www.tmonews.com Open in urlscan Pro
147.203.62.4 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://tmonews.com/
Effective URL:
https://www.tmonews.com/
Submission: On April 15 via manual (April 15th 2022, 2:44:44 pm UTC) from US — Scanned from US

Summary HTTP 333 Redirects Links 14 Behaviour Indicators

Summary

This website contacted 64 IPs in 2 countries across 50 domains to perform 333 HTTP transactions. The main IP is 147.203.62.4, located in United States and belongs to AIS-WEST, US. The main domain is www.tmonews.com.
TLS certificate: Issued by R3 on April 14th 2022. Valid for: 3 months.

This is the only time www.tmonews.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 63	147.203.62.4 147.203.62.4	6130 (AIS-WEST) (AIS-WEST)
1	204.68.111.106 204.68.111.106	6130 (AIS-WEST) (AIS-WEST)
2	2606:4700:440... 2606:4700:4400::ac40:96e3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	13.225.210.128 13.225.210.128	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700::68... 2606:4700::6812:acf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 9	68.67.179.77 68.67.179.77	29990 (ASN-APPNEX) (ASN-APPNEX)
6	104.16.190.66 104.16.190.66	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2602:803:c002... 2602:803:c002:200::62	26667 (RUBICONPR...) (RUBICONPROJECT)
3	23.92.190.68 23.92.190.68	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
13	142.250.80.34 142.250.80.34	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f01... 2a03:2880:f012:10c:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	23.52.162.201 23.52.162.201	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2606:4700:303... 2606:4700:3031::ac43:9a6d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	23.215.130.80 23.215.130.80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	151.139.128.11 151.139.128.11	20446 (STACKPATH...) (STACKPATH-CDN)
3 8	34.111.234.236 34.111.234.236	15169 (GOOGLE) (GOOGLE)
8	34.232.140.51 34.232.140.51	14618 (AMAZON-AES) (AMAZON-AES)
2	216.105.38.9 216.105.38.9	6130 (AIS-WEST) (AIS-WEST)
3	199.232.196.134 199.232.196.134	54113 (FASTLY) (FASTLY)
1	2600:1901:0:8... 2600:1901:0:8eee::	15169 (GOOGLE) (GOOGLE)
3	35.201.67.47 35.201.67.47	15169 (GOOGLE) (GOOGLE)
2	35.190.91.160 35.190.91.160	15169 (GOOGLE) (GOOGLE)
1	35.190.59.101 35.190.59.101	15169 (GOOGLE) (GOOGLE)
1 1	2600:1400:d:5... 2600:1400:d:5a3::2b44	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3 4	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
2	34.199.75.209 34.199.75.209	14618 (AMAZON-AES) (AMAZON-AES)
1 3	54.205.31.112 54.205.31.112	14618 (AMAZON-AES) (AMAZON-AES)
3 3	35.190.60.146 35.190.60.146	15169 (GOOGLE) (GOOGLE)
2 3	52.1.175.157 52.1.175.157	14618 (AMAZON-AES) (AMAZON-AES)
2 3	3.230.62.22 3.230.62.22	14618 (AMAZON-AES) (AMAZON-AES)
1	2a03:2880:f11... 2a03:2880:f112:182:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
5	147.203.60.11 147.203.60.11	6130 (AIS-WEST) (AIS-WEST)
1	2607:f8b0:400... 2607:f8b0:4006:81f::2002	15169 (GOOGLE) (GOOGLE)
29	2607:f8b0:400... 2607:f8b0:4006:81d::2002	15169 (GOOGLE) (GOOGLE)
7	2607:f8b0:400... 2607:f8b0:4006:80f::2001	15169 (GOOGLE) (GOOGLE)
6	3.91.171.156 3.91.171.156	14618 (AMAZON-AES) (AMAZON-AES)
9 13	142.250.65.162 142.250.65.162	15169 (GOOGLE) (GOOGLE)
1 1	216.200.232.249 216.200.232.249	30419 (MEDIAMATH...) (MEDIAMATH-INC)
2 2	107.178.254.65 107.178.254.65	15169 (GOOGLE) (GOOGLE)
1 1	3.93.204.138 3.93.204.138	14618 (AMAZON-AES) (AMAZON-AES)
1	52.205.48.68 52.205.48.68	14618 (AMAZON-AES) (AMAZON-AES)
3 6	23.3.124.133 23.3.124.133	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	76.13.32.147 76.13.32.147	26101 (YAHOO-BF1) (YAHOO-BF1)
1	104.16.111.154 104.16.111.154	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 4	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
1 1	151.101.194.49 151.101.194.49	54113 (FASTLY) (FASTLY)
1 2	151.101.130.49 151.101.130.49	54113 (FASTLY) (FASTLY)
27	2607:f8b0:400... 2607:f8b0:4006:81f::2001	15169 (GOOGLE) (GOOGLE)
1 8	2607:f8b0:400... 2607:f8b0:4006:816::2004	15169 (GOOGLE) (GOOGLE)
7	2607:f8b0:400... 2607:f8b0:4006:821::2002	15169 (GOOGLE) (GOOGLE)
4	2607:f8b0:400... 2607:f8b0:4006:820::2002	15169 (GOOGLE) (GOOGLE)
3 5	23.52.162.21 23.52.162.21	16625 (AKAMAI-AS) (AKAMAI-AS)
2 4	34.200.35.154 34.200.35.154	14618 (AMAZON-AES) (AMAZON-AES)
32	2607:f8b0:400... 2607:f8b0:4006:807::2006	15169 (GOOGLE) (GOOGLE)
6	142.250.81.226 142.250.81.226	15169 (GOOGLE) (GOOGLE)
1	3.217.188.123 3.217.188.123	14618 (AMAZON-AES) (AMAZON-AES)
3	2600:9000:21d... 2600:9000:21dd:9400:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
15	52.41.89.5 52.41.89.5	16509 (AMAZON-02) (AMAZON-02)
1	2607:f8b0:400... 2607:f8b0:4006:821::200a	15169 (GOOGLE) (GOOGLE)
1 2	23.52.164.7 23.52.164.7	16625 (AKAMAI-AS) (AKAMAI-AS)
2	172.253.62.154 172.253.62.154	15169 (GOOGLE) (GOOGLE)
6	2607:f8b0:400... 2607:f8b0:4006:808::2001	15169 (GOOGLE) (GOOGLE)
3 4	192.35.249.127 192.35.249.127	11742 (SPOTX-IAD) (SPOTX-IAD)
1 2	209.54.180.144 209.54.180.144	16509 (AMAZON-02) (AMAZON-02)
1 2	142.251.40.102 142.251.40.102	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:824::200a	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:808::200a	15169 (GOOGLE) (GOOGLE)
4	2607:f8b0:400... 2607:f8b0:4006:824::2003	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4005:80c::2003	15169 (GOOGLE) (GOOGLE)
1 1	2607:f8b0:400... 2607:f8b0:4006:80d::200e	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:401... 2607:f8b0:401e:29::b	15169 (GOOGLE) (GOOGLE)
333	64

