a02

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:37 GMT
Content-Encoding: gzip
Last-Modified: Tue, 12 Jul 2022 20:44:25 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=54489
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9450
Expires: Wed, 17 Aug 2022 04:13:46 GMT

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 61C1 52 KB
17 KB 20ms
19ms Document
text/html 151.101.65.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 30241
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Tue, 16 Aug 2022 13:05:37 GMT
ETag: W/"623de86a-cf34"
Expires: Wed, 03 Aug 2022 04:41:10 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 2, 486789
X-Served-By: cache-lga21945-LGA, cache-hhn4060-HHN
X-Timer: S1660655138.667451,VS0,VE0

GET
H/1.1 204
No Content beacon
ap.lijit.com/ Frame C7B7 0
0 52ms
51ms Document
text/plain 72.251.249.14
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/beacon?informer=13406526
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.14 Amsterdam, Netherlands, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Date: Tue, 16 Aug 2022 13:05:37 GMT
Expires: Fri, 20 Mar 2009 00:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Pragma: no-cache
X-Sovrn-Pod: ad_ap1ams1

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame F425 3 KB
2 KB 64ms
52ms Document
text/html 23.35.236.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-247.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 1387
Content-Type: text/html; charset=UTF-8
Date: Tue, 16 Aug 2022 13:05:37 GMT
ETag: "e20015-b68-5e4a60c97afb7"
Last-Modified: Mon, 25 Jul 2022 19:18:30 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Server: Apache
Vary: Accept-Encoding

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame CF5F 281 B
554 B 16ms
16ms Document
text/html 104.109.78.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-78-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Tue, 16 Aug 2022 13:05:37 GMT
ETag: "40014-119-5d32342a551c0"
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H3 200 pd Show response
u.openx.net/w/1.0/ Frame A313 0
35 B 52ms
52ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 20
content-type: text/html
date: Tue, 16 Aug 2022 13:05:37 GMT
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H2

200

usermatch Show response
r.casalemedia.com/ Frame D76A
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

2 KB
1 KB

209ms
46ms

Document
text/html

104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e6402ac5397eb6c7b4de6a3ae7261c988bc079b52c8572d90d203a60af600179

Request headers

Referer: https://js-sec.indexww.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 73ba61f46ac55bf9-FRA
content-encoding: br
content-type: text/html
date: Tue, 16 Aug 2022 13:05:38 GMT
dropped-udsids: 241|45|230|39|64|218|8|26
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: 0
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HwsIN94bkpoCb0ZJGkD7ueymwYnF2yZB9F%2BD%2Fa3vWJQx9gjgS57xn5zyX16jWZEoCsT2hAbl3YifjRfYNKf2VuD%2FKFruEQ8UWsYLdSIBFNC6DB5oIN2Dd3PjaiusmROwjdeU"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Is-Traffic-Usersync, Accept-Encoding

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 73ba61f2f9b9d611-CDG
content-type: text/html; charset=iso-8859-1
date: Tue, 16 Aug 2022 13:05:37 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: 0
location: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QllhYlDWYTN52yGAEKZYin2ON6kPhT4YJlWMMJlaYLTvQ29EnHXrf5GNfXIiuWxKJFJESjAD7YPqXYlHuiHJ%2BpBTDIY33jdPaMh%2FLQtuzLh3Q3KEFpg6ixeP3xShmRqqNNu2P7atVVbrUw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2

200

usermatch Show response
r.casalemedia.com/ Frame 9351
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

2 KB
2 KB

201ms
55ms

Document
text/html

104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fee45dea6b6a759eda32c66be24a1829d55e0b1bf2f2eaf604ba7d23c45fee87

Request headers

Referer: https://js-sec.indexww.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 73ba61f46ace5bf9-FRA
content-encoding: br
content-type: text/html
date: Tue, 16 Aug 2022 13:05:38 GMT
dropped-udsids: 230|241|45|39|105|18|46|156
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: 0
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L6%2Fm9tIZ%2B%2Fas%2BmWkBP0rtF6%2FGNWZYo9TaAXflZQuHFNdg%2BTTOVY7A3mxPD33rQCWh33k00AW0QUKi7ZPcd%2F2cnowxGmfJ3Sa6KUSizU9qeRx6oZdVXSpfScFDFjrd35vvFtz"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Is-Traffic-Usersync, Accept-Encoding

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 73ba61f2f9bed611-CDG
content-type: text/html; charset=iso-8859-1
date: Tue, 16 Aug 2022 13:05:37 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: 0
location: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gRB2RyIHT9550gnVT5OxaCALAhJNGvOX23sMKrZ48yVA%2FQIuRZFKM0Slvemve4sffxrCg5b7E8RVu9lGqfaI4zqXkrRCwDrqI2otBes0%2FQoczJEOujN%2BoQfVj7kLmC94HFLcJ%2FYL9A2TnA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 7AAB 0
741 B 24ms
23ms Script
text/html 185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:37 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: f49a77a7-2a0e-4e79-8125-14d2b26e1dc1
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame CF5F 31 KB
10 KB 17ms
17ms Script
text/html 104.109.78.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-78-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: c3d3e53145b2e47ef3c4a2a08c8a644b8acf51380859a40d48a39447646e9a02

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:37 GMT
Content-Encoding: gzip
Last-Modified: Tue, 12 Jul 2022 20:44:25 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=54489
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9450
Expires: Wed, 17 Aug 2022 04:13:46 GMT

GET
H2

200

usermatch Show response
r.casalemedia.com/ Frame 3792
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

2 KB
2 KB

202ms
40ms

Document
text/html

104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8d8ac63d43ae79c79e76dd78633ea482dfca27186cef3f522a3da4827f63523b

Request headers

Referer: https://js-sec.indexww.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 73ba61f46ac85bf9-FRA
content-encoding: br
content-type: text/html
date: Tue, 16 Aug 2022 13:05:38 GMT
dropped-udsids: 230|241|45|39|26|24|64|18
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: 0
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JazSFKc9i74eRY8obqBsXmIgQZ4m3ZEGxRX7ZxYhnYNzZ7q093lfgX%2B%2FpkjW1FnsiWsa3s1QKt2nB%2FNCLTdcS10XEzhFXEhNVni7TkCFKHIVKXVSx8rwtbTTSCs5I6U64Wnc"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Is-Traffic-Usersync, Accept-Encoding

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 73ba61f2f9bbd611-CDG
content-type: text/html; charset=iso-8859-1
date: Tue, 16 Aug 2022 13:05:37 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: 0
location: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o169FoHovDBe0jbSL9hg5BB5vFqgiebqyZMff%2BbiK%2BP4n9vKn%2BSLf8Wn0EBpPjoZRNe8%2Fzd8PUMGAHzKgPBwWhK9LIxidE9edb8IXy8NP90tdfYzL7sA8DMNcpcnxttflfPXEODlungQoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 86E0 31 KB
10 KB 42ms
41ms Script
text/html 104.109.78.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-78-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: c3d3e53145b2e47ef3c4a2a08c8a644b8acf51380859a40d48a39447646e9a02

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:37 GMT
Content-Encoding: gzip
Last-Modified: Tue, 12 Jul 2022 20:44:25 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=54489
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9450
Expires: Wed, 17 Aug 2022 04:13:46 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 61C1 0
741 B 23ms
22ms Script
text/html 185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:37 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: a980dfaa-5271-4dbf-badf-676e2e4e7757
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

usermatch Show response
r.casalemedia.com/ Frame F5C1
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

2 KB
1 KB

207ms
58ms

Document
text/html

104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: faa60c137438e48cbe0011d995abc59cb67f56aac3d800fd3be5ba3178e23898

Request headers

Referer: https://js-sec.indexww.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 73ba61f46acb5bf9-FRA
content-encoding: br
content-type: text/html
date: Tue, 16 Aug 2022 13:05:38 GMT
dropped-udsids: 39|230|45|241|156|176|4|195
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: 0
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MhlY14vNUoC%2FvHSVkaT%2F2kwBuKW5fV9ibj1IxtswjGb1EjkhIT6Bhvo59gk2fnNTHWOia0W7dS0D1eDhTpacAO7VlGK9qKPOQEI4CNugmIHAD9%2B0UTejQy2hrt8S0lRHGX7k"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Is-Traffic-Usersync, Accept-Encoding

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 73ba61f31a05d611-CDG
content-type: text/html; charset=iso-8859-1
date: Tue, 16 Aug 2022 13:05:37 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: 0
location: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PYWhHKRXUVRe8vbKlChtSVYJ%2BpyaGfwc%2BMIoMmQby8gekKiL%2BSnR9LurvKyeZnL1%2BbVzrnm%2B6ul2cI2odaimT3b6%2F9BvHWxmo7Hi6ucCzO65yZiLlcnxTiqS0DuTAhbJEeyiEkG0gI92Jw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2

200

usermatch Show response
r.casalemedia.com/ Frame 24AC
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

2 KB
1 KB

60ms
45ms

Document
text/html

104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 109ce385a2fc323a66203b9814aaf1e876a0688b87876aa2ecaec748f3d310a8

Request headers

Referer: https://js-sec.indexww.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 73ba61f46ad05bf9-FRA
content-encoding: br
content-type: text/html
date: Tue, 16 Aug 2022 13:05:38 GMT
dropped-udsids: 241|39|230|45|90|190|123|218
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: 0
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n%2F5t18K%2BeS2lZC5OZfBJSJMmCQYtLXWoTexqPo4aZvSJojuDtiVDFjWQUGMB4bwOVgyUcQ11Tlv%2FBGb%2BPbElcdPtWgEthuQRUOZq5xioMmm1exvGJ0YZSKSyB7VABchs9lhx"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Is-Traffic-Usersync, Accept-Encoding

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 73ba61f32a0dd611-CDG
content-type: text/html; charset=iso-8859-1
date: Tue, 16 Aug 2022 13:05:37 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: 0
location: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H5Gq6GKdc4vsOKdI4lABEwux%2BagbxWJGnK%2BSG%2Bh7%2FaCSBYg9djdgNKVjjnmHOBfNPYecK%2FciBaNoP5ExrLsb%2BFo5Dhpv8MQZggo4SddALMKIY6WHL2sZdYp4l3hpWyb9uPXg8U8itXnEmA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame F485 42 B
64 B 167ms
167ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuggttDaY_QtenHAAXGo00luXTvKcTDir7Y68AyD6RCKqafnLM0kodU-ZU7ulTcs3LBgWe9zYamUAFpUKT50B1COm8dnJUydavdJHf6arWeoq3Vdf7SYvdyidlVCyWiKEGA8nuxjYQq_A7N&sai=AMfl-YS64-ODl2a-g9gbQ2nGgbFeIMU0y7A5BOJbLzQ898AhFMxFJPO3aMfB_E7K8Vvr8UR2wDu57G-aAI8AgNTCxNFY_T2HcTZedGGeFh4XESsYI_DmIxDCh8pybMk&sig=Cg0ArKJSzClfe0pDVq4aEAE&cid=CAASF-RoONlCvp2gY1l17WuFZBiPy3ZfrttF&id=ampim&o=1270,408&d=600,600&ss=1600,1200&bs=1600,1200&mcvt=1035&mtos=0,0,0,1035,1035&tos=0,0,0,1035,0&tfs=4972&tls=6122&g=31.611979007720947&h=50&tt=6122&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=2924878311

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:37 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 204
No Content beacon
ap.lijit.com/ Frame 4D59 0
0 54ms
54ms Document
text/plain 72.251.249.14
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/beacon?informer=13406526
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.14 Amsterdam, Netherlands, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Date: Tue, 16 Aug 2022 13:05:37 GMT
Expires: Fri, 20 Mar 2009 00:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Pragma: no-cache
X-Sovrn-Pod: ad_ap1ams1

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 691C 52 KB
17 KB 15ms
15ms Document
text/html 151.101.65.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 30241
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Tue, 16 Aug 2022 13:05:37 GMT
ETag: W/"623de86a-cf34"
Expires: Wed, 03 Aug 2022 04:41:10 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 2, 486791
X-Served-By: cache-lga21945-LGA, cache-hhn4060-HHN
X-Timer: S1660655138.786439,VS0,VE0

GET
H/1.1 200
OK ixmatch.html Show response
js-sec.indexww.com/um/ Frame E158 3 KB
2 KB 63ms
61ms Document
text/html 23.35.236.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-247.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 1387
Content-Type: text/html; charset=UTF-8
Date: Tue, 16 Aug 2022 13:05:37 GMT
ETag: "e20015-b68-5e4a60c97afb7"
Last-Modified: Mon, 25 Jul 2022 19:18:30 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Server: Apache
Vary: Accept-Encoding

GET
H3 200 pd Show response
u.openx.net/w/1.0/ Frame 40FB 0
35 B 50ms
49ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 20
content-type: text/html
date: Tue, 16 Aug 2022 13:05:37 GMT
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 65B6 281 B
554 B 64ms
63ms Document
text/html 104.109.78.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-78-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Tue, 16 Aug 2022 13:05:37 GMT
ETag: "40014-119-5d32342a551c0"
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H2

200

usermatch Show response
r.casalemedia.com/ Frame 8A0A
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

1 KB
1 KB

70ms
57ms

Document
text/html

104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 10d7fdd2aec7f369e86e6540ec90f4ebf3e045692f8eeb3a98aa652422bcad18

Request headers

Referer: https://js-sec.indexww.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 73ba61f46ad35bf9-FRA
content-encoding: br
content-type: text/html
date: Tue, 16 Aug 2022 13:05:38 GMT
dropped-udsids: 46|73|3|130|17|41|64|90
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: 0
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y5Qvd7YrfcydATbVlXy9O1pmBW09yFI0TrStbbNLsY4quf2VstXcbpvbEApTMMmAIAIvY7m4aDa2fxMFEvaqKSMhgB65tGZldLXvoq7g2pWAzkp7WV%2FVXYTohxrcx0X4A96L"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Is-Traffic-Usersync, Accept-Encoding

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 73ba61f33a47d611-CDG
content-type: text/html; charset=iso-8859-1
date: Tue, 16 Aug 2022 13:05:37 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: 0
location: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ISZQEsOHQ5IhABerKY30dFkxEpZhVsL7EgvIET0%2BJ1F53%2BboWWSgHagfhQOvyEbd4AHIKaRzTn0cS8xPwXoAVzbqWm7xu7XVZnZLORckLDN44gLFZcViZEQefyzxbh3c4gk3mJ9oFfQ7pA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 228A
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=WJ2smhv6TDeFXk8N9IZMOA&rk=usync-na
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=WJ2smhv6TDeFXk8N9IZMOA

43 B
556 B

109ms
109ms

Image
image/gif

52.46.143.56
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=WJ2smhv6TDeFXk8N9IZMOA

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

HTTP/1.1

Server

52.46.143.56 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:38 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: VEWWG0S9H56TJV3SNG6Y
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=WJ2smhv6TDeFXk8N9IZMOA
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 4b510f0cc5fcbc9800016ef543086418
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 228A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEMpZQy1lnN6CRRADSLN6yTw&google_cver=1

0
239 B

144ms
19ms

Image
image/gif

69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEMpZQy1lnN6CRRADSLN6yTw&google_cver=1
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: HTTP/1.1
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 4b510f0cc5fcbc9800016ef543086418
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:37 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEMpZQy1lnN6CRRADSLN6yTw&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 451 709414.gif
id.rlcdn.com/ Frame 228A 0
98 B 195ms
24ms Image
text/plain 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/709414.gif
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:37 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2

200

setuid
px.ads.linkedin.com/ Frame 228A
Redirect Chain

https://token.rubiconproject.com/token?pid=36584
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L6W76UJ5-26-B83N

0
706 B

278ms
167ms

Image
text/plain

2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L6W76UJ5-26-B83N
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:37 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 77FB7134EAA243EA85C1BCC9ACCE1F42 Ref B: FRAEDGE1308 Ref C: 2022-08-16T13:05:37Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXmW2eZCPBh8+ef7kWXxg==

Redirect headers

Location: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L6W76UJ5-26-B83N
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2

204

v1
ads.yahoo.com/cms/ Frame 228A
Redirect Chain

https://token.rubiconproject.com/token?pid=26594
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L6W76UJ5-26-B83N&sigv=1&esig=2~46c7b366bb2c3e951f3e98f93a8d8fd6216fc88e

0
194 B

144ms
33ms

Image
text/plain

2a00:1288:f03d:1fa::4000
YAHOO-1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L6W76UJ5-26-B83N&sigv=1&esig=2~46c7b366bb2c3e951f3e98f93a8d8fd6216fc88e

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Server

2a00:1288:f03d:1fa::4000 , United Kingdom, ASN10310 (YAHOO-1, US),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:37 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

Redirect headers

Location: https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L6W76UJ5-26-B83N&sigv=1&esig=2~46c7b366bb2c3e951f3e98f93a8d8fd6216fc88e
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 228A
Redirect Chain

https://token.rubiconproject.com/token?pid=25470
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDZXNzZVSjUtMjYtQjgzTg==

170 B
188 B

61ms
28ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDZXNzZVSjUtMjYtQjgzTg==

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:37 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDZXNzZVSjUtMjYtQjgzTg==
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 228A
Redirect Chain

https://token.rubiconproject.com/token?pid=2249&pt=n
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=ZjA4MGU2YmE3NDA5NzllZmRhYzMwZDY3ZTdiNWUzZTNiMTcwY2Q2NA

170 B
188 B

60ms
27ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=ZjA4MGU2YmE3NDA5NzllZmRhYzMwZDY3ZTdiNWUzZTNiMTcwY2Q2NA

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:37 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=ZjA4MGU2YmE3NDA5NzllZmRhYzMwZDY3ZTdiNWUzZTNiMTcwY2Q2NA
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

ecm3
aax-eu.amazon-adsystem.com/s/ Frame 228A
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=tIIWAQ7FQeaQgMm6YZwk4A&rk=usync-other
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=tIIWAQ7FQeaQgMm6YZwk4A

43 B
556 B

41ms
41ms

Image
image/gif

52.95.118.179
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=tIIWAQ7FQeaQgMm6YZwk4A

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

HTTP/1.1

Server

52.95.118.179 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:38 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: VN5MT2A882PVGANYVYR9
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=tIIWAQ7FQeaQgMm6YZwk4A
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 4b510f0cc5fcbc9800016ef543086418
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 691C 0
741 B 24ms
23ms Script
text/html 185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:37 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: dbe495b7-540c-4065-862c-759d518a21b7
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 65B6 31 KB
10 KB 47ms
47ms Script
text/html 104.109.78.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-78-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: c3d3e53145b2e47ef3c4a2a08c8a644b8acf51380859a40d48a39447646e9a02

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:38 GMT
Content-Encoding: gzip
Last-Modified: Tue, 12 Jul 2022 20:44:25 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=54488
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9450
Expires: Wed, 17 Aug 2022 04:13:46 GMT

GET
H3 200 usermatch Show response
ssum-sec.casalemedia.com/ Frame 75D6 2 KB
2 KB 148ms
103ms Document
text/html 104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Requested by: Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6a7ed7044c6ce89fa5dfbff5be18e925d18753244a943905fb5009a22e1528b2

Request headers

Referer: https://js-sec.indexww.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 73ba61f4bfc699dc-CDG
content-encoding: br
content-type: text/html
date: Tue, 16 Aug 2022 13:05:38 GMT
dropped-udsids: 4|206|88|65|3|31|81|188
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: 0
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Plla90GhOYlVlgvJRkzOtEwsubR2ujJ3o6g8dSr%2FtALXRmoDR5t%2FImI52iWqONizFoyOCzcckqjMeM94wUe%2FE%2BOS9B%2Bxyw6H0jGKIwItgltNVEA5KMm09JtwUYcVgEGAmX%2B1Ktd3A%2FFddA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Is-Traffic-Usersync, Accept-Encoding

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame 3792 170 B
188 B 40ms
28ms Image
image/png 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YvuWIb4Ni5Ixzz26htiDoAAABLIAAAIB&gdpr_consent=&us_privacy=&gdpr=1

Requested by

Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame 3792
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YvuWIb4Ni5Ixzz26htiDoAAABLIAAAIB
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YvuWIb4Ni5Ixzz26htiDoAAABLIAAAIB&dcc=t

43 B
645 B

109ms
109ms

Image
image/gif

52.46.143.56
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YvuWIb4Ni5Ixzz26htiDoAAABLIAAAIB&dcc=t

Requested by

Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Protocol

HTTP/1.1

Server

52.46.143.56 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:38 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: XQH8X4SDW4WGEQ2T5XBQ
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:38 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 35K7E26VQA6X0J656XJ9
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YvuWIb4Ni5Ixzz26htiDoAAABLIAAAIB&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

crum
dsum-sec.casalemedia.com/ Frame 3792
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YvuWIf7lsxcWdNTum-tKHQAA
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEFVuKJ4I4FnEDg4sU0Ft2PY&google_cver=1&gdpr=1

43 B
908 B

43ms
41ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEFVuKJ4I4FnEDg4sU0Ft2PY&google_cver=1&gdpr=1
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

cf-ray: 73ba61f59f649bf5-FRA
pragma: no-cache
date: Tue, 16 Aug 2022 13:05:38 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LY7pf71glQdH27kgpC8BaJl8Vskr3wRDsHRi%2FJErU02jKPYZMjGaj7Bx2anzkOJYz%2BnM4iQi5aopHH2BbFxUwP5lb8HdRrDB0SmYFc4W0%2F%2FEs6I8uSLpLYBEWzt90tBFIxrRghp7Q5DDlw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:38 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEFVuKJ4I4FnEDg4sU0Ft2PY&google_cver=1&gdpr=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 325
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame 3792 70 B
264 B 154ms
41ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:38 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 200 /
sync.taboola.com/sg/indexscod/1/cm/ Frame 3792 0
99 B 88ms
24ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.taboola.com/sg/indexscod/1/cm/?us_privacy=&gdpr=1&gdpr_consent=&id=YvuWIb4Ni5Ixzz26htiDoAAA%261202
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:38 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 22607

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 3792
Redirect Chain

https://csync.loopme.me/?redirect=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D24%26external_user_id%3D%7Bviewer_token%7D&us_privacy=&gdpr=1&gdpr_consent=
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=24&external_user_id=9f0e1a55-879d-4459-afbb-46b09f03cbae&us_privacy=null&gdpr_consent=null&gdpr=1

43 B
565 B

67ms
42ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=24&external_user_id=9f0e1a55-879d-4459-afbb-46b09f03cbae&us_privacy=null&gdpr_consent=null&gdpr=1
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:38 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BmpS6qSApGakeqyaAmhBaNYjsJD%2BYxeR8XO3AzMOg4Zt%2FyssqAVwP7%2BDske%2Bry5yQjoSNOZ5icP%2BA19IDu6khdhwbiH%2BtaQk95PZBoWtffAOox1d6qEjVECM5tuZc11IOGSB%2FzsxgKGEYw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: no-cache
cf-ray: 73ba61f59f5e9bf5-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

date: Tue, 16 Aug 2022 13:05:38 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=24&external_user_id=9f0e1a55-879d-4459-afbb-46b09f03cbae&us_privacy=null&gdpr_consent=null&gdpr=1
cf-ray: 73ba61f52ca301f0-ZRH
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ Frame 3792 0
191 B 126ms
35ms Image
text/plain 66.155.71.150
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=48&gdpr=1
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 66.155.71.150 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:37 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H3

