observer.com Open in urlscan Pro
192.0.66.160 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://observer.com/
Effective URL:
https://observer.com/
Submission: On October 24 via api (October 24th 2023, 1:35:29 am UTC) from US — Scanned from DE

Summary HTTP 209 Redirects Links 15 Behaviour Indicators

Summary

This website contacted 63 IPs in 7 countries across 49 domains to perform 209 HTTP transactions. The main IP is 192.0.66.160, located in San Francisco, United States and belongs to AUTOMATTIC, US. The main domain is observer.com. The Cisco Umbrella rank of the primary domain is 292067.
TLS certificate: Issued by R3 on October 8th 2023. Valid for: 3 months.

This is the only time observer.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
45	192.0.66.160 192.0.66.160	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2a00:1450:400... 2a00:1450:4001:801::200a	15169 (GOOGLE) (GOOGLE)
1	13.32.27.39 13.32.27.39	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:80e::2008	15169 (GOOGLE) (GOOGLE)
1	18.66.112.103 18.66.112.103	16509 (AMAZON-02) (AMAZON-02)
1	65.9.61.60 65.9.61.60	16509 (AMAZON-02) (AMAZON-02)
2	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
6	2a00:1450:400... 2a00:1450:4001:806::200e	15169 (GOOGLE) (GOOGLE)
3	2600:1901:0:7... 2600:1901:0:7416::1	15169 (GOOGLE) (GOOGLE)
1	2606:4700:e2:... 2606:4700:e2::ac40:8f26	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
3	2606:4700::68... 2606:4700::6812:eff8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 5	18.245.60.76 18.245.60.76	16509 (AMAZON-02) (AMAZON-02)
3	2a03:2880:f08... 2a03:2880:f083:9:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	99.83.154.140 99.83.154.140	16509 (AMAZON-02) (AMAZON-02)
1	52.17.99.225 52.17.99.225	16509 (AMAZON-02) (AMAZON-02)
3	2600:9000:223... 2600:9000:223f:3c00:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
5	2a00:1450:400... 2a00:1450:4001:831::2004	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c00::9c	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:811::2003	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f17... 2a03:2880:f176:84:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2606:4700::68... 2606:4700::6811:c376	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
3	108.138.1.25 108.138.1.25	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:440... 2606:4700:4400::6812:29aa	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	35.241.9.51 35.241.9.51	15169 (GOOGLE) (GOOGLE)
2 4	185.89.211.12 185.89.211.12	29990 (ASN-APPNEX) (ASN-APPNEX)
12	34.107.254.252 34.107.254.252	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2600:9000:223... 2600:9000:223e:ba00:5:82fd:2500:21	16509 (AMAZON-02) (AMAZON-02)
1	99.86.4.71 99.86.4.71	16509 (AMAZON-02) (AMAZON-02)
1	108.138.9.235 108.138.9.235	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
1	2606:4700:10:... 2606:4700:10::ac43:266a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
18	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
1	2600:9000:249... 2600:9000:2490:be00:11:b309:9100:21	16509 (AMAZON-02) (AMAZON-02)
1	52.216.49.193 52.216.49.193	16509 (AMAZON-02) (AMAZON-02)
1	3.239.232.239 3.239.232.239	14618 (AMAZON-AES) (AMAZON-AES)
2	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
3 9	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
2 4	104.18.27.193 104.18.27.193	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	54.155.244.184 54.155.244.184	16509 (AMAZON-02) (AMAZON-02)
5	2a00:1450:400... 2a00:1450:4001:828::2006	15169 (GOOGLE) (GOOGLE)
2	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
1 2	2606:4700::68... 2606:4700::6812:19ad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
2 2	213.155.156.180 213.155.156.180	1299 (TWELVE99 ...) (TWELVE99 Arelion)
1	178.250.1.9 178.250.1.9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
2 2	198.47.127.19 198.47.127.19	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	216.52.2.39 216.52.2.39	30282 (AS-INAPCD...) (AS-INAPCDN-OCY)
1	18.196.230.223 18.196.230.223	16509 (AMAZON-02) (AMAZON-02)
2	141.95.98.65 141.95.98.65	16276 (OVH) (OVH)
1	2a02:26f0:350... 2a02:26f0:3500:11::215:14cb	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
9	2600:1f13:800... 2600:1f13:800:7782:f28c:b957:84f:ac7e	16509 (AMAZON-02) (AMAZON-02)
1	23.212.213.167 23.212.213.167	16625 (AKAMAI-AS) (AKAMAI-AS)
1	54.203.141.105 54.203.141.105	16509 (AMAZON-02) (AMAZON-02)
2	2620:116:800d... 2620:116:800d:21:b314:a0ef:ab7c:d546	16509 (AMAZON-02) (AMAZON-02)
1	18.66.97.37 18.66.97.37	16509 (AMAZON-02) (AMAZON-02)
1	13.32.27.54 13.32.27.54	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:223... 2600:9000:223c:a000:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
6	2606:4700::68... 2606:4700::6812:82ec	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:7611	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::6812:2089	13335 (CLOUDFLAR...) (CLOUDFLARENET)
209	63

45 192.0.66.160 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

observer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.27.39 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-39.fra56.r.cloudfront.net

htlbid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.112.103 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-103.fra56.r.cloudfront.net

ak.sail-horizon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.61.60 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-61-60.fra56.r.cloudfront.net

cdn.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:806::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:1901:0:7416::1 (Kansas City, United States)

ASN15169 (GOOGLE, US)

truculentrate.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:e2::ac40:8f26 (United States)

ASN13335 (CLOUDFLARENET, US)

www.npttech.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6812:eff8 (United States)

ASN13335 (CLOUDFLARENET, US)

sandbox.tinypass.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 18.245.60.76 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-18-245-60-76.fra60.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f083:9:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 99.83.154.140 (United States)

ASN16509 (AMAZON-02, US)
PTR: aa7557bb34ea5624b.awsglobalaccelerator.com

api.sail-personalize.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.17.99.225 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-99-225.eu-west-1.compute.amazonaws.com

p1.parsely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:223f:3c00:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:831::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c00::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f176:84:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:c376 (United States)

ASN13335 (CLOUDFLARENET, US)

c2-sandbox.piano.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 108.138.1.25 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-1-25.fra56.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:29aa (United States)

ASN13335 (CLOUDFLARENET, US)

3b5c18b9-96b7-48e4-a3ef-011eb84a970d.edge.permutive.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.9.51 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 51.9.241.35.bc.googleusercontent.com

3b5c18b9-96b7-48e4-a3ef-011eb84a970d.prmutv.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.89.211.12 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 34.107.254.252 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 252.254.107.34.bc.googleusercontent.com

api.permutive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223e:ba00:5:82fd:2500:21 (United States)

ASN16509 (AMAZON-02, US)

dyv1bugovvq1g.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.4.71 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-71.fra6.r.cloudfront.net

config.aps.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.9.235 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-9-235.fra56.r.cloudfront.net

aax.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::ac43:266a (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2490:be00:11:b309:9100:21 (United States)

ASN16509 (AMAZON-02, US)

d15kdpgjg3unno.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.216.49.193 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com

ams-pageview-public.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.239.232.239 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-239-232-239.compute-1.amazonaws.com

sqs.us-east-1.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 142.250.186.130 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.18.27.193 (None, ) 2 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.155.244.184 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-155-244-184.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:828::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:19ad (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.193.173 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.180 (Sweden) 2 redirects

ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE)

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.1.9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.47.127.19 (United States) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.52.2.39 (New York, United States) 2 redirects

ASN30282 (AS-INAPCDN-OCY, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.196.230.223 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-196-230-223.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 141.95.98.65 (France)

ASN16276 (OVH, FR)
PTR: ns3216659.ip-141-95-98.eu

lb.eu-1-id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:11::215:14cb (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

code.createjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2600:1f13:800:7782:f28c:b957:84f:ac7e (Boardman, United States)

ASN16509 (AMAZON-02, US)

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.212.213.167 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-212-213-167.deploy.static.akamaitechnologies.com

s.ntv.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.203.141.105 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-203-141-105.us-west-2.compute.amazonaws.com

jadserve.postrelease.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:b314:a0ef:ab7c:d546 (United States)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.97.37 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-97-37.fra56.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.27.54 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-54.fra56.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223c:a000:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6812:82ec (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:7611 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.permutive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:2089 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
45	observer.com observer.com — Cisco Umbrella Rank: 292067	452 KB
27	googlesyndication.com 839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 108 tpc.googlesyndication.com — Cisco Umbrella Rank: 157	136 KB
19	doubleclick.net 3 redirects stats.g.doubleclick.net — Cisco Umbrella Rank: 98 securepubads.g.doubleclick.net — Cisco Umbrella Rank: 214 googleads.g.doubleclick.net — Cisco Umbrella Rank: 45 cm.g.doubleclick.net — Cisco Umbrella Rank: 255 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 443	217 KB
14	adsafeprotected.com 1 redirects static.adsafeprotected.com — Cisco Umbrella Rank: 720 fw.adsafeprotected.com — Cisco Umbrella Rank: 1153 dt.adsafeprotected.com — Cisco Umbrella Rank: 658	102 KB
13	permutive.com api.permutive.com — Cisco Umbrella Rank: 2382 cdn.permutive.com — Cisco Umbrella Rank: 3138	103 KB
7	gstatic.com fonts.gstatic.com www.gstatic.com	454 KB
6	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 385	114 KB
6	google.com www.google.com — Cisco Umbrella Rank: 2 region1.analytics.google.com — Cisco Umbrella Rank: 2714	35 KB
6	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 42	92 KB
5	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 344	205 KB
5	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 334 config.aps.amazon-adsystem.com — Cisco Umbrella Rank: 657 aax.amazon-adsystem.com — Cisco Umbrella Rank: 426	70 KB
5	scorecardresearch.com 1 redirects sb.scorecardresearch.com — Cisco Umbrella Rank: 179	6 KB
4	casalemedia.com 2 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 716	3 KB
4	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 261	3 KB
3	facebook.net connect.facebook.net — Cisco Umbrella Rank: 187	124 KB
3	tinypass.com sandbox.tinypass.com — Cisco Umbrella Rank: 452547	107 KB
3	truculentrate.com truculentrate.com — Cisco Umbrella Rank: 204937	24 KB
2	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 901 script.hotjar.com — Cisco Umbrella Rank: 1101	60 KB
2	quantserve.com secure.quantserve.com — Cisco Umbrella Rank: 1348 pixel.quantserve.com — Cisco Umbrella Rank: 1147	10 KB
2	lijit.com 2 redirects ap.lijit.com — Cisco Umbrella Rank: 754	1 KB
2	pubmatic.com 2 redirects image6.pubmatic.com — Cisco Umbrella Rank: 967	1 KB
2	de17a.com 2 redirects d5p.de17a.com — Cisco Umbrella Rank: 5121	647 B
2	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 985 s.tribalfusion.com — Cisco Umbrella Rank: 2451	1 KB
2	amazonaws.com ams-pageview-public.s3.amazonaws.com — Cisco Umbrella Rank: 13100 sqs.us-east-1.amazonaws.com — Cisco Umbrella Rank: 5501	1 KB
2	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 1156 id5-sync.com — Cisco Umbrella Rank: 470	30 KB
2	cloudfront.net dyv1bugovvq1g.cloudfront.net d15kdpgjg3unno.cloudfront.net	26 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 116	239 B
2	google.de www.google.de — Cisco Umbrella Rank: 6147	515 B
2	sail-personalize.com api.sail-personalize.com — Cisco Umbrella Rank: 3629	473 B
2	wp.com stats.wp.com — Cisco Umbrella Rank: 3047 pixel.wp.com — Cisco Umbrella Rank: 2968	3 KB
2	parsely.com cdn.parsely.com — Cisco Umbrella Rank: 3328 p1.parsely.com — Cisco Umbrella Rank: 2550	21 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 56	176 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 655	312 B
1	quantcount.com rules.quantcount.com — Cisco Umbrella Rank: 1263	633 B
1	postrelease.com jadserve.postrelease.com — Cisco Umbrella Rank: 1252	601 B
1	ntv.io s.ntv.io — Cisco Umbrella Rank: 4063	163 KB
1	createjs.com code.createjs.com — Cisco Umbrella Rank: 1858	63 KB
1	eu-1-id5-sync.com lb.eu-1-id5-sync.com — Cisco Umbrella Rank: 1145	272 B
1	bidswitch.net x.bidswitch.net — Cisco Umbrella Rank: 387	146 B
1	criteo.com dis.criteo.com — Cisco Umbrella Rank: 648	363 B
1	ctnsnet.com 1 redirects gcm.ctnsnet.com — Cisco Umbrella Rank: 50844	608 B
1	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 223	59 KB
1	prmutv.co 3b5c18b9-96b7-48e4-a3ef-011eb84a970d.prmutv.co — Cisco Umbrella Rank: 502707	392 B
1	permutive.app 3b5c18b9-96b7-48e4-a3ef-011eb84a970d.edge.permutive.app — Cisco Umbrella Rank: 406382	102 KB
1	piano.io c2-sandbox.piano.io — Cisco Umbrella Rank: 592011	2 KB
1	npttech.com www.npttech.com — Cisco Umbrella Rank: 8321	3 KB
1	sail-horizon.com ak.sail-horizon.com — Cisco Umbrella Rank: 3713	33 KB
1	htlbid.com htlbid.com — Cisco Umbrella Rank: 11090	129 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 49	1 KB
209	49

	Domain	Requested by
45	observer.com	observer.com
18	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com 839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com pagead2.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com
12	api.permutive.com	3b5c18b9-96b7-48e4-a3ef-011eb84a970d.edge.permutive.app cdn.permutive.com
9	dt.adsafeprotected.com	839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com
9	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net 839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com
7	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com 839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com observer.com
6	cdn.cookielaw.org	observer.com cdn.cookielaw.org
6	www.google-analytics.com	observer.com www.google-analytics.com www.googletagmanager.com
5	s0.2mdn.net	observer.com s0.2mdn.net 839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com
5	www.google.com	observer.com www.gstatic.com www.google.com tpc.googlesyndication.com
5	sb.scorecardresearch.com	1 redirects observer.com
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	ib.adnxs.com	2 redirects 3b5c18b9-96b7-48e4-a3ef-011eb84a970d.edge.permutive.app googleads.g.doubleclick.net
4	securepubads.g.doubleclick.net	htlbid.com securepubads.g.doubleclick.net
4	www.gstatic.com	www.google.com www.gstatic.com
3	c.amazon-adsystem.com	htlbid.com c.amazon-adsystem.com
3	static.adsafeprotected.com	observer.com 839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com
3	connect.facebook.net	observer.com connect.facebook.net
3	sandbox.tinypass.com	observer.com sandbox.tinypass.com
3	fonts.gstatic.com	fonts.googleapis.com www.google.com
3	truculentrate.com	observer.com truculentrate.com
2	ap.lijit.com	2 redirects
2	image6.pubmatic.com	2 redirects
2	d5p.de17a.com	2 redirects
2	googleads4.g.doubleclick.net	observer.com
2	fw.adsafeprotected.com	1 redirects observer.com
2	googleads.g.doubleclick.net	839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com pagead2.googlesyndication.com
2	839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	www.facebook.com	observer.com
2	www.google.de	observer.com
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	api.sail-personalize.com	ak.sail-horizon.com
2	www.googletagmanager.com	observer.com
1	geolocation.onetrust.com	cdn.cookielaw.org
1	cdn.permutive.com	observer.com
1	pixel.quantserve.com
1	rules.quantcount.com	secure.quantserve.com
1	script.hotjar.com	static.hotjar.com
1	static.hotjar.com	www.googletagmanager.com
1	secure.quantserve.com	www.googletagmanager.com
1	jadserve.postrelease.com	s.ntv.io
1	s.ntv.io	observer.com
1	id5-sync.com	cdn.id5-sync.com
1	code.createjs.com	s0.2mdn.net
1	lb.eu-1-id5-sync.com	cdn.id5-sync.com
1	x.bidswitch.net	839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com
1	dis.criteo.com	839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com
1	gcm.ctnsnet.com	1 redirects
1	s.tribalfusion.com	839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com
1	a.tribalfusion.com	1 redirects
1	www.googletagservices.com	839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com
1	sqs.us-east-1.amazonaws.com	d15kdpgjg3unno.cloudfront.net
1	ams-pageview-public.s3.amazonaws.com
1	d15kdpgjg3unno.cloudfront.net	htlbid.com
1	cdn.id5-sync.com	observer.com
1	aax.amazon-adsystem.com	c.amazon-adsystem.com
1	config.aps.amazon-adsystem.com	c.amazon-adsystem.com
1	dyv1bugovvq1g.cloudfront.net	htlbid.com
1	3b5c18b9-96b7-48e4-a3ef-011eb84a970d.prmutv.co	3b5c18b9-96b7-48e4-a3ef-011eb84a970d.edge.permutive.app
1	3b5c18b9-96b7-48e4-a3ef-011eb84a970d.edge.permutive.app	htlbid.com
1	c2-sandbox.piano.io	sandbox.tinypass.com
1	region1.analytics.google.com	www.googletagmanager.com
1	pixel.wp.com	observer.com
1	p1.parsely.com	observer.com
1	www.npttech.com	observer.com
1	stats.wp.com	observer.com
1	cdn.parsely.com	observer.com
1	ak.sail-horizon.com	observer.com
1	htlbid.com	observer.com
1	fonts.googleapis.com	observer.com
209	70

This site contains links to these domains. Also see Links.

Domain
www.observer.com
artobserved.observer.com
observermedia.com
www.facebook.com
twitter.com
www.linkedin.com
instagram.com
www.observermedia.com
privacyportal.onetrust.com
wpvip.com
onetrust.com

Subject Issuer	Validity	Valid
observer.com R3	`2023-10-08` - `2024-01-06`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-09-28` - `2023-12-21`	3 months	crt.sh
htlbid.com Amazon RSA 2048 M01	`2023-09-21` - `2024-10-18`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-09-28` - `2023-12-21`	3 months	crt.sh
ak.sail-horizon.com Amazon RSA 2048 M01	`2023-02-28` - `2024-01-16`	a year	crt.sh
*.parsely.com Amazon RSA 2048 M02	`2023-05-06` - `2024-06-03`	a year	crt.sh
*.wp.com Sectigo ECC Domain Validation Secure Server CA	`2022-11-14` - `2023-12-15`	a year	crt.sh
truculentrate.com R3	`2023-08-24` - `2023-11-22`	3 months	crt.sh
npttech.com GTS CA 1P5	`2023-09-01` - `2023-11-30`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-09-28` - `2023-12-21`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-08-13` - `2024-08-12`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-08-02` - `2023-10-31`	3 months	crt.sh
api.sail-personalize.com Amazon RSA 2048 M01	`2023-04-25` - `2024-05-23`	a year	crt.sh
static.adsafeprotected.com Amazon RSA 2048 M02	`2023-07-07` - `2024-08-04`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-09-28` - `2023-12-21`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-09-28` - `2023-12-21`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-09-28` - `2023-12-21`	3 months	crt.sh
*.scorecardresearch.com Sectigo RSA Domain Validation Secure Server CA	`2022-12-15` - `2023-12-28`	a year	crt.sh
piano.io Cloudflare Inc ECC CA-3	`2023-03-27` - `2024-03-26`	a year	crt.sh
c.amazon-adsystem.com Amazon RSA 2048 M01	`2023-02-28` - `2024-02-17`	a year	crt.sh
permutive.app Cloudflare Inc ECC CA-3	`2023-09-07` - `2023-12-06`	3 months	crt.sh
*.prmutv.co R3	`2023-09-01` - `2023-11-30`	3 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2023-02-13` - `2024-03-15`	a year	crt.sh
api.permutive.com R3	`2023-10-15` - `2024-01-13`	3 months	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2022-12-08` - `2023-12-07`	a year	crt.sh
config.aps.amazon-adsystem.com Amazon RSA 2048 M02	`2023-02-20` - `2024-03-20`	a year	crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com Amazon RSA 2048 M01	`2023-03-16` - `2024-03-08`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-09-28` - `2023-12-21`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-09-28` - `2023-12-21`	3 months	crt.sh
*.s3.amazonaws.com Amazon RSA 2048 M01	`2023-10-10` - `2024-07-03`	9 months	crt.sh
queue.amazonaws.com Amazon RSA 2048 M01	`2023-03-08` - `2024-03-07`	a year	crt.sh
fw.adsafeprotected.com Amazon RSA 2048 M02	`2023-03-29` - `2024-04-27`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-09-28` - `2023-12-21`	3 months	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-26` - `2023-12-23`	3 months	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2023-03-23` - `2024-03-23`	a year	crt.sh
*.eu-1-id5-sync.com R3	`2023-09-01` - `2023-11-30`	3 months	crt.sh
tls.adobe.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-08` - `2024-03-10`	a year	crt.sh
dt.adsafeprotected.com Amazon RSA 2048 M01	`2023-05-09` - `2024-06-06`	a year	crt.sh
*.id5-sync.com R3	`2023-09-01` - `2023-11-30`	3 months	crt.sh
*.ntv.io DigiCert TLS RSA SHA256 2020 CA1	`2023-08-28` - `2024-08-28`	a year	crt.sh
*.postrelease.com Amazon RSA 2048 M02	`2023-08-30` - `2024-09-28`	a year	crt.sh
quantserve.com R3	`2023-08-29` - `2023-11-27`	3 months	crt.sh
*.hotjar.com Amazon ECDSA 256 M01	`2023-03-09` - `2024-04-06`	a year	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2023-04-01` - `2024-03-31`	a year	crt.sh
permutive.com Cloudflare Inc ECC CA-3	`2023-01-26` - `2024-01-25`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2022-12-13` - `2023-12-13`	a year	crt.sh

This page contains 11 frames:

Primary Page: https://observer.com/
Frame ID: D9880ABE516A30C9A69C684570A98F9D
Requests: 146 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LexvRggAAAAAF1HvCWrHtG4UAa7m0WIdyIgstAo&co=aHR0cHM6Ly9vYnNlcnZlci5jb206NDQz&hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&size=invisible&cb=c9nyldg8wcsb
Frame ID: A121657E202B57C37D9E76551E3483D9
Requests: 7 HTTP requests in this frame

Frame: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 334EC0605FF7E3EA58C90A3980F5350C
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 7203602FB7BD3E4E374E8536683566A6
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 9FAF5E53E8E8691DC1718CBB73E53DB5
Requests: 2 HTTP requests in this frame

Frame: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: B439BA7EE485B7ACE1CFA7B5CA0E28C4
Requests: 30 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGNTvr-kBMAE&v=APEucNVNnd9LoZR_-5eiaB_dOqSieNY2zHTlU3UJ9sMr1Z7q9FMZYcW9IsMpLuOfQPfQVs6KahOo6QsS18IhBX3rTnzDThb2ArcDd1gwgdNBcoSENZ6OKV-fpx1yHXuMeqMXUwD_iUKttcNMzqTwm81J2qQoYt8tZDbct4crL-AYuzUywkL7MYM
Frame ID: 070AD6F6F0E4BBD02B4E34A5F57384D8
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 55A14455F512AD82AD9B3AF84B0EBE9D
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 33124193428C74ACC177A59598272324
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/2458488530850232588/index.html?ev=01_250
Frame ID: D09153513A682D0712697F9286FA08B8
Requests: 5 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: B0EFEE076ED00F3C692B9F27D2C80E47
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

News, data and insight about the powerful forces that shape the world. | ObserverBack ButtonSearch IconFilter Icon

Page URL History Show full URLs

http://observer.com/ HTTP 307
https://observer.com/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

Quantcast Measure (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.quantserve\.com/quant\.js

comScore (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.scorecardresearch\.com/beacon\.js|COMSCORE\.beacon

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

209
Requests

93 %
HTTPS

53 %
IPv6

49
Domains

70
Subdomains

63
IPs

7
Countries

3130 kB
Transfer

9736 kB
Size

50
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: https://www.observer.com/music
Title: Music

Search URL Search Domain Scan URL

URL: https://www.observer.com/lifestyle
Title: Lifestyle

Search URL Search Domain Scan URL

URL: http://www.observer.com/
Title: About

Search URL Search Domain Scan URL

URL: https://artobserved.observer.com/home
Title: Events

Search URL Search Domain Scan URL

URL: http://observermedia.com/terms
Title: terms of service

Search URL Search Domain Scan URL

URL: https://observermedia.com/contact/
Title: Contact

Search URL Search Domain Scan URL

URL: https://www.facebook.com/observer

Search URL Search Domain Scan URL

URL: https://twitter.com/observer

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/observer-media

Search URL Search Domain Scan URL

URL: https://instagram.com/observer

Search URL Search Domain Scan URL

URL: https://www.observermedia.com/privacy-policy
Title: Privacy

Search URL Search Domain Scan URL

URL: https://observermedia.com/terms
Title: Terms

Search URL Search Domain Scan URL

URL: https://privacyportal.onetrust.com/webform/8bf444f2-ddd6-41ff-8e24-b69ac0176e05/19c22396-023a-465c-a9c0-d9f831d1d9cd
Title: Do not sell my data

Search URL Search Domain Scan URL

URL: https://wpvip.com/?utm_source=vip_powered_wpcom&utm_medium=web&utm_campaign=VIP%20Footer%20Credit&utm_term=observer.com
Title: WordPress VIP

Search URL Search Domain Scan URL

URL: https://onetrust.com/poweredbyonetrust

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://observer.com/ HTTP 307
https://observer.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 47

https://sb.scorecardresearch.com/cs/37161820/beacon.js HTTP 302
https://sb.scorecardresearch.com/internal-cs/default/beacon.js

Request Chain 128

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIIQifheV-BhfyIgDARUK1w&google_cver=1

Request Chain 129

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZTcfWQ-vH73JtNUapDby-QAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIIQifheV-BhfyIgDARUK1w&google_cver=1

Request Chain 130

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEMITD6SnwW5M3D1-nPxj0M4&google_cver=1

Request Chain 131

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTE1OTExMzMyMzkzNDYzNzE3Mw%3D%3D

Request Chain 142

https://a.tribalfusion.com/i.match?p=b6&u=CAESENq4WwJ78f2Zfn1MxutdGoA&google_cver=1&google_push=AXcoOmSc17WGVsI0gVO-GdYVjApMPS2BwfvNiIIC8zbx1O3F5CJUfbynqXlmDIcjphGtkvddHlAfD1vsDIpxse1CVmYzdoJhonfj&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmSc17WGVsI0gVO-GdYVjApMPS2BwfvNiIIC8zbx1O3F5CJUfbynqXlmDIcjphGtkvddHlAfD1vsDIpxse1CVmYzdoJhonfj%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESENq4WwJ78f2Zfn1MxutdGoA&google_cver=1&google_push=AXcoOmSc17WGVsI0gVO-GdYVjApMPS2BwfvNiIIC8zbx1O3F5CJUfbynqXlmDIcjphGtkvddHlAfD1vsDIpxse1CVmYzdoJhonfj&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmSc17WGVsI0gVO-GdYVjApMPS2BwfvNiIIC8zbx1O3F5CJUfbynqXlmDIcjphGtkvddHlAfD1vsDIpxse1CVmYzdoJhonfj%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 143

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESECgtdH_M-Xqdl-OsrWcwo7M&google_cver=1&google_push=AXcoOmRVgHGBG3otLW42XiHn3eNgFYCeX5hCmpkbEc1Ikg-jY7bAIYZou9DWnIHA_5Gq9KfE7-R9nPlS7xgVrEOQcJ8KVLm6U_4Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmRVgHGBG3otLW42XiHn3eNgFYCeX5hCmpkbEc1Ikg-jY7bAIYZou9DWnIHA_5Gq9KfE7-R9nPlS7xgVrEOQcJ8KVLm6U_4Y&google_hm=Ib0sc3flSfWUCm0LCIVjXow

Request Chain 144

https://d5p.de17a.com/cookies/google?google_gid=CAESECTZNL1_wZl8Qc6kipuD17s&google_cver=1&google_push=AXcoOmTx-xIbnwjPD_orYEEe1JlEr0bACe9F6F1hKIh-Hi2O46wAAABHmJHIaJHuZ-Q5nXgnipeTrFIYs9SUUaZGFGDg6Ivc10l5 HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESECTZNL1_wZl8Qc6kipuD17s&google_cver=1&google_push=AXcoOmTx-xIbnwjPD_orYEEe1JlEr0bACe9F6F1hKIh-Hi2O46wAAABHmJHIaJHuZ-Q5nXgnipeTrFIYs9SUUaZGFGDg6Ivc10l5 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmTx-xIbnwjPD_orYEEe1JlEr0bACe9F6F1hKIh-Hi2O46wAAABHmJHIaJHuZ-Q5nXgnipeTrFIYs9SUUaZGFGDg6Ivc10l5