63 147.203.62.4 (United States) 1 redirects

ASN6130 (AIS-WEST, US)

tmonews.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.tmonews.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 204.68.111.106 (San Diego, United States)

ASN6130 (AIS-WEST, US)

slashdot.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:4400::ac40:96e3 (United States)

ASN13335 (CLOUDFLARENET, US)

a.fsdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.210.128 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-210-128.ewr50.r.cloudfront.net

d3tglifpd8whs6.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 68.67.179.77 (Secaucus, United States) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 580.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.16.190.66 (None, )

ASN13335 (CLOUDFLARENET, US)

dmx.districtm.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2602:803:c002:200::62 (United States)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.92.190.68 (Charlotte, United States)

ASN29791 (VOXEL-DOT-NET, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ce.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 142.250.80.34 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s34-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f012:10c:face:b00c:0:3 (Secaucus, United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.52.162.201 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-52-162-201.deploy.static.akamaitechnologies.com

static.yieldmo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3031::ac43:9a6d (United States)

ASN13335 (CLOUDFLARENET, US)

load.instinctiveads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.215.130.80 (Secaucus, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-215-130-80.deploy.static.akamaitechnologies.com

ads.pro-market.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.139.128.11 (United States)

ASN20446 (STACKPATH-CDN, US)

s.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 34.111.234.236 (Kansas City, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 236.234.111.34.bc.googleusercontent.com

ml314.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 34.232.140.51 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-232-140-51.compute-1.amazonaws.com

tag.crsspxl.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.105.38.9 (United States)

ASN6130 (AIS-WEST, US)

analytics.tmonews.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 199.232.196.134 (United States)

ASN54113 (FASTLY, US)

tmonews.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1901:0:8eee:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

pbid.pro-market.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.201.67.47 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 47.67.201.35.bc.googleusercontent.com

t.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.91.160 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 160.91.190.35.bc.googleusercontent.com

p.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.59.101 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 101.59.190.35.bc.googleusercontent.com

r.skimresources.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1400:d:5a3::2b44 (New York, United States) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)

matchadsrvr.yieldmo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.223.40.198 (United States) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.199.75.209 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-199-75-209.compute-1.amazonaws.com

ads.yieldmo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.205.31.112 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-205-31-112.compute-1.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.190.60.146 (Kansas City, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 146.60.190.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.1.175.157 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-1-175-157.compute-1.amazonaws.com

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.230.62.22 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-230-62-22.compute-1.amazonaws.com

ps.eyeota.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f112:182:face:b00c:0:25de (Secaucus, United States)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 147.203.60.11 (United States)

ASN6130 (AIS-WEST, US)

a.tmonews.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81f::2002 (United States)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 2607:f8b0:4006:81d::2002 (United States)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2607:f8b0:4006:80f::2001 (United States)

ASN15169 (GOOGLE, US)

6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 3.91.171.156 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-91-171-156.compute-1.amazonaws.com

kinesis.us-east-1.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 142.250.65.162 (United States) 9 redirects

ASN15169 (GOOGLE, US)
PTR: lga25s71-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.200.232.249 (Monrovia, United States) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 107.178.254.65 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 65.254.178.107.bc.googleusercontent.com

pippio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.93.204.138 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-93-204-138.compute-1.amazonaws.com

usermatch.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.205.48.68 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-205-48-68.compute-1.amazonaws.com

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 23.3.124.133 (Secaucus, United States) 3 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-3-124-133.deploy.static.akamaitechnologies.com

tags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
e.dlx.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
x.dlx.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 76.13.32.147 (Lockport, United States) 1 redirects

ASN26101 (YAHOO-BF1, US)
PTR: spcms.pbp.vip.bf1.yahoo.com

cms.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.111.154 (None, )

ASN13335 (CLOUDFLARENET, US)

dmp.truoptik.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.244.159.8 (Kansas City, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.194.49 (United States) 1 redirects