200

crum
dsum-sec.casalemedia.com/ Frame 3792
Redirect Chain

https://s.company-target.com/s/ix?cm_dsp_id=18&us_privacy=&gdpr=1&gdpr_consent=
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=18&expiration=1676552738&external_user_id=a5a2b5bd-6a0c-443d-af21-895923bd36e9

43 B
912 B

47ms
47ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=18&expiration=1676552738&external_user_id=a5a2b5bd-6a0c-443d-af21-895923bd36e9
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

cf-ray: 73ba61f729849bf5-FRA
pragma: no-cache
date: Tue, 16 Aug 2022 13:05:38 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=COP9UOt0a0ZYhoTzIuc6C3kT%2BxHyBDBvC1ZGAIaXQ%2BD0i6qufgXHonsCTh8%2FxlgEZA0u1%2BWy63evRNwCrjygh96gOx%2BVGKzqtYkg%2FU3sYztu1rE5itxoQGaVvNXe6TGbQP2Rylk9GK8Tfw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=18&expiration=1676552738&external_user_id=a5a2b5bd-6a0c-443d-af21-895923bd36e9
date: Tue, 16 Aug 2022 13:05:38 GMT
access-control-allow-origin: *.casalemedia.com
content-length: 157
access-control-allow-methods: GET,OPTIONS
content-type: text/html; charset=utf-8

GET
H2 200 htw-pixel.gif
cdn.indexww.com/ht/ Frame 3792 43 B
104 B 122ms
36ms Image
image/gif 2606:4700::6812:c4c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.indexww.com/ht/htw-pixel.gif?YvuWIb4Ni5Ixzz26htiDoAAA%261202
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:c4c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:38 GMT
cf-cache-status: HIT
age: 240
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
edge-control: cache-maxage=1h
content-length: 43
last-modified: Tue, 24 Jan 2017 19:36:04 GMT
server: cloudflare
etag: "902a3d-2b-546dc3a097100"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 73ba61f568b701db-ZRH
expires: Tue, 16 Aug 2022 17:05:38 GMT

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame 24AC
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YvuWIUBIcrYP1SO89p2MwQAABJQAAAIB
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YvuWIUBIcrYP1SO89p2MwQAABJQAAAIB&dcc=t

43 B
645 B

107ms
107ms

Image
image/gif

52.46.143.56
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YvuWIUBIcrYP1SO89p2MwQAABJQAAAIB&dcc=t

Requested by

Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Protocol

HTTP/1.1

Server

52.46.143.56 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:38 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: VWPA8SAVFPERY1R0WWN2
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:38 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: A6JK7HB85WZ1E97H1DSE
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YvuWIUBIcrYP1SO89p2MwQAABJQAAAIB&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame 24AC 70 B
265 B 151ms
40ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:38 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame 24AC 170 B
188 B 28ms
26ms Image
image/png 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YvuWIUBIcrYP1SO89p2MwQAABJQAAAIB&gdpr_consent=&us_privacy=&gdpr=1

Requested by

Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

crum
dsum-sec.casalemedia.com/ Frame 24AC
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YvuWIf7lsxcWdNTum-tKHQAA
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEFVuKJ4I4FnEDg4sU0Ft2PY&google_cver=1&gdpr=1

43 B
917 B

42ms
42ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEFVuKJ4I4FnEDg4sU0Ft2PY&google_cver=1&gdpr=1
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

cf-ray: 73ba61f59f669bf5-FRA
pragma: no-cache
date: Tue, 16 Aug 2022 13:05:38 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nuOLE7oJ5tCpYoy%2Bvw8WU9lfILA8wOEF%2FIo%2F%2FjTjgsEwKaTHRR11X1oxTDDdgMjCGuizN1bgMWvAfzy%2Bh%2Fe%2FKQ7aj%2F8kTZLCF9OLH6vzKD01o%2FFhQEcwPiiXmfIwl6TqvSip8kxpxW4UCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:38 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEFVuKJ4I4FnEDg4sU0Ft2PY&google_cver=1&gdpr=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 325
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

204

no_match_opted_out
um.simpli.fi/ Frame 24AC
Redirect Chain

https://um.simpli.fi/pm_match?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=$UID&gdpr=1
https://um.simpli.fi/no_match_opted_out

0
272 B

51ms
50ms

Image
text/plain

169.50.137.184
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/no_match_opted_out

Requested by

Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Protocol

Server

169.50.137.184 , United States, ASN36351 (SOFTLAYER, US),

Reverse DNS

b8.89.32a9.ip4.static.sl-reverse.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 16 Aug 2022 13:05:38 GMT
x-content-type-options: nosniff
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS

Redirect headers

date: Tue, 16 Aug 2022 13:05:38 GMT
x-content-type-options: nosniff
server: nginx
location: /no_match_opted_out
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 138
expires: Mon, 15 Aug 2022 13:05:38 GMT

GET
H/1.1 400
Request failed due to privacy signals getuid
ib.adnxs.com/ Frame 24AC 0
0 24ms
22ms Image
text/html 185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ib.adnxs.com/getuid?https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=$UID&gdpr=1
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS: 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 24AC
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=68&gdpr=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=123&external_user_id=t1_dwN0cQD59TwSgYl63QsEbDgo

43 B
906 B

33ms
32ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=123&external_user_id=t1_dwN0cQD59TwSgYl63QsEbDgo
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

cf-ray: 73ba61f7ba5f9bf5-FRA
pragma: no-cache
date: Tue, 16 Aug 2022 13:05:38 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n148emlZ74KN1wA3TeYP4vYQUmmJrDh7X5%2BJrXfmJI2u3WMPteMYyVvqGSAPQ1mSP0Tda0oiInIf1nyFBM1bDYlebxBjR3RhNtMlbHYNoDbY5jcOopzErTksS5NoUQEarzTq9xqiWJVk%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=123&external_user_id=t1_dwN0cQD59TwSgYl63QsEbDgo
Date: Tue, 16 Aug 2022 13:05:38 GMT
Connection: keep-alive
Content-Length: 122
Content-Type: text/html; charset=utf-8

GET
H/1.1 200
OK ibs:dpid=23728&dpuuid=YvuWIUBIcrYP1SO89p2MwQAA%261172
dpm.demdex.net/ Frame 24AC 0
0 271ms
61ms Image
application/json 52.49.126.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dpm.demdex.net/ibs:dpid=23728&dpuuid=YvuWIUBIcrYP1SO89p2MwQAA%261172?gdpr_consent=&us_privacy=&gdpr=1
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.49.126.217 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-49-126-217.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

GET
H2 200 htw-pixel.gif
cdn.indexww.com/ht/ Frame 24AC 43 B
103 B 90ms
30ms Image
image/gif 2606:4700::6812:c4c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.indexww.com/ht/htw-pixel.gif?YvuWIUBIcrYP1SO89p2MwQAA%261172
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:c4c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:38 GMT
cf-cache-status: HIT
age: 240
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
edge-control: cache-maxage=1h
content-length: 43
last-modified: Tue, 24 Jan 2017 19:36:04 GMT
server: cloudflare
etag: "902a3d-2b-546dc3a097100"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 73ba61f568bc01db-ZRH
expires: Tue, 16 Aug 2022 17:05:38 GMT

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame D76A
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YvuWIWhdEcXKNUAsPdUQCgAABLoAAAAB
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YvuWIWhdEcXKNUAsPdUQCgAABLoAAAAB&dcc=t

43 B
645 B

109ms
109ms

Image
image/gif

52.46.143.56
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YvuWIWhdEcXKNUAsPdUQCgAABLoAAAAB&dcc=t

Requested by

Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Protocol

HTTP/1.1

Server

52.46.143.56 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:38 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 843HP20S5MG4KS75FXRT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:38 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: AGG32T5V05ERA62G7MMB
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YvuWIWhdEcXKNUAsPdUQCgAABLoAAAAB&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

crum
dsum-sec.casalemedia.com/ Frame D76A
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YvuWIf7lsxcWdNTum-tKHQAA
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEFVuKJ4I4FnEDg4sU0Ft2PY&google_cver=1&gdpr=1

43 B
914 B

44ms
42ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEFVuKJ4I4FnEDg4sU0Ft2PY&google_cver=1&gdpr=1
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

cf-ray: 73ba61f59f609bf5-FRA
pragma: no-cache
date: Tue, 16 Aug 2022 13:05:38 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t8H39IUwIv%2BtXXqkH%2FKI8ZpSh5luNvzsj0q6CVGZKQ1WPIIUKsX%2B%2Bvp1deNrJwH41Zv48GXoaPAjcYmTp7M6uHCXz5yAXyIVpdgRDTMf8jIGdgt0T4%2F83BoBnl9IqDzM0MRXlL%2B1THN0AA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:38 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEFVuKJ4I4FnEDg4sU0Ft2PY&google_cver=1&gdpr=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 325
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame D76A 170 B
188 B 26ms
25ms Image
image/png 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YvuWIWhdEcXKNUAsPdUQCgAABLoAAAAB&gdpr_consent=&us_privacy=&gdpr=1

Requested by

Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame D76A 70 B
264 B 119ms
42ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:38 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ Frame D76A 0
191 B 97ms
42ms Image
text/plain 66.155.71.150
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=48&gdpr=1
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 66.155.71.150 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:37 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H/1.1 200
OK ibs:dpid=23728&dpuuid=YvuWIWhdEcXKNUAsPdUQCgAA%261210
dpm.demdex.net/ Frame D76A 0
0 265ms
62ms Image
application/json 52.49.126.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dpm.demdex.net/ibs:dpid=23728&dpuuid=YvuWIWhdEcXKNUAsPdUQCgAA%261210?gdpr_consent=&us_privacy=&gdpr=1
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.49.126.217 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-49-126-217.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

GET
H3

200

crum
dsum-sec.casalemedia.com/ Frame D76A
Redirect Chain

https://beacon.lynx.cognitivlabs.com/ix.gif
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=8&external_user_id=c4cd75d5-2d97-4fee-9cd4-2f0c6c07bc9b&expiration=1692191138

43 B
915 B

38ms
37ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=8&external_user_id=c4cd75d5-2d97-4fee-9cd4-2f0c6c07bc9b&expiration=1692191138
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

cf-ray: 73ba61f749b29bf5-FRA
pragma: no-cache
date: Tue, 16 Aug 2022 13:05:38 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tFplqJnMDDM5w3CnaI5NyJPggZKe59yWT33Ch42uBYDUUQU0aNoXZn6c1sSnvOPAeUi3%2Bde%2FWA%2F87cKTLevUpM7lwW%2FZz%2FYLFcHmZA%2FDfyZpLiJL5unvPremgc%2BLP3U1W5EdbQIFswNTKA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=8&external_user_id=c4cd75d5-2d97-4fee-9cd4-2f0c6c07bc9b&expiration=1692191138
date: Tue, 16 Aug 2022 13:05:38 GMT
server: Kestrel
content-length: 0

GET
H2 200 /
sync.taboola.com/sg/indexscod/1/cm/ Frame D76A 0
98 B 51ms
24ms Image
text/plain 141.226.228.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.taboola.com/sg/indexscod/1/cm/?us_privacy=&gdpr=1&gdpr_consent=&id=YvuWIWhdEcXKNUAsPdUQCgAA%261210
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:38 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 22607

GET
H2 200 htw-pixel.gif
cdn.indexww.com/ht/ Frame D76A 43 B
104 B 85ms
35ms Image
image/gif 2606:4700::6812:c4c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.indexww.com/ht/htw-pixel.gif?YvuWIWhdEcXKNUAsPdUQCgAA%261210
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:c4c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:38 GMT
cf-cache-status: HIT
age: 240
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
edge-control: cache-maxage=1h
content-length: 43
last-modified: Tue, 24 Jan 2017 19:36:04 GMT
server: cloudflare
etag: "902a3d-2b-546dc3a097100"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 73ba61f568be01db-ZRH
expires: Tue, 16 Aug 2022 17:05:38 GMT

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame 9351 170 B
188 B 26ms
25ms Image
image/png 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YvuWIdASdaKEXHVnQ0DVLQAABIcAAAAB&gdpr_consent=&us_privacy=&gdpr=1

Requested by

Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame 9351
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YvuWIdASdaKEXHVnQ0DVLQAABIcAAAAB
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YvuWIdASdaKEXHVnQ0DVLQAABIcAAAAB&dcc=t

43 B
645 B

111ms
109ms

Image
image/gif

52.46.143.56
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YvuWIdASdaKEXHVnQ0DVLQAABIcAAAAB&dcc=t

Requested by

Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Protocol

HTTP/1.1

Server

52.46.143.56 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:38 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 0JS062YTNWNDKRB4FNG7
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:38 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 1RR4XTC8J3XAVGEQPN1G
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YvuWIdASdaKEXHVnQ0DVLQAABIcAAAAB&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

crum
dsum-sec.casalemedia.com/ Frame 9351
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YvuWIf7lsxcWdNTum-tKHQAA
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEFVuKJ4I4FnEDg4sU0Ft2PY&google_cver=1&gdpr=1

43 B
911 B

42ms
40ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEFVuKJ4I4FnEDg4sU0Ft2PY&google_cver=1&gdpr=1
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

cf-ray: 73ba61f59f639bf5-FRA
pragma: no-cache
date: Tue, 16 Aug 2022 13:05:38 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VPqflVlv1wDpZ%2FPBKf9jM7OhufWTFZuB4zPJSU4rWXth1LWibiFjMNJ4EHHeYEo5xmUmOhmPcoVnfU7lX01sknjhXeMcrLtT%2BhwHfEQ%2BW4t8egjYJQOW8pjSE8jdHJEGcFj%2FrpPAulV%2B6A%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:38 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEFVuKJ4I4FnEDg4sU0Ft2PY&google_cver=1&gdpr=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 325
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame 9351 70 B
264 B 113ms
41ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:38 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

crum
dsum-sec.casalemedia.com/ Frame 9351
Redirect Chain

https://d.adroll.com/cm/index/ssp?gdpr=1
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=105&external_user_id=0

43 B
906 B

33ms
32ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=105&external_user_id=0
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

cf-ray: 73ba61f698c09bf5-FRA
pragma: no-cache
date: Tue, 16 Aug 2022 13:05:38 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VUM2HuetlmH0fdjBolNUAdL9TEwNdok0CcMu%2Fei5LjqlVUYa5bFVeRmc%2B91iMqYs0Jd5g5rZ60gnwoT1A2MRyOLIcEQV9Dkp2m%2BZNybJDF87TvUJpwT4uGqWikv4WFGPCqtjq1F2iprdTA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=105&external_user_id=0
date: Tue, 16 Aug 2022 13:05:38 GMT
server: nginx/1.20.0
content-length: 76

GET
H3

200

crum
dsum-sec.casalemedia.com/ Frame 9351
Redirect Chain

https://s.company-target.com/s/ix?cm_dsp_id=18&us_privacy=&gdpr=1&gdpr_consent=
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=18&expiration=1676552738&external_user_id=acd2c2b5-39d5-4390-90dc-61c526374588

43 B
910 B

39ms
38ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=18&expiration=1676552738&external_user_id=acd2c2b5-39d5-4390-90dc-61c526374588
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

cf-ray: 73ba61f729819bf5-FRA
pragma: no-cache
date: Tue, 16 Aug 2022 13:05:38 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=39l5eV5p%2BVOqQqSRnhxq6NmOU7np1XfhRmEOckrVVnPLya4%2BMiCPRl2mNLHfMkgoshX9ejVf1B915V64yeqx6SaN6%2BDRaK7bVYVMQkEzIsQ3YiI2eqQhuYgu5CZPQJn%2FXB2l%2FGC5vclrlg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=18&expiration=1676552738&external_user_id=acd2c2b5-39d5-4390-90dc-61c526374588
date: Tue, 16 Aug 2022 13:05:38 GMT
access-control-allow-origin: *.casalemedia.com
content-length: 157
access-control-allow-methods: GET,OPTIONS
content-type: text/html; charset=utf-8

GET
H/1.1 400
Request failed due to privacy signals getuid
secure.adnxs.com/ Frame 9351 0
0 70ms
22ms Image
text/html 185.89.210.46
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID&gdpr=1
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 185.89.210.46 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS: 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

GET
H/1.1 200
OK cookiesync
bttrack.com/pixel/ Frame 9351 35 B
380 B 431ms
106ms Image
image/gif 192.132.33.46
BIDTELLECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bttrack.com/pixel/cookiesync?source=67e94f23-25d6-4008-8236-375d1743c2e0&secure=1
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 192.132.33.46 , United States, ASN18568 (BIDTELLECT, US),
Reverse DNS: 46.bidtellect.com
Software: Microsoft-IIS/8.5 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

X-ServerName: Track004-iad
Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:14 GMT
X-AspNetMvc-Version: 5.2
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
P3P: CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
Cache-Control: private,no-cache
Content-Type: image/gif
Content-Length: 35
Expires: -1

GET
H2 200 htw-pixel.gif
cdn.indexww.com/ht/ Frame 9351 43 B
104 B 81ms
36ms Image
image/gif 2606:4700::6812:c4c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.indexww.com/ht/htw-pixel.gif?YvuWIdASdaKEXHVnQ0DVLQAA%261159
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:c4c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:38 GMT
cf-cache-status: HIT
age: 240
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
edge-control: cache-maxage=1h
content-length: 43
last-modified: Tue, 24 Jan 2017 19:36:04 GMT
server: cloudflare
etag: "902a3d-2b-546dc3a097100"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 73ba61f568c001db-ZRH
expires: Tue, 16 Aug 2022 17:05:38 GMT

GET
H/1.1 400
Request failed due to privacy signals getuid
secure.adnxs.com/ Frame 8A0A 0
0 70ms
22ms Image
text/html 185.89.210.46
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID&gdpr=1
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 185.89.210.46 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS: 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

GET
H2 200 YvuWIUBIcrYP1SO89p2MwQAABJQAAAIB
pr-bh.ybp.yahoo.com/sync/casale/ Frame 8A0A 43 B
989 B 143ms
44ms Image
image/gif 2a05:d018:d29:3601:2eab:9250:340e:ef2b
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/casale/YvuWIUBIcrYP1SO89p2MwQAABJQAAAIB?gdpr_consent=&us_privacy=&gdpr=1

Requested by

Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a05:d018:d29:3601:2eab:9250:340e:ef2b Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:38 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff

GET
H3

200

crum
dsum-sec.casalemedia.com/ Frame 8A0A
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=15&redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D3%26external_user_id%3D%5BMM_UUID%5D&gdpr=1
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=661f62fb-961b-4500-92f9-12a388ac2c6f&gdpr=1&gdpr_consent=

43 B
910 B

34ms
33ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=661f62fb-961b-4500-92f9-12a388ac2c6f&gdpr=1&gdpr_consent=
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

cf-ray: 73ba61f6e9279bf5-FRA
pragma: no-cache
date: Tue, 16 Aug 2022 13:05:38 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C8lV%2BwRuKXesNTTxErzdupGISthpZZrenw3XdtL2E5dmsMgfSD%2FPumu6h7mHdBTH%2FQJPmLYDElc6H2eZnpIuGlcnkLZTo9FPhCXVXhusTcYp8ZEQtKorCjUC2Rtuyfq490IF6%2BYOJEJY7w%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

Date: Tue, 16 Aug 2022 13:05:38 GMT
Server: MT3 4475 c1dc35a master nrt-pixel-x15 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=661f62fb-961b-4500-92f9-12a388ac2c6f&gdpr=1&gdpr_consent=
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Tue, 16 Aug 2022 13:05:37 GMT

GET
H3

200

crum
dsum-sec.casalemedia.com/ Frame 8A0A
Redirect Chain

https://match.prod.bidr.io/cookie-sync/ie?gdpr=1
https://match.prod.bidr.io/cookie-sync/ie?gdpr=1&_bee_ppp=1
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AADvkk7F9ywAAA6L_n_dxQ&expiration=1661864738&gdpr=1

43 B
901 B

45ms
45ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AADvkk7F9ywAAA6L_n_dxQ&expiration=1661864738&gdpr=1
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

cf-ray: 73ba61f6686d9bf5-FRA
pragma: no-cache
date: Tue, 16 Aug 2022 13:05:38 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hmE4wpF9o11YR8eId73jZmDPSIwIZJEta2J309lEqRzL0Y9a3ls3ZPjK2cM1SeIPcTCJ1EGY6TrRApdoBnf0a4zZvEIxd0gnZIxPyrQwXe2ni74ls5kx12KUq1sn0BF79t4Th3UrRbrMWA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AADvkk7F9ywAAA6L_n_dxQ&expiration=1661864738&gdpr=1
Date: Tue, 16 Aug 2022 13:05:38 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0
strict-transport-security: max-age=2592000; includeSubDomains

GET
H3

200

crum
dsum-sec.casalemedia.com/ Frame 8A0A
Redirect Chain

https://b1sync.zemanta.com/usersync/index/?us_privacy=&gdpr=1&gdpr_consent=
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=&gdpr=1

43 B
912 B

38ms
37ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=&gdpr=1
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

cf-ray: 73ba61f81aec9bf5-FRA
pragma: no-cache
date: Tue, 16 Aug 2022 13:05:38 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MBzsK47fIYGs3e6YOIGkN9Tship%2BlubZPn2YEpVYEd4hYeFdyvSnXvupFl%2BYvxJlAY4SHarrEK59K3POusWIw6%2FjXARqVvf1vqjDPjExdTURmzlSaY%2B7LrSmtr0%2Bhd3D4NDvsS2MUFLunQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

Location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=&gdpr=1
Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:38 GMT
Cache-Control: no-cache, no-store, must-revalidate
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Content-Length: 106
Content-Type: text/html; charset=utf-8

GET
H/1.1 200
OK bridge
cm.adgrx.com/ Frame 8A0A 43 B
408 B 136ms
33ms Image
image/gif 72.251.241.204
SINGLEHOP-LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adgrx.com/bridge?AG_PID=casale&AG_SETCOOKIE&gdpr=1
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 72.251.241.204 Amsterdam, Netherlands, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software: Cowboy /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:38 GMT
server: Cowboy
P3P: CP="NOI OTC OTP OUR NOR"
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate, proxy-revalidate
Connection: keep-alive
Content-Type: image/gif
X-RealServer-NX: ams-delivery-6
Content-Length: 43
Expires: Thu, 23 Sep 2004 17:42:04 GMT

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ Frame 8A0A 0
191 B 92ms
43ms Image
text/plain 66.155.71.150
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=48&gdpr=1
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 66.155.71.150 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:37 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2

204

no_match_opted_out
um.simpli.fi/ Frame 8A0A
Redirect Chain

https://um.simpli.fi/pm_match?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=$UID&gdpr=1
https://um.simpli.fi/no_match_opted_out

0
272 B

50ms
49ms

Image
text/plain

169.50.137.184
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/no_match_opted_out

Requested by

Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Protocol

Server

169.50.137.184 , United States, ASN36351 (SOFTLAYER, US),

Reverse DNS

b8.89.32a9.ip4.static.sl-reverse.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 16 Aug 2022 13:05:38 GMT
x-content-type-options: nosniff
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS

Redirect headers

date: Tue, 16 Aug 2022 13:05:38 GMT
x-content-type-options: nosniff
server: nginx
location: /no_match_opted_out
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 138
expires: Mon, 15 Aug 2022 13:05:38 GMT

GET
H2 200 htw-pixel.gif
cdn.indexww.com/ht/ Frame 8A0A 43 B
424 B 74ms
30ms Image
image/gif 2606:4700::6812:c4c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.indexww.com/ht/htw-pixel.gif?YvuWIUBIcrYP1SO89p2MwQAA%261172
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:c4c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:38 GMT
cf-cache-status: HIT
age: 240
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
edge-control: cache-maxage=1h
content-length: 43
last-modified: Tue, 24 Jan 2017 19:36:04 GMT
server: cloudflare
etag: "902a3d-2b-546dc3a097100"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 73ba61f568c201db-ZRH
expires: Tue, 16 Aug 2022 17:05:38 GMT

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame F5C1 70 B
264 B 123ms
42ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:38 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame F5C1 170 B
188 B 27ms
27ms Image
image/png 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YvuWIf7lsxcWdNTum_tKHQAABL0AAAIB&gdpr_consent=&us_privacy=&gdpr=1

Requested by

Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

crum
dsum-sec.casalemedia.com/ Frame F5C1
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YvuWIf7lsxcWdNTum-tKHQAA
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEFVuKJ4I4FnEDg4sU0Ft2PY&google_cver=1&gdpr=1

43 B
945 B

35ms
32ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEFVuKJ4I4FnEDg4sU0Ft2PY&google_cver=1&gdpr=1
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

cf-ray: 73ba61f59f629bf5-FRA
pragma: no-cache
date: Tue, 16 Aug 2022 13:05:38 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UowSd3eQPFADzQQITZAjh2cP9OBcvJpeNg6ALysu%2BLDzJI9SK4vhbmxr2Q%2FbBx0kJtfGqVPYSBBRyEw7fvk9Dwzw6DLlc1NHZI3qGXwtI7Bon%2FptOZjTWj83Jhga3o8b9MOjYgJD0rNvog%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:38 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEFVuKJ4I4FnEDg4sU0Ft2PY&google_cver=1&gdpr=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 325
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame F5C1
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YvuWIf7lsxcWdNTum_tKHQAABL0AAAIB
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YvuWIf7lsxcWdNTum_tKHQAABL0AAAIB&dcc=t

43 B
645 B

109ms
109ms

Image
image/gif

52.46.143.56
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YvuWIf7lsxcWdNTum_tKHQAABL0AAAIB&dcc=t

Requested by

Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1

Protocol

HTTP/1.1

Server

52.46.143.56 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:38 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: G28JJXGA805R3TG9GCK5
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:38 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: CFTDQNC7WBCZNYBXC82F
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YvuWIf7lsxcWdNTum_tKHQAABL0AAAIB&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK cookiesync
bttrack.com/pixel/ Frame F5C1 35 B
380 B 513ms
129ms Image
image/gif 192.132.33.46
BIDTELLECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bttrack.com/pixel/cookiesync?source=67e94f23-25d6-4008-8236-375d1743c2e0&secure=1
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 192.132.33.46 , United States, ASN18568 (BIDTELLECT, US),
Reverse DNS: 46.bidtellect.com
Software: Microsoft-IIS/8.5 /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

X-ServerName: Track004-iad
Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:14 GMT
X-AspNetMvc-Version: 5.2
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
P3P: CP="CAO DSP COR ADMo DEVo PSAo PSDo HISo IVAo IVDo OUR IND OTC"
Cache-Control: private,no-cache
Content-Type: image/gif
Content-Length: 35
Expires: -1

GET
H2 200 113
match.deepintent.com/usersync/ Frame F5C1 0
44 B 336ms
104ms Image
text/plain 169.197.150.8
DEEPINTENT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.deepintent.com/usersync/113
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 169.197.150.8 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS: g.deepintent.com
Software: b /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:37 GMT
content-length: 0
server: b

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame F5C1
Redirect Chain

https://ad.turn.com/r/cs?pid=21&gdpr=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=8064572279461375662

43 B
913 B

32ms
28ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=8064572279461375662
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

cf-ray: 73ba61f5dfa59bf5-FRA
pragma: no-cache
date: Tue, 16 Aug 2022 13:05:38 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q1QIjZB4OZkfvwhszOBb0WMlSF6dGYJ%2B650HJzmxIu8Q%2FzWJslEQmSpOfiU99lSOktSlO4%2B7xz8%2Br0b%2BegkEH06S2l4GCgk8yNwapKQ6fqxZvbHJssHuT4qCP8WygW%2FAracWuMOTN9S6KQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=8064572279461375662
pragma: no-cache
date: Tue, 16 Aug 2022 13:05:37 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H3

200

crum
dsum-sec.casalemedia.com/ Frame F5C1
Redirect Chain

https://nep.advangelists.com/xp/user-sync?acctid=405&redirect=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D195%26external_user_id%3D%7BPARTNER_VISITOR_ID%7D%0A
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-705f501a-e4ce-4cb4-83b7-ab60eca6d970

43 B
911 B

35ms
34ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-705f501a-e4ce-4cb4-83b7-ab60eca6d970
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

cf-ray: 73ba61f739a29bf5-FRA
pragma: no-cache
date: Tue, 16 Aug 2022 13:05:38 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5LwptNKWcMZ%2FDApJ2lg%2ByiBd8AtR7j7uGYJ%2Fi7Zc7i2Mmv1DlejRAcJ931n9cHdQbS5ycL0Mur%2BhbG29p9iOQXMbnqxXATIXfu8oaDAcFNwQdROrA%2FZKKU1d%2B9UOGgQyHsi9at8ljYJRzw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=195&external_user_id=av-705f501a-e4ce-4cb4-83b7-ab60eca6d970
date: Tue, 16 Aug 2022 13:05:38 GMT
server: Apache-Coyote/1.1
content-length: 0

GET
H2 200 htw-pixel.gif
cdn.indexww.com/ht/ Frame F5C1 43 B
104 B 79ms
36ms Image
image/gif 2606:4700::6812:c4c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.indexww.com/ht/htw-pixel.gif?YvuWIf7lsxcWdNTum-tKHQAA%261213
Requested by: Host: r.casalemedia.com
URL: https://r.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F&C=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:c4c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://r.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:38 GMT
cf-cache-status: HIT
age: 240
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
edge-control: cache-maxage=1h
content-length: 43
last-modified: Tue, 24 Jan 2017 19:36:04 GMT
server: cloudflare
etag: "902a3d-2b-546dc3a097100"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 73ba61f568c101db-ZRH
expires: Tue, 16 Aug 2022 17:05:38 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 75D6
Redirect Chain

https://ad.turn.com/r/cs?pid=21&gdpr=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=4157699602717470382

43 B
908 B

34ms
30ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=4157699602717470382
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

cf-ray: 73ba61f5dfa79bf5-FRA
pragma: no-cache
date: Tue, 16 Aug 2022 13:05:38 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UCjdvSi0ncJXTXdUI5w2UdkdBRZQ9YaC5LH0CLtlygTNCLHcP4mKmkg72onWhZ90ILerGlOP%2Fq2VZFh66eh6nyiBB%2BZBCnggCVilrZakl8BhcBe9hFQxgNREZKGFTeQjzWH6vKMAGUbEHw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=4157699602717470382
pragma: no-cache
date: Tue, 16 Aug 2022 13:05:37 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2 204 sync
ups.analytics.yahoo.com/ups/55940/ Frame 75D6 0
124 B 385ms
42ms Image
text/plain 3.126.56.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55940/sync?_origin=1&redir2=true&uid=YvuWIUBIcrYP1SO89p2MwQAABJQAAAIB&gdpr_consent=&us_privacy=&gdpr=1

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.0.46 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:38 GMT
server: ATS/9.1.0.46
age: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 503 ZMAwryCI
sync-tm.everesttech.net/upi/pid/ Frame 75D6 0
177 B 100ms
27ms Image
text/plain 151.101.194.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:38 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1660655138.232814,VS0,VE0
x-cache: MISS
cache-control: no-cache
x-cache-hits: 0
accept-ranges: bytes
content-length: 0
retry-after: 0
x-served-by: cache-cdg20755-CDG

GET
H2

200

rum
dsum.casalemedia.com/ Frame 75D6
Redirect Chain

https://casale-match.dotomi.com/match/bounce/current?networkId=19998&version=1&gdpr=1
https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1660741538&gdpr=1

43 B
948 B

162ms
74ms

Image
image/gif

104.18.18.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1660741538&gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: H2
Server: 104.18.18.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

cf-ray: 73ba61f6db7bd363-CDG
pragma: no-cache
date: Tue, 16 Aug 2022 13:05:38 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fq3opi6bVn%2FP5WlWrG8a7xR3T%2BdinCr%2Bhql36R4q8HE3%2Fpqq1uRfWgMB8yH2YoRqLBRu9BKh16OzoCRa86d8Es2d4jsPrnoiweD3iDQxSGqBIZfofQSEUqznPQ%2FNCbjf%2FQJX2cqW"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

location: https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1660741538&gdpr=1
pragma: no-cache
date: Tue, 16 Aug 2022 13:05:38 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
content-length: 0
expires: 0

GET
H3

200

crum
dsum-sec.casalemedia.com/ Frame 75D6
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=15&redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D3%26external_user_id%3D%5BMM_UUID%5D&gdpr=1
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=661f62fb-961b-4500-92f9-12a388ac2c6f&gdpr=1&gdpr_consent=

43 B
908 B

33ms
33ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=661f62fb-961b-4500-92f9-12a388ac2c6f&gdpr=1&gdpr_consent=
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

cf-ray: 73ba61f729959bf5-FRA
pragma: no-cache
date: Tue, 16 Aug 2022 13:05:38 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vnKYJITLwsWfsvoFQSU5lZsOdr3pJ2qMLGGw1SgIW6c6jYSApRijV45%2BbaA94xvWIq%2F3IjIZd9sMYlJ7L4csQldliBckd7n7p4Xw%2FqS4IiICiCsuPrUCymIhnK6ienLdlJjwmtDHOLCxfg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

Date: Tue, 16 Aug 2022 13:05:38 GMT
Server: MT3 4475 c1dc35a master nrt-pixel-x18 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=661f62fb-961b-4500-92f9-12a388ac2c6f&gdpr=1&gdpr_consent=
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Tue, 16 Aug 2022 13:05:37 GMT

GET
H/1.1

200
OK

noop
px.owneriq.net/ Frame 75D6
Redirect Chain

https://px.owneriq.net/eucm/p/cc?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D31%26external_user_id%3D(OIQ_UUID)
https://px.owneriq.net/ecc?redir=https%3a%2f%2fdsum-sec.casalemedia.com%2fcrum%3fcm_dsp_id%3d31%26external_user_id%3dQ7139415381670211962&uid=Q7139415381670211962&ref=%2Feucm%2Fp%2Fcc
https://px.owneriq.net/noop?ct=image%2Fgif

0
287 B

27ms
26ms

Image
image/gif

92.123.21.100
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.owneriq.net/noop?ct=image%2Fgif
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: HTTP/1.1
Server: 92.123.21.100 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-123-21-100.deploy.static.akamaitechnologies.com
Software: Apache/2.4.6 (CentOS) / PHP/7.3.33
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Date: Tue, 16 Aug 2022 13:05:38 GMT
Server: Apache/2.4.6 (CentOS)
Connection: keep-alive
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-Powered-By: PHP/7.3.33
Content-Length: 0
Content-Type: image/gif

Redirect headers

Location: https://px.owneriq.net/noop?ct=image%2Fgif
Date: Tue, 16 Aug 2022 13:05:38 GMT
Server: AkamaiGHost
Connection: keep-alive
Content-Length: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 75D6
Redirect Chain

https://pixel.quantserve.com/pixel/p-Z8PuJEk6U7Hyq.gif?idmatch=0&gdpr=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&&external_user_id=pSkpXaotfl6-LH5dqi1iXfJ9eQy-en1Z8igB9jty

43 B
911 B

44ms
41ms

Image
image/gif

104.18.19.126
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&&external_user_id=pSkpXaotfl6-LH5dqi1iXfJ9eQy-en1Z8igB9jty
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: H3
Server: 104.18.19.126 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

cf-ray: 73ba61f59f5f9bf5-FRA
pragma: no-cache
date: Tue, 16 Aug 2022 13:05:38 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=syyzFdPFI3bvYQ0gQo5sXU2sPbM6%2FHd0RMVSP35b%2B9eyflqQnPSEe5%2F3av18c3oMmwLyyDvbpQrmHwo9op4XT4%2B4SF8%2BbZjpvdjDVHn7Of4Xj3Rtks8al75b0nSa5PvHgY5cV5V4KwTAYg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
cache-control: no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:38 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&&external_user_id=pSkpXaotfl6-LH5dqi1iXfJ9eQy-en1Z8igB9jty
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 204 CookieIndex
rtb.adentifi.com/ Frame 75D6 0
35 B 327ms
105ms Image
text/plain 54.160.109.218
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.adentifi.com/CookieIndex
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.160.109.218 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-160-109-218.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:38 GMT

GET
H2 200 htw-pixel.gif
cdn.indexww.com/ht/ Frame 75D6 43 B
104 B 56ms
54ms Image
image/gif 2606:4700::6812:c4c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.indexww.com/ht/htw-pixel.gif?YvuWIUBIcrYP1SO89p2MwQAA%261172
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fmediawoot.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:c4c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:38 GMT
cf-cache-status: HIT
age: 240
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
edge-control: cache-maxage=1h
content-length: 43
last-modified: Tue, 24 Jan 2017 19:36:04 GMT
server: cloudflare
etag: "902a3d-2b-546dc3a097100"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 73ba61f578e201db-ZRH
expires: Tue, 16 Aug 2022 17:05:38 GMT

GET
H3 200 /
googleads.g.doubleclick.net/pagead/live/interaction/ Frame 095F 42 B
65 B 84ms
83ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/live/interaction/?ai=C39HRG5b7YrGEOqaSxwLuoLPwDPPj3-Brjdjd75cQsJAfEAEggM_UfGCVgoCAlAegAYjmoKoByAEFqQKtlUR5CQmxPuACAKgDAZgEAKoE8QJP0Eio67Fpm--beKCV4g3ptflHHH0GAf4SN5Gl9MZJn-sRukinQkE58h0Qk1Zzh5vc_rcFD4AX3MGTmMufTAcVvpvczCz8WUAezKsgU5W_rPbybyFvayPp5HWb2yR6ufQVzU8zuTG8oIyYbHqLCWcMk7xZN593uNqXhOGE1PPkjLZFwn4TYKA9HSYgrOpOfGxh0Hv72vVDecQ-fy8yahvrRgG3pyoOGyZDyfH9qYUBu89k9hBPQ1rBQDOTT0RbEuhk60OyxQQ9lFJ5uPtdjfhTpx7gi1dlj1vh_W6BnCHC0DV2iSUgkLuQhenNedQGHJextWqLNv3AsUt6zZ1LqIyQ5Sl78WldLVQzEYbRrCBLyqc8cxgfxoXvp5W1BmCSR2P9E-bM-aRf44m7-tmfLHrs0t9W-oYdw6HbSHlkMvmenOkrHXciYxRLRNVfhWLgi8CcP0eRA1A9RsN2_zOyf8CgSgurVUWmNHQvDmeTDmyta0zABMW8irv8A-AEAYgF5NamtkGgBlSAB-CZ39UCqAeOzhuoB5PYG6gHnNwbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcBqAgB0ggRCIDhgBAQARgdMgKqAjoCgEDyCBthZHgtc3Vic3luLTI5NjAwNjM1NDAyMTI3MjiACgPICwHYEwzQFQHiFgIIAfgWAYAXAQ&sigh=D_GJQCDkGfQ&cmd=Ch1jYS12aWRlby1wdWItMTI5MDk5NTkwMTkwNTU4OBAAGAI&label=video_skip_shown&ad_mt=5171&acvw=sv%3D932%26cb%3Dima%26nas%3D1%26sdk%3Dh%26p%3D1146,330,1489,940%26p0%3D1146,330,1489,940%26tos%3D0,0,0,0,5235%26mtos%3D0,0,0,0,5235%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26a0%3D0%26ft%3D0%26at%3D0%26as%3D0%26vpt%3D5235%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D1379%26pst%3D450%26dur%3D39241%26vmtime%3D5170%26is%3D274%26i0%3D274%26cs%3D4370%26c%3D0.15%26c0%3D0.15%26mc%3D0.15%26nc%3D0.15%26mv%3D0%26nv%3D0%26qmt%3D0,0,0,0,5235%26qnc%3D0.15%26qmv%3D0%26qnv%3D0%26lte%3D0.15%26ces%26femt%3D1134%26femvt%3D0%26emc%3D27%26emuc%3D0%26emb%3D0,0,0,0,26%26avms%3Dexc%26qi%3D646087803%26psm%3D-2147483585%26psv%3D0%26psfv%3D0%26psa%3D0%26ptlt%3D6965%26pngs%3D9,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,5235%26ss0%3D0.01&gv=atos%3D0,0,0,0,0%26avt%3D0%26ss%3D0.01%26t%3D1660655132404

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ltt /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:38 GMT
x-content-type-options: nosniff
server: ltt
timing-allow-origin: *
x-frame-options: SAMEORIGIN
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 7E21 0
741 B 32ms
32ms Script
text/html 185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:38 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: e74092a0-fd16-421e-af00-c54a5a927f3a
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame BFF5 0
741 B 31ms
31ms Script
text/html 185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:38 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: d1725f94-200d-4471-ba34-648d048132f4
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 2DA3 0
741 B 23ms
22ms Script
text/html 185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:38 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 6c6a4de4-0a62-436d-b86d-28f93835f083
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame A0B8 0
741 B 25ms
23ms Script
text/html 185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:38 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: aacc83aa-5227-4a2f-9c64-7d3e781a65c0
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 7AAB 0
741 B 23ms
22ms Script
text/html 185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:38 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: bd6857c7-014a-4f7a-a833-5637d1b17dde
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 61C1 0
741 B 23ms
23ms Script
text/html 185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:38 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: 97ff4976-4655-4925-b02e-23f7aead8e50
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 691C 0
741 B 25ms
24ms Script
text/html 185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 16 Aug 2022 13:05:38 GMT
X-Proxy-Origin: 193.27.14.10; 193.27.14.10; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
AN-X-Request-Uuid: b6c19ceb-76c9-4d8b-a88d-99101576470e
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 /
track.adform.net/serving/unload/ Frame 7844 35 B
458 B 37ms
37ms Ping
image/gif 37.157.4.28
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=845796626578132275@@56522822,677432458895787219,65|4699|0|0|0|0|0|0|0||120|1|||||1|0|0|MdtyjwBk8HVX7EYoWZQhUbB3bWF4jE5p5c0GeM4vTui5ysP3tlyARhhpnBRkvb3lA7z_uuw_WOM1|||01||0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.28 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://mediawoot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:40 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://mediawoot.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H3 200 /
googleads.g.doubleclick.net/pagead/live/interaction/ Frame 095F 42 B
65 B 85ms
84ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/live/interaction/?ai=C39HRG5b7YrGEOqaSxwLuoLPwDPPj3-Brjdjd75cQsJAfEAEggM_UfGCVgoCAlAegAYjmoKoByAEFqQKtlUR5CQmxPuACAKgDAZgEAKoE8QJP0Eio67Fpm--beKCV4g3ptflHHH0GAf4SN5Gl9MZJn-sRukinQkE58h0Qk1Zzh5vc_rcFD4AX3MGTmMufTAcVvpvczCz8WUAezKsgU5W_rPbybyFvayPp5HWb2yR6ufQVzU8zuTG8oIyYbHqLCWcMk7xZN593uNqXhOGE1PPkjLZFwn4TYKA9HSYgrOpOfGxh0Hv72vVDecQ-fy8yahvrRgG3pyoOGyZDyfH9qYUBu89k9hBPQ1rBQDOTT0RbEuhk60OyxQQ9lFJ5uPtdjfhTpx7gi1dlj1vh_W6BnCHC0DV2iSUgkLuQhenNedQGHJextWqLNv3AsUt6zZ1LqIyQ5Sl78WldLVQzEYbRrCBLyqc8cxgfxoXvp5W1BmCSR2P9E-bM-aRf44m7-tmfLHrs0t9W-oYdw6HbSHlkMvmenOkrHXciYxRLRNVfhWLgi8CcP0eRA1A9RsN2_zOyf8CgSgurVUWmNHQvDmeTDmyta0zABMW8irv8A-AEAYgF5NamtkGgBlSAB-CZ39UCqAeOzhuoB5PYG6gHnNwbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G6gHmgaoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcBqAgB0ggRCIDhgBAQARgdMgKqAjoCgEDyCBthZHgtc3Vic3luLTI5NjAwNjM1NDAyMTI3MjiACgPICwHYEwzQFQHiFgIIAfgWAYAXAQ&sigh=D_GJQCDkGfQ&cmd=Ch1jYS12aWRlby1wdWItMTI5MDk5NTkwMTkwNTU4OBAAGAI&label=videoplaytime25&ad_mt=9954&acvw=sv%3D932%26cb%3Dima%26e%3D1%26nas%3D1%26sdk%3Dh%26p%3D1146,330,1489,940%26tos%3D0,0,0,0,10018%26mtos%3D0,0,0,0,10018%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D10018%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D2583%26pst%3D450%26dur%3D39241%26vmtime%3D9953%26dvs%3D0%26dfvs%3D0%26dvpt%3D10005%26is%3D274%26i0%3D274%26i1%3D274%26ic%3D0%26cs%3D4370%26c%3D0.15%26mc%3D0.15%26nc%3D0.15%26mv%3D0%26nv%3D0%26qmt%3D0,0,0,0,10018%26qnc%3D0.15%26qmv%3D0%26qnv%3D0%26lte%3D0.15%26ces%26femt%3D1134%26femvt%3D0%26emc%3D51%26emuc%3D0%26emb%3D0,0,0,0,50%26avms%3Dexc%26qi%3D646087803%26psm%3D-2147482625%26psv%3D0%26psfv%3D0%26psa%3D0%26ptlt%3D11748%26pngs%3D9,14,15s%26veid%3Dxdi%3A0,amp%3A0%26ssb%3D0,0,0,0,0,0,0,0,0,0,10018&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0.01%26t%3D1660655132404

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ltt /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:43 GMT
x-content-type-options: nosniff
server: ltt
timing-allow-origin: *
x-frame-options: SAMEORIGIN
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 tracking
ad.mox.tv/delivery/video/ Frame 095F 51 B
51 B 93ms
37ms Image
text/html 190.2.151.10
WORLDSTREAM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.mox.tv/delivery/video/tracking?vast=events&token=WTBDWVNxSFFMSnVnQlZFLzFTd1RsVy9oTWJiU25EODVWQzdUZmxwL2NTUHFDTy9TM2FOSjVoMlNGUnVQbjhSc2x1cHphTGdKd0Y3SExQTm5qYnY3L0NXVk5TVmY3VGp6TUI1b1g2RTFqUEFGc2k0SlE1aTUrRmZPTDRlRGZrbWltcnQ3UUJqVnBJVWtQQ0RGRHh2ZHMwazB3aVA2WERCekR1RlZ4VmtSbDIyaEVaN1ljNVVrK3Z0alVtSTNPWVVPZVl4Nk15VE12SXBydDdTR2RMR0tTTW9BTmFhbHZLelNCR2EwUkRrNFZZbz0%3D&cb=1660655131
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 190.2.151.10 Naaldwijk, Netherlands, ASN49981 (WORLDSTREAM, NL),
Reverse DNS: 190-2-151-10.hosted-by-worldstream.net
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 16 Aug 2022 13:05:43 GMT
content-encoding: gzip
server: nginx/1.14.0 (Ubuntu)
vary: Accept-Encoding
content-type: text/html; charset=UTF-8

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame EF00 42 B
64 B 178ms
177ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvwTecermlAShW87N8MUK06IYUs96nuI22ViquQZOmB0fQGOYzBwvdtK23_t7ypH7-0PCcJ9RHnj3VKUEnZnRqYougKfOE8YPlxo79O0AoJyv-MzbGVnYFpUzVwntD7kUxKlDoT78-H-bXvZJ7N4hWKB5PP_0otpRnQpDLELA8&sai=AMfl-YQP_rfa-FiCNmyOos43PU6qVaF--kyiEv_xe_qWlWMh1MGtLqmLQGhwp_VICSXMLlenugAxMTjWIazYaB9OHhojke1q4qbGIeOCzC-8rU5HLPPtf8oHugddUG8&sig=Cg0ArKJSzLXO1LevdO6qEAE&cid=CAASF-RoHra6s_XGhbnYcebLtroKVd-Ah1yR&id=lidar2&mcvt=1003&p=408,1570,1008,1870&mtos=652,918,1003,1036,1036&tos=652,266,85,33,0&v=20220810&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=2&adk=1245718219&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1660655131564&rpt=816&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://aad76d0bec8e37c4236218635c06b50b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:43 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

204

aclk
www.googleadservices.com/pagead/ Frame 095F
Redirect Chain

https://googleads.g.doubleclick.net/aclk?sa=l&ai=CZJiSG5b7YrGEOqaSxwLuoLPwDPPj3-Brjdjd75cQsJAfEAEggM_UfGCVgoCAlAegAYjmoKoByAEFqQKtlUR5CQmxPuACAKgDAZgEAKoE9AJP0Eio67Fpm--beKCV4g3ptflHHH0GAf4SN5Gl9MZ...
https://www.googleadservices.com/pagead/aclk?sa=L&ai=CdNiQG5b7YrGEOqaSxwLuoLPwDPPj3-Brjdjd75cQsJAfEAEggM_UfGCVgoCAlAegAYjmoKoByAEFqQKtlUR5CQmxPuACAKgDAZgEAKoE9AJP0Eio67Fpm--beKCV4g3ptflHHH0GAf4SN5G...