Request Chain 146

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEHO7FG1n22fWH6-W6QWcccU&google_cver=1&google_push=AXcoOmQVLUklIGYXvve087BmubVDJof-mgaZ4UO7HqFb-idkx0sAuvSTKtNRR6OFcWjgeySAdXoDJ2opuUVd8ywQlqmm2dvM5iNH HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEHO7FG1n22fWH6-W6QWcccU&google_cver=1&google_push=AXcoOmQVLUklIGYXvve087BmubVDJof-mgaZ4UO7HqFb-idkx0sAuvSTKtNRR6OFcWjgeySAdXoDJ2opuUVd8ywQlqmm2dvM5iNH&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=0xUZJCjaRzy3_cCoUoWNcA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AXcoOmQVLUklIGYXvve087BmubVDJof-mgaZ4UO7HqFb-idkx0sAuvSTKtNRR6OFcWjgeySAdXoDJ2opuUVd8ywQlqmm2dvM5iNH

Request Chain 147

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEIU7yLCWReGYlMhi5z4H4Wc&google_cver=1&google_push=AXcoOmTiNpboycK6EXQvLOrM3kpKlS1yw2uWjRvjlnV28k56mkgc2MQ6kmPWHX2qns8t0Mrf4bbAKNkWcyvrlrkO5ZosgSAuZNY HTTP 307
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEIU7yLCWReGYlMhi5z4H4Wc&google_cver=1&google_push=AXcoOmTiNpboycK6EXQvLOrM3kpKlS1yw2uWjRvjlnV28k56mkgc2MQ6kmPWHX2qns8t0Mrf4bbAKNkWcyvrlrkO5ZosgSAuZNY&sovrn_retry=true HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AXcoOmTiNpboycK6EXQvLOrM3kpKlS1yw2uWjRvjlnV28k56mkgc2MQ6kmPWHX2qns8t0Mrf4bbAKNkWcyvrlrkO5ZosgSAuZNY&google_hm=HiXfvGZHtNEve7bUTAW9_rwI

Request Chain 153

https://fw.adsafeprotected.com/rfw/st/1475223/71249329/4.js?ias_dspID=3&ias_campId=1012441042&ias_pubId=pub-3998824402121602&ias_chanId=1&ias_placementId=20111329642&bidurl=https://observer.com/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0h0ZYBEpsOBJPSKRfP_m5uI&adContainerId=brand_safety_WR83ZfSZDbSa9u8PibSZ8A0&cbFunctionName=goog_wrapCb_WR83ZfSZDbSa9u8PibSZ8A0&true_pb=&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Fobserver.com&adsafe_type=y&adsafe_url=https%3A%2F%2Fobserver.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:b27a1c48-84b0-d9cb-f42f-50b8776212f4,c:rVoGFo,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-6c476d5db8-w84jf,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:sp,cc:0.0.970.250,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,mtim:6,mot:0,app:0,maw:0,fm:tTz037H+111%7C12%7C13%7C14%7C15*.1475223-71249329%7C151%7C152%7C153%7C154,idMap:15*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:DIV,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:38,oid:987fd5dc-720d-11ee-ba17-fae00290c351,v:19.8.457,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/4.js?adContainerId=brand_safety_WR83ZfSZDbSa9u8PibSZ8A0&cbFunctionName=goog_wrapCb_WR83ZfSZDbSa9u8PibSZ8A0&true_pb=

209 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
observer.com/
Redirect Chain

http://observer.com/
https://observer.com/

288 KB
38 KB

35ms
7ms

Document
text/html

192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx / WordPress VIP <https://wpvip.com>

Resource Hash

cb4857a07cf6ba085462d2eb7de35e4496de0c2adae50df40000577947dc27b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 94
cache-control: max-age=300, must-revalidate
content-encoding: gzip
content-length: 38464
content-type: text/html; charset=UTF-8
date: Tue, 24 Oct 2023 01:35:18 GMT
host-header: a9130478a60e5f9135f765b23f26593b
link: <https://observer.com/wp-json/>; rel="https://api.w.org/" <https://observer.com/wp-json/wp/v2/pages/1329211>; rel="alternate"; type="application/json" <http://nyob.co/N5PKir>; rel=shortlink
server: nginx
strict-transport-security: max-age=31536000;includeSubdomains;preload
vary: Accept-Encoding
x-cache: hit
x-frame-options: SAMEORIGIN
x-hacker: If you're reading this, you should visit wpvip.com/careers and apply to join the fun, mention this header.
x-powered-by: WordPress VIP <https://wpvip.com>
x-rq: hhn2 96 184 443

Redirect headers

Cross-Origin-Resource-Policy: Cross-Origin
Location: https://observer.com/
Non-Authoritative-Reason: HSTS

GET
H2 200 css2
fonts.googleapis.com/ 7 KB
1 KB 67ms
25ms Stylesheet
text/css 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Libre+Franklin:wght@400;500;600;700&family=Source+Serif+Pro&display=swap

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a7b9f5c4902d13677c63d2d8b45e82d559fc23f3104952da2c024f1f97c3e53e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 24 Oct 2023 01:35:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 24 Oct 2023 01:35:18 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 24 Oct 2023 01:35:18 GMT

GET
H2 200 flexslider-icon.woff2
observer.com/wp-content/themes/newyorkobserver-2014/dist/fonts/ 748 B
1 KB 10ms
8ms Font
application/font-woff2 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/themes/newyorkobserver-2014/dist/fonts/flexslider-icon.woff2

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

6eb7a18174bf6a3ba003999e45eecbb81059c52b2c7b2da91b85e944e948c6e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

Referer: https://observer.com/
Origin: https://observer.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:18 GMT
strict-transport-security: max-age=31536000;includeSubdomains;preload
x-rq: hhn2 96 185 443
last-modified: Mon, 31 Jul 2023 16:11:22 GMT
server: nginx
etag: "64c7dd2a-2ec"
x-cache: HIT
content-type: application/font-woff2
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 748

GET
H2 200 jquery.min.js Show response
observer.com/wp-includes/js/jquery/ 85 KB
30 KB 10ms
9ms Script
application/javascript 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.0

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

5c93f77799d122fb5255ee24da285f9f228cc118cba11e6ceb2b6bda8cdf4164

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:18 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000;includeSubdomains;preload
last-modified: Tue, 17 Oct 2023 00:02:50 GMT
server: nginx
x-rq: hhn2 96 184 443
etag: W/"652dcf2a-155ba"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript
cache-control: max-age=31536000

GET
H2 200 main.min.css
observer.com/wp-content/themes/newyorkobserver-2014/dist/css/ 75 KB
14 KB 8ms
7ms Stylesheet
text/css 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/themes/newyorkobserver-2014/dist/css/main.min.css?ver=1.9.9

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

21894460f75c2fe83bfcd2432d32ae4ac909a8e28e7de5c077709bb37da103b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:18 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000;includeSubdomains;preload
last-modified: Wed, 11 Oct 2023 10:23:44 GMT
server: nginx
x-rq: hhn2 96 184 443
etag: W/"652677b0-12ca8"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css
cache-control: max-age=31536000

GET
H2 200 style.css
observer.com/wp-content/themes/newyorkobserver-2014/nyo-plugins/dist/css/ 40 KB
7 KB 9ms
8ms Stylesheet
text/css 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/themes/newyorkobserver-2014/nyo-plugins/dist/css/style.css?ver=1.9.9-1697010854

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

d312c6ff4f871e90f662027e149a4b8ebcb24a48870acbd87e688a620fc7b52f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:18 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000;includeSubdomains;preload
last-modified: Wed, 11 Oct 2023 07:54:14 GMT
server: nginx
x-rq: hhn2 96 185 443
etag: W/"652654a6-9ebf"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css
cache-control: max-age=31536000

GET
H2 200 amp-google-tag-manager-public.js Show response
observer.com/wp-content/plugins/amp-google-tag-manager/public/js/ 838 B
738 B 7ms
7ms Script
application/javascript 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/plugins/amp-google-tag-manager/public/js/amp-google-tag-manager-public.js?ver=1.0.0

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

57a50c99a31ef4e89e86664e96f6dfbdde163a2eb96e88b3b492c49aa4be2f37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:18 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000;includeSubdomains;preload
last-modified: Mon, 31 Jul 2023 16:11:21 GMT
server: nginx
x-rq: hhn2 96 185 443
etag: W/"64c7dd29-346"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript
cache-control: max-age=31536000

GET
H2 200 widget.subscribe.js Show response
observer.com/wp-content/plugins/sailthru-widget/js/ 2 KB
972 B 12ms
2ms Script
application/javascript 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/plugins/sailthru-widget/js/widget.subscribe.js?ver=6.3.2

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

b7e6db8dfe79e6581a5accc07438706f2ff043bc6f9cb4f61f549a4f5d0ee4e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:18 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000;includeSubdomains;preload
last-modified: Wed, 23 Aug 2023 13:36:34 GMT
server: nginx
x-rq: hhn2 96 185 443
etag: W/"64e60b62-622"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript
cache-control: max-age=31536000

GET
H2 200 htlbid.js Show response
htlbid.com/v3/observer.com/ 522 KB
129 KB 500ms
421ms Script
application/javascript 13.32.27.39
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://htlbid.com/v3/observer.com/htlbid.js?ver=3.0
Requested by: Host: observer.com
URL: https://observer.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.27.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-27-39.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 55f6cd23cb42c88e368be8b3b785ba0460327da94261451a51d0fe139502839f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:20 GMT
content-encoding: br
via: 1.1 7d3c59ee1b45f72158a8cbce053c8978.cloudfront.net (CloudFront)
last-modified: Mon, 16 Oct 2023 20:55:25 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C2
x-amz-server-side-encryption: AES256
etag: W/"59ac55269a93a17a160937848918232a"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript
cache-control: max-age=600
x-amz-cf-id: 7A9vMVykcNVYir0SYz4Q5yqUDt1YBYtMqlZmAA-eHEjXnjkVgldUog==

GET
H2 200 default.min.css
observer.com/wp-content/themes/newyorkobserver-2014/dist/css/ 66 KB
10 KB 22ms
11ms Stylesheet
text/css 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/themes/newyorkobserver-2014/dist/css/default.min.css?ver=1.9.9

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

2cbc6c13af45bc311311531d579cd7e529376564ba3eef9af1f50e02f0998db0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:18 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000;includeSubdomains;preload
last-modified: Mon, 31 Jul 2023 16:11:22 GMT
server: nginx
x-rq: hhn2 96 184 443
etag: W/"64c7dd2a-1097b"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css
cache-control: max-age=31536000

GET
H2 200 print.min.css
observer.com/wp-content/themes/newyorkobserver-2014/dist/css/ 143 B
376 B 22ms
12ms Stylesheet
text/css 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/themes/newyorkobserver-2014/dist/css/print.min.css?ver=1.9.9

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

c0eb09d747f4cb0d61057afe50609d7419873b0bdbc56f6965f3098a1cf6d975

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:18 GMT
strict-transport-security: max-age=31536000;includeSubdomains;preload
x-rq: hhn2 96 184 443
last-modified: Mon, 31 Jul 2023 16:11:22 GMT
server: nginx
etag: "64c7dd2a-8f"
x-cache: HIT
content-type: text/css
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 143

GET
H2 200 style.min.css
observer.com/wp-includes/css/dist/block-library/ 102 KB
14 KB 22ms
12ms Stylesheet
text/css 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-includes/css/dist/block-library/style.min.css?ver=6.3.2

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

67447c3656caad630373253691f3e8f64467eafd6e7305c9b0e98111b0b41694

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:18 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000;includeSubdomains;preload
last-modified: Tue, 17 Oct 2023 00:02:49 GMT
server: nginx
x-rq: hhn2 96 184 443
etag: W/"652dcf29-19824"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css
cache-control: max-age=31536000

GET
H2 200 mediaelementplayer-legacy.min.css
observer.com/wp-includes/js/mediaelement/ 11 KB
3 KB 23ms
13ms Stylesheet
text/css 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:18 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000;includeSubdomains;preload
last-modified: Tue, 17 Oct 2023 00:02:50 GMT
server: nginx
x-rq: hhn2 96 184 443
etag: W/"652dcf2a-2bf8"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css
cache-control: max-age=31536000

GET
H2 200 wp-mediaelement.min.css
observer.com/wp-includes/js/mediaelement/ 4 KB
1 KB 23ms
13ms Stylesheet
text/css 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.3.2

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:18 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000;includeSubdomains;preload
last-modified: Tue, 17 Oct 2023 00:02:50 GMT
server: nginx
x-rq: hhn2 96 185 443
etag: W/"652dcf2a-105a"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css
cache-control: max-age=31536000

GET
H2 200 media-credit.min.css
observer.com/wp-content/plugins/media-credit/public/css/ 589 B
561 B 23ms
14ms Stylesheet
text/css 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/plugins/media-credit/public/css/media-credit.min.css?ver=4.3.0

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

a7b23f357530667a4d5d574a7b9141f0858db9f3dc49ad1e676bd850b8093c22

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:18 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000;includeSubdomains;preload
last-modified: Mon, 31 Jul 2023 16:11:22 GMT
server: nginx
x-rq: hhn2 96 184 443
etag: W/"64c7dd2a-24d"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css
cache-control: max-age=31536000

GET
H2 200 lasso-live.css
observer.com/wp-content/plugins/lasso/admin/assets/css/ 26 KB
4 KB 24ms
14ms Stylesheet
text/css 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/plugins/lasso/admin/assets/css/lasso-live.css?v=1690819881&ver=253

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

36e24dc06e51fdd9b13497039bf3c286b61476669c715a274b9a6703b4000a2b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:18 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000;includeSubdomains;preload
last-modified: Mon, 31 Jul 2023 16:11:21 GMT
server: nginx
x-rq: hhn2 96 185 443
etag: W/"64c7dd29-698a"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css
cache-control: max-age=31536000

GET
H2 200 amp-google-tag-manager-public.css
observer.com/wp-content/plugins/amp-google-tag-manager/public/css/ 98 B
330 B 24ms
14ms Stylesheet
text/css 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/plugins/amp-google-tag-manager/public/css/amp-google-tag-manager-public.css?ver=1.0.0

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

547dda3c14b284819be511be1e410da94a5efc6ccc4a9afe1c75394f9333191a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:18 GMT
strict-transport-security: max-age=31536000;includeSubdomains;preload
x-rq: hhn2 96 185 443
last-modified: Mon, 31 Jul 2023 16:11:21 GMT
server: nginx
etag: "64c7dd29-62"
x-cache: HIT
content-type: text/css
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 98

GET
H2 200 widget.subscribe.css
observer.com/wp-content/plugins/sailthru-widget/css/ 2 KB
1 KB 24ms
14ms Stylesheet
text/css 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/plugins/sailthru-widget/css/widget.subscribe.css?ver=6.3.2

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

262fbcc7922dfabfbb72c1c366ae208230efbed08f7fc16988db51650c1e01ba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:18 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000;includeSubdomains;preload
last-modified: Wed, 23 Aug 2023 13:36:34 GMT
server: nginx
x-rq: hhn2 96 185 443
etag: W/"64e60b62-9a1"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css
cache-control: max-age=31536000

GET
H2 200 jetpack.css
observer.com/wp-content/mu-plugins/jetpack-12.6/css/ 98 KB
18 KB 24ms
15ms Stylesheet
text/css 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/mu-plugins/jetpack-12.6/css/jetpack.css?ver=12.6.2

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

1170849a1f6deb911dc030011d8bcc57a6caaf659343e66114fb2f87369ed40e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:18 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000;includeSubdomains;preload
last-modified: Tue, 17 Oct 2023 19:07:49 GMT
server: nginx
x-rq: hhn2 96 184 443
etag: W/"652edb85-18724"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css
cache-control: max-age=31536000

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 271 KB
90 KB 86ms
31ms Script
application/javascript 2a00:1450:4001:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-T9PLB60R8S

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

07f024cb3e218b7e2813d8868cae0764a420126f24063f8b154210bf65b9cd27

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:19 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 91315
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 24 Oct 2023 01:35:19 GMT

GET
H2 200 3863729.jpg
observer.com/wp-content/uploads/sites/2/2023/10/ 19 KB
19 KB 7ms
7ms Image
image/webp 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://observer.com/wp-content/uploads/sites/2/2023/10/3863729.jpg?quality=80&w=635

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

b326e1adbb25865d6a5766da21be23d8989be43187e657b00c59178190cc953a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:18 GMT
strict-transport-security: max-age=31536000;includeSubdomains;preload
x-rq: hhn2 109 142 443
last-modified: Mon, 23 Oct 2023 23:31:20 GMT
server: nginx
etag: "323259c3648d04cc"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 19262

GET
H2 200 Killers_Of_The_Flower_Moon_Photo_0108.jpg
observer.com/wp-content/uploads/sites/2/2023/10/ 14 KB
14 KB 7ms
7ms Image
image/webp 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://observer.com/wp-content/uploads/sites/2/2023/10/Killers_Of_The_Flower_Moon_Photo_0108.jpg?quality=80&w=300

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

013e1d4445a9ae6ea3381525c280bd692c96c649d5f5a5750d7814113bc1b7d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:18 GMT
strict-transport-security: max-age=31536000;includeSubdomains;preload
x-rq: hhn2 109 32 443
last-modified: Mon, 23 Oct 2023 23:32:26 GMT
server: nginx
etag: "4c857a969d675195"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 13990

GET
H2 200 2nd.Here-We-Are_Emilio-Madrid_4771.jpg
observer.com/wp-content/uploads/sites/2/2023/10/ 10 KB
10 KB 7ms
7ms Image
image/webp 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://observer.com/wp-content/uploads/sites/2/2023/10/2nd.Here-We-Are_Emilio-Madrid_4771.jpg?quality=80&w=300

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

3429d0e42b3895bb777d9a8d6c80da3331d434df1db12556918b1315783a4f81

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:18 GMT
strict-transport-security: max-age=31536000;includeSubdomains;preload
x-rq: hhn2 109 142 443
last-modified: Mon, 23 Oct 2023 23:32:25 GMT
server: nginx
etag: "aa9083b72cd8d728"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 10260

GET
H2 200 spm.v1.min.js Show response
ak.sail-horizon.com/spm/ 98 KB
33 KB 68ms
8ms Script
application/javascript 18.66.112.103
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ak.sail-horizon.com/spm/spm.v1.min.js?ver=5.5.1
Requested by: Host: observer.com
URL: https://observer.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.112.103 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-112-103.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8ed1c626af66981552aac1e9cd693fb3bbf73411f1af5ad340723545258fab7e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:29:17 GMT
content-encoding: gzip
via: 1.1 0c39e892d8c809025c8f47425847f680.cloudfront.net (CloudFront)
last-modified: Tue, 29 Aug 2023 21:44:22 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P5
age: 363
x-amz-server-side-encryption: AES256
etag: W/"edee28fbd3a5c9f3c17e0333554b5646"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=600; must-revalidate
x-amz-cf-id: 1rZ1eATyIf9w_S3CYkfE3r6vvdkNhcjfEpxDIu5ZrVraLlF1xMl94w==

GET
H2 200 sailthru.js Show response
observer.com/wp-content/plugins/hc-sailthru/assets/js/ 761 B
687 B 16ms
3ms Script
application/javascript 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/plugins/hc-sailthru/assets/js/sailthru.js?ver=20211026

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

b6cf23ed282a5cb25c43c5923908a43cc8c4c9e92b23a1f73eb7b0af46ef6534

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:18 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000;includeSubdomains;preload
last-modified: Mon, 31 Jul 2023 16:11:21 GMT
server: nginx
x-rq: hhn2 96 185 443
etag: W/"64c7dd29-2f9"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript
cache-control: max-age=31536000

GET
H2 200 wp-polyfill-inert.min.js Show response
observer.com/wp-includes/js/dist/vendor/ 8 KB
3 KB 18ms
5ms Script
application/javascript 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js?ver=3.1.2

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

c1a9a3e223bad631dff12d33b5499eb145cb08d8621c20d9d73870e78d97afe4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:18 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000;includeSubdomains;preload
last-modified: Tue, 17 Oct 2023 00:02:50 GMT
server: nginx
x-rq: hhn2 96 184 443
etag: W/"652dcf2a-1feb"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript
cache-control: max-age=31536000

GET
H2 200 regenerator-runtime.min.js Show response
observer.com/wp-includes/js/dist/vendor/ 6 KB
3 KB 18ms
5ms Script
application/javascript 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.11

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

6974bfd8fa06b7831f05cb4b25860c851a5ad3f02a6699ebe688987dd7a6ebe6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:18 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000;includeSubdomains;preload
last-modified: Tue, 17 Oct 2023 00:02:50 GMT
server: nginx
x-rq: hhn2 96 184 443
etag: W/"652dcf2a-19cf"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript
cache-control: max-age=31536000

GET
H2 200 hooks.min.js Show response
observer.com/wp-includes/js/dist/ 5 KB
2 KB 18ms
6ms Script
application/javascript 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-includes/js/dist/hooks.min.js?ver=c6aec9a8d4e5a5d543a1

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

7868467c94a5aa0b3f11ef542f45287967f9627b3b5acdc86e47f8f77a126596

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:18 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000;includeSubdomains;preload
last-modified: Tue, 17 Oct 2023 00:02:50 GMT
server: nginx
x-rq: hhn2 96 185 443
etag: W/"652dcf2a-1213"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript
cache-control: max-age=31536000

GET
H2 200 loader.js Show response
observer.com/wp-content/mu-plugins/wp-parsely-3.10/build/ 3 KB
1 KB 19ms
7ms Script
application/javascript 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/mu-plugins/wp-parsely-3.10/build/loader.js?ver=1d54726e91ce976b3e82

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

962eaa3c1a2130ce8689105bb46d6454972927d761d9df30dd357c9373040b54

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:18 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000;includeSubdomains;preload
last-modified: Tue, 17 Oct 2023 19:07:50 GMT
server: nginx
x-rq: hhn2 96 184 443
etag: W/"652edb86-abf"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript
cache-control: max-age=31536000

GET
H2 200 p.js Show response
cdn.parsely.com/keys/observer.com/ 56 KB
21 KB 62ms
8ms Script
application/javascript 65.9.61.60
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.parsely.com/keys/observer.com/p.js?ver=3.10.0
Requested by: Host: observer.com
URL: https://observer.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.61.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-61-60.fra56.r.cloudfront.net
Software: nginx /
Resource Hash: c46b033d7688f2f46e87a04634a1389db91ceea1be9cb70d1ae9205819739a7e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: public
date: Mon, 23 Oct 2023 22:35:48 GMT
content-encoding: gzip
via: 1.1 afcdbc9d4d397c4a65e6b312552ff7ee.cloudfront.net (CloudFront)
last-modified: Thu, 24 Mar 2022 17:02:52 GMT
server: nginx
x-amz-cf-pop: FRA56-C1
age: 10771
etag: W/"623ca43c-e05a"
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=86400, public
x-amz-cf-id: NyL-nEJiJxZZbc30hcOrFGGGk8Mcq-JLk1hsB9Bp5WJWnGnVEqgNCw==
expires: Tue, 24 Oct 2023 22:35:48 GMT

GET
H2 200 helpers.js Show response
observer.com/wp-content/themes/newyorkobserver-2014/dist/js/ 922 B
754 B 19ms
7ms Script
application/javascript 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/themes/newyorkobserver-2014/dist/js/helpers.js?ver=1.9.9

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

c0472ab03b5cc819b6f3a01c3d0519af30215aed943bd77a11d9625f93b4ab55

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:18 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000;includeSubdomains;preload
last-modified: Mon, 31 Jul 2023 16:11:22 GMT
server: nginx
x-rq: hhn2 96 184 443
etag: W/"64c7dd2a-39a"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript
cache-control: max-age=31536000

GET
H2 200 jquery.flexslider.min.js Show response
observer.com/wp-content/themes/newyorkobserver-2014/dist/js/vendor/ 21 KB
7 KB 20ms
8ms Script
application/javascript 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/themes/newyorkobserver-2014/dist/js/vendor/jquery.flexslider.min.js?ver=2.2.2

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

d747bc0ec8a549bb25f0bab199d8e3019bcea7cfaf1438d55da2fabcff48f2c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:18 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000;includeSubdomains;preload
last-modified: Mon, 31 Jul 2023 16:11:22 GMT
server: nginx
x-rq: hhn2 96 185 443
etag: W/"64c7dd2a-5429"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript
cache-control: max-age=31536000

GET
H2 200 theme.js Show response
observer.com/wp-content/themes/newyorkobserver-2014/dist/js/ 7 KB
3 KB 20ms
8ms Script
application/javascript 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/themes/newyorkobserver-2014/dist/js/theme.js?ver=1.9.9.04282045

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

2e256a180025855d8521b1aeacc337c5bc34f88865bbd09680c9f7192c937553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:18 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000;includeSubdomains;preload
last-modified: Mon, 31 Jul 2023 16:11:22 GMT
server: nginx
x-rq: hhn2 96 184 443
etag: W/"64c7dd2a-1c48"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript
cache-control: max-age=31536000

GET
H2 200 sailthru-widget.js Show response
observer.com/wp-content/themes/newyorkobserver-2014/dist/js/ 1 KB
815 B 22ms
10ms Script
application/javascript 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/themes/newyorkobserver-2014/dist/js/sailthru-widget.js?ver=1.9.9

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

756dd7203be6457d7dd15085b51cb7fcee2efdc6e1e46792c7a5272775a82243

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:18 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000;includeSubdomains;preload
last-modified: Mon, 31 Jul 2023 16:11:22 GMT
server: nginx
x-rq: hhn2 96 184 443
etag: W/"64c7dd2a-431"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript
cache-control: max-age=31536000

GET
H2 200 delay-load.js Show response
observer.com/wp-content/plugins/xcurrent/assets/js/ 3 KB
1 KB 22ms
10ms Script
application/javascript 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/plugins/xcurrent/assets/js/delay-load.js?ver=8f7693010179fc5007dacef632d329a6

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

ef5f8d6a9ea52bd9b20497b837b74bde31586062d5b0e16be75f8bbdffc29840

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:18 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000;includeSubdomains;preload
last-modified: Mon, 31 Jul 2023 16:11:22 GMT
server: nginx
x-rq: hhn2 96 184 443
etag: W/"64c7dd2a-b50"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript
cache-control: max-age=31536000

GET
H2 200 lazy-load.js Show response
observer.com/wp-content/plugins/xcurrent/assets/js/ 8 KB
4 KB 22ms
11ms Script
application/javascript 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/plugins/xcurrent/assets/js/lazy-load.js?ver=6bd186b35f60946321703040eae7bccf

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

6c05e433ca10b433edfc856fd903cb5f2da848a54e4507642a48981deed8bb05

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:18 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000;includeSubdomains;preload
last-modified: Mon, 31 Jul 2023 16:11:22 GMT
server: nginx
x-rq: hhn2 96 184 443
etag: W/"64c7dd2a-214a"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript
cache-control: max-age=31536000

GET
H2 200 e-202343.js Show response
stats.wp.com/ 7 KB
3 KB 48ms
6ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202343.js
Requested by: Host: observer.com
URL: https://observer.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ca7752fb33cf3a98c0f29bc4eec563112025da4109a0dcc69dabf5f861751258

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-minify-cache: hit
x-nc: HIT hhn
date: Tue, 24 Oct 2023 01:35:19 GMT
content-encoding: br
server: nginx
x-minify: t
etag: W/13576-1695421998473.3982
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Sun, 20 Oct 2024 23:49:16 GMT

GET
H2 200 script-queue.js Show response
observer.com/wp-content/plugins/xcurrent/assets/js/ 3 KB
2 KB 22ms
11ms Script
application/javascript 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/plugins/xcurrent/assets/js/script-queue.js?ver=bebcad848e998ab9ae82c8431c754b8a

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

a384a78bc8bee6afceab3ff107315b1bdcc0fd2622246826d16b503e742a8cdf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:18 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000;includeSubdomains;preload
last-modified: Mon, 31 Jul 2023 16:11:22 GMT
server: nginx
x-rq: hhn2 96 185 443
etag: W/"64c7dd2a-dd9"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript
cache-control: max-age=31536000

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 94ms
24ms Script
text/javascript 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 23 Oct 2023 23:51:33 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 6226
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Tue, 24 Oct 2023 01:51:33 GMT

GET
H2 200 22bdf0221b6555de6cdadcba Show response
truculentrate.com/scripts/3f92345fab9c/ 68 KB
24 KB 90ms
23ms Script
text/javascript 2600:1901:0:7416::1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://truculentrate.com/scripts/3f92345fab9c/22bdf0221b6555de6cdadcba