ASN54113 (FASTLY, US)

rtd.tubemogul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.130.49 (United States) 1 redirects

ASN54113 (FASTLY, US)

rtd-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 2607:f8b0:4006:81f::2001 (United States)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2607:f8b0:4006:816::2004 (United States) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2607:f8b0:4006:821::2002 (United States)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:820::2002 (United States)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 23.52.162.21 (New York, United States) 3 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-52-162-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.200.35.154 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-200-35-154.compute-1.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 2607:f8b0:4006:807::2006 (United States)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.81.226 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s74-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.217.188.123 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-217-188-123.compute-1.amazonaws.com

p.tvpixel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:21dd:9400:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 52.41.89.5 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-41-89-5.us-west-2.compute.amazonaws.com

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:821::200a (United States)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.52.164.7 (New York, United States) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-52-164-7.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.253.62.154 (United States)

ASN15169 (GOOGLE, US)
PTR: bc-in-f154.1e100.net

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2607:f8b0:4006:808::2001 (United States)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 192.35.249.127 (Ashburn, United States) 3 redirects

ASN11742 (SPOTX-IAD, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 209.54.180.144 (Ashburn, United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.40.102 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: lga25s79-in-f6.1e100.net

9200789.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:824::200a (United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:808::200a (United States)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:824::2003 (United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4005:80c::2003 (United States)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:80d::200e (United States) 1 redirects

ASN15169 (GOOGLE, US)

gcdn.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:401e:29::b (United States)

ASN15169 (GOOGLE, US)

r5---sn-ab5l6nzr.c.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
70	tmonews.com 1 redirects tmonews.com — Cisco Umbrella Rank: 942415 www.tmonews.com analytics.tmonews.com a.tmonews.com	4 MB
63	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 98 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 128	442 KB
43	doubleclick.net 10 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 193 cm.g.doubleclick.net — Cisco Umbrella Rank: 211 googleads.g.doubleclick.net — Cisco Umbrella Rank: 40 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 293 bid.g.doubleclick.net — Cisco Umbrella Rank: 500 9200789.fls.doubleclick.net — Cisco Umbrella Rank: 27432	347 KB
35	2mdn.net 1 redirects s0.2mdn.net — Cisco Umbrella Rank: 262 gcdn.2mdn.net — Cisco Umbrella Rank: 1008 r5---sn-ab5l6nzr.c.2mdn.net — Cisco Umbrella Rank: 49539	3 MB
22	adsafeprotected.com 2 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 780 static.adsafeprotected.com — Cisco Umbrella Rank: 565 dt.adsafeprotected.com — Cisco Umbrella Rank: 517	194 KB
9	google.com 1 redirects adservice.google.com — Cisco Umbrella Rank: 77 www.google.com — Cisco Umbrella Rank: 4	2 KB
9	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 248	10 KB
8	crsspxl.com tag.crsspxl.com — Cisco Umbrella Rank: 4577	4 KB
8	ml314.com 3 redirects ml314.com — Cisco Umbrella Rank: 1582	34 KB
7	skimresources.com s.skimresources.com — Cisco Umbrella Rank: 2989 t.skimresources.com — Cisco Umbrella Rank: 3002 p.skimresources.com — Cisco Umbrella Rank: 4088 r.skimresources.com — Cisco Umbrella Rank: 2852	20 KB
6	gstatic.com fonts.gstatic.com csi.gstatic.com	72 KB
6	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 343	120 KB
6	amazonaws.com kinesis.us-east-1.amazonaws.com — Cisco Umbrella Rank: 1248	2 KB
6	districtm.io dmx.districtm.io — Cisco Umbrella Rank: 1674	524 B
5	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 282 fonts.googleapis.com — Cisco Umbrella Rank: 46 imasdk.googleapis.com — Cisco Umbrella Rank: 417	156 KB
5	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 575	4 KB
4	spotxchange.com 3 redirects sync.search.spotxchange.com — Cisco Umbrella Rank: 531	2 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 176	145 KB
4	openx.net 3 redirects u.openx.net — Cisco Umbrella Rank: 709 us-u.openx.net — Cisco Umbrella Rank: 411	725 B
4	adsrvr.org 3 redirects match.adsrvr.org — Cisco Umbrella Rank: 355	2 KB
4	yieldmo.com 1 redirects static.yieldmo.com — Cisco Umbrella Rank: 2181 matchadsrvr.yieldmo.com — Cisco Umbrella Rank: 2520 ads.yieldmo.com — Cisco Umbrella Rank: 614	108 KB
3	addthis.com 2 redirects e.dlx.addthis.com — Cisco Umbrella Rank: 1696 x.dlx.addthis.com — Cisco Umbrella Rank: 1140	2 KB
3	bluekai.com 1 redirects tags.bluekai.com — Cisco Umbrella Rank: 453 stags.bluekai.com — Cisco Umbrella Rank: 481	2 KB
3	eyeota.net 2 redirects ps.eyeota.net — Cisco Umbrella Rank: 960	2 KB
3	crwdcntrl.net 2 redirects sync.crwdcntrl.net — Cisco Umbrella Rank: 662	1 KB
3	rlcdn.com 3 redirects idsync.rlcdn.com — Cisco Umbrella Rank: 327	508 B
3	demdex.net 1 redirects dpm.demdex.net — Cisco Umbrella Rank: 216	3 KB
3	disqus.com tmonews.disqus.com	4 KB
3	pro-market.net ads.pro-market.net — Cisco Umbrella Rank: 59336 pbid.pro-market.net — Cisco Umbrella Rank: 6551	11 KB
3	lijit.com ap.lijit.com — Cisco Umbrella Rank: 607 ce.lijit.com — Cisco Umbrella Rank: 930	2 KB
3	rubiconproject.com fastlane.rubiconproject.com — Cisco Umbrella Rank: 458	13 KB
2	amazon-adsystem.com 1 redirects s.amazon-adsystem.com — Cisco Umbrella Rank: 281	2 KB
2	teads.tv 1 redirects sync.teads.tv — Cisco Umbrella Rank: 1031	638 B
2	everesttech.net 1 redirects rtd-tm.everesttech.net — Cisco Umbrella Rank: 2431	580 B
2	krxd.net 1 redirects usermatch.krxd.net — Cisco Umbrella Rank: 1217 beacon.krxd.net — Cisco Umbrella Rank: 440	507 B
2	pippio.com 2 redirects pippio.com — Cisco Umbrella Rank: 732	857 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 138	83 KB
2	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 682	70 KB
2	fsdn.com a.fsdn.com — Cisco Umbrella Rank: 73381	9 KB
1	tvpixel.com p.tvpixel.com — Cisco Umbrella Rank: 1412	380 B
1	tubemogul.com 1 redirects rtd.tubemogul.com — Cisco Umbrella Rank: 6536	214 B
1	truoptik.com dmp.truoptik.com — Cisco Umbrella Rank: 2170	543 B
1	yahoo.com 1 redirects cms.analytics.yahoo.com — Cisco Umbrella Rank: 883	828 B
1	mathtag.com 1 redirects sync.mathtag.com — Cisco Umbrella Rank: 445	630 B
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 100
1	instinctiveads.com load.instinctiveads.com — Cisco Umbrella Rank: 14934	627 B
1	cloudfront.net d3tglifpd8whs6.cloudfront.net d3ezl4ajpp2zy8.cloudfront.net Failed	72 KB
1	slashdot.org slashdot.org — Cisco Umbrella Rank: 61797	183 B
0	tremorhub.com Failed partners.tremorhub.com Failed
0	disquscdn.com Failed disquscdn.com Failed
333	50