0
0

66ms
26ms

Image
text/html

142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.googleadservices.com/pagead/aclk?sa=L&ai=CdNiQG5b7YrGEOqaSxwLuoLPwDPPj3-Brjdjd75cQsJAfEAEggM_UfGCVgoCAlAegAYjmoKoByAEFqQKtlUR5CQmxPuACAKgDAZgEAKoE9AJP0Eio67Fpm--beKCV4g3ptflHHH0GAf4SN5Gl9MZJn-sRukinQkE58h0Qk1Zzh5vc_rcFD4AX3MGTmMufTAcVvpvczCz8WUAezKsgU5W_rPbybyFvayPp5HWb2yR6ufQVzU8zuTG8oIyYbHqLCWcMk7xZN593uNqXhOGE1PPkjLZFwn4TYKA9HSYgrOpOfGxh0Hv72vVDecQ-fy8yahvrRgG3pyoOGyZDyfH9qYUBu89k9hBPQ1rBQDOTT0RbEuhk60OyxQQ9lFJ5uPtdjfhTpx7gi1dlj1vh_W6BnCHC0DV2iSUgkLuQhenNedQGHJextWqLNv3AsUt6zZ1LqIyQ5Sl78WldLVQzEYbRrCBLyqc8cxgfxoXvp5W1BmCSR2P9E-bM-aRf44m7-tmfLHrs0t9W-oYdw6HbSHlkMvmenOkrHXciY0xKnuVUx9jBGVI7ihkPtkXMmOeCCWGvdW2qZBNwuoOCwIjQGUuLnu4ANdL2RebABMW8irv8A-AEAYgF5NamtkGSBQgIAxADGAFQAcAFbqAGVIAH4Jnf1QKoB47OG6gHk9gbqAec3BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwGoCAHSCBEIgOGAEBABGB0yAqoCOgKAQPIIG2FkeC1zdWJzeW4tMjk2MDA2MzU0MDIxMjcyOJoJO2h0dHBzOi8vd3d3LmxvZXdlbmFudGVpbC5jb20vY29sbGVjdGlvbnMvYmlvLWZlcnRpZ2dlcmljaHRlsQlGkQGJCTh6kYAKA5gLAcgLAdALDrgMAdgTDNAVAeIWAggB-BYBgBcB&num=1&client=ca-pub-5855149998903976&ctype=110&label=video_10s_engaged_view&ad_mt=10219&acvw=sv%3D932%26cb%3Dima%26nas%3D1%26sdk%3Dh%26p%3D1146,330,1489,940%26p0%3D1146,330,1489,940%26p1%3D1146,330,1489,940%26tos%3D0,0,0,0,10283%26mtos%3D0,0,0,0,10283%26amtos%3D0,0,0,0,0%26mtos1%3D0,0,10018%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26a0%3D0%26a1%3D0%26ft%3D0%26at%3D0%26as%3D0%26vpt%3D10283%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D2784%26pst%3D450%26dur%3D39241%26vmtime%3D10219%26is%3D274%26i0%3D274%26i1%3D274%26cs%3D4370%26c%3D0.15%26c0%3D0.15%26c1%3D0.15%26mc%3D0.15%26nc%3D0.15%26mv%3D0%26nv%3D0%26qmt%3D0,0,0,0,265%26qnc%3D0.15%26qmv%3D0%26qnv%3D0%26lte%3D0.15%26ces%26femt%3D1134%26femvt%3D0%26emc%3D52%26emuc%3D0%26emb%3D0,0,0,0,51%26avms%3Dexc%26qi%3D646087803%26psm%3D-2147481601%26psv%3D0%26psfv%3D0%26psa%3D0%26ptlt%3D12012%26pngs%3D9,14,15s%26veid%3Dxdi:0,amp:0%26ssb%3D0,0,0,0,0,0,0,0,0,0,10283%26ss0%3D0.01%26ss1%3D0.01&gv=atos%3D0,0,0,0,0%26avt%3D0%26ss%3D0.01%26t%3D1660655132404&cid=CAQSKQCsnQUx9-oArqyINdtv9_6G32F4a3kgPxBHkC1l-6gN9QrxuFDY1bHZ&dblrd=1&val=ChAyMjc2MmM5N2Y1Y2QwMDUzEJus7pcGGgjTfneVuxeIbyABKAE&sig=AOD64_2vswS0ZKMRwk_LyWS3CiOr2PA6iw&adurl=https://www.loewenanteil.com/collections/bio-fertiggerichte%3Futm_source%3Dyoutube%26utm_medium%3Dcpc%26utm_campaign%3D136489115205%26utm_content%3D616162344916
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H2
Server: 142.250.74.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s02-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Redirect headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:43 GMT
x-content-type-options: nosniff
server: adclick_server
p3p: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.googleadservices.com/pagead/aclk?sa=L&ai=CdNiQG5b7YrGEOqaSxwLuoLPwDPPj3-Brjdjd75cQsJAfEAEggM_UfGCVgoCAlAegAYjmoKoByAEFqQKtlUR5CQmxPuACAKgDAZgEAKoE9AJP0Eio67Fpm--beKCV4g3ptflHHH0GAf4SN5Gl9MZJn-sRukinQkE58h0Qk1Zzh5vc_rcFD4AX3MGTmMufTAcVvpvczCz8WUAezKsgU5W_rPbybyFvayPp5HWb2yR6ufQVzU8zuTG8oIyYbHqLCWcMk7xZN593uNqXhOGE1PPkjLZFwn4TYKA9HSYgrOpOfGxh0Hv72vVDecQ-fy8yahvrRgG3pyoOGyZDyfH9qYUBu89k9hBPQ1rBQDOTT0RbEuhk60OyxQQ9lFJ5uPtdjfhTpx7gi1dlj1vh_W6BnCHC0DV2iSUgkLuQhenNedQGHJextWqLNv3AsUt6zZ1LqIyQ5Sl78WldLVQzEYbRrCBLyqc8cxgfxoXvp5W1BmCSR2P9E-bM-aRf44m7-tmfLHrs0t9W-oYdw6HbSHlkMvmenOkrHXciY0xKnuVUx9jBGVI7ihkPtkXMmOeCCWGvdW2qZBNwuoOCwIjQGUuLnu4ANdL2RebABMW8irv8A-AEAYgF5NamtkGSBQgIAxADGAFQAcAFbqAGVIAH4Jnf1QKoB47OG6gHk9gbqAec3BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB9-fsQLYBwGoCAHSCBEIgOGAEBABGB0yAqoCOgKAQPIIG2FkeC1zdWJzeW4tMjk2MDA2MzU0MDIxMjcyOJoJO2h0dHBzOi8vd3d3LmxvZXdlbmFudGVpbC5jb20vY29sbGVjdGlvbnMvYmlvLWZlcnRpZ2dlcmljaHRlsQlGkQGJCTh6kYAKA5gLAcgLAdALDrgMAdgTDNAVAeIWAggB-BYBgBcB&num=1&client=ca-pub-5855149998903976&ctype=110&label=video_10s_engaged_view&ad_mt=10219&acvw=sv%3D932%26cb%3Dima%26nas%3D1%26sdk%3Dh%26p%3D1146,330,1489,940%26p0%3D1146,330,1489,940%26p1%3D1146,330,1489,940%26tos%3D0,0,0,0,10283%26mtos%3D0,0,0,0,10283%26amtos%3D0,0,0,0,0%26mtos1%3D0,0,10018%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26a0%3D0%26a1%3D0%26ft%3D0%26at%3D0%26as%3D0%26vpt%3D10283%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D2784%26pst%3D450%26dur%3D39241%26vmtime%3D10219%26is%3D274%26i0%3D274%26i1%3D274%26cs%3D4370%26c%3D0.15%26c0%3D0.15%26c1%3D0.15%26mc%3D0.15%26nc%3D0.15%26mv%3D0%26nv%3D0%26qmt%3D0,0,0,0,265%26qnc%3D0.15%26qmv%3D0%26qnv%3D0%26lte%3D0.15%26ces%26femt%3D1134%26femvt%3D0%26emc%3D52%26emuc%3D0%26emb%3D0,0,0,0,51%26avms%3Dexc%26qi%3D646087803%26psm%3D-2147481601%26psv%3D0%26psfv%3D0%26psa%3D0%26ptlt%3D12012%26pngs%3D9,14,15s%26veid%3Dxdi:0,amp:0%26ssb%3D0,0,0,0,0,0,0,0,0,0,10283%26ss0%3D0.01%26ss1%3D0.01&gv=atos%3D0,0,0,0,0%26avt%3D0%26ss%3D0.01%26t%3D1660655132404&cid=CAQSKQCsnQUx9-oArqyINdtv9_6G32F4a3kgPxBHkC1l-6gN9QrxuFDY1bHZ&dblrd=1&val=ChAyMjc2MmM5N2Y1Y2QwMDUzEJus7pcGGgjTfneVuxeIbyABKAE&sig=AOD64_2vswS0ZKMRwk_LyWS3CiOr2PA6iw&adurl=https://www.loewenanteil.com/collections/bio-fertiggerichte%3Futm_source%3Dyoutube%26utm_medium%3Dcpc%26utm_campaign%3D136489115205%26utm_content%3D616162344916
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 watchtime
s.youtube.com/api/stats/ Frame 095F 0
0 85ms
29ms Image
text/html 2a00:1450:400c:c08::8a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.youtube.com/api/stats/watchtime?rti=10&st=0.000&et=10.219&rtn=20.000&ns=yt&fexp=44750823%2C44754420%2C44760950%2C44762904%2C44765701%2C44767130&el=adunit&cpn=GIag2j7ROo_Tb9iO&docid=PtD5Q9c-2zA&visitordata=Cgt4TXJzYlRKZS1YZw%253D%253D&ver=2&cmt=10.219&fmt=18&rt=9.000&adformat=2_2_1&euri=https%3A%2F%2Fkorrespondent.net%2F&len=39.242&vtype=gvp&c=web_gvp_ads&cver=h.0.0.0&cbr=Chrome&cbrver=104.0.5112.79&cos=Win32&cosver=537.36&cplatform=desktop
Requested by: Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400c:c08::8a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

GET
H2 200 publishertag.prebid.117.js Show response
static.criteo.net/js/ld/ Frame 1C51 87 KB
28 KB 24ms
24ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.117.js

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

90c9017a8a6447588520f38cd94ba14cdb9839c92626aa06bb8a4a1052c2ab7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:44 GMT
content-encoding: gzip
last-modified: Wed, 29 Dec 2021 12:30:46 GMT
server: nginx
etag: W/"61cc54f6-15c19"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 17 Aug 2022 13:05:44 GMT

GET
H2 200 publishertag.prebid.117.js Show response
static.criteo.net/js/ld/ Frame B131 87 KB
28 KB 26ms
26ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.117.js

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

90c9017a8a6447588520f38cd94ba14cdb9839c92626aa06bb8a4a1052c2ab7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:44 GMT
content-encoding: gzip
last-modified: Wed, 29 Dec 2021 12:30:46 GMT
server: nginx
etag: W/"61cc54f6-15c19"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 17 Aug 2022 13:05:44 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 08D1 15 KB
6 KB 82ms
28ms Document
text/html 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=korrespondent.net

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.117.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

2b00ce902e9ef9e7031d76c62a72c1cb0054185e6691e9a72757a31cead715a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-length: 6145
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 16 Aug 2022 13:05:44 GMT
server-processing-duration-in-ticks: 2341
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame 1C51 87 KB
28 KB 37ms
36ms XHR
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.117.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

aeb925bb204a686701ed5795fc9a381422a479fca1cacbe35de200ac65319988

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:44 GMT
content-encoding: gzip
last-modified: Tue, 02 Aug 2022 12:51:23 GMT
server: nginx
etag: W/"62e91dcb-15b76"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 17 Aug 2022 13:05:44 GMT

GET
H2 200 publishertag.prebid.117.js Show response
static.criteo.net/js/ld/ Frame EA4D 87 KB
28 KB 23ms
23ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.117.js

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

90c9017a8a6447588520f38cd94ba14cdb9839c92626aa06bb8a4a1052c2ab7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:44 GMT
content-encoding: gzip
last-modified: Wed, 29 Dec 2021 12:30:46 GMT
server: nginx
etag: W/"61cc54f6-15c19"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 17 Aug 2022 13:05:44 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 4CF1 15 KB
6 KB 116ms
64ms Document
text/html 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=korrespondent.net

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.117.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

2b00ce902e9ef9e7031d76c62a72c1cb0054185e6691e9a72757a31cead715a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-length: 6145
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 16 Aug 2022 13:05:43 GMT
server-processing-duration-in-ticks: 2365
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 publishertag.prebid.js Show response
static.criteo.net/js/ld/ Frame B131 87 KB
28 KB 35ms
35ms XHR
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.117.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

aeb925bb204a686701ed5795fc9a381422a479fca1cacbe35de200ac65319988

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:44 GMT
content-encoding: gzip
last-modified: Tue, 02 Aug 2022 12:51:23 GMT
server: nginx
etag: W/"62e91dcb-15b76"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 17 Aug 2022 13:05:44 GMT

GET
H2 200 publishertag.prebid.117.js Show response
static.criteo.net/js/ld/ Frame 1BB0 87 KB
28 KB 32ms
32ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.117.js

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

90c9017a8a6447588520f38cd94ba14cdb9839c92626aa06bb8a4a1052c2ab7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:44 GMT
content-encoding: gzip
last-modified: Wed, 29 Dec 2021 12:30:46 GMT
server: nginx
etag: W/"61cc54f6-15c19"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 17 Aug 2022 13:05:44 GMT

GET
H2 200 publishertag.prebid.117.js Show response
static.criteo.net/js/ld/ Frame 2899 87 KB
28 KB 23ms
23ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.117.js

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

90c9017a8a6447588520f38cd94ba14cdb9839c92626aa06bb8a4a1052c2ab7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:44 GMT
content-encoding: gzip
last-modified: Wed, 29 Dec 2021 12:30:46 GMT
server: nginx
etag: W/"61cc54f6-15c19"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 17 Aug 2022 13:05:44 GMT

GET
H2 200 publishertag.prebid.117.js Show response
static.criteo.net/js/ld/ Frame 4B7A 87 KB
28 KB 23ms
23ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.117.js

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

90c9017a8a6447588520f38cd94ba14cdb9839c92626aa06bb8a4a1052c2ab7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:44 GMT
content-encoding: gzip
last-modified: Wed, 29 Dec 2021 12:30:46 GMT
server: nginx
etag: W/"61cc54f6-15c19"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 17 Aug 2022 13:05:44 GMT

GET
H2 200 publishertag.prebid.117.js Show response
static.criteo.net/js/ld/ Frame 8A72 87 KB
28 KB 28ms
27ms Script
text/javascript 2a02:2638:1::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.117.js

Requested by

Host: hb.adpone.com
URL: https://hb.adpone.com/prebid6.15.0.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

90c9017a8a6447588520f38cd94ba14cdb9839c92626aa06bb8a4a1052c2ab7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mediawoot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 13:05:44 GMT
content-encoding: gzip
last-modified: Wed, 29 Dec 2021 12:30:46 GMT
server: nginx
etag: W/"61cc54f6-15c19"
strict-transport-security: max-age=31536000; preload;
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 17 Aug 2022 13:05:44 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame F0F2 15 KB
6 KB 103ms
63ms Document
text/html 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=korrespondent.net

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.117.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

2b00ce902e9ef9e7031d76c62a72c1cb0054185e6691e9a72757a31cead715a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-length: 6145
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 16 Aug 2022 13:05:43 GMT
server-processing-duration-in-ticks: 2182
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 6768 15 KB
6 KB 90ms
55ms Document
text/html 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=korrespondent.net

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.117.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

2b00ce902e9ef9e7031d76c62a72c1cb0054185e6691e9a72757a31cead715a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-length: 6145
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 16 Aug 2022 13:05:43 GMT
server-processing-duration-in-ticks: 2420
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 0071 15 KB
6 KB 98ms
64ms Document
text/html 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=korrespondent.net

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.117.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

2b00ce902e9ef9e7031d76c62a72c1cb0054185e6691e9a72757a31cead715a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-length: 6145
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 16 Aug 2022 13:05:44 GMT
server-processing-duration-in-ticks: 3312
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 8747 15 KB
6 KB 108ms
78ms Document
text/html 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=korrespondent.net

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.117.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

2b00ce902e9ef9e7031d76c62a72c1cb0054185e6691e9a72757a31cead715a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-length: 6145
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 16 Aug 2022 13:05:43 GMT
server-processing-duration-in-ticks: 3610
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame DB69 15 KB
6 KB 56ms
30ms Document
text/html 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=korrespondent.net

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.117.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

2b00ce902e9ef9e7031d76c62a72c1cb0054185e6691e9a72757a31cead715a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://mediawoot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-length: 6145
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 16 Aug 2022 13:05:44 GMT
server-processing-duration-in-ticks: 2347
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2

200

sid Show response
mug.criteo.com/ Frame 08D1
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=mediawoot.com&sn=ChromeSyncframe&so=0&topUrl=korrespondent.net&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=K5gLpHw0dnNRQ2VrQVBhUFhmSlZkRWxrbmJoNit5aXVZOW93M1plTll5K3dUcEJHWlBtaGVERkpneFFuUEZaZmxtak1Ia25vRTYwbFc0N3FldzJvTFRIS1RONmZrNmZkMHJnMHoyelEvMll1RTlwNFdjTzJSN0JENXA0WU...

460 B
657 B

76ms
28ms

Fetch
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=K5gLpHw0dnNRQ2VrQVBhUFhmSlZkRWxrbmJoNit5aXVZOW93M1plTll5K3dUcEJHWlBtaGVERkpneFFuUEZaZmxtak1Ia25vRTYwbFc0N3FldzJvTFRIS1RONmZrNmZkMHJnMHoyelEvMll1RTlwNFdjTzJSN0JENXA0WUlna1FyYmw1VGtJY1NEeE9qY3g5SWd4VFpmL0ZFRHdwRC9pb2RPVVRUWkdFdHVXVDVMellEVnpGNVJnd0Z1VjI0S3ZrcUZDT0p5SlpYOHN2b0pTQUpVWlhFM1hTL20zTEI2cnB1Q0xOWXRvb3JlcG1QWjlNaHB1OUhoeGExWjFRblh2dGNTY0VUa1Z2U3lTR0dDdkwxM3pJbytCNlF4TTdlTkdTeGFTdnJzTnk5Zmp4amkzbz18&cppv=2

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

24d7efbce385654f777201a7bb9d53f7682cc64b78b820da3e241e232a8f7274

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:44 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 4970
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:43 GMT
strict-transport-security: max-age=31536000; preload;
content-type: text/html; charset=utf-8
location: https://mug.criteo.com/sid?cpp=K5gLpHw0dnNRQ2VrQVBhUFhmSlZkRWxrbmJoNit5aXVZOW93M1plTll5K3dUcEJHWlBtaGVERkpneFFuUEZaZmxtak1Ia25vRTYwbFc0N3FldzJvTFRIS1RONmZrNmZkMHJnMHoyelEvMll1RTlwNFdjTzJSN0JENXA0WUlna1FyYmw1VGtJY1NEeE9qY3g5SWd4VFpmL0ZFRHdwRC9pb2RPVVRUWkdFdHVXVDVMellEVnpGNVJnd0Z1VjI0S3ZrcUZDT0p5SlpYOHN2b0pTQUpVWlhFM1hTL20zTEI2cnB1Q0xOWXRvb3JlcG1QWjlNaHB1OUhoeGExWjFRblh2dGNTY0VUa1Z2U3lTR0dDdkwxM3pJbytCNlF4TTdlTkdTeGFTdnJzTnk5Zmp4amkzbz18&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 1792
content-length: 567
expires: 0

GET
H2

200

sid Show response
mug.criteo.com/ Frame DB69
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=mediawoot.com&sn=ChromeSyncframe&so=0&topUrl=korrespondent.net&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=AuSp63xmaGRGbHZtL0NIQjRjTk9yZmx1TUdYcHYvdWFHR01ZeEpjN3FSVjFCenBXUzZxanJhUHI0QjdZb21UbkhQZDdIMzQ2SFROSGtjbjk5cXpBVlUya1lGZmFBbmpMbTlOVnRtNFRIbWpaOE1MMGowZmlNQklja3p4MT...