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:0:7416::1 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Resource Hash

eff28e6a59e6116bdebf9c7a65782a40d4b18e368226845f5ac64e8e03e1b7e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; preload
content-encoding: br
via: 1.1 google
date: Tue, 24 Oct 2023 01:35:19 GMT
x-datacenter: gce-europe-west1
etag: "35d7cc919a5d691db453bb72d85cdb267ab0585b2f5bde113b75d9218fa5fe21"
x-buildname: hoothoot
vary: Accept-Encoding, Accept-Language
x-hostname: fen-hoothoot-europe-west1-z5cq
content-type: text/javascript; charset=utf-8
cache-control: private, must-revalidate, max-age=21600
x-buildnumber: 1033761249
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 advertising.js Show response
www.npttech.com/ 6 KB
3 KB 57ms
14ms Script
application/javascript 2606:4700:e2::ac40:8f26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.npttech.com/advertising.js
Requested by: Host: observer.com
URL: https://observer.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8f26 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5b33d89b63f0526bc3d87febe6fa085f09521427e58faf605413b50635872ac1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:19 GMT
x-amz-version-id: AqISHxpKTQvORh8RqBdMoHK.Vq6tURDV
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: HM9Z5WS7PJHY3FQH
age: 3074
alt-svc: h3=":443"; ma=86400
x-amz-id-2: Y2YkUPR6dPCnA6B3ktAsvqQZVxmS5sxXdkBmb3/yy6MWYaOkSjmfvgAhxD2vZRQk18E1IvoazuE=
last-modified: Tue, 18 Oct 2022 13:20:01 GMT
server: cloudflare
etag: W/"df0e1827cd8f289a645f38d8fecaf6e0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P%2FYzagqSzCjwKtWnP8Yr4TDul8HC%2Bed43c7JSxc8rsB9sQArn9FZO4%2FShD2EN1qZ0QXIMHZ3pk7NCBYUrYze8FArTvfQkJWLw4mCIfb1ak%2BAdJ23pJl60Fl%2FP1m9bF7gGUtDqXzcVvVzUtPosRI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=28800
cf-ray: 81ae7b7feba35c44-FRA

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 search-ffffff.svg
observer.com/wp-content/themes/newyorkobserver-2014/images/ 2 KB
1 KB 28ms
22ms Image
image/svg+xml 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://observer.com/wp-content/themes/newyorkobserver-2014/images/search-ffffff.svg

Requested by

Host: observer.com
URL: https://observer.com/wp-content/themes/newyorkobserver-2014/dist/css/main.min.css?ver=1.9.9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

d17298826b7b7ed19af4942adf03fbcea7a7cd9cd5f25a5b9fb0674c71828c87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/wp-content/themes/newyorkobserver-2014/dist/css/main.min.css?ver=1.9.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:18 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000;includeSubdomains;preload
last-modified: Mon, 31 Jul 2023 16:11:22 GMT
server: nginx
x-rq: hhn2 96 185 443
etag: W/"64c7dd2a-960"
vary: Accept-Encoding
x-cache: HIT
content-type: image/svg+xml
cache-control: max-age=31536000

GET
H2 200 observer-logo-white-2015.png
observer.com/wp-content/themes/newyorkobserver-2014/images/ 3 KB
3 KB 28ms
23ms Image
image/png 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://observer.com/wp-content/themes/newyorkobserver-2014/images/observer-logo-white-2015.png

Requested by

Host: observer.com
URL: https://observer.com/wp-content/themes/newyorkobserver-2014/dist/css/main.min.css?ver=1.9.9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

74e72473f970d838c52ed8c8fadf1c25883dd561d66df3856bfc137b9da2fea0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/wp-content/themes/newyorkobserver-2014/dist/css/main.min.css?ver=1.9.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:18 GMT
strict-transport-security: max-age=31536000;includeSubdomains;preload
x-rq: hhn2 96 185 443
last-modified: Mon, 31 Jul 2023 16:11:22 GMT
server: nginx
etag: "64c7dd2a-b7d"
x-cache: HIT
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 2941

GET
H2 200 source-serif-pro-v11-latin-regular.woff2
observer.com/wp-content/themes/newyorkobserver-2014/dist/fonts/ 19 KB
20 KB 23ms
22ms Font
application/font-woff2 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/themes/newyorkobserver-2014/dist/fonts/source-serif-pro-v11-latin-regular.woff2

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

97816b3ca3d676b5241a16fd6fb3f3e4050a3b99c914f0a66f0bcc074617ba80

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

Referer: https://observer.com/
Origin: https://observer.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:18 GMT
strict-transport-security: max-age=31536000;includeSubdomains;preload
x-rq: hhn2 96 184 443
last-modified: Mon, 31 Jul 2023 16:11:22 GMT
server: nginx
etag: "64c7dd2a-4df4"
x-cache: HIT
content-type: application/font-woff2
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 19956

GET
DATA 200
OK truncated
/ 388 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9e6f27c1cafd285e55e9a7507489d02e2780f88d3cf5838b0965dbfed021c9f4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2 200 jizDREVItHgc8qDIbSTKq4XkRiUf2zc.woff2
fonts.gstatic.com/s/librefranklin/v14/ 28 KB
28 KB 84ms
24ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/librefranklin/v14/jizDREVItHgc8qDIbSTKq4XkRiUf2zc.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Libre+Franklin:wght@400;500;600;700&family=Source+Serif+Pro&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

edbf37f6db3f632faaeeeee4aa127c204d0bcc52e940682bc5d4b0fa48ded96b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://observer.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:26:09 GMT
x-content-type-options: nosniff
age: 601750
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28224
x-xss-protection: 0
last-modified: Wed, 13 Sep 2023 23:23:38 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 16 Oct 2024 02:26:09 GMT

GET
H2 200 load Show response
sandbox.tinypass.com/xbuilder/experience/ 4 KB
1 KB 65ms
24ms Script
application/javascript 2606:4700::6812:eff8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sandbox.tinypass.com/xbuilder/experience/load?aid=CMrLcDjZsu

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:eff8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5d55f7c21f317b20841033125e19ef280ff06aba9c8cb5ee2d6065220d8e5a30

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma
date: Tue, 24 Oct 2023 01:35:19 GMT
strict-transport-security: max-age=86400; includeSubDomains
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 24 Oct 2023 01:18:34 GMT
server: cloudflare
age: 1005
vary: Accept-Encoding, Origin
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=1800
cf-ray: 81ae7b80e98b2be2-FRA
alt-svc: h3=":443"; ma=86400
x-request-id: 4xj83r3jnh
expires: Tue, 24 Oct 2023 02:05:19 GMT

GET
H2

200

beacon.js Show response
sb.scorecardresearch.com/internal-cs/default/
Redirect Chain

https://sb.scorecardresearch.com/cs/37161820/beacon.js
https://sb.scorecardresearch.com/internal-cs/default/beacon.js

4 KB
2 KB

14ms
9ms

Script
application/javascript

18.245.60.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/internal-cs/default/beacon.js
Requested by: Host: observer.com
URL: https://observer.com/
Protocol: H2
Server: 18.245.60.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-245-60-76.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 84e5aa85594b35c4b60787f4a97e2e1eb369dacbe23d8154f61f60bb0343d465

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Mon, 23 Oct 2023 05:21:04 GMT
content-encoding: gzip
via: 1.1 c9b44fbd4230c7c5b0750a98fbcd9df6.cloudfront.net (CloudFront)
last-modified: Wed, 19 Jul 2023 09:10:12 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P5
age: 72856
x-amz-server-side-encryption: AES256
etag: W/"77ff4ede4693897337a38594321529a3"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=86400
x-amz-cf-id: rQSTRGvtAeJpnOJ9BhSEWsIRuQQzBUcMN2d8HLaqzCNcDRT0VZOJ4A==

Redirect headers

date: Tue, 24 Oct 2023 01:35:19 GMT
via: 1.1 c9b44fbd4230c7c5b0750a98fbcd9df6.cloudfront.net (CloudFront)
accept-ch: UA, Platform, Arch, Model, Mobile
x-amz-cf-pop: FRA60-P5
x-cache: Miss from cloudfront
location: /internal-cs/default/beacon.js
content-length: 0
x-amz-cf-id: IWzZRhpr8ImWE2acMCZsmXhCCiYUP5CTyPyEg_iC-6QqQqAtWWjotA==

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 199 KB
53 KB 28ms
10ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0ec8bc3ef1eb0c6ff43a2f94234c9487df3bf5e5f6b511693ca32cbb89bb665d

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 24 Oct 2023 01:35:19 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 53588
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: 9nAp498lgRZgYTqp3+DxPRQUI+LJM5TOCNqBNsTWWHwRzbVs8yGK6FSi+JkiKMlVscUxzk4S29lVJn0V0QgvrA==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

OPTIONS
H2 200 simple
api.sail-personalize.com/v1/personalize/ Frame 0
0 328ms
98ms Preflight
text/plain 99.83.154.140
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.sail-personalize.com/v1/personalize/simple?pageviews=1&isMobile=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.83.154.140 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: aa7557bb34ea5624b.awsglobalaccelerator.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,x-lib-version,x-referring-url
Access-Control-Request-Method: GET
Origin: https://observer.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin,X-Lib-Version,X-Referring-URL
access-control-allow-methods: OPTIONS,GET,POST,PUT,DELETE
access-control-allow-origin: https://observer.com
access-control-max-age: 1800
allow: HEAD,GET,OPTIONS
content-length: 18
content-type: text/plain
date: Tue, 24 Oct 2023 01:35:19 GMT

GET
H2 200 simple Show response
api.sail-personalize.com/v1/personalize/ 256 B
473 B 108ms
107ms Fetch
application/json 99.83.154.140
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.sail-personalize.com/v1/personalize/simple?pageviews=1&isMobile=0
Requested by: Host: ak.sail-horizon.com
URL: https://ak.sail-horizon.com/spm/spm.v1.min.js?ver=5.5.1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.83.154.140 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: aa7557bb34ea5624b.awsglobalaccelerator.com
Software: /
Resource Hash: da018a083eb1a8b7a9ab2ed850d2e9156cfd648ca6547e1914f04488ad8513b7

Request headers

x-lib-version: v1.0.1
accept-language: de-DE,de;q=0.9
authorization: Bearer eddd21a32bf5284abd9bc8ac7ddeec34
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
content-type: application/json
accept: application/json
Referer: https://observer.com/
x-referring-url: https://observer.com/

Response headers

pragma: no-cache
date: Tue, 24 Oct 2023 01:35:19 GMT
content-encoding: gzip
allowedorigins: *
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
allowedmethods: GET,OPTIONS
cache-control: no-store
access-control-allow-credentials: true
allowedheaders: Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin
content-length: 172
expires: -1

GET
H/1.1 200
OK /
p1.parsely.com/plogger/ 43 B
258 B 158ms
32ms Image
image/gif 52.17.99.225
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p1.parsely.com/plogger/?rand=1698111319280&plid=29912728&idsite=observer.com&url=https%3A%2F%2Fobserver.com%2F&urlref=&screen=1600x1200%7C1600x1200%7C24&data=%7B%7D&sid=1&surl=https%3A%2F%2Fobserver.com%2F&sref=&sts=1698111319273&slts=0&title=News%2C+data+and+insight+about+the+powerful+forces+that+shape+the+world.+%7C+Observer&date=Tue+Oct+24+2023+03%3A35%3A19+GMT%2B0200+(Central+European+Summer+Time)&action=pageview&pvid=33040737&u=pid%3D94b08f3570d1690c5159df9184063042
Requested by: Host: observer.com
URL: https://observer.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.17.99.225 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-99-225.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Tue, 24 Oct 2023 01:35:19 GMT
Cache-Control: no-cache
Last-Modified: Tuesday, 24-Oct-2023 01:35:19 GMT
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2 200 g.gif
pixel.wp.com/ 50 B
153 B 14ms
6ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&blog=168679389&post=1329211&tz=-4&srv=observer.com&hp=vip&j=1%3A12.6.2&host=observer.com&ref=&fcp=226&rand=0.7809462137627647
Requested by: Host: observer.com
URL: https://observer.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 24 Oct 2023 01:35:19 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 js Show response
www.google-analytics.com/gtm/ 127 KB
49 KB 27ms
25ms Script
application/javascript 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-NXSTMDF&cid=2031459061.1698111319

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9d0cd10bb713671edaf270cfbe0482c4143c990f027a91f9cb31760ead10ff73

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:19 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50349
x-xss-protection: 0
last-modified: Tue, 24 Oct 2023 00:08:44 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 24 Oct 2023 01:35:19 GMT

GET
H2 200 skeleton.gif
static.adsafeprotected.com/ 43 B
481 B 48ms
7ms Image
image/gif 2600:9000:223f:3c00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.adsafeprotected.com/skeleton.gif?adslot=wboqnn_728x90_
Requested by: Host: observer.com
URL: https://observer.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:3c00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sun, 28 May 2023 02:26:58 GMT
x-amz-version-id: iiN8XkcmZQdDIQeKkzAiegPwcD.5WPja
via: 1.1 edffe6978db53d114a80cda421e0b6b8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 12870501
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 43
last-modified: Mon, 17 Aug 2020 23:55:15 GMT
server: AmazonS3
etag: "45cf913e5d9d3c9b2058033056d3dd23"
content-type: image/gif
cache-control: max-age=315360000
accept-ranges: bytes
x-amz-cf-id: nlWSoBebz7rdWtc1JYags104wBEi8uteftNPUoCnyFMmDi5YuDzWyg==

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 1 KB
1 KB 62ms
25ms Script
text/javascript 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?hl=en&render=6LexvRggAAAAAF1HvCWrHtG4UAa7m0WIdyIgstAo

Requested by

Host: observer.com
URL: https://observer.com/wp-content/themes/newyorkobserver-2014/dist/js/theme.js?ver=1.9.9.04282045

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

5d173b14197366161d078d9fe05c40f42c667343821fbeddea82492a46f7ca4f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Tue, 24 Oct 2023 01:35:19 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
252 B 68ms
16ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-T9PLB60R8S&gtm=45je3an0&_p=1525641998&_gaz=1&cid=2031459061.1698111319&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1698111319&sct=1&seg=0&dl=https%3A%2F%2Fobserver.com%2F&dt=News%2C%20data%20and%20insight%20about%20the%20powerful%20forces%20that%20shape%20the%20world.%20%7C%20Observer&en=page_view&_fv=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-T9PLB60R8S
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Oct 2023 01:35:19 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://observer.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
243 B 70ms
18ms Ping
text/plain 2a00:1450:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-T9PLB60R8S&cid=2031459061.1698111319&gtm=45je3an0&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-T9PLB60R8S
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Oct 2023 01:35:19 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://observer.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 76ms
25ms Image
image/gif 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-T9PLB60R8S&cid=2031459061.1698111319&gtm=45je3an0&aip=1&z=1765296287

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Oct 2023 01:35:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 tinypass.min.js Show response
sandbox.tinypass.com/api/ 356 KB
106 KB 33ms
32ms Script
application/javascript 2606:4700::6812:eff8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sandbox.tinypass.com/api/tinypass.min.js

Requested by

Host: sandbox.tinypass.com
URL: https://sandbox.tinypass.com/xbuilder/experience/load?aid=CMrLcDjZsu

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:eff8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

855a02fa7e5e3ab79128f427ee404a5230070f9254ee63d47f4b8ee4c753b6b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:19 GMT
strict-transport-security: max-age=86400; includeSubDomains
content-encoding: br
cf-cache-status: HIT
age: 1186
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 23 Oct 2023 12:12:09 GMT
wn: sandbox-vx-dash-10-13-14-152
server: cloudflare
etag: W/"364432-1698063129000"
vary: Accept-Encoding
content-type: application/javascript
server-time: 0.000
cache-control: public, max-age=1200
cf-ray: 81ae7b828a6f2be2-FRA
expires: Tue, 24 Oct 2023 01:55:19 GMT

GET
H2 200 618909876214345 Show response
connect.facebook.net/signals/config/ 133 KB
35 KB 15ms
14ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/618909876214345?v=2.9.135&r=stable&domain=observer.com

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

341447fb742e677dbeeb2446fabe78fbc6c2c6df8d9b8fcaa386741587e1a1d5

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 24 Oct 2023 01:35:19 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 35259
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: RFbB0Rq3zzpfzRtMna+gItJPraSnhRNpt6r9aLyCKxo3FdHQ8U0WyM5lNjWQQAMWmeKmJG6fv03jWvVLdlayYQ==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 204 b
sb.scorecardresearch.com/ 0
225 B 21ms
7ms Image
text/plain 18.245.60.76
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b?c1=2&c2=37161820&cs_it=b8&cv=4.0.0%2B2301240627&ns__t=1698111319466&ns_c=UTF-8&c7=https%3A%2F%2Fobserver.com%2F&c8=News%2C%20data%20and%20insight%20about%20the%20powerful%20forces%20that%20shape%20the%20world.%20%7C%20Observer&c9=
Requested by: Host: observer.com
URL: https://observer.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.245.60.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-245-60-76.fra60.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:19 GMT
via: 1.1 c9b44fbd4230c7c5b0750a98fbcd9df6.cloudfront.net (CloudFront)
accept-ch: UA, Platform, Arch, Model, Mobile
x-amz-cf-pop: FRA60-P5
x-amz-cf-id: x9OyyzV48_dcuJe1qR1Xg9ErmSNco2XYc8GXgpY2pD3_rQnpjyoBKg==
x-cache: Miss from cloudfront

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/ 462 KB
185 KB 63ms
14ms Script
text/javascript 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?hl=en&render=6LexvRggAAAAAF1HvCWrHtG4UAa7m0WIdyIgstAo

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

253627a82794506a7d660ee232c06a88d2eaafb6174532f8c390bb69ade6636a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://observer.com/
Origin: https://observer.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Mon, 23 Oct 2023 19:35:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 21566
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 188860
x-xss-protection: 0
last-modified: Mon, 16 Oct 2023 04:01:46 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 22 Oct 2024 19:35:53 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 39ms
7ms Image
text/plain 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=618909876214345&ev=PageView&dl=https%3A%2F%2Fobserver.com%2F&rl=&if=false&ts=1698111319510&sw=1600&sh=1200&v=2.9.135&r=stable&ec=0&o=30&fbp=fb.1.1698111319508.993923439&ler=empty&it=1698111319459&coo=false&rqm=GET

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 24 Oct 2023 01:35:19 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

POST
H2 200 execute Show response
c2-sandbox.piano.io/xbuilder/experience/ 2 KB
2 KB 164ms
125ms XHR
application/json 2606:4700::6811:c376
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://c2-sandbox.piano.io/xbuilder/experience/execute?aid=CMrLcDjZsu

Requested by

Host: sandbox.tinypass.com
URL: https://sandbox.tinypass.com/api/tinypass.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:c376 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0210b0004d1177727d03a0d6b745789891195b2ba88ff99f8ef6ced9a5c51e40

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept: application/json
Referer: https://observer.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 24 Oct 2023 01:35:19 GMT
strict-transport-security: max-age=86400; includeSubDomains
content-encoding: br
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400
x-request-id: g40p1e9iud
pragma: no-cache
server: cloudflare
vary: Accept-Encoding, Origin
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://observer.com
access-control-expose-headers: Composer-Request-Control-Policy
cache-control: no-cache, no-store
access-control-allow-credentials: true
cf-ray: 81ae7b839fb99118-FRA

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 89 KB
29 KB 133ms
44ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: htlbid.com
URL: https://htlbid.com/v3/observer.com/htlbid.js?ver=3.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

69541dc351e92797662f93f01fc46ca28dd49a6199a3eacd7410515a136bb422

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:19 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29219
x-xss-protection: 0
server: cafe
etag: 332 / 19654 / 31079033 / config-hash: 16502004400228972408
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 24 Oct 2023 01:35:19 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 263 KB
64 KB 72ms
9ms Script
application/javascript 108.138.1.25
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: htlbid.com
URL: https://htlbid.com/v3/observer.com/htlbid.js?ver=3.0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.1.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-1-25.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4c5f80cce6889f5bd1236ae540178efed729c20bf20c5afaeed6e2fa02d50323

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:21:34 GMT
content-encoding: gzip
via: 1.1 6b17c6258978715ba0681e1d5589502c.cloudfront.net (CloudFront), 1.1 0e37105a96e87c22ff4981659a6dc176.cloudfront.net (CloudFront)
last-modified: Tue, 17 Oct 2023 19:57:29 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1, FRA56-P6
age: 826
x-amz-server-side-encryption: AES256
etag: W/"b9a7eb01b5274e82795d834c0b8154f1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
x-amz-cf-id: Fj2-zq-nbYsEZ3laZxc9FXxEj2JvP80kU1pbb3skTS7R-XiSszbflw==

GET
H2 200 3b5c18b9-96b7-48e4-a3ef-011eb84a970d-web.js Show response
3b5c18b9-96b7-48e4-a3ef-011eb84a970d.edge.permutive.app/ 361 KB
102 KB 81ms
37ms Script
application/javascript 2606:4700:4400::6812:29aa
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://3b5c18b9-96b7-48e4-a3ef-011eb84a970d.edge.permutive.app/3b5c18b9-96b7-48e4-a3ef-011eb84a970d-web.js
Requested by: Host: htlbid.com
URL: https://htlbid.com/v3/observer.com/htlbid.js?ver=3.0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:29aa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 00536f2b4e556e70b642a42e0d275b59a79ab2cbcfb35cca2e7763df46a90c1f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:19 GMT
content-encoding: br
cf-cache-status: HIT
x-goog-meta-oid: 3b5c18b9-96b7-48e4-a3ef-011eb84a970d
age: 0
x-guploader-uploadid: ADPycduR63pqpIi7SS031i2eJesOpQDKf1A8S0XYIdP8KfKovhx9i3mJvfTLq6yJze4-bGwswu7vRLxSgXoW0635h8jvdy5mPqEq
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
last-modified: Fri, 06 Oct 2023 10:08:51 GMT
server: cloudflare
etag: W/"e528ae7d3f4fd2c4b91137599eeb7c96"
vary: Accept-Encoding
x-goog-generation: 1696586931866405
content-type: application/javascript
x-goog-hash: crc32c=rHLmPg==, md5=5SiufT9P0sS5ETdZnut8lg==
cache-control: public, max-age=900
x-goog-stored-content-length: 104880
timing-allow-origin: *
cf-ray: 81ae7b83ff8965a2-FRA
expires: Tue, 24 Oct 2023 01:50:19 GMT

GET
H2 200 anchor Show response
www.google.com/recaptcha/api2/ Frame A121 58 KB
33 KB 39ms
37ms Document
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LexvRggAAAAAF1HvCWrHtG4UAa7m0WIdyIgstAo&co=aHR0cHM6Ly9vYnNlcnZlci5jb206NDQz&hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&size=invisible&cb=c9nyldg8wcsb

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

df24076596e23ee1154019d1d34270f041ec362ae46435083e73f1fecd60a875

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-S4YAUlwME3C4u69P7YTB9A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://observer.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-S4YAUlwME3C4u69P7YTB9A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 24 Oct 2023 01:35:19 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 Untitled-1.png
observer.com/wp-content/uploads/sites/2/2023/10/ 68 KB
68 KB 23ms
7ms Image
image/webp 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://observer.com/wp-content/uploads/sites/2/2023/10/Untitled-1.png?resize=300,210

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

688f460887bc3198f592d0f9cdea9cd29574e37621b2f5bcd7d7bcc1f01c92c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:19 GMT
strict-transport-security: max-age=31536000;includeSubdomains;preload
x-rq: hhn2 109 196 443
last-modified: Mon, 23 Oct 2023 21:00:00 GMT
server: nginx
etag: "a7c06bfa9c5e6db6"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 69742

GET
H2 200 GettyImages-1499013009.jpg
observer.com/wp-content/uploads/sites/2/2023/10/ 4 KB
4 KB 20ms
8ms Image
image/webp 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://observer.com/wp-content/uploads/sites/2/2023/10/GettyImages-1499013009.jpg?resize=300,171

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

e98554a53d4c1998a7823a370c81dc80c72cfc1d43e842f1dda69d8b868d2502

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:19 GMT
strict-transport-security: max-age=31536000;includeSubdomains;preload
x-rq: hhn2 109 140 443
last-modified: Mon, 23 Oct 2023 15:45:54 GMT
server: nginx
etag: "89fbcaccdb2514d4"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 4356

GET
H2 200 iss062e117852_front.jpeg
observer.com/wp-content/uploads/sites/2/2023/10/ 9 KB
9 KB 21ms
10ms Image
image/webp 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://observer.com/wp-content/uploads/sites/2/2023/10/iss062e117852_front.jpeg?resize=300,200

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

4de2440cba09ca0e388dd5ddb299c080da75007798917743ac9ca8a17a05969e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:19 GMT
strict-transport-security: max-age=31536000;includeSubdomains;preload
x-rq: hhn2 109 200 443
last-modified: Sat, 21 Oct 2023 12:05:41 GMT
server: nginx
etag: "c806ef6b8174ffc4"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 9450

GET
H2 200 GettyImages-1678354457.jpg
observer.com/wp-content/uploads/sites/2/2023/10/ 6 KB
7 KB 22ms
11ms Image
image/webp 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://observer.com/wp-content/uploads/sites/2/2023/10/GettyImages-1678354457.jpg?resize=300,200

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

7e77b248b2dfa6bf6f7969f8776893f02f2e661392be63aceb365705a0c76678

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:19 GMT
strict-transport-security: max-age=31536000;includeSubdomains;preload
x-rq: hhn2 109 195 443
last-modified: Fri, 20 Oct 2023 21:12:01 GMT
server: nginx
etag: "555f1699f70d0795"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 6628

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/ Frame A121 55 KB
24 KB 56ms
18ms Stylesheet
text/css 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LexvRggAAAAAF1HvCWrHtG4UAa7m0WIdyIgstAo&co=aHR0cHM6Ly9vYnNlcnZlci5jb206NDQz&hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&size=invisible&cb=c9nyldg8wcsb

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Mon, 23 Oct 2023 21:43:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 13936
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24606
x-xss-protection: 0
last-modified: Mon, 16 Oct 2023 04:01:46 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 22 Oct 2024 21:43:03 GMT

GET
H3 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/ Frame A121 462 KB
184 KB 50ms
13ms Script
text/javascript 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

253627a82794506a7d660ee232c06a88d2eaafb6174532f8c390bb69ade6636a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Mon, 23 Oct 2023 19:35:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 21566
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 188860
x-xss-protection: 0
last-modified: Mon, 16 Oct 2023 04:01:46 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 22 Oct 2024 19:35:53 GMT

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 23ms
8ms XHR
application/javascript 108.138.1.25
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.1.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-1-25.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-amz-version-id: 9yABOonr2HqHtwbarUcdbIqN0f4A8Qog
content-encoding: gzip
via: 1.1 c3fc8d1fb362a6655af993732c376dc4.cloudfront.net (CloudFront)
date: Mon, 23 Oct 2023 05:47:27 GMT
x-amz-cf-pop: FRA56-P6
age: 73824
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 29 Aug 2023 08:30:37 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: xRTiEMMLXjjmrYpMUvdatKVx7fl7F4zIKEzDrXaj9Wyvc10s9pXqnQ==

GET
H2 200 pxid Show response
3b5c18b9-96b7-48e4-a3ef-011eb84a970d.prmutv.co/v2.0/ 46 B
392 B 69ms
20ms XHR
application/json 35.241.9.51
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://3b5c18b9-96b7-48e4-a3ef-011eb84a970d.prmutv.co/v2.0/pxid?k=6b8d2782-a057-45b2-b2fd-5e7238c30400
Requested by: Host: 3b5c18b9-96b7-48e4-a3ef-011eb84a970d.edge.permutive.app
URL: https://3b5c18b9-96b7-48e4-a3ef-011eb84a970d.edge.permutive.app/3b5c18b9-96b7-48e4-a3ef-011eb84a970d-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.9.51 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 51.9.241.35.bc.googleusercontent.com
Software: Permutive /
Resource Hash: 8a2e50520b3802be8ba8525c56ced0d0b9aba4efb49048d315a88a5a7a2639a5

Request headers

Referer: https://observer.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
content-type: text/plain

Response headers

date: Tue, 24 Oct 2023 01:35:20 GMT
content-encoding: gzip
via: 1.1 google
server: Permutive
vary: Origin
content-type: application/json
access-control-allow-origin: https://observer.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66

GET
H2 200 getuidj Show response
ib.adnxs.com/ 11 B
572 B 76ms
37ms XHR
application/json 185.89.211.12
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/getuidj

Requested by

Host: 3b5c18b9-96b7-48e4-a3ef-011eb84a970d.edge.permutive.app
URL: https://3b5c18b9-96b7-48e4-a3ef-011eb84a970d.edge.permutive.app/3b5c18b9-96b7-48e4-a3ef-011eb84a970d-web.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.211.12 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://observer.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Tue, 24 Oct 2023 01:35:20 GMT
an-x-request-uuid: 37ecb005-1ee1-42aa-a0fc-90c7cf479993
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: application/json; charset=utf-8
access-control-allow-origin: https://observer.com
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 178.162.209.140; 178.162.209.140; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 11
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310190101/ 422 KB
132 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310190101/pubads_impl.js?cb=31079033

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

49db66ae1889e3ae58a38124422c4d6648b19cf9f233b12412db9b565b5d85b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Mon, 23 Oct 2023 12:36:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 46712
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 135316
x-xss-protection: 0
server: cafe
etag: 9779678222609117831
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Tue, 22 Oct 2024 12:36:47 GMT

GET
BLOB 200
OK bea2a6ad-7bea-4b8e-b23d-292105abfed7
https://observer.com/ 69 KB
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://observer.com/bea2a6ad-7bea-4b8e-b23d-292105abfed7
Requested by: Host: observer.com
URL: https://observer.com/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 13d8fbc7e950b3f123dc554d5da339303025f34009de0a14d7a6bcc250ae289e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Length: 70617
Content-Type