	Domain	Requested by
62	www.tmonews.com	www.tmonews.com
32	s0.2mdn.net	www.tmonews.com s0.2mdn.net 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
29	pagead2.googlesyndication.com	www.tmonews.com securepubads.g.doubleclick.net tpc.googlesyndication.com 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com googleads.g.doubleclick.net fw.adsafeprotected.com s0.2mdn.net www.googletagservices.com
27	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com googleads.g.doubleclick.net s0.2mdn.net imasdk.googleapis.com
15	dt.adsafeprotected.com	6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
13	cm.g.doubleclick.net	9 redirects googleads.g.doubleclick.net
13	securepubads.g.doubleclick.net	d3tglifpd8whs6.cloudfront.net securepubads.g.doubleclick.net 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com www.tmonews.com www.googletagservices.com
9	ib.adnxs.com	2 redirects d3tglifpd8whs6.cloudfront.net googleads.g.doubleclick.net
8	www.google.com	1 redirects tpc.googlesyndication.com 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
8	tag.crsspxl.com	www.tmonews.com tag.crsspxl.com
8	ml314.com	3 redirects www.tmonews.com ml314.com
7	googleads.g.doubleclick.net	6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com www.tmonews.com
7	6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
6	cdn.ampproject.org	securepubads.g.doubleclick.net 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
6	googleads4.g.doubleclick.net	www.tmonews.com
6	kinesis.us-east-1.amazonaws.com	static.yieldmo.com
6	dmx.districtm.io	d3tglifpd8whs6.cloudfront.net
5	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
5	a.tmonews.com	www.tmonews.com
4	fonts.gstatic.com	fonts.googleapis.com
4	sync.search.spotxchange.com	3 redirects googleads.g.doubleclick.net
4	fw.adsafeprotected.com	2 redirects www.tmonews.com 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
4	www.googletagservices.com	6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
4	match.adsrvr.org	3 redirects www.tmonews.com
3	static.adsafeprotected.com	6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
3	ps.eyeota.net	2 redirects www.tmonews.com
3	sync.crwdcntrl.net	2 redirects tag.crsspxl.com
3	idsync.rlcdn.com	3 redirects
3	dpm.demdex.net	1 redirects www.tmonews.com tag.crsspxl.com
3	t.skimresources.com	www.tmonews.com s.skimresources.com
3	tmonews.disqus.com	www.tmonews.com tmonews.disqus.com
3	fastlane.rubiconproject.com	d3tglifpd8whs6.cloudfront.net
2	r5---sn-ab5l6nzr.c.2mdn.net
2	csi.gstatic.com	imasdk.googleapis.com
2	imasdk.googleapis.com	6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
2	fonts.googleapis.com	s0.2mdn.net 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
2	9200789.fls.doubleclick.net	1 redirects 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
2	s.amazon-adsystem.com	1 redirects 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
2	bid.g.doubleclick.net	6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com imasdk.googleapis.com
2	sync.teads.tv	1 redirects googleads.g.doubleclick.net
2	us-u.openx.net	1 redirects googleads.g.doubleclick.net
2	rtd-tm.everesttech.net	1 redirects tag.crsspxl.com
2	stags.bluekai.com	1 redirects 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
2	e.dlx.addthis.com	2 redirects
2	u.openx.net	2 redirects
2	pippio.com	2 redirects
2	ads.yieldmo.com	static.yieldmo.com
2	p.skimresources.com	www.tmonews.com
2	analytics.tmonews.com	www.tmonews.com
2	ads.pro-market.net	a.fsdn.com pbid.pro-market.net
2	connect.facebook.net	www.tmonews.com connect.facebook.net
2	ap.lijit.com	d3tglifpd8whs6.cloudfront.net
2	maxcdn.bootstrapcdn.com	www.tmonews.com maxcdn.bootstrapcdn.com
2	a.fsdn.com	www.tmonews.com
1	gcdn.2mdn.net	1 redirects
1	ajax.googleapis.com	s0.2mdn.net
1	p.tvpixel.com	6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
1	rtd.tubemogul.com	1 redirects
1	x.dlx.addthis.com	tag.crsspxl.com
1	ce.lijit.com	tag.crsspxl.com
1	dmp.truoptik.com	tag.crsspxl.com
1	cms.analytics.yahoo.com	1 redirects
1	tags.bluekai.com	tag.crsspxl.com
1	beacon.krxd.net	tag.crsspxl.com
1	usermatch.krxd.net	1 redirects
1	sync.mathtag.com	1 redirects
1	adservice.google.com	securepubads.g.doubleclick.net
1	www.facebook.com	connect.facebook.net
1	matchadsrvr.yieldmo.com	1 redirects
1	r.skimresources.com	s.skimresources.com
1	pbid.pro-market.net	ads.pro-market.net
1	s.skimresources.com	a.fsdn.com
1	load.instinctiveads.com	a.fsdn.com
1	static.yieldmo.com	www.tmonews.com
1	d3tglifpd8whs6.cloudfront.net	www.tmonews.com
1	slashdot.org	www.tmonews.com
1	tmonews.com	1 redirects
0	partners.tremorhub.com Failed	googleads.g.doubleclick.net
0	d3ezl4ajpp2zy8.cloudfront.net Failed	www.tmonews.com
0	disquscdn.com Failed	www.tmonews.com
333	80