441 B
642 B

79ms
31ms

Fetch
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=AuSp63xmaGRGbHZtL0NIQjRjTk9yZmx1TUdYcHYvdWFHR01ZeEpjN3FSVjFCenBXUzZxanJhUHI0QjdZb21UbkhQZDdIMzQ2SFROSGtjbjk5cXpBVlUya1lGZmFBbmpMbTlOVnRtNFRIbWpaOE1MMGowZmlNQklja3p4MTdUZnFGbjJTc295dU5OaHNuOXFvQWxTQ2FGMmd5TlRHV01GdGs2V0hkMGM0eUVPUlR1ejFoeUdmWFJGbzlrUlNpR2NFU0dGZ2MyV29VUk42eGNOZ0VFeDF2S3FRSnNBVWY2bWFoeUVOa0gwRkttNU9McWZkZ1Y5R1VuczdJamNLS2tFK3ZvODNnNWpuZlBNVVQ0Y3lvb0tEUlVyOEF2WnN2RzJZWFcyYTQrdHZJTTdOUkVzYz18&cppv=2

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

f293bc9ae41daa60575c6163c4cac50c8d9bdf44ee69d7ea7b2dc416549dcb96

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:44 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 3996
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:44 GMT
strict-transport-security: max-age=31536000; preload;
content-type: text/html; charset=utf-8
location: https://mug.criteo.com/sid?cpp=AuSp63xmaGRGbHZtL0NIQjRjTk9yZmx1TUdYcHYvdWFHR01ZeEpjN3FSVjFCenBXUzZxanJhUHI0QjdZb21UbkhQZDdIMzQ2SFROSGtjbjk5cXpBVlUya1lGZmFBbmpMbTlOVnRtNFRIbWpaOE1MMGowZmlNQklja3p4MTdUZnFGbjJTc295dU5OaHNuOXFvQWxTQ2FGMmd5TlRHV01GdGs2V0hkMGM0eUVPUlR1ejFoeUdmWFJGbzlrUlNpR2NFU0dGZ2MyV29VUk42eGNOZ0VFeDF2S3FRSnNBVWY2bWFoeUVOa0gwRkttNU9McWZkZ1Y5R1VuczdJamNLS2tFK3ZvODNnNWpuZlBNVVQ0Y3lvb0tEUlVyOEF2WnN2RzJZWFcyYTQrdHZJTTdOUkVzYz18&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 1183
content-length: 567
expires: 0

GET
H2

200

sid Show response
mug.criteo.com/ Frame 6768
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=mediawoot.com&sn=ChromeSyncframe&so=0&topUrl=korrespondent.net&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=Lhya4XwzZE4xaWJkU1hOd2lqWHZob0VWa1JXSEZYMWlMMkR2d2YyVFNqZHZpa0MwQW5GckV4UE5OeUhsWS85YVlqMm9mQUcvb3lOT3VKZEpySTYrUDBkcXpFM3hRakNLdUxPdmZkOTRjL0VvQndtMTVmT2JNK1VpODg4V0...

467 B
654 B

46ms
30ms

Fetch
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=Lhya4XwzZE4xaWJkU1hOd2lqWHZob0VWa1JXSEZYMWlMMkR2d2YyVFNqZHZpa0MwQW5GckV4UE5OeUhsWS85YVlqMm9mQUcvb3lOT3VKZEpySTYrUDBkcXpFM3hRakNLdUxPdmZkOTRjL0VvQndtMTVmT2JNK1VpODg4V0FpcmtsQlFIVkpCWFZGU3JVL3cwT05ReTFmR0JaN3ZmbSt6YkNZQWxDeHRHODZtR2dGYXE3RkFhY0tCd0tRbnk1Rm9QWEY4eHF4UGY2NUJDTFpUT21WL3VUdkhpb0hBTnlqMlRFdkpic2NvaFZuTWN2UEcrVHV0ZElGRnhpQ3hLWWh4MEFKM2hZNldNNTVJRXhLVTkrN3EwaG81b2hPbkwvQnBidDU3a25aMHpKRWVmS3VwND18&cppv=2

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

e8c241b70fb77bd3c57669e54a198e35abc42c49c070d69ee7debc2742cd2744

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:44 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 3839
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:43 GMT
strict-transport-security: max-age=31536000; preload;
content-type: text/html; charset=utf-8
location: https://mug.criteo.com/sid?cpp=Lhya4XwzZE4xaWJkU1hOd2lqWHZob0VWa1JXSEZYMWlMMkR2d2YyVFNqZHZpa0MwQW5GckV4UE5OeUhsWS85YVlqMm9mQUcvb3lOT3VKZEpySTYrUDBkcXpFM3hRakNLdUxPdmZkOTRjL0VvQndtMTVmT2JNK1VpODg4V0FpcmtsQlFIVkpCWFZGU3JVL3cwT05ReTFmR0JaN3ZmbSt6YkNZQWxDeHRHODZtR2dGYXE3RkFhY0tCd0tRbnk1Rm9QWEY4eHF4UGY2NUJDTFpUT21WL3VUdkhpb0hBTnlqMlRFdkpic2NvaFZuTWN2UEcrVHV0ZElGRnhpQ3hLWWh4MEFKM2hZNldNNTVJRXhLVTkrN3EwaG81b2hPbkwvQnBidDU3a25aMHpKRWVmS3VwND18&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 1712
content-length: 567
expires: 0

GET
H2

200

sid Show response
mug.criteo.com/ Frame F0F2
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=mediawoot.com&sn=ChromeSyncframe&so=0&topUrl=korrespondent.net&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=4vv9IHx2L0h6VUNYM0JqcFZGM3VoTmdOZUoxK0NjSmlud1QxVUZONm1CRnRKbEVWekNRNE9zNnVsZjIvblk4NFZUN05KdFF2RnkvaGVtZmJheHBZK29XN1owVE96dlh2Rm11Z3hPZDg0a09LRGtJZ0k0RlhzTFlpaU5udz...

446 B
647 B

40ms
27ms

Fetch
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=4vv9IHx2L0h6VUNYM0JqcFZGM3VoTmdOZUoxK0NjSmlud1QxVUZONm1CRnRKbEVWekNRNE9zNnVsZjIvblk4NFZUN05KdFF2RnkvaGVtZmJheHBZK29XN1owVE96dlh2Rm11Z3hPZDg0a09LRGtJZ0k0RlhzTFlpaU5udzR2Ukd3dUlDTVpvUzBPV1V6Q042bjA0QnRtcWdpMHVYZWx2N1RSV2NJVmsrWDFJaXBLZUhtSGM5SXpiblBTQlpKS3EvL2doSGhPYzNXQnp0cVlXemhXeXJ0REVjdWQrQVdWdjc5S0NKdmN5eUhFakNZRElqZXFRa3lucjlRdE1UblVhbmVWNkR5bDlGakltRkxYYmIydDRsMWFHTjF1T2JLMnhKYUcwcmtQY20wb1BaODFsRT18&cppv=2

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

87bfce13ebaacb6f0d0885683c67814e5defeb463fe3b76478b15dff67aeb231

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:43 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 3983
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:44 GMT
strict-transport-security: max-age=31536000; preload;
content-type: text/html; charset=utf-8
location: https://mug.criteo.com/sid?cpp=4vv9IHx2L0h6VUNYM0JqcFZGM3VoTmdOZUoxK0NjSmlud1QxVUZONm1CRnRKbEVWekNRNE9zNnVsZjIvblk4NFZUN05KdFF2RnkvaGVtZmJheHBZK29XN1owVE96dlh2Rm11Z3hPZDg0a09LRGtJZ0k0RlhzTFlpaU5udzR2Ukd3dUlDTVpvUzBPV1V6Q042bjA0QnRtcWdpMHVYZWx2N1RSV2NJVmsrWDFJaXBLZUhtSGM5SXpiblBTQlpKS3EvL2doSGhPYzNXQnp0cVlXemhXeXJ0REVjdWQrQVdWdjc5S0NKdmN5eUhFakNZRElqZXFRa3lucjlRdE1UblVhbmVWNkR5bDlGakltRkxYYmIydDRsMWFHTjF1T2JLMnhKYUcwcmtQY20wb1BaODFsRT18&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 1457
content-length: 567
expires: 0

GET
H2

200

sid Show response
mug.criteo.com/ Frame 4CF1
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=mediawoot.com&sn=ChromeSyncframe&so=0&topUrl=korrespondent.net&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=UeS3fXw5cm5LL2I3Y0x4bnlocU1zSXQvS3JQV01JWWprK0VvWWY3WDl0ZU1JWFpuNTVwSlhPSlRKRFYzbWpMSCtHQjRpSVpvT1RBd2RndzEwWk5OdWo1RVZ2Y0pxdWNIbjJKUnlZanppeWhCS0FHaUMzYVM4VXNrTHlJNW...

452 B
652 B

43ms
32ms

Fetch
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=UeS3fXw5cm5LL2I3Y0x4bnlocU1zSXQvS3JQV01JWWprK0VvWWY3WDl0ZU1JWFpuNTVwSlhPSlRKRFYzbWpMSCtHQjRpSVpvT1RBd2RndzEwWk5OdWo1RVZ2Y0pxdWNIbjJKUnlZanppeWhCS0FHaUMzYVM4VXNrTHlJNWhnUTZpck9NcHR5V2M1YVZnZUh2SElldUNPaXIwS3NDanJwMUdVZEtFYlIzQTV2T1daVnBrdTM2OGNKNzFFNGFwQTU4NnB1MDd0SzZuT25yQWlYa05jU2JHUmJYYWlVQjVIb2pSUVA0TUpWYVNrK0p6TXpCOGlIcFpWR2tqeHdXZG5UVSt4dFdRMFlHL3JoMXl1eDIzNnl5empxYzBOY1oxZXRVeTdzdjRtQXZWcTBsRzQ3ND18&cppv=2

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

7e6229474b9d114245bf24dbe072bb6404fcb7c14c3bc387955deb9bad7ad126

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:44 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 5352
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:44 GMT
strict-transport-security: max-age=31536000; preload;
content-type: text/html; charset=utf-8
location: https://mug.criteo.com/sid?cpp=UeS3fXw5cm5LL2I3Y0x4bnlocU1zSXQvS3JQV01JWWprK0VvWWY3WDl0ZU1JWFpuNTVwSlhPSlRKRFYzbWpMSCtHQjRpSVpvT1RBd2RndzEwWk5OdWo1RVZ2Y0pxdWNIbjJKUnlZanppeWhCS0FHaUMzYVM4VXNrTHlJNWhnUTZpck9NcHR5V2M1YVZnZUh2SElldUNPaXIwS3NDanJwMUdVZEtFYlIzQTV2T1daVnBrdTM2OGNKNzFFNGFwQTU4NnB1MDd0SzZuT25yQWlYa05jU2JHUmJYYWlVQjVIb2pSUVA0TUpWYVNrK0p6TXpCOGlIcFpWR2tqeHdXZG5UVSt4dFdRMFlHL3JoMXl1eDIzNnl5empxYzBOY1oxZXRVeTdzdjRtQXZWcTBsRzQ3ND18&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 1637
content-length: 567
expires: 0

GET
H2

200

sid Show response
mug.criteo.com/ Frame 0071
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=mediawoot.com&sn=ChromeSyncframe&so=0&topUrl=korrespondent.net&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=reJ5b3xtdTJVM3dMbUtGOEVGTmpIZEZGbXdsYmtRcU5ZQ01LYnpzUUxMS3hzcUx3L0kzRmZ3ZFhocjFEZkJiVkw4c0FFUGU2NnpybXk3T2pRQTFBc0ViQittelFJcjUyWlhydnFGRS9ZK0RHMXFPa2hmWVVSRnZtNitxZH...

473 B
658 B

36ms
27ms

Fetch
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=reJ5b3xtdTJVM3dMbUtGOEVGTmpIZEZGbXdsYmtRcU5ZQ01LYnpzUUxMS3hzcUx3L0kzRmZ3ZFhocjFEZkJiVkw4c0FFUGU2NnpybXk3T2pRQTFBc0ViQittelFJcjUyWlhydnFGRS9ZK0RHMXFPa2hmWVVSRnZtNitxZHRHVHI0MlBaUXJ0aDJ3RVI0UmgvMklCWWxxSWl5a2VCSmdpeUtXaHcwL0hwN2E5UnVkV1lFVXdjemRMSTNrSk9PcE9yNERUTHFZbmszeVlKVGg3Y01hWU5pSEZIV0YrNkJmUCtFR3FoN1pkeWdnWkdaczdqUGtYOXE3cjF4am9qbzY2bDZWZXUza2ZobEtNcjk5SnNLOEo5cFR0Qk51cVMyQVVYK2pxc0Z5NEFEeDlGRlF4cz18&cppv=2

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

4cec7cd7b9ad5d634458e275eadec098917c341cef3e572466af5e3650129004

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:44 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 4104
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:44 GMT
strict-transport-security: max-age=31536000; preload;
content-type: text/html; charset=utf-8
location: https://mug.criteo.com/sid?cpp=reJ5b3xtdTJVM3dMbUtGOEVGTmpIZEZGbXdsYmtRcU5ZQ01LYnpzUUxMS3hzcUx3L0kzRmZ3ZFhocjFEZkJiVkw4c0FFUGU2NnpybXk3T2pRQTFBc0ViQittelFJcjUyWlhydnFGRS9ZK0RHMXFPa2hmWVVSRnZtNitxZHRHVHI0MlBaUXJ0aDJ3RVI0UmgvMklCWWxxSWl5a2VCSmdpeUtXaHcwL0hwN2E5UnVkV1lFVXdjemRMSTNrSk9PcE9yNERUTHFZbmszeVlKVGg3Y01hWU5pSEZIV0YrNkJmUCtFR3FoN1pkeWdnWkdaczdqUGtYOXE3cjF4am9qbzY2bDZWZXUza2ZobEtNcjk5SnNLOEo5cFR0Qk51cVMyQVVYK2pxc0Z5NEFEeDlGRlF4cz18&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 1803
content-length: 567
expires: 0

GET
H2

200

sid Show response
mug.criteo.com/ Frame 8747
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=mediawoot.com&sn=ChromeSyncframe&so=0&topUrl=korrespondent.net&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=7a4FTHx0WEgrczhEZGJhT2Fic2ZiVFB5TEY0QlZJVWxzanhIUG9Dd1VRVFptUEVseFpINjFWNlYxUm5tYWhEQnpMTXAvdXVpOGxsYzYrVE5uZXI5eW90bGRQWjFqbDBkWU5tSDRQMXgrVlR3ZldyblZzZlUwTlZpOWF6SF...

455 B
654 B

39ms
32ms

Fetch
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=7a4FTHx0WEgrczhEZGJhT2Fic2ZiVFB5TEY0QlZJVWxzanhIUG9Dd1VRVFptUEVseFpINjFWNlYxUm5tYWhEQnpMTXAvdXVpOGxsYzYrVE5uZXI5eW90bGRQWjFqbDBkWU5tSDRQMXgrVlR3ZldyblZzZlUwTlZpOWF6SFV4dUp6NkRSR1NCUnNzZmNCN1BueW9JVkhyRkM1cklWMGJMWXN0T1c4RUUyZ29ueFpSTzFUUmpNUXdhMUgrVTd3VFRtaEdLYjV6cisvbVJVUmxSRTZtTFB6Uzh4VmhwOTBwL0k4Y3lLckJ2UmJVdlJvbUFzS1JQVlBMVnIrd3ZxMlN3MlVrSW42UHNaY2lCTWJLc0IrNWg1Tm5YZDhleE1aRGROS1AreldrSmxNSFAwZWNJST18&cppv=2

Requested by

Host: korrespondent.net
URL: https://korrespondent.net/ukraine/4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

610dcaa00bd1db1180cc312de4e35672a2ae797ef8ac206658076e05c6960c47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:44 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 4292
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:44 GMT
strict-transport-security: max-age=31536000; preload;
content-type: text/html; charset=utf-8
location: https://mug.criteo.com/sid?cpp=7a4FTHx0WEgrczhEZGJhT2Fic2ZiVFB5TEY0QlZJVWxzanhIUG9Dd1VRVFptUEVseFpINjFWNlYxUm5tYWhEQnpMTXAvdXVpOGxsYzYrVE5uZXI5eW90bGRQWjFqbDBkWU5tSDRQMXgrVlR3ZldyblZzZlUwTlZpOWF6SFV4dUp6NkRSR1NCUnNzZmNCN1BueW9JVkhyRkM1cklWMGJMWXN0T1c4RUUyZ29ueFpSTzFUUmpNUXdhMUgrVTd3VFRtaEdLYjV6cisvbVJVUmxSRTZtTFB6Uzh4VmhwOTBwL0k4Y3lLckJ2UmJVdlJvbUFzS1JQVlBMVnIrd3ZxMlN3MlVrSW42UHNaY2lCTWJLc0IrNWg1Tm5YZDhleE1aRGROS1AreldrSmxNSFAwZWNJST18&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 1829
content-length: 567
expires: 0

POST
H2 200 61684903
mc.yandex.com/watch/ Frame 3FAB 43 B
145 B 66ms
66ms Ping
image/gif 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/61684903?page-url=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&charset=utf-8&browser-info=nb%3A1%3Acl%3A201%3Aar%3A1%3Agdpr%3A14%3Avf%3Anlzej4hetqp77kpsc2e48%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A870%3Acn%3A1%3Adp%3A1%3Als%3A393081872149%3Ahid%3A958686927%3Az%3A0%3Ai%3A20220816130547%3Aet%3A1660655148%3Ac%3A1%3Arn%3A527910046%3Arqn%3A2%3Au%3A1660655133195433051%3Aw%3A300x250%3As%3A1600x1200x24%3Ask%3A1%3Aifr%3A1%3Acpf%3A1%3Antf%3A1%3Aeu%3A1%3Ans%3A1660655131164%3Awv%3A2%3Aco%3A0%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1660655148&t=gdpr(14)clc(0-0-0)lt(11900)aw(1)rqnt(2)ecs(1)rqnl(1)ti(0)&force-urlencoded=1

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://korrespondent.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 16 Aug 2022 13:05:47 GMT
last-modified: Tue, 16-Aug-2022 13:05:47 GMT
strict-transport-security: max-age=31536000
content-type: image/gif
access-control-allow-origin: https://korrespondent.net
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Tue, 16-Aug-2022 13:05:47 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ad.invamia.com
URL: https://ad.invamia.com/delivery/sync?userid=ad1f481a-c69d-4a57-831b-33e7fddbf07f&inner_redirect=1&inner_uuid=eb6718de-e878-4354-bdc2-2720b7ae6d50&redirect_host_list=YWQudmlkdmVydG8uaW8sYWQudmlkdmVyLnRv

Domain: ad.invamia.com
URL: https://ad.invamia.com/delivery/sync?userid=ad1f481a-c69d-4a57-831b-33e7fddbf07f&inner_redirect=1&inner_uuid=eb6718de-e878-4354-bdc2-2720b7ae6d50&redirect_host_list=YWQudmlkdmVydG8uaW8sYWQudmlkdmVyLnRv

Domain: ad.invamia.com
URL: https://ad.invamia.com/delivery/sync?userid=ad1f481a-c69d-4a57-831b-33e7fddbf07f&inner_redirect=1&inner_uuid=eb6718de-e878-4354-bdc2-2720b7ae6d50&redirect_host_list=YWQudmlkdmVydG8uaW8sYWQudmlkdmVyLnRv