GET
BLOB 200
OK ad3c9215-7149-4287-b98b-f81cfaa65264
https://observer.com/ 69 KB
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://observer.com/ad3c9215-7149-4287-b98b-f81cfaa65264
Requested by: Host: observer.com
URL: https://observer.com/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 13d8fbc7e950b3f123dc554d5da339303025f34009de0a14d7a6bcc250ae289e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Length: 70617
Content-Type

GET
H2 200 geoip Show response
api.permutive.com/v2.0/ 260 B
239 B 67ms
20ms XHR
application/json 34.107.254.252
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v2.0/geoip?include=geo&include=isp&include=ip_hash&k=6b8d2782-a057-45b2-b2fd-5e7238c30400
Requested by: Host: 3b5c18b9-96b7-48e4-a3ef-011eb84a970d.edge.permutive.app
URL: https://3b5c18b9-96b7-48e4-a3ef-011eb84a970d.edge.permutive.app/3b5c18b9-96b7-48e4-a3ef-011eb84a970d-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: bd887aa5595948bab242299795346c2bb50a2914a9bc06f8137a471d8022a9a9

Request headers

Referer: https://observer.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
content-type: text/plain

Response headers

date: Tue, 24 Oct 2023 01:35:20 GMT
content-encoding: gzip
via: 1.1 google
server: Permutive
vary: Origin
content-type: application/json
access-control-allow-origin: https://observer.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 173

POST
H2 200 watson Show response
api.permutive.com/v2.0/ 307 B
411 B 65ms
19ms XHR
application/json 34.107.254.252
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v2.0/watson?k=6b8d2782-a057-45b2-b2fd-5e7238c30400
Requested by: Host: 3b5c18b9-96b7-48e4-a3ef-011eb84a970d.edge.permutive.app
URL: https://3b5c18b9-96b7-48e4-a3ef-011eb84a970d.edge.permutive.app/3b5c18b9-96b7-48e4-a3ef-011eb84a970d-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: 90d614055473a8d8bca4a7934c3b3cf482c6b8a021fdac29317880e499286eb5

Request headers

Referer: https://observer.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
content-type: text/plain

Response headers

date: Tue, 24 Oct 2023 01:35:20 GMT
content-encoding: gzip
via: 1.1 google
server: Permutive
vary: Origin
content-type: application/json
access-control-allow-origin: https://observer.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 219

GET
H2 200 GettyImages-1483357360.jpg
observer.com/wp-content/uploads/sites/2/2023/10/ 4 KB
5 KB 7ms
7ms Image
image/webp 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://observer.com/wp-content/uploads/sites/2/2023/10/GettyImages-1483357360.jpg?resize=300,199

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

03255fde15d5b1ad40ac9af95638c8f4ef82b3d90ba7c4d6c20279ed894a35bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:20 GMT
strict-transport-security: max-age=31536000;includeSubdomains;preload
x-rq: hhn2 109 28 443
last-modified: Mon, 23 Oct 2023 21:16:08 GMT
server: nginx
etag: "7835c28dcaa6d75f"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 4438

GET
H3 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame A121 2 KB
2 KB 14ms
14ms Image
image/png 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Fri, 20 Oct 2023 00:18:29 GMT
x-content-type-options: nosniff
age: 350211
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Fri, 27 Oct 2023 00:18:29 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame A121 15 KB
15 KB 25ms
24ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Sat, 21 Oct 2023 02:58:03 GMT
x-content-type-options: nosniff
age: 254237
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 20 Oct 2024 02:58:03 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame A121 15 KB
15 KB 30ms
29ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 19 Oct 2023 18:06:30 GMT
x-content-type-options: nosniff
age: 372530
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 18 Oct 2024 18:06:30 GMT

POST
H3 200 identify Show response
api.permutive.com/v2.0/ 50 B
88 B 64ms
34ms XHR
application/json 34.107.254.252
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v2.0/identify?k=6b8d2782-a057-45b2-b2fd-5e7238c30400
Requested by: Host: 3b5c18b9-96b7-48e4-a3ef-011eb84a970d.edge.permutive.app
URL: https://3b5c18b9-96b7-48e4-a3ef-011eb84a970d.edge.permutive.app/3b5c18b9-96b7-48e4-a3ef-011eb84a970d-web.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: 9d0da2a904a70e5f7517df02a0d82dd6a0ba62dae3a7c3f2226bdc26eb9ee828

Request headers

Referer: https://observer.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
content-type: text/plain

Response headers

date: Tue, 24 Oct 2023 01:35:20 GMT
content-encoding: gzip
via: 1.1 google
server: Permutive
vary: Origin
content-type: application/json
access-control-allow-origin: https://observer.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 70

GET
H2 200 .js Show response
dyv1bugovvq1g.cloudfront.net/79/observer.com/ 3 KB
1 KB 49ms
12ms XHR
application/json 2600:9000:223e:ba00:5:82fd:2500:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dyv1bugovvq1g.cloudfront.net/79/observer.com/.js
Requested by: Host: htlbid.com
URL: https://htlbid.com/v3/observer.com/htlbid.js?ver=3.0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223e:ba00:5:82fd:2500:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 49c65516a1ac6109484d0aac2a645ef339ac639f87c0d77691c6055bf1d9faaa

Request headers

Referer: https://observer.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 24 Oct 2023 01:33:47 GMT
content-encoding: gzip
via: 1.1 7831c78db9d585e32d354900cc00dca6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P4
age: 94
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 563
x-amz-expiration: expiry-date="Sun, 24 Dec 2023 00:00:00 GMT", rule-id="cleanup"
last-modified: Tue, 24 Oct 2023 01:13:50 GMT
server: AmazonS3
etag: "d18f2ebd3fa8e168df54f7ab5d6d0f23"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://observer.com
cache-control: max-age=300
access-control-allow-credentials: true
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges: bytes
x-amz-cf-id: knlo4OsqphpPSVdm3qixDZaAbqKiUf0PdZYjJCBjuAwwlKWMQmgEWQ==

GET
H2 200 30787d05-7895-471e-9cdf-d931d7b5ea5d Show response
config.aps.amazon-adsystem.com/configs/ 537 B
812 B 48ms
11ms Script
application/javascript 99.86.4.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://config.aps.amazon-adsystem.com/configs/30787d05-7895-471e-9cdf-d931d7b5ea5d
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-71.fra6.r.cloudfront.net
Software: CloudFront /
Resource Hash: a7b4051ce3c03d83059984dfd302a18b7e0bb49f3a188b6db2f5ef53b1970a5f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:08:44 GMT
via: 1.1 1277de71b2472d19ca0bfc510db9ec54.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA6-C1
age: 1596
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
content-length: 537
x-amz-cf-id: jOnYSeGhgIJbk87Vdw2y3UvYgRF2sd8YJpxXuc-FKtXjmgTO2PSIOA==

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ 486 B
840 B 8ms
8ms XHR
application/json 108.138.1.25
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fobserver.com&pubid=30787d05-7895-471e-9cdf-d931d7b5ea5d
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.1.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-1-25.fra56.r.cloudfront.net
Software: Server /
Resource Hash: d8234a5854ab9176a7bdc57c6dc183540c614c50dcb02296f94913e7031b0272

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 00:31:46 GMT
via: 1.1 0e37105a96e87c22ff4981659a6dc176.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P6
age: 3813
x-cache: Hit from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://observer.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
content-length: 486
x-amz-cf-id: U630nmmmVjgqy9xAdzmywwbnxpFJLmZ30vstptBI6FkuDOiih4nQag==

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ 23 B
461 B 92ms
48ms XHR
text/javascript 108.138.9.235
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fobserver.com%2F&pid=WnEl2TyXTnsfB&cb=0&ws=1600x1200&v=23.1010.1530&t=2000&slots=%5B%7B%22sd%22%3A%22htlad-1-gpt%22%2C%22s%22%3A%5B%22970x250%22%2C%22728x90%22%2C%22970x90%22%5D%2C%22sn%22%3A%22%2F22133348250%2Fobserver_leaderboard_atf%22%7D%5D&schain=1.0%2C1!hashtag-labs.com%2C1010%2C1%2C%2C%2C&pubid=30787d05-7895-471e-9cdf-d931d7b5ea5d&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.9.235 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-9-235.fra56.r.cloudfront.net

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:20 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 b4bf06ec43f99543c974d975a6c597da.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P6
x-amz-rid: HDNCAQ8QJZXJCRAZ900T
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://observer.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: oAdu-0IbFiN_JKIyBZh63CaC5fmkEGfMhiARkCW3vz4N8Q-bYErF7A==

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 677 B
363 B 52ms
51ms Fetch
text/plain 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3481892187952406&correlator=4482826700756128&eid=31079033%2C31078934&output=ldjh&gdfp_req=1&vrg=202310190101&ptt=17&impl=fifs&iu_parts=22133348250%2CPrimis_VDU&enc_prev_ius=%2F0%2F1&prev_iu_szs=1x1&ifi=1&sfv=1-0-40&ists=1&sc=1&cookie_enabled=1&abxe=1&dt=1698111320241&lmt=1698104120&adxs=0&adys=9569&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&url=https%3A%2F%2Fobserver.com%2F&vis=1&psz=1600x9478&msz=1600x0&fws=4&ohw=1600&ga_vid=2031459061.1698111319&ga_sid=1698111320&ga_hid=1525641998&ga_fc=true&dlt=1698111318906&idt=1251&cust_params=permutive%3D&adks=487435963&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310190101/pubads_impl.js?cb=31079033

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18d06fed9a67ff1de9031deb2f7fec9ff333758ec6a847e7ab922450be27f93d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:20 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 333
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://observer.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 334E 6 KB
3 KB 100ms
22ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310190101/pubads_impl.js?cb=31079033

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://observer.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 24 Oct 2023 01:35:20 GMT
expires: Wed, 23 Oct 2024 01:35:20 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame A121 102 B
135 B 25ms
24ms Other
text/javascript 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

bd7e05751a03c3c81bf4f38808d12af294f672494f6b9d7641aaf0dfbb5fb012

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LexvRggAAAAAF1HvCWrHtG4UAa7m0WIdyIgstAo&co=aHR0cHM6Ly9vYnNlcnZlci5jb206NDQz&hl=en&v=vm_YDiq1BiI3a8zfbIPZjtF2&size=invisible&cb=c9nyldg8wcsb
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Tue, 24 Oct 2023 01:35:20 GMT

GET
H2 200 id5-api.js Show response
cdn.id5-sync.com/api/1.0/ 138 KB
30 KB 37ms
17ms Script
text/javascript 2606:4700:10::ac43:266a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/id5-api.js

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:266a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

89a9b728cbc4ea20ef9c0934035ba3300049c50682dcc0e58452c40749b6d853

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:20 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 16 Oct 2023 11:34:12 GMT
server: cloudflare
x-amz-request-id: K9Q250V9R1Q6W27R
age: 1217
etag: W/"cc062d3a08ec5f94b7d1ab377b1e95bd"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 81ae7b880d983a4f-FRA
x-amz-id-2: PD1S0JoPLMtwqKBfKoQwkKEr6ORo2NJ5ZQTQRMedIqATLJ/HfkY0/HNDgoPnfWuQ7I5txIlbFtA=

POST
H2 200 audiences Show response
api.permutive.com/audience-matching/v1/id/5b2c6cae-d80d-402b-b44b-514419a0b091/ 12 B
75 B 78ms
77ms XHR
application/json 34.107.254.252
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/audience-matching/v1/id/5b2c6cae-d80d-402b-b44b-514419a0b091/audiences?k=6b8d2782-a057-45b2-b2fd-5e7238c30400
Requested by: Host: 3b5c18b9-96b7-48e4-a3ef-011eb84a970d.edge.permutive.app
URL: https://3b5c18b9-96b7-48e4-a3ef-011eb84a970d.edge.permutive.app/3b5c18b9-96b7-48e4-a3ef-011eb84a970d-web.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: /
Resource Hash: 2b0fb0a6b3e353c69158d61221c2200e4199d0d60dd0b9d99702a22eaa917a78

Request headers

Referer: https://observer.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 24 Oct 2023 01:35:20 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12
content-type: application/json

POST
H3 200 efe8ee21851085f664c0eb36c6b7b32ea7ef2 Show response
truculentrate.com/u/f3815bf0684d80f/ 288 B
315 B 49ms
29ms Fetch
application/json 2600:1901:0:7416::1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://truculentrate.com/u/f3815bf0684d80f/efe8ee21851085f664c0eb36c6b7b32ea7ef2

Requested by

Host: truculentrate.com
URL: https://truculentrate.com/scripts/3f92345fab9c/22bdf0221b6555de6cdadcba

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:1901:0:7416::1 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Resource Hash

ea5aef304509dd06016e3c79bac970fee3b7cbb5ef1315194fa8db08e52b0ea8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://observer.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
date: Tue, 24 Oct 2023 01:35:20 GMT
via: 1.1 google
x-buildnumber: 1033761249
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 288
x-datacenter: gce-europe-west1
x-buildname: hoothoot
vary: Accept-Encoding, Origin
access-control-allow-methods: POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://observer.com
x-hostname: fen-hoothoot-europe-west1-z5cq
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
expires: Tue, 24 Oct 2023 01:35:19 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 25 KB
12 KB 701ms
700ms Fetch
text/plain 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3481892187952406&correlator=3575652917284793&eid=31079033%2C31078934&output=ldjh&gdfp_req=1&vrg=202310190101&ptt=17&impl=fifs&iu_parts=22133348250%2Cobserver_leaderboard_atf%2Cobserver_1x1&enc_prev_ius=%2F0%2F1%2C%2F0%2F2&prev_iu_szs=970x250%7C728x90%7C970x90%2C1x1&ifi=2&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1698111320362&lmt=1698104120&adxs=315%2C-12245933&adys=225%2C-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C-1&ucis=2%7C3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&url=https%3A%2F%2Fobserver.com%2F&vis=1&psz=970x0%7C0x0&msz=970x0%7C0x0&fws=4%2C132&ohw=1600%2C1600&ga_vid=2031459061.1698111319&ga_sid=1698111320&ga_hid=1525641998&ga_fc=true&dlt=1698111318906&idt=1251&cust_params=permutive%3D%26htlbidid%3D24649%26puid%3D5b2c6cae-d80d-402b-b44b-514419a0b091%26ptime%3D1698111320177%26is_testing%3Dno%26is_home%3Dyes%26pagetype%3Dpage%26url%3Dhttps%253A%252F%252Fobserver.com%252F%26tag%3D%26author%3D%26articleID%3Darticle_1329211%26brandsafe%3Dyes%26section%3D%26servead%3Dyes&adks=4231055590%2C3557776677&frm=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310190101/pubads_impl.js?cb=31079033

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ee13d66c8fa1222ed0263c697199a9886363cfab3b6338acbdc743ada1b503c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:21 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11937
x-xss-protection: 0
google-lineitem-id: -1,-2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -1,-2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://observer.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
12 KB 104ms
30ms XHR
application/json 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202310190101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310190101/pubads_impl.js?cb=31079033

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2d9b441516e68fbe56035f66a796508753a803f67561662d2c66506e6395a331

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:20 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11948
x-xss-protection: 0

POST
H3 200 305e6c2864c90675a1b8c759cc67bd29322d153e1e4f2c9695d5 Show response
truculentrate.com/ 3 B
27 B 25ms
25ms Fetch
application/json 2600:1901:0:7416::1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://truculentrate.com/305e6c2864c90675a1b8c759cc67bd29322d153e1e4f2c9695d5

Requested by

Host: truculentrate.com
URL: https://truculentrate.com/scripts/3f92345fab9c/22bdf0221b6555de6cdadcba

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:1901:0:7416::1 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://observer.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
date: Tue, 24 Oct 2023 01:35:20 GMT
via: 1.1 google
x-buildnumber: 1033761249
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
x-datacenter: gce-europe-west1
x-buildname: hoothoot
vary: Accept-Encoding, Origin
access-control-allow-methods: POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://observer.com
x-hostname: fen-hoothoot-europe-west1-z5cq
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie

POST
H3 200 segment Show response
api.permutive.com/adv/v2/ 14 B
28 B 28ms
28ms XHR
application/json 34.107.254.252
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/adv/v2/segment?new-session=true&k=6b8d2782-a057-45b2-b2fd-5e7238c30400
Requested by: Host: 3b5c18b9-96b7-48e4-a3ef-011eb84a970d.edge.permutive.app
URL: https://3b5c18b9-96b7-48e4-a3ef-011eb84a970d.edge.permutive.app/3b5c18b9-96b7-48e4-a3ef-011eb84a970d-web.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: e3aeeb9b76fb8242067c35d89b2a5281561e92a7c9a25239d630f818fe978a7d

Request headers

Referer: https://observer.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: *
date: Tue, 24 Oct 2023 01:35:20 GMT
via: 1.1 google
server: Permutive
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14
content-type: application/json

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 117ms
25ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310190101/pubads_impl.js?cb=31079033

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 24 Oct 2023 01:35:20 GMT

GET
H2 200 Le-grand-salon.jpg
observer.com/wp-content/uploads/sites/2/2023/10/ 18 KB
18 KB 9ms
7ms Image
image/webp 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://observer.com/wp-content/uploads/sites/2/2023/10/Le-grand-salon.jpg?resize=300,200

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

2ee1833eeb095dc924d6d3eda917968059c7b61db69eb1b7bcbe1c79bf4b9bd3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:20 GMT
strict-transport-security: max-age=31536000;includeSubdomains;preload
x-rq: hhn2 109 86 443
last-modified: Mon, 23 Oct 2023 17:59:46 GMT
server: nginx
etag: "5dda373846f0b36c"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 17974

GET
H2 200 Miller-Theatre-Kate-Soper-The-Hunt-190.jpg
observer.com/wp-content/uploads/sites/2/2023/10/ 24 KB
24 KB 9ms
8ms Image
image/jpeg 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://observer.com/wp-content/uploads/sites/2/2023/10/Miller-Theatre-Kate-Soper-The-Hunt-190.jpg?resize=300,200

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

9fbdb8fa831559d79622dac06776b4ef4c0e67e45684dc7dcfded09feadae633

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:20 GMT
strict-transport-security: max-age=31536000;includeSubdomains;preload
x-rq: hhn2 109 140 443
last-modified: Mon, 23 Oct 2023 13:40:57 GMT
server: nginx
etag: "7bec53d246a7d097"
vary: Accept
x-cache: HIT
content-type: image/jpeg
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 24670

GET
H2 200 16x9-Blackdot-Tyler-Hobbs-1-2023-08-27-2.png
observer.com/wp-content/uploads/sites/2/2023/10/ 53 KB
53 KB 9ms
8ms Image
image/webp 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://observer.com/wp-content/uploads/sites/2/2023/10/16x9-Blackdot-Tyler-Hobbs-1-2023-08-27-2.png?resize=300,169

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

f8d03f6831d2a156f8f0ae4c2461fc32321c7c36362f8bbe1d813d4a89e44774

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:20 GMT
strict-transport-security: max-age=31536000;includeSubdomains;preload
x-rq: hhn2 109 83 443
last-modified: Fri, 20 Oct 2023 19:14:22 GMT
server: nginx
etag: "873c2674a5af167a"
vary: Accept
x-cache: HIT
content-type: image/webp
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 53950

GET
H2 200 oPS.js Show response
d15kdpgjg3unno.cloudfront.net/ 113 KB
25 KB 59ms
8ms Script
text/javascript 2600:9000:2490:be00:11:b309:9100:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d15kdpgjg3unno.cloudfront.net/oPS.js?cid=79
Requested by: Host: htlbid.com
URL: https://htlbid.com/v3/observer.com/htlbid.js?ver=3.0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2490:be00:11:b309:9100:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2b2b4c823e05820933dac75fe85e93a09e77a97152e6b0982e2898d47ee5c6de

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-amz-version-id: zKlaReAKEss3WjCDnMLccCFqWAk2P3E5
content-encoding: gzip
via: 1.1 bb5a1c03f2335d92378a3e68542733da.cloudfront.net (CloudFront)
date: Mon, 23 Oct 2023 23:41:33 GMT
last-modified: Tue, 10 Oct 2023 19:45:19 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P6
age: 6827
x-amz-server-side-encryption: AES256
etag: W/"209836d6bfcb254cc97efd3678a4c2a7"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: max-age=84600
x-amz-cf-id: athFD5WgGl05LHZYRuyQWHmjQhJ7i7hQ977MYw4Yt9K5P58g5R3pQg==

GET
H/1.1 200
OK 1x1-pixel.png
ams-pageview-public.s3.amazonaws.com/ 68 B
448 B 328ms
113ms Image
image/png 52.216.49.193
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ams-pageview-public.s3.amazonaws.com/1x1-pixel.png?id=1e511584efcb
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.49.193 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Tue, 24 Oct 2023 01:35:21 GMT
Last-Modified: Mon, 26 Oct 2020 16:52:19 GMT
Server: AmazonS3
x-amz-request-id: K7RJQH38SXF2RJ4D
ETag: "91e42db1c66c0b276abf6234dc50b2eb"
Content-Type: image/png
Cache-Control: no-store
Accept-Ranges: bytes
Content-Length: 68
x-amz-id-2: qPg5cpXSsyiQP7Cg76eeLawCPh2WPHJ0Dld5MTBSsEtkQ3/ZXserguTV/c1uXBppotjEXOBvmcQ=

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 7203 13 KB
5 KB 14ms
13ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://observer.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 25824
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 23 Oct 2023 18:24:56 GMT
expires: Tue, 22 Oct 2024 18:24:56 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 9FAF 829 B
562 B 24ms
23ms Document
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

ef76f0d3266e9385504d0ca2c10c9c26c6e4ba9fe9afe5b89a1713b3750689fa

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-XFRm1oHWk76j-N2qJYUO9A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://observer.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-XFRm1oHWk76j-N2qJYUO9A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 24 Oct 2023 01:35:20 GMT
expires: Tue, 24 Oct 2023 01:35:20 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 GettyImages-1730496895.jpg
observer.com/wp-content/uploads/sites/2/2023/10/ 22 KB
22 KB 7ms
7ms Image
image/jpeg 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://observer.com/wp-content/uploads/sites/2/2023/10/GettyImages-1730496895.jpg?resize=300,200

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

99390ea97cf85db7a91131e97b843d140cdc8ddb75c4ff1e08f6d6603ef4fee3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:20 GMT
strict-transport-security: max-age=31536000;includeSubdomains;preload
x-rq: hhn2 109 32 443
last-modified: Mon, 23 Oct 2023 18:45:12 GMT
server: nginx
etag: "0f31f16f756b04f6"
vary: Accept
x-cache: HIT
content-type: image/jpeg
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 22075

GET
H3 200 kdR3Uc-Lch-XuU6BJZRbuWDa0aJJ9it8wzNxgvcOl3M.js Show response
pagead2.googlesyndication.com/bg/ Frame 7203 37 KB
14 KB 44ms
14ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/kdR3Uc-Lch-XuU6BJZRbuWDa0aJJ9it8wzNxgvcOl3M.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

91d47751cf8b721f97b94e8125945bb960dad1a249f62b7cc3337182f70e9773

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Mon, 23 Oct 2023 17:31:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 29012
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14703
x-xss-protection: 0
last-modified: Mon, 16 Oct 2023 11:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 22 Oct 2024 17:31:48 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 9FAF 0
0 68ms
48ms Image
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202310190101&jk=3481892187952406&rc=null
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

POST
H/1.1 200
OK Test_oPS_Script_Loads Show response
sqs.us-east-1.amazonaws.com/397719490216/ 378 B
682 B 333ms
109ms XHR
text/xml 3.239.232.239
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://sqs.us-east-1.amazonaws.com/397719490216/Test_oPS_Script_Loads?Action=SendMessage&MessageBody=cid%3D79%26bt%3Dnull
Requested by: Host: d15kdpgjg3unno.cloudfront.net
URL: https://d15kdpgjg3unno.cloudfront.net/oPS.js?cid=79
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.239.232.239 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-239-232-239.compute-1.amazonaws.com
Software: /
Resource Hash: cf0e4e3608c61bf0935d299bc8dab4070efc6ed71440c0fd54680b5c70dc96a1

Request headers

Referer: https://observer.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: x-amzn-RequestId,x-amzn-ErrorType,x-amzn-ErrorMessage,Date
Date: Tue, 24 Oct 2023 01:35:21 GMT
connection: keep-alive
x-amzn-RequestId: cfc88f73-2ffb-54a7-a4b2-d2c20e62505c
Content-Length: 378
Content-Type: text/xml

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 7203 0
10 B 16ms
15ms Image
text/plain 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?iq20fQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:20 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H3 200 events Show response
api.permutive.com/v2.0/batch/ 101 B
129 B 20ms
20ms XHR
application/json 34.107.254.252
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v2.0/batch/events?enrich=false&sdkp=true&k=6b8d2782-a057-45b2-b2fd-5e7238c30400
Requested by: Host: 3b5c18b9-96b7-48e4-a3ef-011eb84a970d.edge.permutive.app
URL: https://3b5c18b9-96b7-48e4-a3ef-011eb84a970d.edge.permutive.app/3b5c18b9-96b7-48e4-a3ef-011eb84a970d-web.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: 34ad0b1d6e24c183db4532e3a4bc29e1c4499b15fe46412ae92191c53a554a79

Request headers

Referer: https://observer.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
content-type: text/plain

Response headers

date: Tue, 24 Oct 2023 01:35:20 GMT
content-encoding: gzip
via: 1.1 google
server: Permutive
vary: Origin
content-type: application/json
access-control-allow-origin: https://observer.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 111

POST
H2 204 ping
pagead2.googlesyndication.com/pagead/ 0
0 51ms
51ms Fetch
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pagead2.googlesyndication.com/pagead/ping?e=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://observer.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

GET
H2 200 container.html Show response
839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame B439 6 KB
3 KB 15ms
14ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310190101/pubads_impl.js?cb=31079033

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://observer.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 24 Oct 2023 01:35:20 GMT
expires: Wed, 23 Oct 2024 01:35:20 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 070A 624 B
577 B 67ms
27ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGNTvr-kBMAE&v=APEucNVNnd9LoZR_-5eiaB_dOqSieNY2zHTlU3UJ9sMr1Z7q9FMZYcW9IsMpLuOfQPfQVs6KahOo6QsS18IhBX3rTnzDThb2ArcDd1gwgdNBcoSENZ6OKV-fpx1yHXuMeqMXUwD_iUKttcNMzqTwm81J2qQoYt8tZDbct4crL-AYuzUywkL7MYM

Requested by

Host: 839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com
URL: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 24 Oct 2023 01:35:21 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame B439 89 KB
31 KB 27ms
26ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com
URL: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6c0bd41a591f67aa54215c9f9c1f0e86935d86b6546a0ba0bf9cebbed53a9ebc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:21 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31491
x-xss-protection: 0
server: cafe
etag: 6167930392490353973
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 24 Oct 2023 01:35:21 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame B439 42 B
63 B 49ms
47ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-A4liNOwe3Xavvkquxq7QlVZC25bffSlhwV4DjlkSLLGlXm6XnS1CTxCf8l1NVsjG8BGaf1vLsZLu8rAZW_x1OqnTp2b_OnrTc6PCEa97D83t4OFsc

Requested by

Host: 839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com
URL: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Oct 2023 01:35:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B439 0
20 B 50ms
48ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=12980182633053863321&x=1&ct=76

Requested by

Host: 839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com
URL: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Oct 2023 01:35:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231017/r20110914/client/ Frame B439 3 KB
1 KB 16ms
14ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231017/r20110914/client/window_focus_fy2021.js