This site contains links to these domains. Also see Links.

Domain
twitter.com
bestmvno.com
tmo.report
a.tmonews.com
slashdotmedia.com
www.facebook.com
www.twitter.com
www.youtube.com

Subject Issuer	Validity	Valid
tmonews.com R3	`2022-04-14` - `2022-07-13`	3 months	crt.sh
slashdot.org R3	`2022-02-20` - `2022-05-21`	3 months	crt.sh
fsdn.com Cloudflare Inc ECC CA-3	`2022-03-24` - `2022-06-21`	3 months	crt.sh
*.cloudfront.net Amazon	`2022-02-01` - `2023-01-31`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-01-29` - `2023-01-29`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
districtm.io Cloudflare Inc ECC CA-3	`2021-06-02` - `2022-06-01`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-08` - `2023-04-04`	a year	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2022-03-11` - `2023-04-12`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-01-22` - `2022-04-22`	3 months	crt.sh
*.yieldmo.com DigiCert SHA2 Secure Server CA	`2021-07-02` - `2022-07-07`	a year	crt.sh
load.instinctiveads.com Cloudflare Inc ECC CA-3	`2022-03-25` - `2023-03-25`	a year	crt.sh
ads.pro-market.net R3	`2022-04-13` - `2022-07-12`	3 months	crt.sh
*.skimresources.com DigiCert SHA2 Secure Server CA	`2021-09-27` - `2022-10-28`	a year	crt.sh
*.ml314.com GoGetSSL RSA DV CA	`2022-03-29` - `2023-03-29`	a year	crt.sh
tag.crsspxl.com DigiCert TLS RSA SHA256 2020 CA1	`2021-11-29` - `2022-12-01`	a year	crt.sh
analytics.slashdotmedia.com R3	`2022-02-24` - `2022-05-25`	3 months	crt.sh
*.disqus.com DigiCert SHA2 Secure Server CA	`2020-04-20` - `2022-05-09`	2 years	crt.sh
*.pro-market.net Gandi Standard SSL CA 2	`2020-07-22` - `2022-08-20`	2 years	crt.sh
ads.voipreview.org R3	`2022-03-23` - `2022-06-21`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
kinesis.us-east-1.amazonaws.com Amazon	`2021-12-29` - `2022-12-08`	a year	crt.sh
odc-pixel-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2022-02-26` - `2023-03-01`	a year	crt.sh
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2021-10-19` - `2022-11-19`	a year	crt.sh
*.truoptik.com Entrust Certification Authority - L1K	`2021-10-22` - `2022-10-22`	a year	crt.sh
*.crwdcntrl.net Go Daddy Secure Certificate Authority - G2	`2021-04-29` - `2022-05-31`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
fw.adsafeprotected.com Amazon	`2021-08-11` - `2022-09-09`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
*.tvpixel.com Amazon	`2021-12-15` - `2023-01-12`	a year	crt.sh
static.adsafeprotected.com Amazon	`2021-09-05` - `2022-10-04`	a year	crt.sh
dt.adsafeprotected.com Amazon	`2021-11-19` - `2022-12-18`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2022-03-28` - `2022-06-20`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
*.c.docs.google.com GTS CA 1C3	`2022-04-05` - `2022-06-14`	2 months	crt.sh

This page contains 27 frames:

Primary Page: https://www.tmonews.com/
Frame ID: 62F6B82A85CCDF904F953146065673BE
Requests: 140 HTTP requests in this frame

Frame: https://pbid.pro-market.net/engine?site=139274;size=1x1;e=0;dt=0;category=uuffvwb;kw=u-dgsi4m%20hkao0%2C%206h7vnk%20aol%20fvwb;rnd=(1650033876097)
Frame ID: 59E0C0FCB53D2D1EE1372FE678EE0451
Requests: 2 HTTP requests in this frame

Frame: https://t.skimresources.com/api/v2/robots.txt?__skimjs_preflight__please_ignore__=true&rnd=0.8729345998594382
Frame ID: B389A6DF0754BAD9E4FE1071F63A4B3A
Requests: 1 HTTP requests in this frame

Frame: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: FEE7F09B01A672645B54452BEB81015D
Requests: 1 HTTP requests in this frame

Frame: https://tag.crsspxl.com/s2.html?d=43&t=TmoNews%20-%20Unofficial%20T-Mobile%20Blog%2C%20News%2C%20Videos%2C%20Articles%20and%20more&u=https%3A%2F%2Fwww.tmonews.com%2F&b2=%20OnePlus%2010%20Pro%205G%20is%20now%20available%20at%20T-Mobile%20T-Mobile%3A%20Hosting%20Q1%202022%20Earnings%20Call%20on%20April%2027th%20Report%20suggests%20T-Mobile%20tried%20to%20buy%20back%20hacked%20customer%20info%20Check%20out%20this%20%2440%20unlimited%20plan%20offer%20from%20Metro%20by%20T-Mobile%20T-Mobile%20has%20a%20new%20Google%20One%20membership%20option%20T-Mobile%20customers%20are%20target%20of%20new%20spam%20message%20T-Mobile%20will%20be%20giving%20away%20free%20thermal%20lunch%20tote%20soon%20T-Mobile%20migrating%20customers%20to%20new%20JUMP!!%202.0%20program%20T-Mobile%20names%2020%20finalists%20of%20T-Challenge%20You%20now%20have%20a%20chance%20to%20enroll%20your%20device%20to%20Protection%20360%20T-Mobile%20Prepaid%20is%20giving%20away%20free%20OnePlus%20Nord%20N200%205G%20to%20eligible%203G%20trade-ins%20T-Mobile%20celebrates%202nd%20anniversary%20of%20its%20merger%20with%20Sprint%20%20%20%20%20%20%20
Frame ID: 6A82C4530B5B7C9F4170EE6FF9D328D3
Requests: 15 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 65C15A7F6DB4CF531870844E29A15174
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: C658E9A3C70474769BC2067DE4322F49
Requests: 2 HTTP requests in this frame

Frame: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: B6B91018963A4CCF3E31D57CCDC4F709
Requests: 28 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIGpfRDM07aKAxi57b6-ATAB&v=APEucNVyDg1IewQBcuzDDQqZRBfg_t0O5iV8dNU0aEmMS61el8o71fsQlZro0_ShTe3UrbhmoOdHT-bszuEE8BT_PXjIkldwYA
Frame ID: 1A7BD39827C574B28071540CCBCCF5EA
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 4E2A325D23FE7A9A30F1F255D40259A3
Requests: 3 HTTP requests in this frame

Frame: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: DB3B813A60533A6D353CE1B1A79E272E
Requests: 22 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/17727687641421316096/hrb_ct_diy_filefreeonline_html_10_728x90_v1_na_img/hrb_ct_diy_filefreeonline_html_10_728x90_v1_na_img.html
Frame ID: 1C4BF6D70C5F9B32DC4FC4580FEB6B5A
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CICj_QEQvsn-ARj3rrq9ATAB&v=APEucNVEHDb33GjUm5Dht0eLwm1OQRTlwD3EHmFxZ2xesxLKIzkjClR97HlGQJegnMDXadgQjZ33cHMUgtoqkTYsm7A7TDxuew
Frame ID: AF980667733CD26E668CFBDA29DA4E8D
Requests: 5 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.5.12.js
Frame ID: E744A0EA9C9C90E20A66F64AB79FFECF
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.5.12.js
Frame ID: 274B2386E55D8F0929EB53057071815E
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 5D58BAD68D24F5A3CAEE25590C790914
Requests: 3 HTTP requests in this frame

Frame: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 0BF687E7B6600AA0D9667D3D1A68C600
Requests: 14 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/11665302330420713410/index.html?e=69&leftOffset=0&topOffset=0&c=XdPyXESuOd&t=1&renderingType=2
Frame ID: 22383715A24DCB88B422DE37855B0E73
Requests: 14 HTTP requests in this frame

Frame: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: BC0EA6AEE5B4072F9952A4B1B807743E
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMPv6gEQ-tTwARi58J3DATAB&v=APEucNVqe_P3StxWrs9nOPxQOOVk3kiT48Iik2E8JWdGQLLOmWnwNzzNjjmIlpue4mxj0Uo3mxTnUJIEA03scTCbpiPrva5B0A
Frame ID: BF3129212FB50E9D15708B837CB223EB
Requests: 4 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/10099019064060487289/index.html?e=69&leftOffset=0&topOffset=0&c=1dPRyatCxl&t=1&renderingType=2
Frame ID: D9FD1F5EF3FE7DAE552A689D4B19DFFA
Requests: 17 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/k-Lxrj_3cR5KhrMTVpzAVOH1CgwXrUvkekFpn42ZeoQ.js
Frame ID: 2906774F1AB2AB0E0B927B97EDC34EB5
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 9EA050E86C611FC2BF97CA52EE7E7516
Requests: 3 HTTP requests in this frame