Verdicts & Comments Add Verdict or Comment

238 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

159 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
korrespondent.net/ukraine	1969-12-31 23:59:59	Name: Value: store.test
korrespondent.net/ukraine	1969-12-31 23:59:59	Name: user_hash Value: YlR5cGU9Q2hyb21lJmJWZXJzaW9uPTEwNCZyV2lkdGg9MTIwMCZySGVpZ2h0PTE2MDA=
korrespondent.net/ukraine	1969-12-31 23:59:59	Name: initRef Value:
.korrespondent.net/	1970-01-20 14:03:11	Name: dcw Value: 44
.mgid.com/	1970-01-20 05:17:36	Name: __cf_bm Value: JbNV8ADFIAIKSBS6n8_TPZw8jP__hXx1xhaxskVo67A-1660655129-0-Ac8qhnJ/uGScJCnJRcxC7ztwzuoyrRyjRjV84GN04FQiDFAJZjgn8jgtnG1k9rYe/AEBY2750ObpLcQclDLlDiw=
.i.ua/	1970-01-20 05:17:36	Name: __cf_bm Value: JQeQW13EitJrceGI.lbJhHOODKaF5otU8gCW7Zg_.Q0-1660655129-0-AeMcOFlIoT7f2AQI4QD4yG4le/2+5W4rKb5OwR5gzJP/syBvKgHzdu2+UpcOltmzMhiZ+60ko+lnTWmBZCz9Ojk=
.cdn.umh.ua/	1970-01-20 14:53:35	Name: AU Value: 7be2aa7549820401
.korrespondent.net/	1970-01-20 14:53:35	Name: _ga Value: GA1.2.2006371786.1660655130
.korrespondent.net/	1970-01-20 05:19:01	Name: _gid Value: GA1.2.614955147.1660655130
.korrespondent.net/	1970-01-20 05:17:35	Name: _gat_gtag_UA_1609229_9 Value: 1
.korrespondent.net/	1970-01-20 05:17:35	Name: _dc_gtm_UA-1609229-30 Value: 1
ad.mox.tv/	1970-01-20 14:53:35	Name: moxuuid Value: eb6718de-e878-4354-bdc2-2720b7ae6d50
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_zone_imp[1554][count] Value: 0
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_zone_imp[1554][frequencyPeriodEnd] Value: 1660741530
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_imp[15493][count] Value: 0
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_imp[15493][frequencyPeriodEnd] Value: 1660741530
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_camp_imp[4849][frequencyPeriodEnd] Value: 1660741530
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_imp[15495][count] Value: 0
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_imp[15495][frequencyPeriodEnd] Value: 1660741530
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_camp_imp[2822][frequencyPeriodEnd] Value: 1660741530
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_imp[12260][count] Value: 0
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_imp[12260][frequencyPeriodEnd] Value: 1660741530
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_camp_imp[1946][frequencyPeriodEnd] Value: 1660741530
.korrespondent.net/	1970-01-20 05:17:36	Name: __cf_bm Value: 4szkDatY.tGpclxAyxgIy56NUbJWGCSU.xmATZ11IRI-1660655130-0-AYFNpgH5FxL2qzDgBJtbbNEBbNUgih0vuOsOm+kPv9yZC8PgalPqx/IJF0SfN/0s/GdOFVPCP3RMW0PTL3dy8Aibn7umrvdIzA2+gCD0/DUOqSTsiDV7dvYHr/RpvlcvBL7ouybW4ovfCfA0jSAxE+Mw6MR+eMw5zLRnw5bW2gmy
.quantserve.com/	1970-01-20 14:47:49	Name: mc Value: 62fb961a-71b96-baf63-a2fa3
.bidswitch.net/	1970-01-20 14:03:11	Name: tuuid Value: ad1f481a-c69d-4a57-831b-33e7fddbf07f
.bidswitch.net/	1970-01-20 14:03:11	Name: c Value: 1660655130
.bidswitch.net/	1970-01-20 14:03:11	Name: tuuid_lu Value: 1660655130
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_zone_imp[784][count] Value: 0
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_zone_imp[784][frequencyPeriodEnd] Value: 1660741530
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_imp[15630][count] Value: 0
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_imp[15630][frequencyPeriodEnd] Value: 1660741530
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_camp_imp[3084][count] Value: 0
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_camp_imp[3084][frequencyPeriodEnd] Value: 1660741530
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_imp[15387][count] Value: 0
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_imp[15387][frequencyPeriodEnd] Value: 1660741530
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_camp_imp[4849][count] Value: 1
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_imp[15653][count] Value: 0
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_imp[15653][frequencyPeriodEnd] Value: 1660741530
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_imp[15649][count] Value: 0
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_imp[15649][frequencyPeriodEnd] Value: 1660741530
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_camp_imp[2821][count] Value: 0
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_camp_imp[2821][frequencyPeriodEnd] Value: 1660741530
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_imp[15722][count] Value: 0
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_imp[15722][frequencyPeriodEnd] Value: 1660741530
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_camp_imp[1946][count] Value: 1
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_imp[14849][count] Value: 0
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_imp[14849][frequencyPeriodEnd] Value: 1660741530
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_camp_imp[4599][count] Value: 0
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_camp_imp[4599][frequencyPeriodEnd] Value: 1660741530
.admixer.net/	1970-01-20 07:27:11	Name: am-uid Value: 3fc0e246edb44cb7b6b6b2b0d832196c
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_zone_imp[6798][count] Value: 0
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_zone_imp[6798][frequencyPeriodEnd] Value: 1660741530
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_imp[15627][count] Value: 0
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_imp[15627][frequencyPeriodEnd] Value: 1660741530
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_imp[15390][count] Value: 0
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_imp[15390][frequencyPeriodEnd] Value: 1660741530
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_imp[15656][count] Value: 0
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_imp[15656][frequencyPeriodEnd] Value: 1660741530
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_imp[15650][count] Value: 0
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_imp[15650][frequencyPeriodEnd] Value: 1660741530
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_imp[15725][count] Value: 0
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_imp[15725][frequencyPeriodEnd] Value: 1660741530
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_imp[14085][count] Value: 0
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_imp[14085][frequencyPeriodEnd] Value: 1660741530
ad.mox.tv/	1970-01-20 05:31:59	Name: _mwayss_camp_imp[4140][count] Value: 0
ad.mox.tv/	1970-01-20 05:31:59	Name: _mwayss_camp_imp[4140][frequencyPeriodEnd] Value: 1661519130
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_imp[14277][count] Value: 0
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_imp[14277][frequencyPeriodEnd] Value: 1660741530
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_imp[15719][count] Value: 0
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_imp[15719][frequencyPeriodEnd] Value: 1660741530
korrespondent.net/	1970-01-20 05:27:39	Name: am-uid Value: 3fc0e246edb44cb7b6b6b2b0d832196c
.go.rcvlink.com/	1970-01-20 14:53:35	Name: cache Value: tp3d49Lbv2772B8
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_zone_imp[777][count] Value: 0
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_zone_imp[777][frequencyPeriodEnd] Value: 1660741530
.betweendigital.com/	1970-01-20 14:03:11	Name: dc Value: lux1
.betweendigital.com/	1970-01-20 14:03:11	Name: ss Value: 1
.betweendigital.com/	1970-01-20 14:03:11	Name: tuuid Value: 556cf06d-c475-52e4-a0a4-b5c3c25f23d8
.korrespondent.net/	1970-01-20 14:46:23	Name: __gfp_64b Value: UMWw1zu3Cm4VR1.6fT9DC3agaGzcOPCVbU022aFJZNT.j7\|1660655130
.betweendigital.com/	1970-01-20 14:03:11	Name: ut Value: YvuWGwAD96BwzskGsGFUiEaoWTFo1V_h0ujJ9g==
.hit.gemius.pl/	1970-01-20 05:27:39	Name: Gtest Value: KlxLIRMGQMGGXRzEIqgsvU2issGMXP8c25nSG60mfRn8XBG.
ad.mox.tv/	1970-01-20 14:03:11	Name: bdswtch_sync Value: ad1f481a-c69d-4a57-831b-33e7fddbf07f
.prebid.a-mo.net/	1970-01-20 14:03:11	Name: __amc Value: 1_1660655131_1660655131
ad.mediawayss.com/	1970-01-20 14:03:11	Name: bdswtch_sync Value: ad1f481a-c69d-4a57-831b-33e7fddbf07f
ad.mediawayss.com/	1970-01-20 14:53:35	Name: moxuuid Value: eb6718de-e878-4354-bdc2-2720b7ae6d50
.doubleclick.net/	1970-01-20 14:39:11	Name: IDE Value: AHWqTUlNIJ4h5EVg78VsShm28QDeeLIbZxESS6r_MAhTKFzrQCT4WGL7iBStYi445KQ
ad.outstream.today/	1970-01-20 14:03:11	Name: bdswtch_sync Value: ad1f481a-c69d-4a57-831b-33e7fddbf07f
ad.outstream.today/	1970-01-20 14:53:35	Name: moxuuid Value: eb6718de-e878-4354-bdc2-2720b7ae6d50
.hit.gemius.pl/	1970-01-20 14:46:23	Name: Gdyn Value: KlQTdRXGQMGGXRzEIqgsvU2issGMXP8c25nSG60mfRn8FRxSG7RrGS6GY9aBFlMMYH7hRjBGqSRxSG8.
.mathtag.com/	1970-01-20 14:43:30	Name: uuid Value: 661f62fb-961b-4500-92f9-12a388ac2c6f
ad.adopx.net/	1970-01-20 14:03:11	Name: bdswtch_sync Value: ad1f481a-c69d-4a57-831b-33e7fddbf07f
ad.adopx.net/	1970-01-20 14:53:35	Name: moxuuid Value: eb6718de-e878-4354-bdc2-2720b7ae6d50
.doubleclick.net/	1970-01-20 05:17:38	Name: DSID Value: NO_DATA
korrespondent.net/	1970-01-20 06:00:47	Name: _pbjs_userid_consent_data Value: 3524755945110770
korrespondent.net/	1969-12-31 23:59:59	Name: MgidStorage Value: %7B%220%22%3A%7B%22svspr%22%3A%22%22%2C%22svsds%22%3A2%7D%2C%22C1283487%22%3A%7B%22page%22%3A1%2C%22time%22%3A1660655131115%7D%2C%22C360033%22%3A%7B%22page%22%3A1%2C%22time%22%3A1660655131998%7D%2C%22C971150%22%3A%7B%22page%22%3A1%2C%22time%22%3A1660655132118%7D%7D
t.me/	1970-01-20 05:19:01	Name: stel_ssid Value: cc7f1879615d5a1f06_15089710430755490373
t.me/	1970-01-20 14:03:49	Name: stel_on Value: 1
.yandex.ru/	1970-01-20 14:53:35	Name: i Value: 1rBBsfzCGNoXlgUpErc3cAEikNpsiqKY24KOiLM0vIJHQOOyo7ILZhICFGZpD+bucU+utCwV6HB3xjSNipNgQydsDCQ=
t.me/	1970-01-20 14:03:11	Name: stel_dt Value: 0
.mail.ru/	1970-01-20 14:04:37	Name: FTID Value: 316muA0K-goB:1660655132:0:::
.korrespondent.net/	1970-01-20 13:17:06	Name: tmr_reqNum Value: 0
.korrespondent.net/	1970-01-20 13:17:06	Name: tmr_lvid Value: c53cde75cfd797af25e98f1e2d605c17
.korrespondent.net/	1970-01-20 13:17:06	Name: tmr_lvidTS Value: 1660655132557
.korrespondent.net/	1970-01-20 14:03:11	Name: _ym_uid Value: 1660655133195433051
.korrespondent.net/	1970-01-20 14:03:11	Name: _ym_d Value: 1660655133
.yandex.com/	1970-01-20 14:03:11	Name: yandexuid Value: 5860406831660655132
.yandex.com/	1970-01-20 14:03:11	Name: yuidss Value: 5860406831660655132
mc.yandex.com/	1969-12-31 23:59:59	Name: yabs-sid Value: 1964191441660655132
.yandex.com/	1970-01-20 14:53:35	Name: i Value: 4sOOyoiYsZE04iJV1hmx9vYY68bVdOezg7TKwXPUvP2elZl9IiJnH5/3xe4s8HYqX7nYY6nDX5yGNd6QjfSJ1q1dyHw=
.yandex.com/	1970-01-20 14:03:11	Name: ymex Value: 1692191132.yrts.1660655132#1692191132.yrtsi.1660655132
korrespondent.net/	1970-01-20 14:39:11	Name: cto_bidid Value: CNyTE18wZTRkTjJrMko4cVU2cnlEbjR1MnEzNTNrRyUyQlA0M1Rqc3Y5RWZZSHFSZEVxMUJoNkhLdUI4aWUwNlB1TW5mS0NNUUNxdm92TDdidVJSWmtzbnBUUjBBJTNEJTNE
korrespondent.net/	1970-01-20 14:39:11	Name: cto_bundle Value: 21NdZ18xaSUyQm11dGh6endrJTJGY0FIYmIlMkZsNXlkcU1MSlZRV0JCeEVIMkxRUW9iZlpEaWNhR0dRRno0SmdQaDZ1U3M4THFSSE5LYkJGWEhLU1p1dVBDdm54U3NLajVMaTBrSzVTUHRJMDhFa3dYaE5vaXFCeWRHUUVHRmNOaWFHVXElMkY5N0RJ
.korrespondent.net/	1970-01-20 05:18:47	Name: _ym_isad Value: 2
.otm-r.com/	1970-01-20 14:03:11	Name: mpid Value: NjJmYjk2MWMxMjAwMTU4ZQ==
.adnxs.com/	1970-01-20 07:27:11	Name: uuid2 Value: 2395978000916475843
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_imp[17751][count] Value: 0
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_imp[17751][frequencyPeriodEnd] Value: 1660741533
ad.mox.tv/	1970-01-20 05:19:01	Name: _mwayss_camp_imp[2822][count] Value: 2
.yandex.ru/	1970-01-20 14:53:35	Name: yandexuid Value: 4946669461660655133
.korrespondent.net/	1970-01-20 14:39:11	Name: __gads Value: ID=7d1d3a232bbb798f:T=1660655130:S=ALNI_MaRb-A0QJAXYI5Y5wkNt4HWivBT2w
.rubiconproject.com/	1970-01-20 14:03:11	Name: khaos Value: L6W76UJ5-26-B83N
.rubiconproject.com/	1970-01-20 14:03:11	Name: audit Value: 1\|hLZGFuTafB0p40AK1qHI5rRHKV/Y9AOYB3Biw5iW/3ro4Z83o8qTknV03IHIRqrOLvUXc3wL4Jyp/4cE1c81ZQ7DMcu1h88EaVlRwbFEgPfQD5U7tEfUTQ==
.adnxs.com/	1970-01-20 07:27:11	Name: icu Value: ChgI4ZVvEAoYAiACKAIwnqzulwY4AkACSAIKGAjYqXkQChgBIAEoATCcrO6XBjgBQAFIARCerO6XBhgC
.adform.net/	1970-01-20 06:02:13	Name: C Value: 1
.ad-srv.net/	1970-01-20 07:27:11	Name: u8x7eovwf3h6_uid Value: bab3aaccf9aa328a
korrespondent.net/	1970-01-20 05:19:01	Name: tmr_detect Value: 0%7C1660655135137
.adform.net/	1970-01-20 06:43:59	Name: uid Value: 845796626578132275
.adform.net/	1970-01-20 05:27:39	Name: TPC Value: 1660655135233
.ad-srv.net/	1970-01-20 07:27:11	Name: v0rur7gqspb3_uid Value: d80b4e71bfb44dd1
.awin1.com/	1969-12-31 23:59:59	Name: AWSESS Value: 379079:2519519
.awin1.com/	1970-01-20 05:27:39	Name: awpv14098 Value: 559379\|1660655135\|1df257f0-1d64-11ed-94b9-2265b3bf8141
.casalemedia.com/	1970-01-20 07:27:11	Name: CMPS Value: 1173
.casalemedia.com/	1970-01-20 05:19:01	Name: CMST Value: YvuWIWL7liEA
.casalemedia.com/	1970-01-20 14:03:11	Name: CMRUM3 Value: 4962fb962205a0&5162fb962205a0&2e62fb962205a0&7b62fb962105a0&be62fb962105a0&da62fb96212760&0362fb962205a0&2962fb962205a0&4162fb962205a0&2762fb96210b40&ce62fb962205a0&5862fb962205a0&2d62fb962105a0&1f62fb962205a00&bc62fb962205a00&8262fb9622a8c0&0462fb962205a0&5a62fb962205a0&f162fb962105a0&e662fb96212760&1162fb962205a0&4062fb962205a0
.casalemedia.com/	1970-01-20 14:03:11	Name: CMID Value: YvuWIf7lsxcWdNTum-tKHQAA
.casalemedia.com/	1970-01-20 07:27:11	Name: CMPRO Value: 1213
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 14:03:11	Name: bcookie Value: "v=2&cf8b64e1-a51c-4b86-8752-fd8bcc036314"
.linkedin.com/	1970-01-20 09:36:47	Name: li_gc Value: MTswOzE2NjA2NTUxMzg7MjswMjHakxt9jvusKz8AYfGjY0DltJspSr5IUKnopmJJA56DfQ==
.linkedin.com/	1970-01-20 05:19:01	Name: lidc Value: "b=TGST01:s=T:r=T:a=T:p=T:g=2889:u=1:x=1:i=1660655138:t=1660741538:v=2:sig=AQFs6y_ib-5BLakbwubi9-_obA4GrVF_"
.csync.loopme.me/	1970-01-20 07:30:03	Name: viewer_token Value: 9f0e1a55-879d-4459-afbb-46b09f03cbae
.quantserve.com/	1970-01-20 07:27:11	Name: d Value: EDIBDQHvJrjvsQA
.turn.com/	1970-01-20 09:36:47	Name: uid Value: 4157699602717470382
.yahoo.com/	1970-01-20 14:03:32	Name: A3 Value: d=AQABBCKW-2ICENlXWPOEavWg1kH3e_ezxqYFEgEBAQHn_GIFYwAAAAAA_eMAAA&S=AQAAAlkLnue_r7h4x_3-O0gtd8s
.simpli.fi/	1970-01-20 14:04:37	Name: suid Value: 5CADD189DEF5476881E8833E284D75DD
.amazon-adsystem.com/	1970-01-20 14:53:35	Name: ad-privacy Value: 0
.bidr.io/	1970-01-20 14:46:08	Name: bito Value: AADvkk7F9ywAAA6L_n_dxQ
.bidr.io/	1970-01-20 14:46:08	Name: bitoIsSecure Value: ok
.owneriq.net/	1970-01-20 14:53:35	Name: si Value: Q7139415381670211962
.owneriq.net/	1970-01-20 05:31:59	Name: p2 Value: cc
.company-target.com/	1970-01-20 14:53:35	Name: tuuid_lu Value: 1660655138
.company-target.com/	1970-01-20 14:53:35	Name: tuuid Value: a5a2b5bd-6a0c-443d-af21-895923bd36e9
.amazon-adsystem.com/	1970-01-20 10:45:54	Name: ad-id Value: A9UwXJ1XEUJiur2h6UlCvog
beacon.lynx.cognitivlabs.com/	1970-01-20 14:03:11	Name: UID Value: c4cd75d5-2d97-4fee-9cd4-2f0c6c07bc9b
beacon.lynx.cognitivlabs.com/	1970-01-20 14:03:11	Name: ss Value: 49bjpMGe1B4%2FTVIdsdF%2F4jiQTZeOJaJqoPTgB2DeAvCpGFHPKMh60Okfp17sUvhtgl4%2FTQeJZXPbjyX1yG8y0Q%3D%3D
sync.srv.stackadapt.com/	1970-01-20 14:03:11	Name: sa-user-id Value: s%3A0-b75fddc0-dd1c-403e-7d4f-04a0625eb742.C0mwRN3lhVa6KamkETrd4UgWMhybq52e1Rd62Ya2O10
.srv.stackadapt.com/	1970-01-20 14:03:11	Name: sa-user-id-v2 Value: s%3At1_dwN0cQD59TwSgYl63QsEbDgo.yQYtvfYw1lOiTu%2BqvvxARy65R3%2FpPhT6tzaNluFlWHk
.casalemedia.com/	1970-01-20 07:27:11	Name: CMTS Value: 1159
.criteo.com/	1970-01-20 14:39:11	Name: uid Value: 0c2fdb3e-98c5-4fbb-be01-3878ea4ad1b4