Requested by

Host: 839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com
URL: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Mon, 23 Oct 2023 17:32:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 28996
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Nov 2023 17:32:05 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231017/r20110914/client/ Frame B439 20 KB
8 KB 17ms
14ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231017/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com
URL: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f74f99e9fe1027d19c741e71e7a2adf40f49a011d50cb110e45a0511f624fb3a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 00:02:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5567
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8427
x-xss-protection: 0
server: cafe
etag: 8504628880869859743
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 07 Nov 2023 00:02:34 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B439 187 KB
59 KB 63ms
25ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com
URL: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b9525cf1689e64d66e6f6976db0f3f438a0390479356f50d3b691f09b79e28c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60190
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1698060838547238"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 24 Oct 2023 01:35:21 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B439 0
20 B 49ms
48ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=962214383161&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Oct 2023 01:35:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B439 0
20 B 51ms
50ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=962214383161&version=m202309260101&ct=76&x=1&cor=12980182633053864000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Oct 2023 01:35:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame B439 107 KB
41 KB 56ms
56ms Script
text/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Ah1NhceU2_EHFVcBZtzy95YjnpGCKcehUH6VtA5WWnY1PrRaVQkCd6a8bQKGT1h5b5V4VUgNgDGN2ub25XvALB29S5t-Katk7wd8i50ON41IdEUU0sjILfXkyglp61gBkt7gxe_OiVx6eAQHXTRc0mBHgbU80W8DA_G5Z5MwTQx0ca_7w&dbm_d=AKAmf-AAD8Gsz0mEwdIVBprxClRTTUM9lPGrsNQjera8QbyChAIZDeKa5l9pU4BOuA_8OF-gkq3jn_livBlmhSF29jgnbgH0dFYgQgnwNE5Lo6lrkfVBt_Ui1GKJI_jVNzdF7Geikd6mPpmH0hrYCXkutgrXfP8QesrOSX9pZqNSSuaUgLVnlH2-bJ1kDzf02BkAoYvj8XU1-A8eEXjde8HkzI_69OPZuH6X2oaAfQe2H50Cz07Xv4XJH6j5Vfz89l3b_m1PRmXDpBQiH7ygxeyQgNQdtGO4CS2P1pz1_EwTC96vCzOqHqHfgiPQSgqXQs5wOdWLLy6ULV0HMM-2bdWdTqEuwV2KmNfyLnT83xGrzhh4O5GnapRqlw76GFRXOdMzXIJ3tQ7FEbEyMct_C_24digLG9eswc2Zt8pVH6wMswnoaxatqNrotEdDlWGMXLNrW2eLupaneeCFeqt5R-B4DA9VHs-XaKJ4OuFtZ1xM_WbissJqH7lH-Sd8qfooxQwhys0zT2wzOO2IhddrPjNzBi6i7Hgbxc7v3L6X6P_ofeg0xOCtKMeZCqqe8q8OpNXVECqrvauLYdXbMZgYMRVo4vStRdwuoP87pSFFRUa5f0phqbJJ3_0v22AEH1FLlv5WyhdcsdMomCF5CMiS6DpaFHGgbgZvvIUPv_87SjggDgQYDeyhcbhSmwvNlgsmvvK8sKDDtzmrud--IvCdGuh6D065FyjZ6gGxqa7ECMtU3xX8L5dwrxfxhb65tVmay_LI_pKBwsvGTFbYPwsanMl51LP5Ma_4mU8Jx08r3p6x1fQaBTKZ3A4DTck9PjOVTT0RAkY4TMEr_gGx_WSUudS-7-22v93Zpfpv3zrF4e_Jde5tCJZpwnsHdWSskAHdZelOHpXm--mMHwX6DW_uO51k3gyJiXCXSOXgJSD3FayZelPZLOgsItGRiaKBTxvHvztppzgNM9o9xth8U2ADRybT7_QFwIKVZfv2KJbex8v84QVUdWBX-2Te7v2BnELmytqBh_53ZsRWCIBHKdDE6rVgtlE1SMDCqgazx5CVu_tiZEuJf9J-X5ns8PVzO1GNySutY6FnvTeGDej_SGoTm2LyKfOf1CgmOylXKX72KwtiJoURa6wzb1mt9C9ZpfNoLyITds6dJUTeLBQPEaRN5qFnDUG4g2g6A6BE2w6FfHHDji53yy-pPmsEzeXN-PpyWJ-vPY8LYV_dNAG_f4e-Gym5YEC_odIoVQRyu5-CsOp5nF07HwxwNXPlhiMaiN9SXOqlfkC_b_mRFi8bmqxbZwywz9k8fG3AhgE8L7a3kQMy4UgepXraMxtYDMomFzod2oKypAMZ-bk1YE5YQyTdhYoYdUHDsQMsgnxcchIjGaPF-mZGreiCavVh5T35wcPfs0QIWy96IAZftyWhftB-jehyQYMEoaC35_EcWJJBq-5OlNKtmLcbGb3m11TIXFu1WLkLJbP_Q8lXB4UEoY4bleyLMpTWM1tRP50boYYrBFshQM81M1enSlAjXoHayJI5Q4GC27Cse-AeFbE2PrfEknrjVBmqYROJAHMpXcd6jMVk_7SiRyb1sFM_HhRLpW-crFvRp3JMm6HULONzwVRn6qSqh3oS1o98cg6bIT6VxqQy9Ed4RkuL0mrxdplJ8e_0UquOoY-LhtkPT3vAu5VBNCUL_aKNkJ0GNgzJwcMO4a0QblpcnaNUjJxe6aaE6cJCN4XyMuAbCWIeLRnfECzHCwY1Aj2_Gx9f-9LuaoWQG7CSrTUctNLoyfmcmjTxW9SIuWNWadfdXhM6j5TlJz6ufENPHQnAcz4Ds8AO3C2dZMU3AuKayJmoxn_3lG2pbjqnLnO-e9hQVj4b_R0AWEt8DyaGOQrS8R8TWDp1z3ILofiBcDpH3VQ1nCHQMJrcTt8A3d0oW-PNZsZXNjtWzNpLpssnfkUIS8TdM52Gm4KIoPnhsG4eEdO7GZauzRoSGyC6AxViFeI2OgdzdL-ewmEHrL9u67zGDnOdIflckaRNDwvpNeS5wag1wLvbODcFT9IZZch2F0ShlCO870bhUlJkya__BZRBziULmfjCF26qCEONh8QI5xMceu7yYUuCZOlOiPZMFCTu-5lYEMYDTzKhnheb_0R552GBZYbf6K8XWDpB8c3gpB6OYlf5smSFCrhLF9fjtRL2Cz_Eph8gF09PNcZ8WbRDgr5WqJ8wtcccIZRc-dsMKlsCmbk3s50Gs9JEOO_gq9jAqb14c80bObTJSM0DdvhHNUEEdVx5V9y2CAZ5Oyu4xDr2DVFPdKj7NcbbwEyJjJlk22hh8-QlVnCn1nRvtaj2dHSF9wdPcJHSLvoiTH18B22BD8c3QVD1_8jHxmcxc-WYzAXFyoYCBRJUwILLLTywXaVFCzgzkq1-loYQOD_6t9NdUk0r0nkSs3V24frLzvgKEYtZXwpCA7iPnCNV-qA-BEIO-M0JFcS049zUF8bGBLhDsslpmVURruIqj5hznQBs7L0z6pVK29mpcu2nh_FvmRux_BMbU5iBwFz0EXpi4P37S9CM41-btof09B0WaBMdJGrgT325wHztykBfWnkeg3NZX68U73vxbcBjBpPE-O0dWNCRmUpNluqVJSqCgnN7WLh8ZV1BhiIggJG83IlL2UOmbVx9Mf1Gq4esDnN36A7K4x9AfFiPivRfELa6jKdHyLYk_3DCSl26u7L_oA9aDOxIvs5-uRqOpshUqU7r42YYDRyeZ_W5TaVow_wUDSkQJni-BqUeDy7d0mpxYFWNz_mCJrKa3-4cXhOTZqPB2zUSYz_q8CARQH5Op5hpMyjD3b-YScjrOEjn6Htb51VmTMTlOIblThhxrxpREeEtgKYN2Cmn3Z6I626yctIaMLcXrCkS_mLx5UScVWJVfIgmXIEP1BP_B3Ca1W4YcH-b6M2Jkv-0VgFPfrUcn2JZZFrxyNP77fg4n8lBtA2BwcKW3oMAhQmogDmbkREoEBxM2xRYMIXvlJ0DCxApF_-LK8HzHfZ8mwKl5VtnK9ArKA48BEX-gao-VRZaW28q34kjo7RryCCZQu_yalJ26nA0Rh74Oww43sZneG_ilw2ZUWsq59oqjXd5wCwS3f39fV81fQxzNo1Haps0mzoNNEDg0K5DsJOMkT-rPKzsiu6qUJkyqp96Dt6yQOYm5qMAqAk8GikkOPpNZHQwegbNJ7d6qtIRaIv1-cyqZZHcxe8XodpAX4ENXV-JeVizj0ElPX3z8p3WVfR0_7wCJC_SCnM4OCklXvTowmnQByVnQhLJKNBE2Hu7LENXfRTTCdHE2ZYgauA7qjAk6AiVsarz3KtJOrmbotcVAur2U2wpsPUsA0qQtLNz9LG9HXDPk4X9ahS9WBXQgd7SVAJFk04ieVmR-HNJgrWoXsH1ulLBXM7DuQ4t3I5M8a9oNCZEfeRKDWMdv2Yhq2bmCDxIEHRs45xo4l0rCXb7vnEKv067rvWH-J-sFrmT45PY6_BrowtleTlTesZm-B0ELHj9AOh82U7CPNHnRl6rsJLXxqrSiqCxyXpPz2PY9sLenMm6ORDLR-Sl0cvZC6hj1zXvLeUg1NzJoLq7QN1QoJu9zx-zo1QETJmzYyx3-ykthyBfs47VX9tyi97-hMpXryy53wblNPO2oQYjw8Hk_lFtHouyyc5DR0mBcMUWVK5nFTu0bFiM_jYBbMoMfX1vjtdnaA-nNp9g96eoE5ph7PMsIW_RG6eokZmnDBZDtg&cid=CAQSPADICaaNQtVnHg9SxHeI4mfJlkjotbWCZfkFuWEosUxWKqM2af7tj8zJ6vboWl3RRC_1Ec2Hxs_43gUKrhgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fobserver.com%2F&ds=l&xdt=1&iif=1&cor=12980182633053864000&adk=2228999115&idt=34&cac=0&dtd=14

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d8676d90cb91dbe085efaa1faa4255df96e5abef581b708027c508c8d3bc1566

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Oct 2023 01:35:21 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41883
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 070A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIIQifheV-BhfyIgDARUK1w&google_cver=1

43 B
770 B

22ms
22ms

Image
image/gif

104.18.27.193
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIIQifheV-BhfyIgDARUK1w&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGNTvr-kBMAE&v=APEucNVNnd9LoZR_-5eiaB_dOqSieNY2zHTlU3UJ9sMr1Z7q9FMZYcW9IsMpLuOfQPfQVs6KahOo6QsS18IhBX3rTnzDThb2ArcDd1gwgdNBcoSENZ6OKV-fpx1yHXuMeqMXUwD_iUKttcNMzqTwm81J2qQoYt8tZDbct4crL-AYuzUywkL7MYM
Protocol: H3
Server: 104.18.27.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Oct 2023 01:35:21 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wqg6buaxByl%2Fs4Q0N2RvJsXUcaIDkjSP2M9PGyCQcFSyS3oKj7ciObOEVkfC%2FrNbwMLTCVRSW0Ujgkucw5o8hqje%2BDTZMVICVpcVj0iXTuvgHBJgcNVHRA2Qt3GNpGbEGIAw4kyn%2FshNOg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 81ae7b8e6b79921a-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 24 Oct 2023 01:35:21 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIIQifheV-BhfyIgDARUK1w&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 070A
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZTcfWQ-vH73JtNUapDby-QAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIIQifheV-BhfyIgDARUK1w&google_cver=1

43 B
734 B

24ms
24ms

Image
image/gif

104.18.27.193
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIIQifheV-BhfyIgDARUK1w&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGNTvr-kBMAE&v=APEucNVNnd9LoZR_-5eiaB_dOqSieNY2zHTlU3UJ9sMr1Z7q9FMZYcW9IsMpLuOfQPfQVs6KahOo6QsS18IhBX3rTnzDThb2ArcDd1gwgdNBcoSENZ6OKV-fpx1yHXuMeqMXUwD_iUKttcNMzqTwm81J2qQoYt8tZDbct4crL-AYuzUywkL7MYM
Protocol: H3
Server: 104.18.27.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Oct 2023 01:35:21 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VZnLlxei2%2FDm%2FrwP%2B4PDlOmeS%2FcblTgqJ0Jp4217KtztBUa10LuMtStPmwtVJubRn3AZcsAjf%2BdFpQcrnRPpge%2Bb9ISRBJHVDlUytkvu0Wg2NTlin5MSeadrFKQDOcG1eJjY9RMAvUfGrA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 81ae7b8e9b92921a-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 24 Oct 2023 01:35:21 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIIQifheV-BhfyIgDARUK1w&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 070A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEMITD6SnwW5M3D1-nPxj0M4&google_cver=1

43 B
844 B

14ms
14ms

Image
image/gif

185.89.211.12
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEMITD6SnwW5M3D1-nPxj0M4&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGNTvr-kBMAE&v=APEucNVNnd9LoZR_-5eiaB_dOqSieNY2zHTlU3UJ9sMr1Z7q9FMZYcW9IsMpLuOfQPfQVs6KahOo6QsS18IhBX3rTnzDThb2ArcDd1gwgdNBcoSENZ6OKV-fpx1yHXuMeqMXUwD_iUKttcNMzqTwm81J2qQoYt8tZDbct4crL-AYuzUywkL7MYM

Protocol

Server

185.89.211.12 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Oct 2023 01:35:21 GMT
an-x-request-uuid: 34750a60-0a8e-4a61-8439-5e81aa9a54ea
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 178.162.209.140; 178.162.209.140; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 24 Oct 2023 01:35:21 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEMITD6SnwW5M3D1-nPxj0M4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 070A
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTE1OTExMzMyMzkzNDYzNzE3Mw%3D%3D

170 B
243 B

59ms
30ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTE1OTExMzMyMzkzNDYzNzE3Mw%3D%3D

Requested by

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Oct 2023 01:35:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 24 Oct 2023 01:35:21 GMT
an-x-request-uuid: 4bd21e1e-da1f-40d5-b02c-5f0255d751f6
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=OTE1OTExMzMyMzkzNDYzNzE3Mw%3D%3D
x-proxy-origin: 178.162.209.140; 178.162.209.140; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/1475223/71249329/ Frame B439 251 KB
76 KB 120ms
35ms Script
application/javascript 54.155.244.184
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/1475223/71249329/skeleton.js?ias_dspID=3&ias_campId=1012441042&ias_pubId=pub-3998824402121602&ias_chanId=1&ias_placementId=20111329642&bidurl=https://observer.com/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0h0ZYBEpsOBJPSKRfP_m5uI
Requested by: Host: observer.com
URL: https://observer.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.155.244.184 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-155-244-184.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6b894bc68450c2380d5bd6fbf04707c396a5e7e5274aae9ac43b942b32231465

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Oct 2023 01:35:21 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame B439 111 KB
39 KB 48ms
13ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/
Origin: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Mon, 23 Oct 2023 16:21:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 33204
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 24 Oct 2023 16:21:57 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20231017/r20110914/elements/html/ Frame B439 11 KB
4 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231017/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Ah1NhceU2_EHFVcBZtzy95YjnpGCKcehUH6VtA5WWnY1PrRaVQkCd6a8bQKGT1h5b5V4VUgNgDGN2ub25XvALB29S5t-Katk7wd8i50ON41IdEUU0sjILfXkyglp61gBkt7gxe_OiVx6eAQHXTRc0mBHgbU80W8DA_G5Z5MwTQx0ca_7w&dbm_d=AKAmf-AAD8Gsz0mEwdIVBprxClRTTUM9lPGrsNQjera8QbyChAIZDeKa5l9pU4BOuA_8OF-gkq3jn_livBlmhSF29jgnbgH0dFYgQgnwNE5Lo6lrkfVBt_Ui1GKJI_jVNzdF7Geikd6mPpmH0hrYCXkutgrXfP8QesrOSX9pZqNSSuaUgLVnlH2-bJ1kDzf02BkAoYvj8XU1-A8eEXjde8HkzI_69OPZuH6X2oaAfQe2H50Cz07Xv4XJH6j5Vfz89l3b_m1PRmXDpBQiH7ygxeyQgNQdtGO4CS2P1pz1_EwTC96vCzOqHqHfgiPQSgqXQs5wOdWLLy6ULV0HMM-2bdWdTqEuwV2KmNfyLnT83xGrzhh4O5GnapRqlw76GFRXOdMzXIJ3tQ7FEbEyMct_C_24digLG9eswc2Zt8pVH6wMswnoaxatqNrotEdDlWGMXLNrW2eLupaneeCFeqt5R-B4DA9VHs-XaKJ4OuFtZ1xM_WbissJqH7lH-Sd8qfooxQwhys0zT2wzOO2IhddrPjNzBi6i7Hgbxc7v3L6X6P_ofeg0xOCtKMeZCqqe8q8OpNXVECqrvauLYdXbMZgYMRVo4vStRdwuoP87pSFFRUa5f0phqbJJ3_0v22AEH1FLlv5WyhdcsdMomCF5CMiS6DpaFHGgbgZvvIUPv_87SjggDgQYDeyhcbhSmwvNlgsmvvK8sKDDtzmrud--IvCdGuh6D065FyjZ6gGxqa7ECMtU3xX8L5dwrxfxhb65tVmay_LI_pKBwsvGTFbYPwsanMl51LP5Ma_4mU8Jx08r3p6x1fQaBTKZ3A4DTck9PjOVTT0RAkY4TMEr_gGx_WSUudS-7-22v93Zpfpv3zrF4e_Jde5tCJZpwnsHdWSskAHdZelOHpXm--mMHwX6DW_uO51k3gyJiXCXSOXgJSD3FayZelPZLOgsItGRiaKBTxvHvztppzgNM9o9xth8U2ADRybT7_QFwIKVZfv2KJbex8v84QVUdWBX-2Te7v2BnELmytqBh_53ZsRWCIBHKdDE6rVgtlE1SMDCqgazx5CVu_tiZEuJf9J-X5ns8PVzO1GNySutY6FnvTeGDej_SGoTm2LyKfOf1CgmOylXKX72KwtiJoURa6wzb1mt9C9ZpfNoLyITds6dJUTeLBQPEaRN5qFnDUG4g2g6A6BE2w6FfHHDji53yy-pPmsEzeXN-PpyWJ-vPY8LYV_dNAG_f4e-Gym5YEC_odIoVQRyu5-CsOp5nF07HwxwNXPlhiMaiN9SXOqlfkC_b_mRFi8bmqxbZwywz9k8fG3AhgE8L7a3kQMy4UgepXraMxtYDMomFzod2oKypAMZ-bk1YE5YQyTdhYoYdUHDsQMsgnxcchIjGaPF-mZGreiCavVh5T35wcPfs0QIWy96IAZftyWhftB-jehyQYMEoaC35_EcWJJBq-5OlNKtmLcbGb3m11TIXFu1WLkLJbP_Q8lXB4UEoY4bleyLMpTWM1tRP50boYYrBFshQM81M1enSlAjXoHayJI5Q4GC27Cse-AeFbE2PrfEknrjVBmqYROJAHMpXcd6jMVk_7SiRyb1sFM_HhRLpW-crFvRp3JMm6HULONzwVRn6qSqh3oS1o98cg6bIT6VxqQy9Ed4RkuL0mrxdplJ8e_0UquOoY-LhtkPT3vAu5VBNCUL_aKNkJ0GNgzJwcMO4a0QblpcnaNUjJxe6aaE6cJCN4XyMuAbCWIeLRnfECzHCwY1Aj2_Gx9f-9LuaoWQG7CSrTUctNLoyfmcmjTxW9SIuWNWadfdXhM6j5TlJz6ufENPHQnAcz4Ds8AO3C2dZMU3AuKayJmoxn_3lG2pbjqnLnO-e9hQVj4b_R0AWEt8DyaGOQrS8R8TWDp1z3ILofiBcDpH3VQ1nCHQMJrcTt8A3d0oW-PNZsZXNjtWzNpLpssnfkUIS8TdM52Gm4KIoPnhsG4eEdO7GZauzRoSGyC6AxViFeI2OgdzdL-ewmEHrL9u67zGDnOdIflckaRNDwvpNeS5wag1wLvbODcFT9IZZch2F0ShlCO870bhUlJkya__BZRBziULmfjCF26qCEONh8QI5xMceu7yYUuCZOlOiPZMFCTu-5lYEMYDTzKhnheb_0R552GBZYbf6K8XWDpB8c3gpB6OYlf5smSFCrhLF9fjtRL2Cz_Eph8gF09PNcZ8WbRDgr5WqJ8wtcccIZRc-dsMKlsCmbk3s50Gs9JEOO_gq9jAqb14c80bObTJSM0DdvhHNUEEdVx5V9y2CAZ5Oyu4xDr2DVFPdKj7NcbbwEyJjJlk22hh8-QlVnCn1nRvtaj2dHSF9wdPcJHSLvoiTH18B22BD8c3QVD1_8jHxmcxc-WYzAXFyoYCBRJUwILLLTywXaVFCzgzkq1-loYQOD_6t9NdUk0r0nkSs3V24frLzvgKEYtZXwpCA7iPnCNV-qA-BEIO-M0JFcS049zUF8bGBLhDsslpmVURruIqj5hznQBs7L0z6pVK29mpcu2nh_FvmRux_BMbU5iBwFz0EXpi4P37S9CM41-btof09B0WaBMdJGrgT325wHztykBfWnkeg3NZX68U73vxbcBjBpPE-O0dWNCRmUpNluqVJSqCgnN7WLh8ZV1BhiIggJG83IlL2UOmbVx9Mf1Gq4esDnN36A7K4x9AfFiPivRfELa6jKdHyLYk_3DCSl26u7L_oA9aDOxIvs5-uRqOpshUqU7r42YYDRyeZ_W5TaVow_wUDSkQJni-BqUeDy7d0mpxYFWNz_mCJrKa3-4cXhOTZqPB2zUSYz_q8CARQH5Op5hpMyjD3b-YScjrOEjn6Htb51VmTMTlOIblThhxrxpREeEtgKYN2Cmn3Z6I626yctIaMLcXrCkS_mLx5UScVWJVfIgmXIEP1BP_B3Ca1W4YcH-b6M2Jkv-0VgFPfrUcn2JZZFrxyNP77fg4n8lBtA2BwcKW3oMAhQmogDmbkREoEBxM2xRYMIXvlJ0DCxApF_-LK8HzHfZ8mwKl5VtnK9ArKA48BEX-gao-VRZaW28q34kjo7RryCCZQu_yalJ26nA0Rh74Oww43sZneG_ilw2ZUWsq59oqjXd5wCwS3f39fV81fQxzNo1Haps0mzoNNEDg0K5DsJOMkT-rPKzsiu6qUJkyqp96Dt6yQOYm5qMAqAk8GikkOPpNZHQwegbNJ7d6qtIRaIv1-cyqZZHcxe8XodpAX4ENXV-JeVizj0ElPX3z8p3WVfR0_7wCJC_SCnM4OCklXvTowmnQByVnQhLJKNBE2Hu7LENXfRTTCdHE2ZYgauA7qjAk6AiVsarz3KtJOrmbotcVAur2U2wpsPUsA0qQtLNz9LG9HXDPk4X9ahS9WBXQgd7SVAJFk04ieVmR-HNJgrWoXsH1ulLBXM7DuQ4t3I5M8a9oNCZEfeRKDWMdv2Yhq2bmCDxIEHRs45xo4l0rCXb7vnEKv067rvWH-J-sFrmT45PY6_BrowtleTlTesZm-B0ELHj9AOh82U7CPNHnRl6rsJLXxqrSiqCxyXpPz2PY9sLenMm6ORDLR-Sl0cvZC6hj1zXvLeUg1NzJoLq7QN1QoJu9zx-zo1QETJmzYyx3-ykthyBfs47VX9tyi97-hMpXryy53wblNPO2oQYjw8Hk_lFtHouyyc5DR0mBcMUWVK5nFTu0bFiM_jYBbMoMfX1vjtdnaA-nNp9g96eoE5ph7PMsIW_RG6eokZmnDBZDtg&cid=CAQSPADICaaNQtVnHg9SxHeI4mfJlkjotbWCZfkFuWEosUxWKqM2af7tj8zJ6vboWl3RRC_1Ec2Hxs_43gUKrhgB&dv3_ver=m202309260101&rfl=https%3A%2F%2Fobserver.com%2F&ds=l&xdt=1&iif=1&cor=12980182633053864000&adk=2228999115&idt=34&cac=0&dtd=14

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Mon, 23 Oct 2023 18:00:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27296
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 17947678125179771625
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Nov 2023 18:00:25 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20231017/r20110914/ Frame B439 30 KB
11 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231017/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a860e393a22f7cd34a28120e6b5f9bdc433a1eeda614b995c6c22b395afcfbe6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Mon, 23 Oct 2023 18:00:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27296
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11591
x-xss-protection: 0
server: cafe
etag: 12161711247934188981
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 06 Nov 2023 18:00:25 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame B439 41 KB
13 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Wed, 18 Oct 2023 18:02:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 459158
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 17 Oct 2024 18:02:43 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 55A1 1 KB
643 B 15ms
14ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com
URL: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 33204
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 23 Oct 2023 16:21:57 GMT
etag: 48472445140208031
expires: Tue, 24 Oct 2023 16:21:57 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame B439 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f13aca355ac713d354ecc4b50f090fa86e2165710039cd263535d8a29ec0aadb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 3312 22 KB
8 KB 15ms
14ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 351166
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 20 Oct 2023 00:02:35 GMT
expires: Sat, 19 Oct 2024 00:02:35 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/2458488530850232588/ Frame D091 6 KB
2 KB 78ms
25ms Document
text/html 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/2458488530850232588/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a86c0048a2ccbbfd7de0e54170a8ba46f3b12bfd334e005c74b894061caf188c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 465446
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2166
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Wed, 18 Oct 2023 16:17:55 GMT
expires: Thu, 17 Oct 2024 16:17:55 GMT
last-modified: Wed, 28 Jun 2023 11:47:35 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame B439 0
0 140ms
66ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvYmjqtnYfx7mTU-YJbLr0j-CIDRiYPM1xvJXek-fQAISaW34g9Y9Xe-XCE0938M53TL-ukLjvE_kFPyL8M-_ZdZUPdMD5L7O4E1NnPKFrY_QuftdfxssAXm0y6ePozuCZmSXSuXLRrF6r4Plxr2lXffgZqgdtWA2nD3fLYzSo_xRkEeh6d94z_mYq3FlOMSBA6pVsKoTNqmmyAH8CaoK8o4G_30TN1lVWkSoUY4WE_Lk_M_yGJGbmLPUrb95e-2543INg92JLLbbhg2456F1dqgDYTaDP_KEH8JNk6dywBO9Non5YIOejgr4oben2lX7f8D0nQGO3AsVeHEVDA-akcBok3aR-EjiWQHoznlt3HtJeH91EZLpS8gJYFJH1MbygbAytaQJuOD7lFNks9jo9J3ePXikl1J95ZYxKi9R2uttV4Kv5WRuVND_X_L8eMMvC6kYXl3RE9-VX8PTd76jse2BnsE5EJHL-Cm-7YON8II0zOrTheAoKAxf_TwFXqY0GRT3OFfCypZk-AnYZnmNd_9-m1tWz2TZU3Gb7Ml4K3gPA27tUdJ7GAkVKQxJRZCFzBVpb8qDx6iDX_B4ShllEgKBl_b0Jkj0f8gSEe16VrPPoy4ijfR1Zwr_yJUDb_k_jw7n54T0Oj2IXJ4FCsNctG8xxMp0SfaBIxLX4E27as6D6T9FizPqwOlUB1lJhQHbMwTsKZX4FFzLNZ8dWSDd1_EZT4ywhvvdHd6F9ykGZv-BoA99KFJSodV-jRAVCqUTLtaXXH0jtZwFb24_Us3PHth0MvyujDMSvHl5773f98COZS8eGIK6OtrPvXpMWDmnenDblmIcmHFg2pwfhmkwDQL4_z8JPBK7HaXjR9-OC2SfjOvqE9XQ75gslIkzpuFlXLWzuNI-LXZdURoEH2JUubV2mYgcSJn7gcYSnxJkryDLVHtO6cMRlelxwdR_YjKskTd61QMUze9iooPfoMzET8AZBK0q7U4DO2eGubtBeJHDNU9nWtluQq21vd92Wk4wTu1cmqRQBoE3xPWTVu-Lq0kWpCVFbmiuqsb3vhsyAdEA_QX6jdNwu83p5ZVcUZiy6dXP4uueuUSzdnqEe76OUYu0weaa93gnE3qapwQkqe7TSaftvJ6MmrJyW9Gy5Iq3PZ9SCWteT_-JC_tPlw-EV_qTS35JYGN8pdnE8bRB3eC4LjQurATmMrldvLd9pPERnbpH3AffZR_mpBY5CMwNqwwqxfCiFya235ENVKHc52K5vfo-dS8POWu0IgSbzFo1C0ohfPQTF7k407v_8akUcovBtSNpfNNFznIXJJGr3zG4Zf1W16bv8Jz8XwsuFhVIpX6y1dvzne0kcOUJVnxhip2uxaj8tHoGol-rFUbRXyflQEOX2DRxckWeagZIKSyqtymlJLd0DkqY30IoYVUZNnZnTCUKsWbg&sai=AMfl-YTr_9DYnodaCMOWoDmB6-asgATxrmlqqteWYaq3B_ENSg-3BnxHe3OOd1FqJtyYKtQTQOtoCUKNWYjEvmJXeheCPlW5nYH9bJFOMfdz9CnOXyVPhT4EBxpleP1TRhrMO0XaBKQA1qy7WlVPdGvbpuz979Wns0MaNEvTmoXuYDsnCa53Onw9frR3uRMZRR2Zx9w5LJCG-NL4x4VF9mxy-duwHPdWBl_FiVPm0GVwnZkcJGBNRX9R8HeX-A6trog681-n6S8&sig=Cg0ArKJSzLOfbpYw_ta6EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=122&cbvp=1&cstd=119&cisv=r20231017.65925&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 24 Oct 2023 01:35:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame 55A1
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESENq4WwJ78f2Zfn1MxutdGoA&google_cver=1&google_push=AXcoOmSc17WGVsI0gVO-GdYVjApMPS2BwfvNiIIC8zbx1O3F5CJUfbynqXlmDIcjphGtkvddHlAfD1vsDIpxse1CVmYzdoJhonfj&...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESENq4WwJ78f2Zfn1MxutdGoA&google_cver=1&google_push=AXcoOmSc17WGVsI0gVO-GdYVjApMPS2BwfvNiIIC8zbx1O3F5CJUfbynqXlmDIcjphGtkvddHlAfD1vsDIpxse1CVmYzdoJhonf...