Frame: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: AC688A1E71BD9FDBA6C2796227E8B7BC
Requests: 18 HTTP requests in this frame

Frame: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 6026C7FACD9C1E9857595B4AA5D04E31
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/k-Lxrj_3cR5KhrMTVpzAVOH1CgwXrUvkekFpn42ZeoQ.js
Frame ID: C1221C91D60B177DEB289DD3834AD321
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html
Frame ID: 1BB2A295633B1D111DA835FF42FCE1D1
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

TmoNews - Unofficial T-Mobile Blog, News, Videos, Articles and more

Page URL History Show full URLs

http://tmonews.com/ HTTP 301
https://www.tmonews.com/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
<link[^>]+s\d+\.wp\.com
/wp-(?:content|includes)/
wp-embed\.min\.js\?ver=([\d.]+)

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Cross Pixel (Analytics) Expand

Overall confidence: 100%
Detected patterns

tag\.crsspxl\.com/s1\.js

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Matomo Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

piwik\.js|piwik\.php

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery-ui.*\.js

prettyPhoto (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

(?:<link [^>]*href="[^"]*prettyPhoto(?:\.min)?\.css|<a [^>]*rel="prettyPhoto)
jquery\.prettyPhoto\.js

Page Statistics

333
Requests

90 %
HTTPS

35 %
IPv6

50
Domains

80
Subdomains

64
IPs

2
Countries

8647 kB
Transfer

13962 kB
Size

76
Cookies

14 Outgoing links

These are links going to different origins than the main page.

URL: https://twitter.com/tracfoneguy
Title: @tracfoneguy

Search URL Search Domain Scan URL

URL: https://bestmvno.com/t-mobile/t-mobile-customers-report-receiving-spam-messages-similar-to-verizon/
Title: BestMVNO

Search URL Search Domain Scan URL

URL: https://tmo.report/2022/04/free-thermal-tote-bags-coming-soon-to-t-mobile-tuesdays/
Title: The T-Mo Report

Search URL Search Domain Scan URL

URL: https://tmo.report/2022/04/t-mobile-to-offer-open-enrollment-for-protection-360-device-insurance/
Title: The T-Mo Report

Search URL Search Domain Scan URL

URL: https://a.tmonews.com/www/delivery/ck.php?oaparams=2__bannerid=22056__zoneid=5593__cb=b935090d4f__oadest=https%3A%2F%2Fvoipo.com%2Fvoipreview.php

Search URL Search Domain Scan URL

URL: https://a.tmonews.com/www/delivery/ck.php?oaparams=2__bannerid=23044__zoneid=5597__cb=9bc2259310__oadest=https%3A%2F%2Fwww.axvoice.com%2Funlimited-promo.php

Search URL Search Domain Scan URL

URL: https://a.tmonews.com/www/delivery/ck.php?oaparams=2__bannerid=22973__zoneid=19036__cb=7baa03345c__oadest=%2Fhttps%3A%2F%2F

Search URL Search Domain Scan URL

URL: https://slashdotmedia.com/advertising-and-marketing-services/
Title: About us

Search URL Search Domain Scan URL

URL: https://slashdotmedia.com/terms-of-use/
Title: Terms of Use

Search URL Search Domain Scan URL

URL: https://slashdotmedia.com/privacy-statement/
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: http://slashdotmedia.com/opt-out-choices
Title: Opt Out

Search URL Search Domain Scan URL

URL: http://www.facebook.com/tmonews

Search URL Search Domain Scan URL

URL: http://www.twitter.com/tmonews

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCsW36751Gy-EAbHQwe9WBNw

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://tmonews.com/ HTTP 301
https://www.tmonews.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 103

https://matchadsrvr.yieldmo.com/track/rid?ttd_pid=yieldmo&fmt=json HTTP 302
https://match.adsrvr.org/track/rid?ttd_pid=yieldmo&fmt=json

Request Chain 105

https://dpm.demdex.net/ibs:dpid=22052&dpuuid=3626527436432211975&redir= HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=22052&dpuuid=3626527436432211975&redir=

Request Chain 106

https://idsync.rlcdn.com/395886.gif?partner_uid=3626527436432211975 HTTP 307
https://idsync.rlcdn.com/1000.gif?memo=CO6UGBIeChoIARCuXxoTMzYyNjUyNzQzNjQzMjIxMTk3NRAAGg0I1InmkgYSBQjoBxAAQgBKAA HTTP 307
https://ml314.com/csync.ashx?fp=66d87356ce7144c60ea74a4389146dc7c191f1353b8976cf83651c29daeaf9b6f4cb09cee1a4f8eb&person_id=3626527436432211975&eid=50082

Request Chain 107

https://match.adsrvr.org/track/cmf/generic?ttd_pid=d0tro1j&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=d0tro1j&ttd_tpi=1 HTTP 302
https://ml314.com/utsync.ashx?eid=53819&et=0&fp=e3a32df7-082c-4f28-a4a9-54fe7e4ab411&gdpr=0&gdpr_consent= HTTP 302
https://ml314.com/csync.ashx?fp=e3a32df7-082c-4f28-a4a9-54fe7e4ab411&person_id=3626527436432211975&eid=53819