16 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://ad.mox.tv/mox/mwayss_invocation.min.js?pzoneid=1554&height=288&width=400&tld=korrespondent.net&ctype=div Message: Failed to execute 'write' on 'Document': It isn't possible to write into a document from an asynchronously-loaded external script unless it is explicitly opened.
javascript	warning	URL: https://ad.mox.tv/mox/mwayss_invocation.min.js?pzoneid=6795&height=250&width=300&tld=korrespondent.net&ctype=iframe Message: Failed to execute 'write' on 'Document': It isn't possible to write into a document from an asynchronously-loaded external script unless it is explicitly opened.
javascript	warning	URL: https://ad.mox.tv/mox/mwayss_invocation.min.js?pzoneid=6798&height=250&width=300&tld=korrespondent.net&ctype=div Message: Failed to execute 'write' on 'Document': It isn't possible to write into a document from an asynchronously-loaded external script unless it is explicitly opened.
javascript	warning	URL: https://ad.mox.tv/mox/mwayss_invocation.min.js?pzoneid=784&height=600&width=300&tld=korrespondent.net&ctype=div Message: Failed to execute 'write' on 'Document': It isn't possible to write into a document from an asynchronously-loaded external script unless it is explicitly opened.
javascript	warning	URL: https://ad.mox.tv/mox/mwayss_invocation.min.js?pzoneid=777&height=405&width=720&tld=korrespondent.net&ctype=div Message: Failed to execute 'write' on 'Document': It isn't possible to write into a document from an asynchronously-loaded external script unless it is explicitly opened.
other	warning	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3755662197386269&output=html&h=90&slotname=6218171218&adk=3638426950&adf=2457552020&pi=t.ma~as.6218171218&w=728&lmt=1660655130&psa=0&format=728x90&url=https%3A%2F%2Fkorrespondent.net%2Fukraine%2F4505652-vsu-unychtozhyly-bazu-chvk-vahnera-v-popasnoi&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1660655130602&bpp=1&bdt=1040&idt=160&shv=r20220811&mjsv=m202208090101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2419754494839&frm=20&pv=1&ga_vid=2006371786.1660655130&ga_sid=1660655131&ga_hid=351416207&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=10&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31068486%2C31068789%2C44769306%2C31068881&oid=2&pvsid=4159801157072913&tmod=163380397&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CpeE%7C&abl=NS&pfx=0&fu=0&bc=31&ifi=2&uci=a!2&fsb=1&xpc=uScTbWiw03&p=https%3A//korrespondent.net&dtd=167 Message: Origin trial controlled feature not enabled: 'attribution-reporting'.
other	warning	URL: https://cdn.ampproject.org/rtv/012208081650000/v0/amp-ad-exit-0.1.mjs(Line 1) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://cdn.ampproject.org/rtv/012208081650000/v0/amp-ad-exit-0.1.mjs(Line 1) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://cdn.ampproject.org/rtv/012208081650000/v0/amp-ad-exit-0.1.mjs(Line 1) Message: Unrecognized feature: 'attribution-reporting'.
security	error	URL: https://aad76d0bec8e37c4236218635c06b50b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html(Line 12) Message: Refused to frame 'https://pagead2.googlesyndication.com/' because it violates the following Content Security Policy directive: "frame-src cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp=er3$/86352550399540132/index.html".
other	warning	URL: https://cdn.ampproject.org/rtv/012208081650000/v0/amp-ad-exit-0.1.mjs(Line 1) Message: Unrecognized feature: 'attribution-reporting'.
network	error	URL: https://id.rlcdn.com/709414.gif Message: Failed to load resource: the server responded with a status of 451 ()
network	error	URL: https://ib.adnxs.com/getuid?https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=$UID&gdpr=1 Message: Failed to load resource: the server responded with a status of 400 (Request failed due to privacy signals)
network	error	URL: https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID&gdpr=1 Message: Failed to load resource: the server responded with a status of 400 (Request failed due to privacy signals)
network	error	URL: https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID&gdpr=1 Message: Failed to load resource: the server responded with a status of 400 (Request failed due to privacy signals)
network	error	URL: https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&gdpr=1 Message: Failed to load resource: the server responded with a status of 503 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0.code.cotsta.ru
007c3a8bc11f45e050582ea5902a5eb0.safeframe.googlesyndication.com
2d404526208c1999cf8967291396cc8a.safeframe.googlesyndication.com
4727df7502fc5e8b0b921b1f5d01cbac.safeframe.googlesyndication.com
a.cotsta.ru
aad76d0bec8e37c4236218635c06b50b.safeframe.googlesyndication.com
aax-eu.amazon-adsystem.com
acdn.adnxs-simple.com
acdn.adnxs.com
ad.ad-srv.net
ad.invamia.com
ad.mail.ru
ad.mox.tv
ad.turn.com
ad25.ad-srv.net
adpone-d.openx.net
ads.betweendigital.com
ads.eu.criteo.com
ads.pubmatic.com
ads.yahoo.com
adservice.google.com
adservice.google.de
adx.adform.net
ams3-ib.adnxs.com
ap.lijit.com
b1sync.zemanta.com
beacon.lynx.cognitivlabs.com
bgstats.mox.tv
bidder.criteo.com
bttrack.com
c.amazon-adsystem.com
c.mgid.com
casale-match.dotomi.com
cat.nl.eu.criteo.com
cdn.admixer.net
cdn.adnxs.com
cdn.ampproject.org
cdn.contentspread.net
cdn.indexww.com
cdn.jsdelivr.net
cdn.mgid.com
cdn.mox.tv
cdn.umh.ua
cdn4.telegram-cdn.org
cl.imghosts.com
cm.adgrx.com
cm.g.doubleclick.net
cm.mgid.com
csi.gstatic.com
csm.eu.criteo.net
csskor.ill.in.ua
csync.loopme.me
d.adroll.com
dpm.demdex.net
dsum-sec.casalemedia.com
dsum.casalemedia.com
eus.rubiconproject.com
event.aimmm.live
exchange.informer.ua
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
gaua.hit.gemius.pl
go.rcvlink.com
googleads.g.doubleclick.net
gum.criteo.com
h.holder.com.ua
hb.adpone.com
htlb.casalemedia.com
i.clean.gg
i.holder.com.ua
ib.adnxs.com
id.korrespondent.net
id.rlcdn.com
imasdk.googleapis.com
inv-nets.admixer.net
js-sec.indexww.com
jsc.mgid.com
jskor.ill.in.ua
kor.ill.in.ua
korrespondent.net
ls.hit.gemius.pl
match.adsrvr.org
match.deepintent.com
match.prod.bidr.io
matchid.adfox.yandex.ru
mc.yandex.com
mc.yandex.ru
media.kaspersky.com
mediawoot.com
mug.criteo.com
nep.advangelists.com
oauth.tg.dev
onetag-sys.com
pagead2.googlesyndication.com
partner.googleadservices.com
pix.eu.criteo.net
pixel-sync.sitescout.com
pixel.quantserve.com
pixel.rubiconproject.com
pr-bh.ybp.yahoo.com
prebid-eu.creativecdn.com
prebid.a-mo.net
prg.smartadserver.com
pubads.g.doubleclick.net
px.ads.linkedin.com
px.owneriq.net
r.casalemedia.com
r.i.ua
rock.aimmm.live
rr4---sn-4g5ednd7.googlevideo.com
rr5---sn-4g5e6nzl.googlevideo.com
rtb.adentifi.com
rtb.nl.eu.criteo.com
s-img.mgid.com
s.amazon-adsystem.com
s.company-target.com
s.youtube.com
s0.2mdn.net
s1.adform.net
secure-gl.imrworldwide.com
secure.adnxs.com
securepubads.g.doubleclick.net
servicer.mgid.com
ssp.otm-r.com
ssum-sec.casalemedia.com
st11.rcvlink.com
static.criteo.net
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.mathtag.com
sync.srv.stackadapt.com
sync.taboola.com
t.cotsta.ru
t.me
telegram.org
tm.ad-srv.net
token.rubiconproject.com
top-fwz1.mail.ru
tpc.googlesyndication.com
track.adform.net
u.openx.net
ui.ill.in.ua
um.simpli.fi
unpkg.com
ups.analytics.yahoo.com
www.awin1.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
yandex.ru
yastatic.net
z.cdn.umh.ua
ad.invamia.com
103.229.205.243
104.109.78.125
104.18.18.126
104.18.19.126
104.18.2.81
104.19.132.78
104.19.136.78
104.222.176.10
104.26.10.25
13.224.189.79
136.243.84.74
138.201.84.245
141.226.228.48
142.250.186.130
142.250.74.194
146.0.227.110
146.59.10.80
146.59.30.104
147.75.85.234
151.101.193.229
151.101.194.49
151.101.65.108
159.69.59.100
167.71.9.19
168.119.79.238
169.197.150.8
169.50.137.184
172.217.16.194
178.250.0.139
178.250.0.157
178.250.0.162
178.250.2.131
178.250.2.148
18.66.23.213
185.119.59.4
185.180.223.91
185.184.8.90
185.83.142.19
185.85.15.31
185.86.138.121
185.89.210.122
185.89.210.46
188.42.196.115
190.2.151.10
192.132.33.46
193.29.200.140
193.29.200.142
193.29.200.151
193.29.200.157
2001:678:cb4:bbbb::11
2001:67c:4e8:f004::9
23.23.202.74
23.35.236.188
23.35.236.247
23.47.208.212
2600:9000:21f3:5a00:1e:a43d:b640:93a1
2602:803:c004:200::141
2606:4700:4400::ac40:9040
2606:4700::6810:7baf
2606:4700::6812:1eb6
2606:4700::6812:c4c
2606:4700::6813:ac6c
2620:116:800d:21:b314:a0ef:ab7c:d546
2620:1ec:21::14
2a00:1148:db00::17
2a00:1288:f03d:1fa::4000
2a00:1450:4001:16::9
2a00:1450:4001:3c::a
2a00:1450:4001:802::2002
2a00:1450:4001:802::2006
2a00:1450:4001:806::2001
2a00:1450:4001:809::2003
2a00:1450:4001:810::2004
2a00:1450:4001:812::200e
2a00:1450:4001:813::2002
2a00:1450:4001:829::2001
2a00:1450:4001:829::2002
2a00:1450:4001:82f::2001
2a00:1450:4001:82f::2002
2a00:1450:4001:82f::2003
2a00:1450:4001:830::2002
2a00:1450:4001:831::2008
2a00:1450:400c:c08::8a
2a00:1450:400c:c08::9b
2a00:1450:400e:80c::200a
2a00:1450:400e:810::2003
2a02:2638:1::13
2a02:2638:1::2
2a02:2638:1::3
2a02:2638:1::4
2a02:6b8:20::215
2a02:6b8::16b
2a02:6b8::1:119
2a02:6b8:a::a
2a02:fa8:8806:16::1370
2a03:90c0:41:2801::254
2a05:d018:d29:3601:2eab:9250:340e:ef2b
3.126.56.137
34.111.35.152
34.205.21.143
34.239.50.221
34.95.69.49
35.244.159.8
35.244.174.68
35.246.207.21
37.157.2.247
37.157.4.28
50.31.142.127
51.89.9.252
52.18.233.217
52.205.37.96
52.212.196.36
52.223.40.198
52.46.143.56
52.49.126.217
52.95.118.179
54.160.109.218
66.155.71.150
69.173.144.138
69.173.144.165
72.251.241.204
72.251.249.14
78.159.118.240
88.99.70.21
91.198.36.26
91.198.36.35
92.123.17.141
92.123.21.100
94.130.160.79
95.163.52.67
019585e1846fc56d5d458ce2a859b908464516832fdeb1571b019d3ea47ac690
024afefcd87a46088171356cb20bcad296d2c906837e616daa2c7b5bb79906d9
02ec02a732ac442b5d2c49e87f9ec7cc9bd191eb0ad0f1fdd642f0bd14f6ceac
045cfb9a382d3265e8fac7552fa0419cb7b1712e177742a448b05a5addbe21b9
04a436758e8992373a49eb612d5b5f54a6fe9e6b1aedab24b510411630fa99b8
05377236ec3ad5083b3f1e1ad66fdb134bb93d14c15f7b13d6dad00454e72a3e
06289e11ae03a6a17deb90c51e873bc616e28822001c6d6132069b39aefeb7d9
0691232849cf22b42a053a3b4a8880000d038e1dea9d0da7188da2131914d33d
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
06d9487d0d05b38994c2a06ab9639cfa33afe0c98f89cbb0f3bcefb4cfb0aa84
06daf2dfc72a4d0dc7a5f85b01322346a374b732403f0b84fc592f5857699f36
07dc2e48ef051b38cc4841495a54a57efd4b1b8c12f4dd47af04ebf5dc60b5ad
08b1dd227c9b93b411c2dfc594331da8d304ba1659f07307c04991f5626f062b
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
099f342bcdd01d03cacd2d665bb82ed11b7110f74768ec40774de44140481a38
09aab87d7e0214e4e7b6ec226d23891d1af75e928a72802f682bbe8ab61940dd
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c3bccae1f1f6b75a5f0d890ae15cc8e32221afed72bea06d5592185a28d3dd6
0c4544c53dd08f87c8c5f8c5bdbca18d00fa15d4b64e42f6054a7071a58fd34f
0c89d0e71b0384be1778963b0e0f9b70855b384e2632c89c0dc5d1e42423ac7e
0ce10fcd56cb2d0924a1b6c7bb9473eda4107a5268c831e253e810510a048c0f
0ce978a7907fdf3a7b393ff68e8c0c17703c7f2eae4772b4bdce769668118dda
0d3118e306c6a26f1d2efcb698984e6922c5e7e155c94a84760e36e5592a3c11
0d64296abe55a8dac5a22d1c99394e27f573b056d0a54ed01e1f0707258fa192
0de79bb0632474ad7dba57625f4f95d8ee0dae172bc5d446ae3dc7ab83eed2bd
0e5cff02d02b67173a25c2eb3a24f143626ddd170df83526333570d8895ef3de
0e8710fbe22a12f0f4293a268f372efaca9012aaf301a1078601ad510a0b3084
10231401bcbe13b1946b9fef63f67bca361c37a41100a33e35876abec6ff9730
1083eef8b7598af7e021ae80d04890c3d02220b616f472acc64656ab024ba484
109ce385a2fc323a66203b9814aaf1e876a0688b87876aa2ecaec748f3d310a8
10d7fdd2aec7f369e86e6540ec90f4ebf3e045692f8eeb3a98aa652422bcad18
116cb62ef5b34dd361a49d3e1bb7973d18f15040824a322f855b62d818e2871d
11d6124e0cde23bd1272989747aab709243f89cbf831caae0d3d34fb1f2f4e31
13ea0f327d0c75771fec376ebba6f0817d32c52f5b8a78b29163247c65e08f1d
1457901b8d87f6896475d17332522d4b00a0ee7e9861563d7bb20937c6a94f81
1475b24079e5706859e9b6a63c1e9639a9e34f065f13510f5369be0bbe2551f7
155f07fa595a438ec58edc29cbc37dda721eb8d1e2d2b5ad8aeb559a611092c1
1598e045b4d9e7ab54c8164d124493be8cb6030eea6cccbbb41744487dbf8d9f
159c24eb0b9d044c0507e36e693d0ff23bbb990ae90523cc25f3683253ee43d6
15e749617a3856bfaa4d2cea0c50d88366d2b579841bd5a45bd2d34062babc51
174a79ae10dc3429ea2e47dae1bb511c4a95a2715c0add9f0bab4373c580dc26
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1885450c0476075437b5f7356ec5dc33fa5179e850cc4dbf59c29f37744818f5
1c0dd8777c7acef39a5075227122fb2ec9b37cf12893cca3523797e149aa5ab8
1c5b104caea431c322db57433a42e842d0df628110cb8cedda3e2bbfa46f0bcd
1cbf6ff5a1fe29ad13e5ba433cfc892ea91e1b4b6e5d4b2ee34973e9c44a4578
1d3d386a784f333a27d84c16911274e0ee53be7fadca3228a5b1169b267f4535
1e14ddde632bad66a3f79d6dc2c6a212d3b1b5cd8100cb6b73984b8797c5ed86
1e9d5440d87587c4baad26c6df575e0ce2e0a3f0a5aa8c0c416df48e305bb0ec
1f98c43ff994c6925709d7fc8ac52a9668e17732923a5bf302dd5445e90f6a13
1fffc45d4154b329791829ed47d576f2cfce1f3825a32d5ec6d4ab2a689dc632
20a222ba87d1283ff25c69afadda25501bcb4c8e9599a8c61362c30307ebb243
20a3df19bb4591acf90ed393750b81271bd66ad897aa358be33e375a01cc66cf
20e1e4528a14b80eec763aac082227995ad0e9e0ffd0cb26cb45a2016edd5aad
214227a16b4ff571023cbfabe1a74a46b33fb30abbcd8d1a722ae12e3afeb794
22630cd01c94bdef052772dea5252aea2fe20da742ff4bca0ac4410b1ba6f834
2356de1d2ca4b622f2949c68f0659a08d577e86204c4700c439132c5164d17ba
23dde3a5c9d1a8285c0f4803ef23ef566d22569b8ac82582e3d08d2453fbd0fe
245372ef0e3b2e73c248fcb56699b5d6049939ee6856cc5f223d067353784186
246a6d3c5f907838da64e3caab0a93a8443c7f4b32e4e6c1419f9e5e4b871429
24a2d79f03080ec0a76bf8c689e1e233a5e2f5c999064458d9cf55bb30643f84
24d7efbce385654f777201a7bb9d53f7682cc64b78b820da3e241e232a8f7274
2664d724d3ff283ff35557ae0e4b489320a21ef1bda83c9ac2cc178f48baec2c
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
26dc9aca8f2ab8bbb58b5e9e5918988475e42f7cffad974698a71b2addc6ec5b
273b29e3e581aa9820d1fa5f3a769c2018974c359d28a6eef0ee09cbe0b939d7
2791dcb76821658dce3165022548a9d1032f4c99efe7acfaafdd6327cbd88129
27c5ed62876b189dee5e38ae5b17dc2794efb817c356db8e6dec84798e1813fb
2903c151f90fbeea6161a4f329f44ac36489268a8e61c62ad8141140d2ed3c3f
29597c28ac2ae57d20f32a7c336abd77e10714d0195f58125a4e6db8e6d740bb
29b542fe49749ce376cfadb352f0fd9ead102896a5816569c6e6634be8c5eb87
2a29e79bd75cc83eade181c4acc1c198786539997766b648bc21ed5aa7698408
2b00ce902e9ef9e7031d76c62a72c1cb0054185e6691e9a72757a31cead715a1
2bc5a2143e0664261583e20d5cf80859585d86bda4e0ea1db3d787668111965f
2bca6d4a748c8016f19ca9ee88f06b41a7b1928b2f490e44c0677ae022bae018
2bdc36b4ed75c9ce98e2002e715d0105aa79013a30848e4c93a2f0743e17be32
2cd70243017eddd6d2f7394662040bc749411928b1e8277dce04b5cc8364eb64
2d48b61c2f0783bec1a5c8d95e5f88866dd2794f401e8c7c4d9503608503b375
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2ebcdc45625d8bd6eb8cea62780c1128df28c86ef0e10a6369ec23c97d61d92c
2efd01e0321398d63e1378c342a79ce57b05ca28db6485cccfdab344dcbc6c10
2f3c3b86317402d3727e0eb1417790cf5485dd96e397374de4d1920dd3fb373f
3135160ee3b34e2d1e58bf80944a1ed2cef3f073528ea98f11916a397b4c6ac9
314349e78d72853d2c7b322d616e9a29b53957cf702ddc99766495fbb258d31d
319eb578634347f8bd6df61778b659ebe74e827b6395e114b084c3dbe613d854
3224cd51f4161d44547a1f5a57a5566582c3d6a690d2212af8a0a8739d0c8e0e
334ff4c8e9f20c31bfe49e4f097a08ab9a249180d04b2939832f45eb594eb835
338331253035f259d334bd9e5733ee9e1143212d62614b2f7da324ebdcf475bf
338672bf319bd85284aa8457a623d08a19f035585479fec1e8f1346f98cc17fa
33a57ab78c1643c6a75ec39665d90a469259c9e1baba806459d67972916d2552
33c9a67348a9fb11e888e1180d62810c269f9e83c6e2d05dc6bae8dd8ab462f9
34eb5999e14322bb62727d6ae5ff53b626b485e4d0d78ac9b550ab33f41f0043
363832ce22d752de90a8074c063a729895ac3cf4c5650e1a5b82cfe2f5ee7674
36fe5f8245102e422e7bae2126481c36ae6e9c89bb695b8e9018171ea379d7a5
3728fbdd191d75bad5b83a838dfe2fc15f84c2aaa36ffa573321275847db31a9
383c248124d43e4245ec6327490c21e21b15757c7c33bbe28e8f54856a6cf9b6
3969a39354cf12ab1f880a46327036880012a125afc99deafeb568ea75ac5f71
3b2ea1c9f3587781b58285cf64279e67f6329a3924fb93f81529f1826e2f4d16
3c914c5ec7768654dc4f35534b46d2da72708c4db16148a833ce1847b893f60a
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3f4520d40b04f68db0fba13757a4a6aa9029dab0c4cc1741838e827da45a2b82
3f8ad69cc7e1ffd2d274c3a414f13c646c7a2bedc5ab572272292bcbc31df31a
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
40454eeec71cd936bf826c8cf3fe8b4d5720a7e7845b8f18cc02fc124ba180fa
41223a541c746eb9defa702938338ca2e97448569b2bd7ea3e5bb66ba41a9a63
415fa72687e9727c2976f929bdf27d1f8f009b28a11a3f86556d21ae8ec35394
419d32b91af4527e64fb23db098f7e4f5d030b63afeddf07ec593640c4a6fb7e
42276759762e20ad22c5a1a036ada29b2e9bb581e94906a0df8cf1aa2a2cdb16
42e2396c26d163da2399fed7ab66a0305910bc8ae436800176ab4b265c60751d
42fd1410f61902cdec723e26a49910a423bacdfcdc38197543238f7f113c51f4
437e2f919345cdc64ce4cc4de32598b6c99b2962f3e209c4c2efe4eeb4db7971
4420ea692c662405840a6b76be19da76ecd585025bbdbcd4e8e44ad5ef6f6dc5
449beabc2835a30cd5e7ed760fce4a183095a04bf0dd6b657242e091ad370f9e
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e
46d1791d45e9e6840842ef90f192c2c6f1f4247baa7c1f32f2da75d3a05c0de2
46d70ca597acf6ac920dc348b4e09fecd016a6c59bbf450e9d627fee569754d2
46d760daef77a6d17732f8a1a7104ab77c062760d0e0a217a87697719cc6eeaa
4896030f998208bf001883e816a7bcfa9e982fac5ed6a004c7889baa55b0fb18
48a32f75a15608f916866df8331d2e5d2f64b2d8deddcdede9ccd0631730e076
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
48bd457befd1682d1e21bd4327a12799559ecc1308da5413b21ee60d2e6c0dde
490319aff00a55cfc00d9e24f71f39fc0801858055c62c07bec8fabf2f6e24ff
495d38d4b9741e8aa4204002414069e2d8db9f3c60b60e195e4d74381462dee9
4966bb806b7bd902380c56edcda5296875d9e6f559d0be745048b9fcc75954c9
4a530d495204ef00574df2302ecd32c3f7de825ba00e8da4fd16d63111150092
4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08
4cc09b98218cbf43c1495eca4051f2ec3f300fbee017efee606b90228138ec2a
4ce066bb56fe45510d5f63bb23ba87757b994c33e2ad4ecf2c9310ceab2822a9
4cec7cd7b9ad5d634458e275eadec098917c341cef3e572466af5e3650129004
4cf6f3dffbc65f9231255bf31f40ddc84a45bc57428b41d6786afc7153b90b7a
4d1f56b3032e5c392c0a0e812c52d5fcc3da8d9f157d1e21d78434196f58495e
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e0fba9b503b0eaf6fd656be69b82620d020b73ed21db603c2d801ebd184b289
4f23f0187fb4902297212c0c271a5dab5f689c9658405bfbd0844591f3680440
4f263e74fd00d4fb7dbb6e705c8de26d3689f5d2c844046892fe4e8e9c5e1175
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
4f980628109c4616e0c245be9b45aa44233f40ca4f396a58a9e298cf51744e43
4fc39fb95aafa02b64bab22379d66041db3106e9747ca17216961666b2adaaf2
4feb8a4baf1ab6d4efee5b984ea48ff22af46b19c3b6c21964607fe61eea837c
505b5bdf46f075f8599308ec070b555af15934723ef1791989cc7565c6dcc6f6
5154ae952fc07c13c127696feb01f68401e99ec5cb866bd5cd98a1d49a672ec7
518ce9b9c0ce15f8c2fceb165ceee5247af65b39e1b65651545c1dfe400b397a
52843d80d9ae9d8b68ec95209a51d1cf09949d770d786ac40a859a4dd92e1188
52d82f5bfad5f569fefc9d64b3d333caf22e079ca63ab2b38fa8fd8ee2e20e85
52dbee4f429e8fd9afb59f375538cd17a3e467d060dfabf87d79e16f62fcdc12
53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2
53e50f33b8e44604f22c6cc9bd7032df8358cb5cad199f471a27d7d680ea8dd4
54631dd033499b15b6c56f7f45d68fe185240600f61b69fbbc9dcaf9424add2e