43 B
422 B

164ms
163ms

Image
image/gif

2606:4700::6812:19ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESENq4WwJ78f2Zfn1MxutdGoA&google_cver=1&google_push=AXcoOmSc17WGVsI0gVO-GdYVjApMPS2BwfvNiIIC8zbx1O3F5CJUfbynqXlmDIcjphGtkvddHlAfD1vsDIpxse1CVmYzdoJhonfj&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmSc17WGVsI0gVO-GdYVjApMPS2BwfvNiIIC8zbx1O3F5CJUfbynqXlmDIcjphGtkvddHlAfD1vsDIpxse1CVmYzdoJhonfj%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: 839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com
URL: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 2606:4700::6812:19ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Oct 2023 01:35:21 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 81ae7b903fd95c9e-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 24 Oct 2023 01:35:21 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 822
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESENq4WwJ78f2Zfn1MxutdGoA&google_cver=1&google_push=AXcoOmSc17WGVsI0gVO-GdYVjApMPS2BwfvNiIIC8zbx1O3F5CJUfbynqXlmDIcjphGtkvddHlAfD1vsDIpxse1CVmYzdoJhonfj&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmSc17WGVsI0gVO-GdYVjApMPS2BwfvNiIIC8zbx1O3F5CJUfbynqXlmDIcjphGtkvddHlAfD1vsDIpxse1CVmYzdoJhonfj%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 81ae7b8f2f335c9e-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 55A1
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESECgtdH_M-Xqdl-OsrWcwo7M&google_cver=1&google_push=AXcoOmRVgHGBG3otLW42XiHn3eNgFYCeX5hCmpkbEc1Ikg-jY7bAIYZou9DWnIHA_5Gq9KfE7-R9nPlS7xg...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmRVgHGBG3otLW42XiHn3eNgFYCeX5hCmpkbEc1Ikg-jY7bAIYZou9DWnIHA_5Gq9KfE7-R9nPlS7xgVrEOQcJ8KVLm6U_4Y&google_hm=Ib0sc3flSfWUCm0LCIVjXow

170 B
188 B

27ms
26ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmRVgHGBG3otLW42XiHn3eNgFYCeX5hCmpkbEc1Ikg-jY7bAIYZou9DWnIHA_5Gq9KfE7-R9nPlS7xgVrEOQcJ8KVLm6U_4Y&google_hm=Ib0sc3flSfWUCm0LCIVjXow

Requested by

Host: 839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com
URL: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Oct 2023 01:35:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 24 Oct 2023 01:35:20 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AXcoOmRVgHGBG3otLW42XiHn3eNgFYCeX5hCmpkbEc1Ikg-jY7bAIYZou9DWnIHA_5Gq9KfE7-R9nPlS7xgVrEOQcJ8KVLm6U_4Y&google_hm=Ib0sc3flSfWUCm0LCIVjXow
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 55A1
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESECTZNL1_wZl8Qc6kipuD17s&google_cver=1&google_push=AXcoOmTx-xIbnwjPD_orYEEe1JlEr0bACe9F6F1hKIh-Hi2O46wAAABHmJHIaJHuZ-Q5nXgnipeTrFIYs9SUUaZGFGDg6Iv...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESECTZNL1_wZl8Qc6kipuD17s&google_cver=1&google_push=AXcoOmTx-xIbnwjPD_orYEEe1JlEr0bACe9F6F1hKIh-Hi2O46wAAABHmJHIaJHuZ-Q5nXgnipeTrFIYs9SUUaZGFGDg6...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmTx-xIbnwjPD_orYEEe1JlEr0bACe9F6F1hKIh-Hi2O46wAAABHmJHIaJHuZ-Q5nXgnipeTrFIYs9SUUaZGFGDg6Ivc10l5

170 B
188 B

25ms
25ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmTx-xIbnwjPD_orYEEe1JlEr0bACe9F6F1hKIh-Hi2O46wAAABHmJHIaJHuZ-Q5nXgnipeTrFIYs9SUUaZGFGDg6Ivc10l5

Requested by

Host: 839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com
URL: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Oct 2023 01:35:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmTx-xIbnwjPD_orYEEe1JlEr0bACe9F6F1hKIh-Hi2O46wAAABHmJHIaJHuZ-Q5nXgnipeTrFIYs9SUUaZGFGDg6Ivc10l5
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame 55A1 43 B
363 B 66ms
14ms Image
image/gif 178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmTKPWfCeE4Ocio3TbwgdeDV_0x0AHKYTfMCeFtp-0rNoMr3ZsrcqDzh0q2p6sqYG_X8Qnl5C0DCkhixHEoKhZ6ct47Wsbwy&google_gid=CAESEBtWqwE2d7YO7h-xejOTNLE&google_cver=1

Requested by

Host: 839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com
URL: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Oct 2023 01:35:21 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 208091
expires: Tue, 24 Oct 2023 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 55A1
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=0xUZJCjaRzy3_cCoUoWNcA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

25ms
25ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=0xUZJCjaRzy3_cCoUoWNcA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AXcoOmQVLUklIGYXvve087BmubVDJof-mgaZ4UO7HqFb-idkx0sAuvSTKtNRR6OFcWjgeySAdXoDJ2opuUVd8ywQlqmm2dvM5iNH

Requested by

Host: 839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com
URL: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Oct 2023 01:35:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=0xUZJCjaRzy3_cCoUoWNcA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AXcoOmQVLUklIGYXvve087BmubVDJof-mgaZ4UO7HqFb-idkx0sAuvSTKtNRR6OFcWjgeySAdXoDJ2opuUVd8ywQlqmm2dvM5iNH
date: Tue, 24 Oct 2023 01:35:20 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 55A1
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEIU7yLCWReGYlMhi5z4H4Wc&google_cver=1&google_push=AXcoOmTiNpboycK6EXQvLOrM3kpKlS1yw2uWjRvjlnV28k56mkgc2MQ6kmPWHX2qns8t0Mrf4bbAKNkWcyvrlrkO5...
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEIU7yLCWReGYlMhi5z4H4Wc&google_cver=1&google_push=AXcoOmTiNpboycK6EXQvLOrM3kpKlS1yw2uWjRvjlnV28k56mkgc2MQ6kmPWHX2qns8t0Mrf4bbAKNkWcyvrlrkO5...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AXcoOmTiNpboycK6EXQvLOrM3kpKlS1yw2uWjRvjlnV28k56mkgc2MQ6kmPWHX2qns8t0Mrf4bbAKNkWcyvrlrkO5ZosgSAuZNY&google_hm=HiXfvGZHtNEve7bUTAW9_rwI

170 B
188 B

25ms
25ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AXcoOmTiNpboycK6EXQvLOrM3kpKlS1yw2uWjRvjlnV28k56mkgc2MQ6kmPWHX2qns8t0Mrf4bbAKNkWcyvrlrkO5ZosgSAuZNY&google_hm=HiXfvGZHtNEve7bUTAW9_rwI

Requested by

Host: 839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com
URL: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Oct 2023 01:35:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Tue, 24 Oct 2023 01:35:21 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=AXcoOmTiNpboycK6EXQvLOrM3kpKlS1yw2uWjRvjlnV28k56mkgc2MQ6kmPWHX2qns8t0Mrf4bbAKNkWcyvrlrkO5ZosgSAuZNY&google_hm=HiXfvGZHtNEve7bUTAW9_rwI
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap7ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H2 200 https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25
x.bidswitch.net/check_uuid/ Frame 55A1 43 B
146 B 123ms
8ms Image
image/gif 18.196.230.223
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEJwjajw3mjSy31O4x0nyMv8&google_cver=1&google_push=AXcoOmQnM_6W0AHrAOgBVRoupR5nqBkPghlt2_DxLAR-NhkT4FTpNRh_81WWlQ4jL9g4J6m2FWPl06DKz_FAFeJhrgOQv8iZTU7DLA
Requested by: Host: 839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com
URL: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.230.223 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-196-230-223.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:21 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 55A1 0
12 B 31ms
30ms Image
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LlkTSUvLsTkLRoFQphgW3JGBmizLBK_Nowdt-SRnm2Corb-E1YpEKB33-TlUzZmHVahcIWmA

Requested by

Host: 839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com
URL: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:21 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 v1 Show response
lb.eu-1-id5-sync.com/lb/ 33 B
272 B 65ms
17ms Fetch
application/json 141.95.98.65
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://lb.eu-1-id5-sync.com/lb/v1

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.95.98.65 , France, ASN16276 (OVH, FR),

Reverse DNS

ns3216659.ip-141-95-98.eu

Software

Resource Hash

b789904f1040c2ffaa49c39466ca30151485a1755e8af916d5c08fff599a4d61

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

access-control-allow-origin: https://observer.com
date: Tue, 24 Oct 2023 01:35:21 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
content-type: application/json;charset=UTF-8

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 50ms
50ms Image
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202310190101&jk=3481892187952406&bg=!Tk2lTQLNAAbDUgby41I7ADQBe5WfOEPwBgFliNizZTfWbn7AqaFYzzbkDxLAl6K7GcwXXGwuMYOQTOYxeNjHSzZwgX3xAgAAAGRSAAAABGgBBwoAqr0D2LyK1C7XReYqAeLKMINCC1AkBM8WyVMmz_0cXGkiDa5WvXpEylwM0EofPCN1_S5dWVtgX9rUiGw1r1k-zT2M4HQx3bYhxFfPnUSVuvMfaYiBEiJYcsuJYTF37dCTqjytuRZ1BFYvvvrZl8_DXwVNhEnqYeiEBFLYeh5z-NR37EyG1OBOLxNQSgj6VTrrdu_hrewnsfm4vZuAWks_vuP4eQuWFx6oJyyKmQK-yrzd8RYgO96uA2hKYMuC85zsOXBaTbrggKnrasEFhpwbdRj64DzvnlkdekuyjJnio99LLDQDYXzZQp-wz_gctoDEXPYKrkxufcKLb9FtFqIgQXA_EAlR6sCyLGzDZcnMbfs5Tp452YkyGJV-mmxpZTtrdfjn1VtsHn21qWIw4iDheNAc-_ITUJS5Fsa7lUIG2LBe3Jw2V5Oi29FXkC13rJpOrfp-BOV5nv0LZeVvTxIIB6rPnLPwOb58pHJZSQS7gmaVhEFjOsdCICj8uQP3ZFsUDb8fSrJZf8ilK6SeOvd6dp3oHDCc4OjxVR_vJ0rrpQUHCALe2ZFf9mVfk47Uv0ufp99zYz6kuVZB6zaQ5IeTWQ0duxNcIQyEeI8D4GWn1pAA_IeOGIrRkeQofsX7KdOT_gs8TTqmq6Qodh9EITPJoqpaajx0P5bCJiMkhM6YnwtvejWbu6zF8Rv17BzQ3sshe0UHLsrwhV0U7ZGzkoqw3IkVEAAckf1rffLfPV8CkJoYhIvqb1xLCDPvOem-7ppZ-gHpTk-_9duLAHBi5O0j0dKu9xLkKUWkuCMjyu0iU8rPR5fen-8GtaDiozxxeByXRGjrnbJ-DQwQywcfJ743D2M9hkkesN5f5WJLLuRdPCq0IYjGHQel2gbYq4BuGo1BI7nB6UndaS9xv3aeOF78ThIbX0qPzk4dA2gsQU5hl69A5l7aASipOXy5si9aM3F0MVm226PKgrYHP9F3LSfmD71kyuV3wU55Dm2BOYA4QiTQWMeOtGuZ7OmN657nZW_pYjg62S1k57bRkZlvwBa3SDC9yMV0jzxmsN_WPxbfDzpKvbc3VVE8e0dThJohWPfbeLhign-HgPmirEuuImagq--dYAmbjb_5SNrFWc26rEg2IR9BGYMHg_9KJlzKiTjQCMwGWHt_9V5-bU1P
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

GET
H3 200 gkc7GkOx0NjYAbDEAjG_3nA6cC9mq0x3jEC3r4qNpAU.js Show response
pagead2.googlesyndication.com/bg/ Frame 3312 37 KB
14 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/gkc7GkOx0NjYAbDEAjG_3nA6cC9mq0x3jEC3r4qNpAU.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

82473b1a43b1d0d8d801b0c40231bfde703a702f66ab4c778c40b7af8a8da405

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 18:04:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 545427
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14604
x-xss-protection: 0
last-modified: Mon, 16 Oct 2023 11:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 16 Oct 2024 18:04:54 GMT

GET
H2

200

4.js Show response
static.adsafeprotected.com/ Frame B439
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/1475223/71249329/4.js?ias_dspID=3&ias_campId=1012441042&ias_pubId=pub-3998824402121602&ias_chanId=1&ias_placementId=20111329642&bidurl=https://observer.com/&ia...
https://static.adsafeprotected.com/4.js?adContainerId=brand_safety_WR83ZfSZDbSa9u8PibSZ8A0&cbFunctionName=goog_wrapCb_WR83ZfSZDbSa9u8PibSZ8A0&true_pb=

1 KB
1 KB

8ms
7ms

Script
application/javascript

2600:9000:223f:3c00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/4.js?adContainerId=brand_safety_WR83ZfSZDbSa9u8PibSZ8A0&cbFunctionName=goog_wrapCb_WR83ZfSZDbSa9u8PibSZ8A0&true_pb=
Requested by: Host: 839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com
URL: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 2600:9000:223f:3c00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 27564fe0e5a95c61c9fbd45ecdb0a0a640fbb320bb64a54f3307a52fe96f86e4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Mon, 23 Oct 2023 16:39:30 GMT
x-amz-version-id: mHBjLsMIuCNNIVpCWDngqGTWDqW4SHoI
content-encoding: gzip
via: 1.1 edffe6978db53d114a80cda421e0b6b8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 32152
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Mon, 23 Oct 2023 16:39:28 GMT
server: AmazonS3
etag: W/"33dffa7df253125904b2f354b5bb5e8d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
x-amz-cf-id: DDmWzTRp8t_gByqz3JpH2sFGr4B_O03SZO1Gr8D0R5h2867BZr1AcA==

Redirect headers

pragma: no-cache
date: Tue, 24 Oct 2023 01:35:21 GMT
server: nginx
x-server-name: app02.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/4.js?adContainerId=brand_safety_WR83ZfSZDbSa9u8PibSZ8A0&cbFunctionName=goog_wrapCb_WR83ZfSZDbSa9u8PibSZ8A0&true_pb=
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame B0EF 91 KB
23 KB 9ms
9ms Script
application/javascript 2600:9000:223f:3c00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: 839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com
URL: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:3c00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 00:09:11 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 edffe6978db53d114a80cda421e0b6b8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 2856371
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: x-UmzXQCLDkF2H8Y9ZQ_k0aMduQgZx9okz4Ss8U4REX8kaH847YtIA==

GET
H2 200 createjs.min.js Show response
code.createjs.com/1.0.0/ Frame D091 236 KB
63 KB 59ms
16ms Script
text/javascript 2a02:26f0:3500:11::215:14cb
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://code.createjs.com/1.0.0/createjs.min.js
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2458488530850232588/index.html?ev=01_250
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:3500:11::215:14cb Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Apache /
Resource Hash: e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:21 GMT
content-encoding: gzip
server: Apache
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=900
x-n: S
accept-ranges: bytes
expires: Tue, 24 Oct 2023 01:50:21 GMT

GET
H3 200 index.js Show response
s0.2mdn.net/sadbundle/2458488530850232588/ Frame D091 187 KB
31 KB 25ms
25ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/2458488530850232588/index.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/2458488530850232588/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

19717cf28a940827af44d1cb713bd9dd120b65b13a5a6d987b06166e3b9d4e48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2458488530850232588/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Wed, 18 Oct 2023 16:17:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 465446
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31999
x-xss-protection: 0
last-modified: Wed, 28 Jun 2023 11:47:35 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 17 Oct 2024 16:17:55 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame B439 43 B
216 B 544ms
177ms Image
image/gif 2600:1f13:800:7782:f28c:b957:84f:ac7e
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1475223&asId=b27a1c48-84b0-d9cb-f42f-50b8776212f4&tv=%7Bc:rVoGGf,pingTime:-3,time:90,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:970,h:250,t:37%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:90,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:37,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:sp,cc:0.0.970.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B80~0%5D,as:%5B80~970.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tTz037H+111%7C12%7C13%7C14%7C15*.1475223-71249329%7C151%7C152%7C153%7C154,idMap:15*,rmeas:1,rend:0,renddet:DIV,siq:39%7D&br=c
Requested by: Host: 839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com
URL: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:f28c:b957:84f:ac7e Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Oct 2023 01:35:22 GMT
server: nginx
x-server-name: dt09.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame B439 43 B
215 B 542ms
179ms Image
image/gif 2600:1f13:800:7782:f28c:b957:84f:ac7e
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1475223&asId=b27a1c48-84b0-d9cb-f42f-50b8776212f4&tv=%7Bc:rVoGGg,pingTime:-6,time:91,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:91,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:37,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:sp,cc:0.0.970.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B81~0%5D,as:%5B81~970.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tTz037H+111%7C12%7C13%7C14%7C15*.1475223-71249329%7C151%7C152%7C153%7C154,idMap:15*,rmeas:1,rend:0,renddet:DIV,siq:39%7D&tpiLookup=ao:observer.com*&br=c
Requested by: Host: 839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com
URL: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:f28c:b957:84f:ac7e Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Oct 2023 01:35:22 GMT
server: nginx
x-server-name: dt10.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

POST
H3 200 state Show response
api.permutive.com/v1.0/ 0
34 B 52ms
52ms XHR
text/plain 34.107.254.252
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v1.0/state?fetch_unseen=true&k=6b8d2782-a057-45b2-b2fd-5e7238c30400
Requested by: Host: 3b5c18b9-96b7-48e4-a3ef-011eb84a970d.edge.permutive.app
URL: https://3b5c18b9-96b7-48e4-a3ef-011eb84a970d.edge.permutive.app/3b5c18b9-96b7-48e4-a3ef-011eb84a970d-web.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://observer.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: *
date: Tue, 24 Oct 2023 01:35:21 GMT
content-encoding: gzip
via: 1.1 google
server: Permutive
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20

GET
H2 200 dt
dt.adsafeprotected.com/ Frame B439 43 B
215 B 527ms
178ms Image
image/gif 2600:1f13:800:7782:f28c:b957:84f:ac7e
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1475223&asId=b27a1c48-84b0-d9cb-f42f-50b8776212f4&tv=%7Bc:rVoGGx,pingTime:-2,time:108,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:375,beZ:376,mfA:380,cmA:382,inA:383,inZ:389,prA:389,prZ:404,si:413,poA:414,poZ:445,cmZ:445,mfZ:445,loA:465,loZ:469,ltA:482,ltZ:482%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:970.250,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:970,h:250,t:37%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:108,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:37,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:sp,cc:0.0.970.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B98~0%5D,as:%5B98~970.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tTz037H+111%7C12%7C13%7C14%7C15*.1475223-71249329%7C151%7C152%7C153%7C154,idMap:15*,pd:0YtC.internal-nacl-plugin,rmeas:1,rend:0,renddet:DIV,siq:39,sinceFw:68,readyFired:true%7D&br=c
Requested by: Host: 839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com
URL: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:f28c:b957:84f:ac7e Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Oct 2023 01:35:22 GMT
server: nginx
x-server-name: dt12.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

POST
H2 200 v2 Show response
id5-sync.com/gm/ 275 B
553 B 66ms
19ms XHR
application/json 141.95.98.65
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/gm/v2

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.95.98.65 , France, ASN16276 (OVH, FR),

Reverse DNS

ns3216659.ip-141-95-98.eu

Software

Resource Hash

42e4be0e2f7369d177c194c77489a2393c34862c2bcd2d1168ba4245670daa18

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://observer.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://observer.com
date: Tue, 24 Oct 2023 01:35:21 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
content-type: application/json;charset=UTF-8

GET
H3 200 index_atlas_P_1.png
s0.2mdn.net/sadbundle/2458488530850232588/images/ Frame D091 19 KB
19 KB 26ms
25ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2458488530850232588/images/index_atlas_P_1.png

Requested by

Host: 839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com
URL: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9db4c72c5204046d62a6a54368276979748d9223763854ed222cf81d6417e114

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2458488530850232588/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Wed, 18 Oct 2023 16:17:55 GMT
x-content-type-options: nosniff
age: 465446
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19773
x-xss-protection: 0
last-modified: Wed, 28 Jun 2023 11:47:35 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 17 Oct 2024 16:17:55 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame B439 0
0 54ms
53ms Fetch
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvYmjqtnYfx7mTU-YJbLr0j-CIDRiYPM1xvJXek-fQAISaW34g9Y9Xe-XCE0938M53TL-ukLjvE_kFPyL8M-_ZdZUPdMD5L7O4E1NnPKFrY_QuftdfxssAXm0y6ePozuCZmSXSuXLRrF6r4Plxr2lXffgZqgdtWA2nD3fLYzSo_xRkEeh6d94z_mYq3FlOMSBA6pVsKoTNqmmyAH8CaoK8o4G_30TN1lVWkSoUY4WE_Lk_M_yGJGbmLPUrb95e-2543INg92JLLbbhg2456F1dqgDYTaDP_KEH8JNk6dywBO9Non5YIOejgr4oben2lX7f8D0nQGO3AsVeHEVDA-akcBok3aR-EjiWQHoznlt3HtJeH91EZLpS8gJYFJH1MbygbAytaQJuOD7lFNks9jo9J3ePXikl1J95ZYxKi9R2uttV4Kv5WRuVND_X_L8eMMvC6kYXl3RE9-VX8PTd76jse2BnsE5EJHL-Cm-7YON8II0zOrTheAoKAxf_TwFXqY0GRT3OFfCypZk-AnYZnmNd_9-m1tWz2TZU3Gb7Ml4K3gPA27tUdJ7GAkVKQxJRZCFzBVpb8qDx6iDX_B4ShllEgKBl_b0Jkj0f8gSEe16VrPPoy4ijfR1Zwr_yJUDb_k_jw7n54T0Oj2IXJ4FCsNctG8xxMp0SfaBIxLX4E27as6D6T9FizPqwOlUB1lJhQHbMwTsKZX4FFzLNZ8dWSDd1_EZT4ywhvvdHd6F9ykGZv-BoA99KFJSodV-jRAVCqUTLtaXXH0jtZwFb24_Us3PHth0MvyujDMSvHl5773f98COZS8eGIK6OtrPvXpMWDmnenDblmIcmHFg2pwfhmkwDQL4_z8JPBK7HaXjR9-OC2SfjOvqE9XQ75gslIkzpuFlXLWzuNI-LXZdURoEH2JUubV2mYgcSJn7gcYSnxJkryDLVHtO6cMRlelxwdR_YjKskTd61QMUze9iooPfoMzET8AZBK0q7U4DO2eGubtBeJHDNU9nWtluQq21vd92Wk4wTu1cmqRQBoE3xPWTVu-Lq0kWpCVFbmiuqsb3vhsyAdEA_QX6jdNwu83p5ZVcUZiy6dXP4uueuUSzdnqEe76OUYu0weaa93gnE3qapwQkqe7TSaftvJ6MmrJyW9Gy5Iq3PZ9SCWteT_-JC_tPlw-EV_qTS35JYGN8pdnE8bRB3eC4LjQurATmMrldvLd9pPERnbpH3AffZR_mpBY5CMwNqwwqxfCiFya235ENVKHc52K5vfo-dS8POWu0IgSbzFo1C0ohfPQTF7k407v_8akUcovBtSNpfNNFznIXJJGr3zG4Zf1W16bv8Jz8XwsuFhVIpX6y1dvzne0kcOUJVnxhip2uxaj8tHoGol-rFUbRXyflQEOX2DRxckWeagZIKSyqtymlJLd0DkqY30IoYVUZNnZnTCUKsWbg&sai=AMfl-YTr_9DYnodaCMOWoDmB6-asgATxrmlqqteWYaq3B_ENSg-3BnxHe3OOd1FqJtyYKtQTQOtoCUKNWYjEvmJXeheCPlW5nYH9bJFOMfdz9CnOXyVPhT4EBxpleP1TRhrMO0XaBKQA1qy7WlVPdGvbpuz979Wns0MaNEvTmoXuYDsnCa53Onw9frR3uRMZRR2Zx9w5LJCG-NL4x4VF9mxy-duwHPdWBl_FiVPm0GVwnZkcJGBNRX9R8HeX-A6trog681-n6S8&sig=Cg0ArKJSzLOfbpYw_ta6EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=380&vt=11&dtpt=258&dett=3&cstd=119&cisv=r20231017.65925&vwbs=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H/1.1 200
OK load.js Show response
s.ntv.io/serve/ 614 KB
163 KB 65ms
18ms Script
application/x-javascript 23.212.213.167
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.ntv.io/serve/load.js?ver=1.0.0
Requested by: Host: observer.com
URL: https://observer.com/wp-content/plugins/xcurrent/assets/js/script-queue.js?ver=bebcad848e998ab9ae82c8431c754b8a
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.212.213.167 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-212-213-167.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: c39132857ba1f8dce335c6f2c350d01ff1e6864bb04b15150ce52f0f46d8c3f3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date: Tue, 24 Oct 2023 01:35:21 GMT
Content-Encoding: gzip
x-amz-request-id: 6Z5R42T43GH0RYZE
x-amz-server-side-encryption: AES256
Transfer-Encoding: chunked
Connection: keep-alive, Transfer-Encoding
x-amz-id-2: 2cN3jvEQH6BZnfoDwF6tDJHvnyXKanGw9q7yn5/BKvEnz8bBllPRp9qVh3ZExzmTS/ykZgbWYIQ=
Last-Modified: Mon, 09 Oct 2023 20:42:42 GMT
Server: AmazonS3
ETag: "f5d07a2c15f76a429bfac37e4fd5fb90"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H3 200 index_atlas_NP_1.jpg
s0.2mdn.net/sadbundle/2458488530850232588/images/ Frame D091 113 KB
113 KB 26ms
26ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/2458488530850232588/images/index_atlas_NP_1.jpg

Requested by

Host: 839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com
URL: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3c62d8a3fd2c71c138f26eed2adff510f4fdee339f91e8074705598164793f88

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/2458488530850232588/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Wed, 18 Oct 2023 16:17:55 GMT
x-content-type-options: nosniff
age: 465446
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 115808
x-xss-protection: 0
last-modified: Wed, 28 Jun 2023 11:47:35 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 17 Oct 2024 16:17:55 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3312 0
20 B 52ms
51ms Image
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BfCXFWR83ZfSZDbSa9u8PibSZ8A0AAAAAOAHgBAI&bg=!BQalBknNAAY5nEQaGZw7ADQBe5WfOCf5RWu3n-6fwiBO1w_DXT-9X5frwgDHjhr8F2NMWXUeV-HpO0wbtqK0pFAIClKvAgAAAIFSAAAABGgBBwoAIEKpAz9sCxYdMfltTRNOLeuIdU92wt85sZnP9EkPTHItmQMbV0_zu_JEPjTHZSx1-9bWBj0LBRaAD2dG9HB6DQFPU1lAphXb2iucfFTUhHYd4nOvpZi_Yn55bj734yc5MlaZUNTHimUWyVS6C9Y8VVSu4LXzoCrvvom2AZrPgPK4exMgE7uKWhO5ES8S42FnGntMQzkohyWJ7XEEO7Jo1eMUT7ED8_5y0k0JVbOEzIX-WBW85Nx6OqiGKVMpK-acoHY_wlGOWYUVavHp5q074QrRahChFx5KwbAGZG6Y8YPAljxiHzX_Goo-6Nqsf-ZSrJXyJ-JvgSLU80KoxAcFJ-XFAZnhTSHEta3zGwaN9s_HBMsIkJIaf3Ed-lDj9rHrO2HPBkjCG_5yVHfPVy8uQmUcfEzXddROtDBN37_pE1laBZaWofUyPyWnWy8c-6qQPEvTgKCdcND389GYQRBzmirClqpg2ywDEcsRU0ycnAf339Fh2kFhWrRQX9k2VbUU5RtwXM70ZNOiymguBPOVE5xjCO2O-gk55Vm0tFe8J-62YZzNWGFnRhU04MDbx_LNDizeFYrC95rd4ybUCHGDJmdFrCceNVR_FiW0bpuiPdIfYqsNV5rwlTmD5veHuhLg_PMSrRNkPhtiYkL8-tgZoJmq8dZS2UpBH2JHGzgGk3mI1Ge_yIx3dpKAnZXCEUuSDZ7TpH9Jv_V5dHtr8FDFMtAp27xVpEnH_-96T_ktwrA6GNoxbt7FuDzHf5sL884P55DGM7jeCxAn14n_HJD8dEhaiZL4N1eVkSyFxNBdRwVm4L5U8BG8-Zbu6TzkTjiOHIOtE1diNgtiBd8Rda_BvFkhJq9wc2k-WsQaEm0K4iFIaOtUTOWhc9aspqF6fAPXgKG4uv2eN-D6Ow3QFpMzYXPqFjjv8ptqtbAC-I1aVtoBbFDDgaZeoGxtCQwopywGw4vcy3_FHCWzg6oL1UDhwKKpg6bDUsSbCEuxMDVviYMk6-yfaVHd_MIg-zN5vHVpMoR6VBPtKPkqeTOCGarRajG26ozBWAAzKuy35dOHiQmgrmI0HIkFIf-gCdX9akLGSxt9OqVOqixD-6H2qH4w

Requested by

Host: 839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com
URL: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Oct 2023 01:35:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 t Show response
jadserve.postrelease.com/ 268 B
601 B 589ms
182ms Script
text/javascript 54.203.141.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://jadserve.postrelease.com/t?ntv_url=https%3A%2F%2Fobserver.com%2F&ntv_mvi
Requested by: Host: s.ntv.io
URL: https://s.ntv.io/serve/load.js?ver=1.0.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.203.141.105 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-203-141-105.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: f24d352fc8e0fbbfd349ef49e86d9317834abb3494be70b4513660803ff66c67

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Oct 2023 01:35:22 GMT
content-encoding: gzip
server: nginx
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 190
expires: Mon, 1 Jan 1990 12:00:00 GMT

GET
H2 200 app.js Show response
observer.com/wp-content/themes/newyorkobserver-2014/dist/js/ 5 KB
2 KB 7ms
7ms Script
application/javascript 192.0.66.160
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://observer.com/wp-content/themes/newyorkobserver-2014/dist/js/app.js?ver=1.9.9

Requested by

Host: observer.com
URL: https://observer.com/wp-content/plugins/xcurrent/assets/js/script-queue.js?ver=bebcad848e998ab9ae82c8431c754b8a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.66.160 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

7b56af893358318f9825834c44e15ba72af5dd08fda34a56c0bd7b6ef1d9f355

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:21 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000;includeSubdomains;preload
last-modified: Mon, 31 Jul 2023 16:11:22 GMT
server: nginx
x-rq: hhn2 96 184 443
etag: W/"64c7dd2a-15f6"
vary: Accept-Encoding
x-cache: HIT
content-type: application/javascript
cache-control: max-age=31536000

GET
H2 200 dt
dt.adsafeprotected.com/ Frame B439 43 B
215 B 178ms
177ms Image
image/gif 2600:1f13:800:7782:f28c:b957:84f:ac7e
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1475223&asId=b27a1c48-84b0-d9cb-f42f-50b8776212f4&tv=%7Bc:rVoGMq,pingTime:-10,time:473,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwtMTIwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTE4LjAuNTk5My44OCBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1698111321938%7C%7C3d401006cc6c0c72b7bba1cf9568b8c4%7C%7Cafe098ab9930c31009b81b3a08e6b29a%7C%7C075772c87b58e72d45ce350f75e8811b%7C%7C88bb09522e0752e94633da542f873d5d%7C%7Cbdacda1ece06fefb89fcc9aef3162395%7C%7C24c79abd9f330f509ee58a180f7096e5%7C%7C676a587d62d0f09904fb2920fc758ca2%7C%7C1663701684%7D
Requested by: Host: 839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com
URL: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:f28c:b957:84f:ac7e Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Oct 2023 01:35:22 GMT
server: nginx
x-server-name: dt19.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 273 KB
86 KB 44ms
44ms Script
application/javascript 2a00:1450:4001:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5BPNP6

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

80270fe90ce88773882c87734f2b1f3412724fe55c8bd4a9e2185252ea405b31

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:21 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 88289
x-xss-protection: 0
last-modified: Tue, 24 Oct 2023 00:08:44 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 24 Oct 2023 01:35:21 GMT

GET
H2 200 quant.js Show response
secure.quantserve.com/ 22 KB
9 KB 67ms
9ms Script
application/javascript 2620:116:800d:21:b314:a0ef:ab7c:d546
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5BPNP6
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:b314:a0ef:ab7c:d546 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: ba34abe5f7db9bccc4e96465f09ab91bf5393f22dd0acfc2c0e304dd3d94e66a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:22 GMT
content-encoding: gzip
etag: "0nVqEbFaTM2zzuiWgn9NwQ=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
accept-ranges: bytes
expires: Tue, 31 Oct 2023 01:35:22 GMT

GET
H2 200 hotjar-3537567.js Show response
static.hotjar.com/c/ 10 KB
4 KB 49ms
14ms Script
application/javascript 18.66.97.37
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-3537567.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5BPNP6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.97.37 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-97-37.fra56.r.cloudfront.net

Software

Resource Hash

5a92f3e192abd20c55afc6031d9d342bcdd38abbb35e1b035da146635f4c4677

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
date: Tue, 24 Oct 2023 01:35:22 GMT
via: 1.1 80a51c83bb9479e2a3aa1ea59b366458.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 9
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
etag: W/ff940deaf2db15a48b1bacd9acea1f5d
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cache-control: max-age=60
x-amz-cf-id: YOMhRsIlcdc4ObPbNfX2mbbpp0-gaRrPZB5whItHl0enfeX5Q4F72Q==

GET
H3 200 832096553515722 Show response
connect.facebook.net/signals/config/ 139 KB
36 KB 12ms
11ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/832096553515722?v=2.9.135&r=stable&domain=observer.com

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

4e257aeeb29a68e8b57f80a317121c813c87e7acddf824d8712ab7b18877d287

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 24 Oct 2023 01:35:22 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 36701
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: uoQQyj4MfzeNMIQgVY5MPw69mSU2aqF6XQBybAsy7zOSvg6KvyE/CoZJQ8Sa9QRy6ZXbxJ/XEJEI/bFciPzUJw==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 beacon.js Show response
sb.scorecardresearch.com/ 4 KB
2 KB 8ms
8ms Script
application/javascript 18.245.60.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: observer.com
URL: https://observer.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.245.60.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-245-60-76.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1aee66e2e24e851039801c0dace90f3efb7a1a17b033f7d5bbc12ca7c1d19432

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Mon, 23 Oct 2023 07:14:50 GMT
content-encoding: gzip
via: 1.1 c9b44fbd4230c7c5b0750a98fbcd9df6.cloudfront.net (CloudFront)
last-modified: Fri, 21 Jul 2023 22:21:17 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P5
age: 66032
x-amz-server-side-encryption: AES256
etag: W/"a06e7a176f40dc26aa5e9567ac9d2d5e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=86400
x-amz-cf-id: bWaBxyZUI-x4pOT7el5jDKU4RgHJBDyxuZ99CpW8AvLkburqNpUIIw==

GET
H3 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
722 B 14ms
13ms Script
text/javascript 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:02:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1958
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 697
x-xss-protection: 0
last-modified: Fri, 30 Jun 2023 18:58:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Tue, 24 Oct 2023 02:02:44 GMT

GET
H3 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5BPNP6

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 23 Oct 2023 23:51:33 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 6229
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Tue, 24 Oct 2023 01:51:33 GMT

POST
H3 204 ping
pagead2.googlesyndication.com/pagead/ 0
0 49ms
49ms Fetch
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pagead2.googlesyndication.com/pagead/ping?e=1
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://observer.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

POST
H3 200 collect
www.google-analytics.com/ 35 B
55 B 21ms
21ms Ping
image/gif 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/collect

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://observer.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 24 Oct 2023 01:35:22 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: https://observer.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
151 B 20ms
19ms XHR
text/plain 2a00:1450:400c:c00::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-1212249-1&cid=2031459061.1698111319&jid=959889748&uid=2031459061.1698111319&gjid=877132901&_gid=614290033.1698111319&_u=aGDAgUAjQAAAAEAEK~&z=1152296595

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://observer.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 24 Oct 2023 01:35:22 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://observer.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect
www.google-analytics.com/ 35 B
55 B 20ms
20ms Ping
image/gif 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/collect

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://observer.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 24 Oct 2023 01:35:22 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: https://observer.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 modules.6e9fbe1c8deeaeeef5a6.js Show response
script.hotjar.com/ 228 KB
56 KB 50ms
8ms Script
application/javascript 13.32.27.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.6e9fbe1c8deeaeeef5a6.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-3537567.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.27.54 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-27-54.fra56.r.cloudfront.net

Software

Resource Hash

3c4be0577e9aeb1590ffb0ff69edd06d8e8db277b7405506fc7c51d103496acf

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Mon, 23 Oct 2023 14:22:06 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 0d5d2d408eb42296c7636196e25ef8a2.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
age: 40396
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 56638
last-modified: Mon, 23 Oct 2023 14:21:40 GMT
etag: "39a78afde658eb73065246c3ddd7b08c"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: i4G7BT7loV3KM2U_igf8AGGchVozI8RkmrGB7Rn9aYR1WSc09strmg==

GET
H2 204 b
sb.scorecardresearch.com/ 0
224 B 8ms
8ms Image
text/plain 18.245.60.76
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b?c1=2&c2=13507040&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1698111322160&ns_c=UTF-8&c7=https%3A%2F%2Fobserver.com%2F&c8=News%2C%20data%20and%20insight%20about%20the%20powerful%20forces%20that%20shape%20the%20world.%20%7C%20Observer&c9=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.245.60.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-245-60-76.fra60.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:22 GMT
via: 1.1 c9b44fbd4230c7c5b0750a98fbcd9df6.cloudfront.net (CloudFront)
accept-ch: UA, Platform, Arch, Model, Mobile
x-amz-cf-pop: FRA60-P5
x-amz-cf-id: OrBl0dQwsreB5oJ-ylbG7aVHoOj2S0S7odZio5QTaDID1orKjbnkgw==
x-cache: Miss from cloudfront

GET
H2 200 rules-p-UtaLhd9K6h6Mf.js Show response
rules.quantcount.com/ 160 B
633 B 45ms
7ms Script
application/javascript 2600:9000:223c:a000:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-UtaLhd9K6h6Mf.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223c:a000:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3afad7944608ccb8f39bb022444e73be0d7d2bc03ade1aebd436d17c3c2eefc4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 00:56:05 GMT
via: 1.1 6faa38f38a1fee24a829fec7c748876c.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P2
age: 2546
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 160
last-modified: Fri, 14 Oct 2022 00:57:38 GMT
server: AmazonS3
etag: "5e639fe6c85b0bcfca5ebb1b7d3b3dec"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
x-amz-cf-id: Qjovw0ezFonmyPOaIFRh9aRwSp0O-VtV_H75Zy_8ljp0eTiFMhAv2g==

GET
H2 200 /
www.facebook.com/tr/ 0
54 B 8ms
7ms Image
text/plain 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=832096553515722&ev=PageView&dl=https%3A%2F%2Fobserver.com%2F&rl=&if=false&ts=1698111322169&sw=1600&sh=1200&v=2.9.135&r=stable&ec=0&o=30&fbp=fb.1.1698111319508.993923439&ler=empty&cs_est=true&it=1698111319459&coo=false&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 24 Oct 2023 01:35:22 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 27ms
26ms Image
image/gif 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-1212249-1&cid=2031459061.1698111319&jid=959889748&_u=aGDAgUAjQAAAAEAEK~&z=1512424277

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Oct 2023 01:35:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 25ms
25ms Image
image/gif 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-1212249-1&cid=2031459061.1698111319&jid=959889748&_u=aGDAgUAjQAAAAEAEK~&z=1512424277

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Oct 2023 01:35:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel;r=12173323;source=gtm;rf=0;a=p-UtaLhd9K6h6Mf;url=https%3A%2F%2Fobserver.com%2F;uht=2;fpan=1;fpa=P0-676413867-1698111322162;pbc=;ns=0;ce=1;qjs=1;qv=d48babbb-20231018122215;cm=;gdpr=0;ref=;d=ob...
pixel.quantserve.com/ 35 B
372 B 19ms
9ms Image
image/gif 2620:116:800d:21:b314:a0ef:ab7c:d546
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=12173323;source=gtm;rf=0;a=p-UtaLhd9K6h6Mf;url=https%3A%2F%2Fobserver.com%2F;uht=2;fpan=1;fpa=P0-676413867-1698111322162;pbc=;ns=0;ce=1;qjs=1;qv=d48babbb-20231018122215;cm=;gdpr=0;ref=;d=observer.com;dst=1;et=1698111322217;tzo=-120;ogl=type.website%2Ctitle.Observer%2Cdescription.News%252C%20data%20and%20insight%20about%20the%20powerful%20forces%20that%20shape%20the%20world%252E%2Curl.https%3A%2F%2Fobserver%252Ecom%2F%2Csite_name.Observer%2Cimage.https%3A%2F%2Fs0%252Ewp%252Ecom%2Fi%2Fblank%252Ejpg%2Cimage%3Aalt.%2Clocale.en_US;ses=d80d38f5-78dd-46df-bb72-c653136df2a5;mdl=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:b314:a0ef:ab7c:d546 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Oct 2023 01:35:22 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame B439 42 B
64 B 60ms
59ms Fetch
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssH1RNYPB9J3KLVkDVrp90KCdBQmRXobDnLdnPGypWvP6N2KxJhBwuspGLRk99wL2Ry4YWt9-WKEH8Z4bPD_fmxQ_RRnnCjvpobup-5ophiSg-3GQm_1VzQYesINiMYg-VXz0vKH-9rxKjv&sai=AMfl-YTUwASyqgQHriggQNQxye8uK1KtqfYrOxPTBLeqQrGE28xHeQ428nrIoC9XazlHMt_wUTRXvaG5oBkisnlvGhWdq9lkCgxusIphYoS8kYaU63mWzOY36pYZ2oAJ&sig=Cg0ArKJSzOp9heD6kAQuEAE&cid=CAQSPADICaaNQtVnHg9SxHeI4mfJlkjotbWCZfkFuWEosUxWKqM2af7tj8zJ6vboWl3RRC_1Ec2Hxs_43gUKrhgB&id=lidar2&mcvt=1000&p=110,315,360,1285&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231023&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=4231055590&rs=4&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1698111321090&rpt=243&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Oct 2023 01:35:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 63ms
17ms Script
application/javascript 2606:4700::6812:82ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: observer.com
URL: https://observer.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2fc7f40fe3b6fca4d842274e5c319024864535325c7484e201b7c53257209809

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 24 Oct 2023 01:35:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: HAfQnQ1aKA6QX2rlLtw0Ew==
age: 32423
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6821
x-ms-lease-status: unlocked
last-modified: Thu, 19 Oct 2023 20:11:54 GMT
server: cloudflare
etag: 0x8DBD0DFA36E1998
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: fe2eddf8-e01e-0045-438e-03ec60000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 81ae7b96299c9969-FRA

GET
H2 200 3b5c18b9-96b7-48e4-a3ef-011eb84a970d-web.js Show response
cdn.permutive.com/ 361 KB
102 KB 70ms
29ms Script
application/javascript 2606:4700::6811:7611
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.permutive.com/3b5c18b9-96b7-48e4-a3ef-011eb84a970d-web.js
Requested by: Host: observer.com
URL: https://observer.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:7611 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 00536f2b4e556e70b642a42e0d275b59a79ab2cbcfb35cca2e7763df46a90c1f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:22 GMT
content-encoding: br
cf-cache-status: HIT
x-goog-meta-oid: 3b5c18b9-96b7-48e4-a3ef-011eb84a970d
age: 0
x-guploader-uploadid: ADPycdtYX2ffHnjr4l9bELvxcxi1niyUbnfJ0veHj52vFNu89FH7Nvj-53DM28_gVAcBSN5BN1vIqLTLGzDNrTzmWiTdf7JHfy2x
x-goog-storage-class: REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
last-modified: Fri, 06 Oct 2023 10:08:51 GMT
server: cloudflare
etag: W/"e528ae7d3f4fd2c4b91137599eeb7c96"
vary: Accept-Encoding
x-goog-generation: 1696586931866405
content-type: application/javascript
x-goog-hash: crc32c=rHLmPg==, md5=5SiufT9P0sS5ETdZnut8lg==
cache-control: public, max-age=900
x-goog-stored-content-length: 104880
timing-allow-origin: *
cf-ray: 81ae7b9619153830-FRA
expires: Tue, 24 Oct 2023 01:50:22 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame B439 43 B
215 B 177ms
176ms Image
image/gif 2600:1f13:800:7782:f28c:b957:84f:ac7e
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1475223&asId=b27a1c48-84b0-d9cb-f42f-50b8776212f4&tv=%7Bc:rVoGWB,time:1104,type:e,im:%7Bpci:%7Btdr:1011%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:1104,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:37,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:sp,cc:0.0.970.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1094~0%5D,as:%5B1094~970.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:200,fm:tTz037H+111%7C12%7C13%7C14%7C15*.1475223-71249329%7C151%7C152%7C153%7C154,idMap:15*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:39,sis:165%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:f28c:b957:84f:ac7e Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Oct 2023 01:35:22 GMT
server: nginx
x-server-name: dt14.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 6a95224d-e53b-4c23-b2a6-31faa3db3cc4.json Show response
cdn.cookielaw.org/consent/6a95224d-e53b-4c23-b2a6-31faa3db3cc4/ 3 KB
2 KB 52ms
34ms XHR
application/x-javascript 2606:4700::6812:82ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/6a95224d-e53b-4c23-b2a6-31faa3db3cc4/6a95224d-e53b-4c23-b2a6-31faa3db3cc4.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7cc8f8f131774a8405d79658e64366f7044e6f439cfccaf977aecf0deb4c052e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 24 Oct 2023 01:35:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 76589
content-md5: 0CCuNb2oi4MBXRI3Igqd4w==
content-length: 1135
x-ms-lease-status: unlocked
last-modified: Thu, 12 Nov 2020 16:47:25 GMT
server: cloudflare
etag: 0x8D8872AA28370D2
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: b839e4c2-a01e-00be-46e1-5acd6d000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 81ae7b9668d99183-FRA
expires: Wed, 25 Oct 2023 01:35:22 GMT

GET
BLOB 200
OK aa533894-ba2b-44b3-8d42-6d09172c13f9
https://observer.com/ 69 KB
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://observer.com/aa533894-ba2b-44b3-8d42-6d09172c13f9
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 13d8fbc7e950b3f123dc554d5da339303025f34009de0a14d7a6bcc250ae289e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Length: 70617
Content-Type

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 66 B
312 B 65ms
24ms XHR
application/json 2606:4700:4400::6812:2089
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f90d159c7a961f8d49cf0197de9f4a31f91310b5cd03edc042f82beae766c88b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://observer.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date: Tue, 24 Oct 2023 01:35:22 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 81ae7b96ec5b366e-FRA
access-control-allow-headers: Content-Type

GET
BLOB 200
OK c88ca27f-a89b-4b7c-8d21-34969e345383
https://observer.com/ 69 KB
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://observer.com/c88ca27f-a89b-4b7c-8d21-34969e345383
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 13d8fbc7e950b3f123dc554d5da339303025f34009de0a14d7a6bcc250ae289e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Length: 70617
Content-Type

POST
H3 200 watson Show response
api.permutive.com/v2.0/ 307 B
237 B 25ms
24ms XHR
application/json 34.107.254.252
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v2.0/watson?k=6b8d2782-a057-45b2-b2fd-5e7238c30400
Requested by: Host: cdn.permutive.com
URL: https://cdn.permutive.com/3b5c18b9-96b7-48e4-a3ef-011eb84a970d-web.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: 90d614055473a8d8bca4a7934c3b3cf482c6b8a021fdac29317880e499286eb5

Request headers

Referer: https://observer.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
content-type: text/plain

Response headers

date: Tue, 24 Oct 2023 01:35:22 GMT
content-encoding: gzip
via: 1.1 google
server: Permutive
vary: Origin
content-type: application/json
access-control-allow-origin: https://observer.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 219

POST
H3 200 audiences Show response
api.permutive.com/audience-matching/v1/id/5b2c6cae-d80d-402b-b44b-514419a0b091/ 12 B
25 B 91ms
90ms XHR
application/json 34.107.254.252
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/audience-matching/v1/id/5b2c6cae-d80d-402b-b44b-514419a0b091/audiences?k=6b8d2782-a057-45b2-b2fd-5e7238c30400
Requested by: Host: cdn.permutive.com
URL: https://cdn.permutive.com/3b5c18b9-96b7-48e4-a3ef-011eb84a970d-web.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: /
Resource Hash: 2b0fb0a6b3e353c69158d61221c2200e4199d0d60dd0b9d99702a22eaa917a78

Request headers

Referer: https://observer.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Tue, 24 Oct 2023 01:35:22 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12
content-type: application/json

POST
H3 200 segment Show response
api.permutive.com/adv/v2/ 14 B
28 B 31ms
30ms XHR
application/json 34.107.254.252
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/adv/v2/segment?new-session=true&k=6b8d2782-a057-45b2-b2fd-5e7238c30400
Requested by: Host: cdn.permutive.com
URL: https://cdn.permutive.com/3b5c18b9-96b7-48e4-a3ef-011eb84a970d-web.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: e3aeeb9b76fb8242067c35d89b2a5281561e92a7c9a25239d630f818fe978a7d

Request headers

Referer: https://observer.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: *
date: Tue, 24 Oct 2023 01:35:22 GMT
via: 1.1 google
server: Permutive
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14
content-type: application/json

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/6.9.0/ 341 KB
74 KB 19ms
18ms Script
application/javascript 2606:4700::6812:82ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.9.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6a13b93c05af6ec6255b737032aa3f5d1f4823ed2d57d12c0735bd2c4adc8efc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 24 Oct 2023 01:35:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 56jOXvghU3RiFIKiZ2Zh+g==
age: 75415
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 75725
x-ms-lease-status: unlocked
last-modified: Fri, 20 Nov 2020 16:34:12 GMT
server: cloudflare
etag: 0x8D88D721D404CB2
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: b4108ab3-b01e-000b-2ee1-5ac092000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 81ae7b9729fc9969-FRA

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/6a95224d-e53b-4c23-b2a6-31faa3db3cc4/3f4fae5c-af44-4ce7-8f4d-cb1cf522c97c/ 73 KB
13 KB 24ms
23ms Fetch
application/x-javascript 2606:4700::6812:82ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/6a95224d-e53b-4c23-b2a6-31faa3db3cc4/3f4fae5c-af44-4ce7-8f4d-cb1cf522c97c/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.9.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c724c4cb202cda5ac3fc5dd433b3403995f9c2ddd9b45f52713de38a62deedd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 24 Oct 2023 01:35:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 49839
content-md5: EBsOpg7Elu1REC0UgglQbw==
content-length: 12888
x-ms-lease-status: unlocked
last-modified: Thu, 12 Nov 2020 16:47:33 GMT
server: cloudflare
etag: 0x8D8872AA6D573E5
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: c02903af-f01e-012a-2ce1-5aebf6000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 81ae7b9759409183-FRA
expires: Wed, 25 Oct 2023 01:35:22 GMT

POST
H3 200 gaAccount Show response
sandbox.tinypass.com/api/v3/anon/assets/ 52 B
362 B 324ms
312ms XHR
application/json 2606:4700::6812:eff8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://sandbox.tinypass.com/api/v3/anon/assets/gaAccount?aid=CMrLcDjZsu

Requested by

Host: sandbox.tinypass.com
URL: https://sandbox.tinypass.com/api/tinypass.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:eff8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

67ac3cc822b675f60738f7f91d42c3ed671f42e2c1800b8a91ecc1b8d7fe1a1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept: application/json
Referer: https://observer.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Tue, 24 Oct 2023 01:35:23 GMT
strict-transport-security: max-age=86400; includeSubDomains
content-encoding: br
cf-cache-status: DYNAMIC
wn: sandbox-vx-dash-10-13-128-65
server: cloudflare
p3p: CP="NON DSP COR OUR IND"
access-control-allow-origin: *
server-time: 0.004
content-type: application/json
cache-control: public, max-age=86400, s-maxage=86400
x-forwarded-https: on
cf-ray: 81ae7b98bd03904e-FRA
alt-svc: h3=":443"; ma=86400
x-request-id: Sz2f03siV9S

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/6.9.0/assets/ 13 KB
3 KB 18ms
17ms Fetch
application/json 2606:4700::6812:82ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.9.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.9.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb44400a61edda0b628ad2ff62cb5d299fab4e7a18d586ae7d70481c6c9550b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 24 Oct 2023 01:35:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: nLr4hEi4fuLY/p0DQsLcMA==
age: 76588
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3343
x-ms-lease-status: unlocked
last-modified: Fri, 20 Nov 2020 16:34:03 GMT
server: cloudflare
etag: 0x8D88D721792550E
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 018057e7-901e-00f9-7ae1-5a1206000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 81ae7b9899dd9183-FRA

GET
H2 200 otPcCenter.json Show response
cdn.cookielaw.org/scripttemplates/6.9.0/assets/ 62 KB
15 KB 16ms
16ms Fetch
application/json 2606:4700::6812:82ec
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.9.0/assets/otPcCenter.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.9.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e13b47921ee79d3fab38b733e08dc04ca99b25c1880cb25475c9315ddc2146

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observer.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Tue, 24 Oct 2023 01:35:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: ue/MTNcIjSCNWtleQfbrzg==
age: 76588
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 14986
x-ms-lease-status: unlocked
last-modified: Fri, 20 Nov 2020 16:34:03 GMT
server: cloudflare
etag: 0x8D88D7217E98574
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 9f1e85fa-e01e-00d4-51e1-5a91c6000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 81ae7b9899de9183-FRA

GET
DATA 200
OK truncated
/ 817 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B439 0
20 B 48ms
48ms Ping
image/gif 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=962214383161&version=m202309260101&ct=76&x=1&cor=12980182633053864000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Oct 2023 01:35:23 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame B439 43 B
215 B 178ms
177ms Image
image/gif 2600:1f13:800:7782:f28c:b957:84f:ac7e
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1475223&asId=b27a1c48-84b0-d9cb-f42f-50b8776212f4&tv=%7Bc:rVoHdm,pingTime:1,time:2143,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:970,h:250,t:37%7D,%7Bpiv:100,vs:i,r:,t:1134%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1009,o:1134,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:37,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:sp,cc:0.0.970.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1125~0,0~100%5D,as:%5B1125~970.250%5D%7D%7D,%7Bsl:i,t:1134,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:sp,cc:0.0.970.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1008~100%5D,as:%5B1008~970.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:182,fm:tTz037H+111%7C12%7C13%7C14%7C15*.1475223-71249329%7C151%7C152%7C153%7C154,idMap:15*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:39,sis:165%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:f28c:b957:84f:ac7e Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Oct 2023 01:35:23 GMT
server: nginx
x-server-name: dt07.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame B439 43 B
215 B 179ms
178ms Image
image/gif 2600:1f13:800:7782:f28c:b957:84f:ac7e
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1475223&asId=b27a1c48-84b0-d9cb-f42f-50b8776212f4&tv=%7Bc:rVoHdn,pingTime:1,time:2144,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:970,h:250,t:37%7D,%7Bpiv:100,vs:i,r:,t:1134%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1010,o:1134,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:37,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:sp,cc:0.0.970.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1125~0,0~100%5D,as:%5B1125~970.250%5D%7D%7D,%7Bsl:i,t:1134,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:sp,cc:0.0.970.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1009~100%5D,as:%5B1009~970.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:182,fm:tTz037H+111%7C12%7C13%7C14%7C15*.1475223-71249329%7C151%7C152%7C153%7C154,idMap:15*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:39,sis:165%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:f28c:b957:84f:ac7e Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Oct 2023 01:35:23 GMT
server: nginx
x-server-name: dt08.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

POST
H3 200 events Show response
api.permutive.com/v2.0/batch/ 301 B
181 B 21ms
21ms XHR
application/json 34.107.254.252
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v2.0/batch/events?enrich=false&sdkp=true&k=6b8d2782-a057-45b2-b2fd-5e7238c30400
Requested by: Host: cdn.permutive.com
URL: https://cdn.permutive.com/3b5c18b9-96b7-48e4-a3ef-011eb84a970d-web.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: ec73b150de477c234374706b4e4d0a08a2ffdab6a8ee9f1c300b491a942b680b

Request headers

Referer: https://observer.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
content-type: text/plain

Response headers

date: Tue, 24 Oct 2023 01:35:23 GMT
content-encoding: gzip
via: 1.1 google
server: Permutive
vary: Origin
content-type: application/json
access-control-allow-origin: https://observer.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 163