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
551e1264a0ed88f0bb0e03b08dab2c5ca2077563c2078389d01a32e7958be378
556c93a5fc44ead9fbfa6f393af3a2a00a29eadda87db9356e9ea3d705320ae8
557d793f1cd96cfe3a1ebfefa3bc0e1a82e9d56dad9180fb2b66961ae2a7d342
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55bbe6ef5de230a1e46c12e05d58b2f264824063fc4020432a55c5153f209628
564be5212072b6b74a90bb9f63ef9821fd16d5619039c85b0e605d827e115247
56d1f1f3e5b1add4f774ea6c58dbb722abd040454ccc1cc1ce38e9fe98e9021d
57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621
571861bffcbb11702a9a254709f0adb704c56b645d070d20760a62e2173dd678
572b319ee85a86084ba5af3cd631f6af5c279f182159d0aacd486eef9b612d3c
575c82f23dbb9285df2f62c7c8121c65d89e8137713110a149067d695975215e
57a73a9a530e4bc11de0e19150beb203d37372803f888f4ffa603ac6d2319b83
57f85b0b3c7d7bb20345f5bbb60a1c5ca9f01c17fb3807562880c8325cb39665
5b26ed637b9892bb358f2cb5e8de6deaa37df3f2247f7e2e7b200b6b4af2a809
5c8da4caf6e731507bb23807a86d3117a5dab0aae9c416d87a8b2b6611b7b4e4
5d98508b439fcb46ceb1ac820d5fa1eba8c297a509a340f5b3b5555e55b1f55d
5ece34e4ee693a3535e7bee487f34ec53f16334830ee4210239e95190524358e
5ee00fad2265577bc5be56bc69c1e8c1071a4b201a5b9bd523c7204a54c31a28
60c62e0e44a2b4a1116d28f8a69f20c108cc84b5c173060d134a6ec083e12240
60ddc774c7b5fd0c01d169321a444da403d60c0042f6bee01b0c96f6e1535fda
60f74110267d386c033ca330fc5bbd7d2472c972b63b33fa8000e87c8f815de6
610dcaa00bd1db1180cc312de4e35672a2ae797ef8ac206658076e05c6960c47
617fd637db344dc7b543476d489b9bf81c12d4c5e6cb4ee02d9977fe9fb9d600
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6226df8c5bdf6ffda14992098c849dc8033db63fffd71d912056908385b3ba99
62a80dbf0cb2283c12d23ebb615edb7f6a391c7342aaeab9ae135616f92b94d4
62ca6744675a069c7c9631a60a0c6a354032008783bf71bead35b2f1bdd6b801
634d11aa7be2760cf7c883b77def676c8766c0fd6f2142ce36dde1b14554fcd5
65dbab2a2977f200d2c3deac028127e7ed9693720fc2032494b08ba894e422c1
66af5d85560f25b8857229580d11c023509c32793df28162eca34790f007ea48
6724a2e9a14fabad1de2b5ad7c2e41f978c70b8bc024c6eaf5adfebf4489b13f
680f6e9a0e9f9d8c145e11d6937f688ff4299215d44bf0a54368ffc6acdbfc51
6879cddaa5d64594ca57e540a786a68ce5e0a42ce987568e4f0929e44f5d73f9
68960c8fdcaa9203204e9e383a89fac3658a1eba0a41c9dbefbcd817fd23fa06
691892749b8455d6ffeecfe0ad834dce865e25d46a84a6ac578c28c6d40919db
693399db8f4ab6020cd90165ddc8b760043d71ad179f31096d3c6646430ca651
69865e8609a7cac7b8fe6b337b53b873298e092cd573ade6fd0f00c69d8320ba
6a3d0041aa732b3fcb93911ca75ed17157208791c6fecb5bedb5f6c9ab065c7b
6a7285e623cd29692201667dfa9508624ef509a94dda536fde611f7ce8ebc304
6a7ed7044c6ce89fa5dfbff5be18e925d18753244a943905fb5009a22e1528b2
6aa902a76341c901be30149fa7032befb55976883f2947aec2cf463fa68ea7e3
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6ca8fddb17d96df80923b284c7e07888f947eb3dd03974cd31e85f4d5e9dc6dc
6cf010e708fd6c2b74519204e7f6924b1356c7bad6ae12996b4a0ecbb3bb67ce
6d3dacce2668e2411eba50c01af665e6ff53dd901070ae391ef2569e1b15931e
6f3c98f0620c90dcceae4a2063306747165b950cd354f25f9b0aac3b57072e49
6f57484d22ef9faa69a3df351c80cea598f524c8f0d83010c4ea8aa17f3a8eb5
6feef6d629316fc0b78137760297b7a4c9302d377775ed1968b10bbd77b2c9ce
704b568dd905bd4ff56e44f9bcf43447eef6161576ffe7a59b984563ff52754b
70d5c4de881e718d0b7638959680ba86722d44eecbe4058d20dd77b8d0d97155
70e33a2fb00d8ab161e46161fe4a3bd01d99a2265d17fd1c16e53cf73a2c5580
70fa25d0cd4744b6b91054ad55e3e931dad31cc85915b13e33e4e674426c7cc1
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
734b1760dd6b1371613bc5f380dc18f0d17ef81c0edf4622d5a1400c7ad9518a
746589ecfb4406519933a6aea5f1149224afcba81e3c3ef0541e7ad6c8111b7e
74af5f69ef0af47c176f2e341b52afd35fd03aa72cbc5417d2822bf1d6e94da5
75bf5c0112a41f871dc47c5e98deef6dc7db8e94178bf0c853f3a09415f6d338
772e8003d51183fa1bebbb6cf159aa48e4de85a2d4b2b67b0ebc5d7f71adcb78
7810b3bdaa07516c7bcc05d2d454ff59f0b3e02b88f1b455ac62a9688fa085b3
7856a7449935f86b1e1128623db10463e1bc2a751509440bfcb66331cf3f7b88
78f755249da2fa29690828464594f09814fc9a3d73cd197df9e146da64efa4fd
7992a4430843ef8b4bbae534358be3193aa1ae9c78f273e8e8a70b6af1244ac5
7e6229474b9d114245bf24dbe072bb6404fcb7c14c3bc387955deb9bad7ad126
7f1f8e2ce2202a6ce7cfd01f52b13ab5c1cdb1d666222ef9bcf3f6e9031b4985
7f37c6bcfaa268588ad80865bd3927a96c16a2486d8e65417a34a1b798bcb683
7fee5488f247de155c84a033494401076018c81062f48180373e3cf05ae47c69
8081c76de1493e67239a84553a77c274e740ef5dfffc875d12b94eafd6729d65
813ec2300178de638ddb6b784d7bea609defc322af5c037b7a4ae3d1bc94751a
82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83ab5047e820c4c9edf0823374a8a31e0119fae38f345a88caa81b46184dfe5d
84510fffe17fea544ae340bc9373b62106bfccc148f93e8ac4bbed045c64e9a2
84b025d4f6155d02f1293800b343764f08b8feaa37157d6c7daeb6352e3b5669
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
86001a6014993e04b820d5f205055eb1fad00200b0044177c5ae8b84f88e9def
861aed070db50ce0da9928455deff784c115b44540b09450f225ff7cff0c7429
86c16c76c730322e55e041f3f97e5c80253da9c0b0607ee2bea0f69615433cdb
87bfce13ebaacb6f0d0885683c67814e5defeb463fe3b76478b15dff67aeb231
87e582b7b6cff186991b8ee9bf6539e74254c9711eb6b3982ade355b89fb19d6
8975997ebeecb09737ece81428affda5d69642f01d629fb8873d1e9db26ed26f
898e180e28f0d79507e9383a6f58303043c24013cca819f7451381562f323093
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8aef4364e4f67400d02bc23926cffa55adcbc81f17f178b6e1dbffc1f311346c
8b99d6e31e03e67738e06651cbf8b52607afede1f7648c9d2cba471f85dc49e0
8c9bbe742162fa5293b477b57ff3dee85206b67553d0a448a672ca207edf3760
8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7
8d200dc372fb333c0ca488fba2a569a686cbf5f1ba0cc0544a4a8c96a4f91de3
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8d7a85e9bb7517f971263a03fc87ddbe317f432ea2a85729b66df4f9ceda1230
8d8ac63d43ae79c79e76dd78633ea482dfca27186cef3f522a3da4827f63523b
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
8f47773a10e9761af2c12f7c7f1271ff44c0936128bcfae599849482acb4241d
8fc4de112cb05f02f61d7856ee3b9ca6a8cd68ea5397520120c5183b99bffc17
90102a5b0d498a0928a1923216a5e922fa4dd138a5c7ecad85c6f5b6cdd6bdab
90b4abfa7281f9465c5d65947c7a035d414ec1add2729ad1a2a5dc2bb7bf9878
90c9017a8a6447588520f38cd94ba14cdb9839c92626aa06bb8a4a1052c2ab7e
90cc872b631d6440b61b9352d57cd1411b6212092d93a139870bf22d93847da5
911513e57820016d6743611c67df4b741ac7ef60436b8b7b2f439b4b30eb78c7
91b40ff6f3bbbbafc299402feaec4a24eee9299637b8bcf06aed78b6399ca673
925ed48219a2d3c339c5d288fdae3f965efbca0e5ee4e369b7dcbb04b6ade06f
9292583011000768f1f8c0b1d9c34472f62cb5c579779fd24484277005734c37
93fef8b32bf9abc68437fb83d7b979c743145aca37c844d9bf2748fad65a2191
9482fc3a91a616471b441fe6d5b79deaed92eba1bcaf4c3d04290df2fe5f2c3b
966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068
97cb426b07a50b994eb79c3e0b49d747c69bbdaf5587f55fe6a8f6b5b2e08929
985a75678aeb2265ad5871fa4e1bc207eefa788e1d5a47bf5dd848e3d9847765
98f304a05a17f5120eb93b6a6545bb2531abb810cb96515c7e0d8ce35493ff6c
9c51b3bb0c5188de2571ed94d9432b85693241de3e05e5e82247dd8a45d4d03f
9c72f749bfcd24a7184e4036a7299671694b80aee0537745904580d38f60c3cf
9c8f169f065ae44c814028469c86774cf78a538f351c3f452364d97f4ca6bb04
9c977a8971d5cffbe1f384ac368431f7b22c3d5a7bfdde2824dab4a0c53f3ee8
9ca2c8b7c4f20961db7ddbb4b88d63ca4926fcb0d5175c874f0b863995a0f668
9d2ae8c80a6f17e7068957051ed9b2de5217215c2741b2671f3ae1a1e9ea4922
9d56d4735b3c5244dd0788778a01d5a5d1e2acf77143c41c795b957bc31d8c47
9ed325bb4e1bd9f76da8039c87602d63b91e6963d6bf830e62d938a1b90cd133
9f03302392b687ec532ae8b9763be702d497443a372c532cca856300dcd7694d
9f90c0f9336d41a52c74f304120cf5e122a92847d9d929ad4988bc7736d2de70
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a18f84ce166eb4a692f62d6d4cca3ab068f189b428333757b2057e84f8829cb3
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a1ef3d3ae5f563bd9b05d778c8cb5261ff05eb0dc32de1d27f78fdc111ed2107
a1fc449201f61ca3ea21d70a29c7539f8bcb19be28423a4e1258e7e1e994b042
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a357ed3a291660de456a3548718d53202194bbcd84888c7c41cd312f1c58a3f8
a36aa127cc7661143c7a892cea704ef2f60e636bfef2666a8f75c1111dc1dcab
a3a9666403dd904811c01ba6925d89449b27aa3efe19e86b9d8864d660922fc6
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a4b9e9ead2fa2e2326506b52b3f253b19ab9aa2bfe0b2c276dfbecfb4baf12cc
a4d16243c030458dc9736ca798cbcdaa640bcdf19e6c67c63d3f629f3704e394
a58c45b495338481a91c73729bf3916ce6c7d8e9f0566c0e731a7a3da7dba81c
a59fb508d0b1b26622686fa0947eac6f2d0a73447e83f3b7c53a233717a3cf53
a690357c8d157ad2a9f188ecdad238c37efbd7508124554e8b7ddf2986cb0188
a6e88b8cfe698f9f6915414ab7faa9aa16f5f305aad506b1473902f40578d483
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a7dcb6a5b96bbb61e46f148b57aeb95f34128dc3a8b03b72b98abec6089734ff
a991cef8e1b302989f94dad4a0e23a70dd561b60d2b41f58ed87228f0051f9c5
a9a84fcce314ed8a6146313f434552a1acc20b98711e023a43b6d510375efd86
aa66c613125eacfbe148ed0adff3980002acda629ce8ef81336b1903a00573f8
aa850796db9400b694644339634f8708ffd14e3ac9843972954dcb4571dcb939
aaf6f80ea70c962a47fde429a215254489e0b89332c02d913d2d24c9347b4787
ab468dfe133af18bba5ab1235d40a0e1ef6290cb756ff2a702005c01827bfbf4
ab6733930ef4cc96ede3c97152a1017f8d5af725d44d59ff884c804907dbd787
abaa484421865309a7781e540844f1b5260ed131080f8dd9f083d8f18beea107
abcbe0423061bbf5caca8b070eb57c5ea831fde8cca4af206f8b48938142b4e1
ac767d3b257f18757c4675082116cbe11374651106d06d77de36d7bb6a9249f0
acee7a966ffb2ef38e1fa0c8c494a1e8764d6525f390a111f9cdcd3f0bb17023
adddc2e9a76c0aa1d4aa53a9a34c6c3c45cde681ee06de5dfa9d5f6e6d812354
aeb925bb204a686701ed5795fc9a381422a479fca1cacbe35de200ac65319988
af6592d435a34ae2cbc384c908b2000e3a33f3c3d7bace1a84ba7880a8a80d9e
afd0f29b4b5495d092c10dc6b7cfba7542f00870aeb505ece7058c69f2f55db8
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b025ff367e60a9cc772159148d19e19f548aec0302db9eef1d93b5361a42d52d
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2c1acc724dbca1e4bfdf8441a0b1003dfb7ca9f12980a23fb42060e3bc4deb0
b318e5876213045715769fbd7687c0c0c8aa53bef9c839b43f2cc48a3221e418
b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b
b5c639313a20041c6986df07dae08542d6e26be05464cadce13a51141b8a8886
b5ff81dc47d0c3cfcfee6ba1b9c6c5db2c38c77079901a2c2ac1319bcdd96093
b6601f9e51bd8099b8cbd3b130a48c199e9a79bf7270a9ca096ac112a9ba8a18
b73925b6121d1a9574b1d92d51dc646821914cc697fad734258b4177152ec515
b7d818c698d26d9d34c00c94853c93b34abb2fd53e97c415fafb9e84df993f31
b85b7b90ac060a12f5d74536230388c245f191c36fe35d86e3105971b8d190ef
b8a078bc5a6c3627f22aa58228fce4d5718eba63f8bb7240a660480789ac6fb6
ba0ab3bea0bcd2b6b145386570c80d6e168ab4705775cb9eb078c5074d96b436
ba100bd29ea5ad94ef54e1562a3bab56ae3b7866c00149747556bb35c172a389
ba7beca0f5402387b359ad40d2af0dda9632f6b81e2aa0c26336324c358c3e10
bb9debf62cf49b5b21e9ccb40f4a5ad95dfbecacd327b8346e74499a52ab232b
bc485c60c1e0395cf0c58a2a9bcc80550b8f289f5be78594484b3eeed36c37d9
bc788950c34406808d0a6d40ee7d7a0a585a3cebcd266cb72b1a4a8a252f1331
bcab73e79e54f5f8b0cf77546f937aaf4aed60947fc1e4a7801813ed34728c4f
be8e12555437645bcc9465cedd23bfe9305ae461b3e1bcf8e8a1db8c9abc290e
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c230c1676e6dd8136503b05abc655a22e5391cb1eb2c29abacaa61441964baff
c28da0d2b885a6cedc6923b7df986b2568ef27e08cab2b84708f1a59b2702d6a
c3d3e53145b2e47ef3c4a2a08c8a644b8acf51380859a40d48a39447646e9a02
c4db5cbaf04a87c209843af34b353cecaf13bf0a7901a22a71cdc4ee5c9312d4
c5cad78844631f748de4f5526652f08ae1504dce421b6e8dcd796af07e639ac5
c5eceae3ffc3d1127522963a35cfe8f6fbdff9d7e22a947889059c58878bbccd
c652cb3dcc3b49133285c42c49b296c3a3af4f9fceffde1022a6e3539e2422b1
c6ab4f9a3174d8ff5b06299a2694497bea1d78f277f2720f203ecbe21d7d623d
c6e8504dab871177a8d6e8ff42464a0a0ac8f3dc47409e95262217b55c53e870
c732adb13b1be3b4e9283988a26cdf5153eefe90b9797f8e70fe2a6378affbe4
c7b1cdb07783366502d87c81cd7e918667775859ff3b7392bf26d29ed8d17dad
c8000c500af82c88bb3705260345e8880c1974664d74bc8d2c11e0cf411e2a4b
c979ffd70003be58ccc574778b78d9303e8b5b3494a6cdeb01449d65a5a815e6
c9dffa2fc0c30836d2fedff6aa96598bd23d9ac8838813aa8c3dacc47f5c742f
cafe2ccc723f38d12406fdcc2b9777f7f89363a39bbd09c91bb75876f24141fe
cb5d0030be491ac393d71f8c248a6e552d35be0fd1ac7efcf8107abb04fa6b6a
cc5e65f3bf4a6f565b2e549b9b401450a1e7d283ffe50dd4a906b5375808b851
cd7b4bc60a8dfb9ea5a33a4e7365aff00eed163477685eca6c13f8cbcbc77dc7
cdcc0d31470f6b7c8f7b43f00b790c9e0e44b9a1f63958c284b72e6ba3c56d7f
cdee990bb78bab7343f4517e56cf4f67aa56dafe133a12a9f0f7ba3a552f04be
cefac0898ee1d19ff1fc498113e6f7b81a0f5a6e63b3ae72106cde5d0454bc01
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d101152585754db8c1a22970a3a37893b5fc9256a11ec09b9c740947f3398a74
d169a4b4bf7e00787e12931b5c2040d76f6995b3ba3f06050274b28644b47d86
d2e5722cf0b8d8df31200550801d755733c56d9ca2758b7041fbed009e0c9d08
d2fbad9636c1fb1ddc3e083984f2b5d3a955a32fdb6247876aabee203958e7dc
d396df02b5d1618cfdcca3c3bb68241ce7ced903cd5d3a50604b51821bee86d8
d3c427c2a90e6b6a991ae8e306d8cda6e7193028cb9cdfe1be592ec48472733d
d47d16bf34e4c557ae13192bf351083ee15c9bed72a139fb1e14272d7b391230
d5067a2cd80078c8f0f475acb7dbb3edcb422af436f4a69a1a719e654a8dee77
d5c1773b4aa0eb9501c3690028dd77bc5d822742a1dab3a4c3c3d760a51bba96
d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01
d67f7297f9094ed400ddbd49f19457ff4bb2d2fd3d29de62e3a6ab3c23c80243
d68edf3c87c6a6d87223649e8162ef1584ea6faad6f20e80fdd5f72c21b16a17
d6b5320953143ba16ee2784df40610947d0ffabebda5307dc74e285d8297f07d
d75ec3676e6925adf36264645e7c2fc821b0fd7a8b27a4b53573d4d58e4cebdd
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
d7c57035f2e89bccc3f3882bf77e8a0483643209b83e311713d362d1d33f19a6
d92fc46b6b46128683576769e83ae766ff19220233aacdd2f7a448962d9b25d9
d938d6d21a55a7bb8a389cb6ca0fff204cda9532d81b4ca19af184ea3d748ebc
d9d9a1fec49726428028512605f0e7e446629f0c4fcc761c8b3af57460e1ae99
da5a6aaf22887d6be1d6aaf85b1bf31db6372817faeef47bd9f21b89fcb78109
da94a3a7fb34f75dfd4dffaa941e6153a5bf855317db76dbdcaabd416c6206f5
daa9c1c00563b973df8c5dad719b8670a599a9465ba9bbac4d222c586b538571
db17361b3018b3c415bda8202ac0fcb3789c127de4b22bacedbea176646e9fa2
dc31c040a9b3651300b1705eacad157ec6341684983ee6b8c6eb231bc0342cc0
dd104612e94fc2aca818752d3662ffaa81ec336c2f6f5bb2c727df0d720bc053
dd4fb84ef463207662efa03dbd05515afb3aee6a71fa7c5e56e7b0b13504a7b4
dd89c698f5518b8e74892fd52085772390a4cb078ff04939584650c0d3507c67
de317176fa6b64a8e89bbd45d20b6be2560bbfa96e7e53e63eb754e18bfe6c1f
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de6de06b5d49335bab8937daf66e6d0d112c62cdc4b9f5af1799647b84c5e8d4
df6bbc5bec8539d17b3ee4c9d5cf472af24286c888eb41cf06b5ee6cbef5879d
e0be1d222e2e367ac5106f4aee4830c3de18af1d266f8cde53915e11e8b01bfd
e12a2c1c361ea32bb1c2d85f2aa7bcf31380cc7bd8af1b71a9400a3aeb4faa99
e29ffeda170cb0752b062928f22de04adc1c9177706f50b9c6a9c96dc706bf61
e2a6f172230a4dc6dd93dd0d161f14732522c0817bcb456c397a976a1205b4a0
e3268172611300a1811f5ce65e6eee8a08b6badd3f7ed0ed2c12a45deb717180
e3520d56f514f28d97f9c642d71aa23828a45f5677b78ebe5e44453db424044f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4501d959d3638f5749d6687283f31f7fc48d9e37770520cd0f275b632eeb5b4
e4b58a351151e4da3ebfac8c923fc7c19c7bbbd6696d716a2f3465bf869f1138
e519cc4b7b8fdc64a7aaafc1b808cde266a234205aac0d6c55589c12446d565e
e52859e0aae22eea5a32b5151c32f9e3b572261ea9dd89f87c865e2c954b6573
e569a6d27fe5bc6a02f55325fd428a8a813acbdfba76d01fbe907ae035cc68eb
e6402ac5397eb6c7b4de6a3ae7261c988bc079b52c8572d90d203a60af600179
e644bbeb7e4ae74c6f15f2f493265db82cebf38bdb060b7ec36f319a2706e697
e8c241b70fb77bd3c57669e54a198e35abc42c49c070d69ee7debc2742cd2744
ead57b4a59e7d890408606fb6a388db8691e840a538d2b673b6a826ead64455e
eb5e6f4d9029e9ddd8eea9dc0edd15a97c177a97d5fbfbbe6a3b1c3982b26b81
eb6b2aa8c55d73b7698c418c653753b5d23c70922090441e97ca1c78fdda5f75
eb8687be7ceff97862d515d8c6191b7c0a97c465f587150a975aeb495d52b73b
ec0d9d016b77a4c7a95385b6fe88d1e806a74f9ed28d965a8a827f078bb2086e
ec61d9fd1b3609a3a53f377ed07059c3dc7d2cb1502022e0623b4ebc1ea0f35e
ecd2e45fcd6ed0f17eaefccd72cdb8253be8673636adcbf3f8902aeeed654fe2
ed5727c5f85ede091e2379abbb49dd4b1f7138e683f889a894ef4e62c7b3ba5d
eda53a126b9ad636ada21bc74b0e54c5dfa526083e7a876b17eb90061254d275
edd2846b1b16603703617a2f932ccb932b5688d0e14aaeb07cf68447aa7c24f5
ee83c984c733b9c55a91f42e6cf39ba90c22bc0789296f4b7a5ec189ef24afbc
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f004ef7cd624e949e0ed6c156d10d41e0ba879ae932ab42a110267645fb98dd5
f0714c5a62307d23facaadf469366c2f5b11be5a54d0e962dd93399f5a7a48ed
f1990fd894bfc162a0b884023c12adf7074ea82d5d086db855cbc1d6e3e6b1b6
f1c5e16c3abc728ef3c7eb1ff66fc5b15f08232156bae6493e37becbd1b2f01d
f1ceeece1517ef8d970dc3fb8a66680a5a0f14167754ab830cad880fd7efa8d4
f2084cd0c1196c60c46b019a6d52ffe0a97553c93b9e395a89c98a1a2da356d0
f248e71877661dc6dee18907ce22e04ceeba7f468474101510b118ca40cdb4d3
f2688cfce6737668af724081900a94bfdcf6437cf8372189005178964e7d1831
f26b937bbc37f6f401f7f10ab43e36dd1e4708dcad4e716943904ef004d82700
f293bc9ae41daa60575c6163c4cac50c8d9bdf44ee69d7ea7b2dc416549dcb96
f38fa3cdf770e184a188b8398f73d85eb43a4ec4790e1a89ecd84ea91b1c1596
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6247007e2b6a2b034c5ac6bb537e9451f7b5ed1dd8a23979068cd4e9160e72b
f65f71eb33720bd6f4065e2a20c37f0e9464743052e7a84847ce3525a9a3db2c
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f674fbfa6f56c98338eb149698212609bb1f23a407b9c5f5661587fbd7852f6b
f71a77dbe67b91f1024e67caf663077e2e5fb8abda74f0c9b8a5c33b3d45d4aa
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
f7b3b0d6fdf18fd8991ea9c6abeb6be4c2c2a53ac4dade59acaf9861c0ac87f5
f897d1651cfade653e3b95067b4690e0f51c0b55c836878447af5b62e5370a58
f89a4771b08e0793cc6d9337d5cfd17ef7084ce332141d0c9a170bf900f329c2
f8a2fb04c2805781ab48cd9708cc056a3aaf0738d9cac4906fded158364a3270
f933cfa0727ef780ffa4d6b4716949ced2d61e22fc17c2291db0e24ae2e5c44c
f965395f86784c8fc7922e30a9c62992cc6de3e87517e975ea3be9f8a2324c90
fa482e2eb305bca728f1b389d7dc4a72c050161eed3df8ecc0756461d028c4ff
fa525ccd6d3cb31e24e3c37cfeb4d9427628fa978d33bc5ce2c5f4853ebc465a
faa60c137438e48cbe0011d995abc59cb67f56aac3d800fd3be5ba3178e23898
fb5e985fa55cb8c424d5ba26bd212d92f9e34ee2454c65bc65d1c1e9cc8757c2
fb723f64a4592323ee7fa4e2014452d2749fa12d60cc4fd55e22680a0b3c3e3c
fce742d7814055a224b9e7b2a36bccfba4547644a968e838bf0b9d2f730866dc
feb4a9fe946191164b38e960693b7cd27fc0d6eac7840b1b03da034e948d9fa9
fec247cc0476fd7fa8795632bb7776b9a097d982f54982b7cf6cf27e152704e4
fed2d61088cba54be39b2069add7103160e31f07c950c0e2e7706d6d6dc9ebf6
fee45dea6b6a759eda32c66be24a1829d55e0b1bf2f2eaf604ba7d23c45fee87
fefeaaef46ac6e5282ec906a5679fbeeacf86dde688e29ea245daac94d6baa51
ff4e9a88d8a7ab1327d726d0f048451861f2402a2ac41eaa8e1dbea64e74af76

korrespondent.net Open in urlscan Pro 2606:4700::6812:1eb6 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

965 Requests

93 %HTTPS

34 %IPv6

91 Domains

156 Subdomains

118 IPs

16 Countries

14512 kBTransfer

30909 kBSize

159 Cookies

21 Outgoing links

Redirected requests

965 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 31 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

korrespondent.net Open in urlscan Pro
2606:4700::6812:1eb6 Public Scan

Screenshot
Live screenshot

Full Image

965
Requests

93 %
HTTPS

34 %
IPv6

91
Domains

156
Subdomains

118
IPs

16
Countries

14512 kB
Transfer

30909 kB
Size

159
Cookies

965 HTTP transactions
31 data transactions