POST
H3 200 state Show response
api.permutive.com/v1.0/ 0
34 B 26ms
26ms XHR
text/plain 34.107.254.252
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://api.permutive.com/v1.0/state?fetch_unseen=false&k=6b8d2782-a057-45b2-b2fd-5e7238c30400
Requested by: Host: cdn.permutive.com
URL: https://cdn.permutive.com/3b5c18b9-96b7-48e4-a3ef-011eb84a970d-web.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.107.254.252 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 252.254.107.34.bc.googleusercontent.com
Software: Permutive /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://observer.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: *
date: Tue, 24 Oct 2023 01:35:24 GMT
content-encoding: gzip
via: 1.1 google
server: Permutive
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20

GET
H2 200 dt
dt.adsafeprotected.com/ Frame B439 43 B
215 B 178ms
177ms Image
image/gif 2600:1f13:800:7782:f28c:b957:84f:ac7e
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1475223&asId=b27a1c48-84b0-d9cb-f42f-50b8776212f4&tv=%7Bc:rVoIfK,pingTime:5,time:6135,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:970,h:250,t:37%7D,%7Bpiv:100,vs:i,r:,t:1134%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:5001,o:1134,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:37,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:sp,cc:0.0.970.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1125~0,0~100%5D,as:%5B1125~970.250%5D%7D%7D,%7Bsl:i,t:1134,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:sp,cc:0.0.970.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B5000~100%5D,as:%5B5000~970.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:180,fm:tTz037H+111%7C12%7C13%7C14%7C15*.1475223-71249329%7C151%7C152%7C153%7C154,idMap:15*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:39,sis:165%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:f28c:b957:84f:ac7e Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Oct 2023 01:35:27 GMT
server: nginx
x-server-name: dt12.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame B439 43 B
215 B 179ms
178ms Image
image/gif 2600:1f13:800:7782:f28c:b957:84f:ac7e
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1475223&asId=b27a1c48-84b0-d9cb-f42f-50b8776212f4&tv=%7Bc:rVoIfK,pingTime:5,time:6135,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:970,h:250,t:37%7D,%7Bpiv:100,vs:i,r:,t:1134%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:5001,o:1134,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:37,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:sp,cc:0.0.970.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1125~0,0~100%5D,as:%5B1125~970.250%5D%7D%7D,%7Bsl:i,t:1134,wc:0.0.1600.1200,ac:NaN.NaN.970.250,am:sp,cc:0.0.970.250,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B5001~100%5D,as:%5B5001~970.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:180,fm:tTz037H+111%7C12%7C13%7C14%7C15*.1475223-71249329%7C151%7C152%7C153%7C154,idMap:15*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:39,sis:165%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7782:f28c:b957:84f:ac7e Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 24 Oct 2023 01:35:27 GMT
server: nginx
x-server-name: dt11.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

Verdicts & Comments Add Verdict or Comment

253 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

50 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
observer.com/	1970-01-21 01:17:51	Name: hcpermutive_uuid Value: d65a4ea0-66ef-4cd4-8f00-7f9f6589a7ad
observer.com/	1970-01-20 15:41:53	Name: sailthru_pageviews Value: 1
.observer.com/	1970-01-20 15:41:53	Name: _parsely_session Value: {%22sid%22:1%2C%22surl%22:%22https://observer.com/%22%2C%22sref%22:%22%22%2C%22sts%22:1698111319273%2C%22slts%22:0}
.observer.com/	1970-01-21 01:11:15	Name: _parsely_visitor Value: {%22id%22:%22pid=94b08f3570d1690c5159df9184063042%22%2C%22session_count%22:1%2C%22last_session_ts%22:1698111319273}
.observer.com/	1970-01-20 15:43:17	Name: _gid Value: GA1.2.614290033.1698111319
.observer.com/	1970-01-21 01:17:51	Name: _ga_T9PLB60R8S Value: GS1.1.1698111319.1.0.1698111319.60.0.0
.observer.com/	1970-01-20 17:51:27	Name: _fbp Value: fb.1.1698111319508.993923439
.observer.com/	1970-01-21 01:10:42	Name: _pcid Value: %7B%22browserId%22%3A%22lo3nmvw5ygexe463%22%7D
.observer.com/	1970-01-21 01:10:42	Name: _pcus Value: eyJ1c2VyU2VnbWVudHMiOm51bGx9
.piano.io/	1970-01-20 15:41:53	Name: __cf_bm Value: _MKqHYUjMV6vpBY06pvMVi57XsCXXigFD4cRCuB21ME-1698111319-0-AfHJX8to9ZhGXjca+PdKZw0uKbxVr6Ag2KXRRFMdS9FADKUf0d5CZF76S07ihUB37DiwQVVXLnsPAz0PBw4lJw0=
.observer.com/	1970-01-21 01:17:51	Name: __tbc Value: %7Bkpex%7DNbFTMbywpHieAUmKLfHtoD4142sLP-Fbghg2LmSNG3FQ5UnP7_LkxLABlshujTYy
.observer.com/	1970-01-20 16:25:06	Name: __pat Value: -14400000
.observer.com/	1970-01-20 15:43:17	Name: __pvi Value: eyJpZCI6InYtMjAyMy0xMC0yNC0wMy0zNS0xOS01NTEtRlpuN0pYdktxbHdpaE1TNy0wOTZmNjE1YTQ5ZjliYmQyY2IwZDM2NjQ0NjIyM2ViYyIsImRvbWFpbiI6Ii5vYnNlcnZlci5jb20iLCJ0aW1lIjoxNjk4MTExMzE5ODE2fQ%3D%3D
.observer.com/	1970-01-21 01:10:42	Name: _pctx Value: %7Bu%7DN4IgrgzgpgThIC4B2YA2qA05owMoBcBDfSREQpAeyRCwgEt8oBJAE0RXQF8g
.observer.com/	1970-01-21 01:17:51	Name: xbc Value: %7Bkpex%7DX1gWapA2cPSbV2O9_sxH7rOUt0akdv3ce_uLPIcd-gk
observer.com/	1970-01-20 15:41:51	Name: __adblocker Value: false
observer.com/	1970-01-21 00:27:27	Name: sailthru_visitor Value: dc4cb041-3ca4-43b3-989e-0755a4594ec2
.observer.com/	1970-01-20 20:05:22	Name: permutive-id Value: 5b2c6cae-d80d-402b-b44b-514419a0b091
.3b5c18b9-96b7-48e4-a3ef-011eb84a970d.prmutv.co/	1970-01-20 17:54:20	Name: pxid Value: f627b93a-fe60-444b-8506-daeda2d416e0
observer.com/	1970-01-20 16:25:03	Name: _pbjs_userid_consent_data Value: 3524755945110770
.observer.com/	1970-01-20 15:51:56	Name: sharedid Value: e095c07e-ae54-4c20-a4ce-91737d70ca0b
.observer.com/	1970-01-21 01:10:39	Name: _awl Value: 2.1698111320.5-c42f967dda4ae6ab4dc944ee9d8f63ef-6763652d6575726f70652d7765737431-0
.doubleclick.net/	1970-01-21 01:03:27	Name: IDE Value: AHWqTUnbvVxiH7N7utRn_UsNnnFAdWVokSbq1-I5JZVaUCRTIRq369IfnRK01Py3PZw
.observer.com/	1970-01-21 01:03:27	Name: __gads Value: ID=a37ce66e150b533a:T=1698111320:RT=1698111320:S=ALNI_MZqZFb-NtggDIbnKhC9WRLZMagyIQ
.observer.com/	1970-01-21 01:03:27	Name: __gpi Value: UID=00000ca1835c3b23:T=1698111320:RT=1698111320:S=ALNI_MaWsCQxUMyfjncWkoWvakw7SNsJew
.adnxs.com/	1970-01-20 17:51:27	Name: uuid2 Value: 9159113323934637173
.doubleclick.net/	1970-01-20 20:01:03	Name: APC Value: AfxxVi65LhQEUV8A_OTVn_uan3FvbySZK1DRpxd5HdNfNV2pcOqI0g
.casalemedia.com/	1970-01-21 00:27:27	Name: CMID Value: ZTcfWQ-vH73JtNUapDby-QAA
.casalemedia.com/	1970-01-20 17:51:27	Name: CMPS Value: 5278
.casalemedia.com/	1970-01-20 17:51:27	Name: CMPRO Value: 5278
.adnxs.com/	1970-01-20 17:51:27	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GVPrzKVV!]tbPl1M>e)ZlrFUfJ+tGXxpGF<HMOI-im#[R[VgXq.4':D(Q1Q<:EfKC5#D3If)y3KL9D3I?+P=KY5#
.pubmatic.com/	1970-01-20 15:43:17	Name: KTPCACOOKIE Value: YES
.ctnsnet.com/	1970-01-21 00:27:27	Name: cid_21bd2c7377e549f5940a6d0b0885635e Value: 1
.ctnsnet.com/	1970-01-21 00:27:27	Name: gid_CAESECgtdH_M-Xqdl-OsrWcwo7M Value: 1
.lijit.com/	1970-01-21 00:27:27	Name: ljt_reader Value: HiXfvGZHtNEve7bUTAW9_rwI
.de17a.com/	1970-01-21 00:20:15	Name: guid Value: 1.7514269183833342631
.pubmatic.com/	1970-01-21 00:27:27	Name: KADUSERCOOKIE Value: D3151924-28DA-473C-B7FD-C0A852858D70
.tribalfusion.com/	1970-01-20 17:51:27	Name: ANON_ID Value: aBntuJqZbaOF6iPq6eWMn1ZdGaaPxpMhplOOc9SpX499e1pxF3BOkEONRUX1yDp19BSKXZbbAMOmuUUXTsrmtZbb5aLQ
observer.com/	1969-12-31 23:59:59	Name: ntvSession Value: {}
.observer.com/	1970-01-21 01:17:51	Name: _ga Value: GA1.2.2031459061.1698111319
.observer.com/	1970-01-20 15:41:51	Name: _dc_gtm_UA-1212249-1 Value: 1
.quantserve.com/	1970-01-21 01:12:05	Name: mc Value: 65371f5a-38c63-c1454-67834
.observer.com/	1970-01-21 00:27:27	Name: _hjSessionUser_3537567 Value: eyJpZCI6IjdlN2Q1NmE0LTI0OTAtNTAxMy05NjdiLTQ1ZjdiNzVkYWMzYyIsImNyZWF0ZWQiOjE2OTgxMTEzMjIyNTMsImV4aXN0aW5nIjpmYWxzZX0=
.observer.com/	1970-01-20 15:41:53	Name: _hjFirstSeen Value: 1
.observer.com/	1970-01-20 15:41:51	Name: _hjIncludedInSessionSample_3537567 Value: 0
.observer.com/	1970-01-20 15:41:53	Name: _hjSession_3537567 Value: eyJpZCI6ImIyOTFmZGE3LWE1N2ItNGE1MC1hMmMwLTY1MTExYTE3NDUyMCIsImNyZWF0ZWQiOjE2OTgxMTEzMjIyNTQsImluU2FtcGxlIjpmYWxzZSwic2Vzc2lvbml6ZXJCZXRhRW5hYmxlZCI6dHJ1ZX0=
.observer.com/	1970-01-20 15:41:53	Name: _hjAbsoluteSessionInProgress Value: 0
.observer.com/	1970-01-21 01:06:20	Name: __qca Value: P0-676413867-1698111322162
.postrelease.com/	1970-01-21 00:27:27	Name: opt_out Value: 1
.observer.com/	1970-01-21 00:27:27	Name: OptanonConsent Value: isIABGlobal=false&datestamp=Tue+Oct+24+2023+03%3A35%3A23+GMT%2B0200+(Central+European+Summer+Time)&version=6.9.0&hosts=&landingPath=https%3A%2F%2Fobserver.com%2F&groups=C0003%3A1%2CC0001%3A1%2CC0002%3A1%2CC0004%3A1

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://observer.com/ Message: The resource https://observer.com/wp-content/themes/newyorkobserver-2014/dist/fonts/flexslider-icon.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000;includeSubdomains;preload
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3b5c18b9-96b7-48e4-a3ef-011eb84a970d.edge.permutive.app
3b5c18b9-96b7-48e4-a3ef-011eb84a970d.prmutv.co
839dd17dd8ed2b3a3992171bb9c2d625.safeframe.googlesyndication.com
a.tribalfusion.com
aax.amazon-adsystem.com
ak.sail-horizon.com
ams-pageview-public.s3.amazonaws.com
ap.lijit.com
api.permutive.com
api.sail-personalize.com
c.amazon-adsystem.com
c2-sandbox.piano.io
cdn.cookielaw.org
cdn.id5-sync.com
cdn.parsely.com
cdn.permutive.com
cm.g.doubleclick.net
code.createjs.com
config.aps.amazon-adsystem.com
connect.facebook.net
d15kdpgjg3unno.cloudfront.net
d5p.de17a.com
dis.criteo.com
dsum-sec.casalemedia.com
dt.adsafeprotected.com
dyv1bugovvq1g.cloudfront.net
fonts.googleapis.com
fonts.gstatic.com
fw.adsafeprotected.com
gcm.ctnsnet.com
geolocation.onetrust.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
htlbid.com
ib.adnxs.com
id5-sync.com
image6.pubmatic.com
jadserve.postrelease.com
lb.eu-1-id5-sync.com
observer.com
p1.parsely.com
pagead2.googlesyndication.com
pixel.quantserve.com
pixel.wp.com
region1.analytics.google.com
rules.quantcount.com
s.ntv.io
s.tribalfusion.com
s0.2mdn.net
sandbox.tinypass.com
sb.scorecardresearch.com
script.hotjar.com
secure.quantserve.com
securepubads.g.doubleclick.net
sqs.us-east-1.amazonaws.com
static.adsafeprotected.com
static.hotjar.com
stats.g.doubleclick.net
stats.wp.com
tpc.googlesyndication.com
truculentrate.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.npttech.com
x.bidswitch.net
104.18.27.193
108.138.1.25
108.138.9.235
13.32.27.39
13.32.27.54
141.95.98.65
142.250.186.130
142.250.186.162
178.250.1.9
18.196.230.223
18.245.60.76
18.66.112.103
18.66.97.37
185.89.211.12
192.0.66.160
192.0.76.3
198.47.127.19
2001:4860:4802:34::36
213.155.156.180
216.52.2.39
23.212.213.167
2600:1901:0:7416::1
2600:1f13:800:7782:f28c:b957:84f:ac7e
2600:9000:223c:a000:6:44e3:f8c0:93a1
2600:9000:223e:ba00:5:82fd:2500:21
2600:9000:223f:3c00:8:48e:53c0:93a1
2600:9000:2490:be00:11:b309:9100:21
2606:4700:10::ac43:266a
2606:4700:4400::6812:2089
2606:4700:4400::6812:29aa
2606:4700::6811:7611
2606:4700::6811:c376
2606:4700::6812:19ad
2606:4700::6812:82ec
2606:4700::6812:eff8
2606:4700:e2::ac40:8f26
2620:116:800d:21:b314:a0ef:ab7c:d546
2a00:1450:4001:801::200a
2a00:1450:4001:806::200e
2a00:1450:4001:80e::2002
2a00:1450:4001:80e::2008
2a00:1450:4001:810::2002
2a00:1450:4001:811::2003
2a00:1450:4001:812::2002
2a00:1450:4001:812::2003
2a00:1450:4001:828::2002
2a00:1450:4001:828::2006
2a00:1450:4001:82a::2003
2a00:1450:4001:82b::2001
2a00:1450:4001:831::2001
2a00:1450:4001:831::2004
2a00:1450:400c:c00::9c
2a02:26f0:3500:11::215:14cb
2a03:2880:f083:9:face:b00c:0:3
2a03:2880:f176:84:face:b00c:0:25de
3.239.232.239
34.107.254.252
35.186.193.173
35.241.9.51
52.17.99.225
52.216.49.193
54.155.244.184
54.203.141.105
65.9.61.60
99.83.154.140
99.86.4.71
00536f2b4e556e70b642a42e0d275b59a79ab2cbcfb35cca2e7763df46a90c1f
013e1d4445a9ae6ea3381525c280bd692c96c649d5f5a5750d7814113bc1b7d7
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
0210b0004d1177727d03a0d6b745789891195b2ba88ff99f8ef6ced9a5c51e40
03255fde15d5b1ad40ac9af95638c8f4ef82b3d90ba7c4d6c20279ed894a35bb
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
07f024cb3e218b7e2813d8868cae0764a420126f24063f8b154210bf65b9cd27
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0ec8bc3ef1eb0c6ff43a2f94234c9487df3bf5e5f6b511693ca32cbb89bb665d
1170849a1f6deb911dc030011d8bcc57a6caaf659343e66114fb2f87369ed40e
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
13d8fbc7e950b3f123dc554d5da339303025f34009de0a14d7a6bcc250ae289e
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
18d06fed9a67ff1de9031deb2f7fec9ff333758ec6a847e7ab922450be27f93d
19717cf28a940827af44d1cb713bd9dd120b65b13a5a6d987b06166e3b9d4e48
1aee66e2e24e851039801c0dace90f3efb7a1a17b033f7d5bbc12ca7c1d19432
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
21894460f75c2fe83bfcd2432d32ae4ac909a8e28e7de5c077709bb37da103b0
253627a82794506a7d660ee232c06a88d2eaafb6174532f8c390bb69ade6636a
262fbcc7922dfabfbb72c1c366ae208230efbed08f7fc16988db51650c1e01ba
27564fe0e5a95c61c9fbd45ecdb0a0a640fbb320bb64a54f3307a52fe96f86e4
2b0fb0a6b3e353c69158d61221c2200e4199d0d60dd0b9d99702a22eaa917a78
2b2b4c823e05820933dac75fe85e93a09e77a97152e6b0982e2898d47ee5c6de
2cbc6c13af45bc311311531d579cd7e529376564ba3eef9af1f50e02f0998db0
2d9b441516e68fbe56035f66a796508753a803f67561662d2c66506e6395a331
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
2e256a180025855d8521b1aeacc337c5bc34f88865bbd09680c9f7192c937553
2ee1833eeb095dc924d6d3eda917968059c7b61db69eb1b7bcbe1c79bf4b9bd3
2fc7f40fe3b6fca4d842274e5c319024864535325c7484e201b7c53257209809
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
341447fb742e677dbeeb2446fabe78fbc6c2c6df8d9b8fcaa386741587e1a1d5
3429d0e42b3895bb777d9a8d6c80da3331d434df1db12556918b1315783a4f81
34ad0b1d6e24c183db4532e3a4bc29e1c4499b15fe46412ae92191c53a554a79
36e24dc06e51fdd9b13497039bf3c286b61476669c715a274b9a6703b4000a2b
3afad7944608ccb8f39bb022444e73be0d7d2bc03ade1aebd436d17c3c2eefc4
3c4be0577e9aeb1590ffb0ff69edd06d8e8db277b7405506fc7c51d103496acf
3c62d8a3fd2c71c138f26eed2adff510f4fdee339f91e8074705598164793f88
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
42e4be0e2f7369d177c194c77489a2393c34862c2bcd2d1168ba4245670daa18
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40
49c65516a1ac6109484d0aac2a645ef339ac639f87c0d77691c6055bf1d9faaa
49db66ae1889e3ae58a38124422c4d6648b19cf9f233b12412db9b565b5d85b0
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c5f80cce6889f5bd1236ae540178efed729c20bf20c5afaeed6e2fa02d50323
4de2440cba09ca0e388dd5ddb299c080da75007798917743ac9ca8a17a05969e
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e257aeeb29a68e8b57f80a317121c813c87e7acddf824d8712ab7b18877d287
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
547dda3c14b284819be511be1e410da94a5efc6ccc4a9afe1c75394f9333191a
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55f6cd23cb42c88e368be8b3b785ba0460327da94261451a51d0fe139502839f
57a50c99a31ef4e89e86664e96f6dfbdde163a2eb96e88b3b492c49aa4be2f37
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5a92f3e192abd20c55afc6031d9d342bcdd38abbb35e1b035da146635f4c4677
5b33d89b63f0526bc3d87febe6fa085f09521427e58faf605413b50635872ac1
5c724c4cb202cda5ac3fc5dd433b3403995f9c2ddd9b45f52713de38a62deedd
5c93f77799d122fb5255ee24da285f9f228cc118cba11e6ceb2b6bda8cdf4164
5d173b14197366161d078d9fe05c40f42c667343821fbeddea82492a46f7ca4f
5d55f7c21f317b20841033125e19ef280ff06aba9c8cb5ee2d6065220d8e5a30
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058
67447c3656caad630373253691f3e8f64467eafd6e7305c9b0e98111b0b41694
67ac3cc822b675f60738f7f91d42c3ed671f42e2c1800b8a91ecc1b8d7fe1a1e
688f460887bc3198f592d0f9cdea9cd29574e37621b2f5bcd7d7bcc1f01c92c7
69541dc351e92797662f93f01fc46ca28dd49a6199a3eacd7410515a136bb422
6974bfd8fa06b7831f05cb4b25860c851a5ad3f02a6699ebe688987dd7a6ebe6
6a13b93c05af6ec6255b737032aa3f5d1f4823ed2d57d12c0735bd2c4adc8efc
6b894bc68450c2380d5bd6fbf04707c396a5e7e5274aae9ac43b942b32231465
6c05e433ca10b433edfc856fd903cb5f2da848a54e4507642a48981deed8bb05
6c0bd41a591f67aa54215c9f9c1f0e86935d86b6546a0ba0bf9cebbed53a9ebc
6eb7a18174bf6a3ba003999e45eecbb81059c52b2c7b2da91b85e944e948c6e6
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
74e72473f970d838c52ed8c8fadf1c25883dd561d66df3856bfc137b9da2fea0
756dd7203be6457d7dd15085b51cb7fcee2efdc6e1e46792c7a5272775a82243
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
7868467c94a5aa0b3f11ef542f45287967f9627b3b5acdc86e47f8f77a126596
7b56af893358318f9825834c44e15ba72af5dd08fda34a56c0bd7b6ef1d9f355
7cc8f8f131774a8405d79658e64366f7044e6f439cfccaf977aecf0deb4c052e
7e77b248b2dfa6bf6f7969f8776893f02f2e661392be63aceb365705a0c76678
80270fe90ce88773882c87734f2b1f3412724fe55c8bd4a9e2185252ea405b31
82473b1a43b1d0d8d801b0c40231bfde703a702f66ab4c778c40b7af8a8da405
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
84e13b47921ee79d3fab38b733e08dc04ca99b25c1880cb25475c9315ddc2146
84e5aa85594b35c4b60787f4a97e2e1eb369dacbe23d8154f61f60bb0343d465
855a02fa7e5e3ab79128f427ee404a5230070f9254ee63d47f4b8ee4c753b6b7
89a9b728cbc4ea20ef9c0934035ba3300049c50682dcc0e58452c40749b6d853
8a2e50520b3802be8ba8525c56ced0d0b9aba4efb49048d315a88a5a7a2639a5
8ed1c626af66981552aac1e9cd693fb3bbf73411f1af5ad340723545258fab7e
90d614055473a8d8bca4a7934c3b3cf482c6b8a021fdac29317880e499286eb5
91d47751cf8b721f97b94e8125945bb960dad1a249f62b7cc3337182f70e9773
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
962eaa3c1a2130ce8689105bb46d6454972927d761d9df30dd357c9373040b54
97816b3ca3d676b5241a16fd6fb3f3e4050a3b99c914f0a66f0bcc074617ba80
99390ea97cf85db7a91131e97b843d140cdc8ddb75c4ff1e08f6d6603ef4fee3
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9d0cd10bb713671edaf270cfbe0482c4143c990f027a91f9cb31760ead10ff73
9d0da2a904a70e5f7517df02a0d82dd6a0ba62dae3a7c3f2226bdc26eb9ee828
9db4c72c5204046d62a6a54368276979748d9223763854ed222cf81d6417e114
9e6f27c1cafd285e55e9a7507489d02e2780f88d3cf5838b0965dbfed021c9f4
9fbdb8fa831559d79622dac06776b4ef4c0e67e45684dc7dcfded09feadae633
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a384a78bc8bee6afceab3ff107315b1bdcc0fd2622246826d16b503e742a8cdf
a7b23f357530667a4d5d574a7b9141f0858db9f3dc49ad1e676bd850b8093c22
a7b4051ce3c03d83059984dfd302a18b7e0bb49f3a188b6db2f5ef53b1970a5f
a7b9f5c4902d13677c63d2d8b45e82d559fc23f3104952da2c024f1f97c3e53e
a860e393a22f7cd34a28120e6b5f9bdc433a1eeda614b995c6c22b395afcfbe6
a86c0048a2ccbbfd7de0e54170a8ba46f3b12bfd334e005c74b894061caf188c
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b326e1adbb25865d6a5766da21be23d8989be43187e657b00c59178190cc953a
b6cf23ed282a5cb25c43c5923908a43cc8c4c9e92b23a1f73eb7b0af46ef6534
b789904f1040c2ffaa49c39466ca30151485a1755e8af916d5c08fff599a4d61
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
b7e6db8dfe79e6581a5accc07438706f2ff043bc6f9cb4f61f549a4f5d0ee4e8
b9525cf1689e64d66e6f6976db0f3f438a0390479356f50d3b691f09b79e28c2
ba34abe5f7db9bccc4e96465f09ab91bf5393f22dd0acfc2c0e304dd3d94e66a
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bd7e05751a03c3c81bf4f38808d12af294f672494f6b9d7641aaf0dfbb5fb012
bd887aa5595948bab242299795346c2bb50a2914a9bc06f8137a471d8022a9a9
c0472ab03b5cc819b6f3a01c3d0519af30215aed943bd77a11d9625f93b4ab55
c0eb09d747f4cb0d61057afe50609d7419873b0bdbc56f6965f3098a1cf6d975
c1a9a3e223bad631dff12d33b5499eb145cb08d8621c20d9d73870e78d97afe4
c39132857ba1f8dce335c6f2c350d01ff1e6864bb04b15150ce52f0f46d8c3f3
c46b033d7688f2f46e87a04634a1389db91ceea1be9cb70d1ae9205819739a7e
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ca7752fb33cf3a98c0f29bc4eec563112025da4109a0dcc69dabf5f861751258
cb4857a07cf6ba085462d2eb7de35e4496de0c2adae50df40000577947dc27b5
cf0e4e3608c61bf0935d299bc8dab4070efc6ed71440c0fd54680b5c70dc96a1
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d17298826b7b7ed19af4942adf03fbcea7a7cd9cd5f25a5b9fb0674c71828c87
d312c6ff4f871e90f662027e149a4b8ebcb24a48870acbd87e688a620fc7b52f
d747bc0ec8a549bb25f0bab199d8e3019bcea7cfaf1438d55da2fabcff48f2c3
d8234a5854ab9176a7bdc57c6dc183540c614c50dcb02296f94913e7031b0272
d8676d90cb91dbe085efaa1faa4255df96e5abef581b708027c508c8d3bc1566
da018a083eb1a8b7a9ab2ed850d2e9156cfd648ca6547e1914f04488ad8513b7
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
df24076596e23ee1154019d1d34270f041ec362ae46435083e73f1fecd60a875
e3aeeb9b76fb8242067c35d89b2a5281561e92a7c9a25239d630f818fe978a7d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e98554a53d4c1998a7823a370c81dc80c72cfc1d43e842f1dda69d8b868d2502
ea5aef304509dd06016e3c79bac970fee3b7cbb5ef1315194fa8db08e52b0ea8
ec73b150de477c234374706b4e4d0a08a2ffdab6a8ee9f1c300b491a942b680b
edbf37f6db3f632faaeeeee4aa127c204d0bcc52e940682bc5d4b0fa48ded96b
ee13d66c8fa1222ed0263c697199a9886363cfab3b6338acbdc743ada1b503c0
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef5f8d6a9ea52bd9b20497b837b74bde31586062d5b0e16be75f8bbdffc29840
ef76f0d3266e9385504d0ca2c10c9c26c6e4ba9fe9afe5b89a1713b3750689fa
eff28e6a59e6116bdebf9c7a65782a40d4b18e368226845f5ac64e8e03e1b7e2
f13aca355ac713d354ecc4b50f090fa86e2165710039cd263535d8a29ec0aadb
f24d352fc8e0fbbfd349ef49e86d9317834abb3494be70b4513660803ff66c67
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f74f99e9fe1027d19c741e71e7a2adf40f49a011d50cb110e45a0511f624fb3a
f8d03f6831d2a156f8f0ae4c2461fc32321c7c36362f8bbe1d813d4a89e44774
f90d159c7a961f8d49cf0197de9f4a31f91310b5cd03edc042f82beae766c88b
fb44400a61edda0b628ad2ff62cb5d299fab4e7a18d586ae7d70481c6c9550b2

observer.com Open in urlscan Pro 192.0.66.160 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

209 Requests

93 %HTTPS

53 %IPv6

49 Domains

70 Subdomains

63 IPs

7 Countries

3130 kBTransfer

9736 kBSize

50 Cookies

15 Outgoing links

Page URL History

Redirected requests

209 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

observer.com Open in urlscan Pro
192.0.66.160 Public Scan

Screenshot
Live screenshot

Full Image

209
Requests

93 %
HTTPS

53 %
IPv6

49
Domains

70
Subdomains

63
IPs

7
Countries

3130 kB
Transfer

9736 kB
Size

50
Cookies

209 HTTP transactions
4 data transactions