Request Chain 108

https://sync.crwdcntrl.net/map/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D3626527436432211975 HTTP 302
https://sync.crwdcntrl.net/map/ct=y/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D3626527436432211975 HTTP 302
https://ml314.com/csync.ashx?fp=4259660a8fe22f80cfec912d4c683dd4&eid=50146&person_id=3626527436432211975

Request Chain 109

https://ps.eyeota.net/pixel?pid=r8hrb20&t=gif HTTP 302
https://ps.eyeota.net/pixel/bounce/?pid=r8hrb20&t=gif HTTP 302
https://ml314.com/utsync.ashx?eid=50052&et=0&fp=25EqPmsYOJndpr2JaQiRNukgKqT8Pa5yvMpnwuDfsDMc&gdpr=0&gdpr_consent=&return=https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fbid%3Dr8hrb20%26uid%3Dnil%26referrer_pid%3Dr8hrb20 HTTP 302
https://ml314.com/csync.ashx?fp=25EqPmsYOJndpr2JaQiRNukgKqT8Pa5yvMpnwuDfsDMc&person_id=3626527436432211975&eid=50052&return=https%3a%2f%2fps.eyeota.net%2fmatch%3fbid%3dr8hrb20%26uid%3dnil%26referrer_pid%3dr8hrb20 HTTP 302
https://ps.eyeota.net/match?bid=r8hrb20&uid=nil&referrer_pid=r8hrb20

Request Chain 144

https://cm.g.doubleclick.net/pixel?google_nid=CPX12&google_cm&google_hm=NzEzMzU3NTk4NzMzODQzNjI1Ng== HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=CPX12&google_cm=&google_hm=NzEzMzU3NTk4NzMzODQzNjI1Ng==&google_tc= HTTP 302
https://tag.crsspxl.com/m.gif?id=&google_gid=CAESEKyESPbC5cqTA7z-Crb-L88&google_cver=1

Request Chain 145

https://sync.mathtag.com/sync/img?mt_exid=10012&redir=https://tag.crsspxl.com/m.gif?mmid=[MM_UUID] HTTP 302
https://tag.crsspxl.com/m.gif?mmid=5ba46259-84d5-4a00-9c03-de520c0dab91

Request Chain 146

https://match.adsrvr.org/track/cmf/generic?ttd_pid=crosspixel&ttd_tpi=1 HTTP 302
https://tag.crsspxl.com/m.gif?tdid=e3a32df7-082c-4f28-a4a9-54fe7e4ab411

Request Chain 147

https://ib.adnxs.com/getuid?https://tag.crsspxl.com/m.gif?anid=$UID HTTP 302
https://tag.crsspxl.com/m.gif?anid=2912129428627624359

Request Chain 148

https://idsync.rlcdn.com/366518.gif?partner_uid=7133575987338436256 HTTP 307
https://pippio.com/api/sync?pid=5324&it=1&iv=9dac119db7282338ade444c380bf182df2216b6e54113ee1ec47e175e7de3924791426b5417dce21&_=2 HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CMwpElsKVwgBEJInGlA5ZGFjMTE5ZGI3MjgyMzM4YWRlNDQ0YzM4MGJmMTgyZGYyMjE2YjZlNTQxMTNlZTFlYzQ3ZTE3NWU3ZGUzOTI0NzkxNDI2YjU0MTdkY2UyMRAAGgwI1InmkgYSBAgCEABCAEoA HTTP 302
https://pippio.com/api/sync/ddp?pid=2&m=CMwpElsKVwgBEJInGlA5ZGFjMTE5ZGI3MjgyMzM4YWRlNDQ0YzM4MGJmMTgyZGYyMjE2YjZlNTQxMTNlZTFlYzQ3ZTE3NWU3ZGUzOTI0NzkxNDI2YjU0MTdkY2UyMRAAGgwI1InmkgYSBAgCEABCAEoA&google_error=3 HTTP 307
https://usermatch.krxd.net/um/v2?partner=liveramp_identity HTTP 302
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=liveramp_identity

Request Chain 150

https://cms.analytics.yahoo.com/cms?partner_id=CROEL HTTP 302
https://tag.crsspxl.com/m.gif?yahoo_id=y-6d3p2DpE2pN1qzIyds7M5VIdvBpAAD7qs_U-~A

Request Chain 155

https://u.openx.net/w/1.0/cm?id=d3d03dbd-5946-4cba-8d30-3c0226699028&r=https%3A%2F%2Ftag.crsspxl.com%2Fm.gif%3Foxid%3D HTTP 302
https://u.openx.net/w/1.0/cm?cc=1&id=d3d03dbd-5946-4cba-8d30-3c0226699028&r=https%3A%2F%2Ftag.crsspxl.com%2Fm.gif%3Foxid%3D HTTP 302
https://tag.crsspxl.com/m.gif?oxid=a4bf8a18-c506-40e5-9f5d-d6946179992c

Request Chain 156

https://e.dlx.addthis.com/e/a-1625/s-3300?cb=1650033876769 HTTP 302
https://e.dlx.addthis.com/e/a-1625/s-3300?cb=1650033876769&rd=Y HTTP 302
https://stags.bluekai.com/site/1407?partner=1&uhint=na_id=2022041514443700014404711807&redir=https%3A%2F%2Fx.dlx.addthis.com%2Fe%2Fbk_sync.xgi%3Fna_exid%3D%24_BK_UUID HTTP 302
https://x.dlx.addthis.com/e/bk_sync.xgi?na_exid=tSUY1CPY99YgQPki

Request Chain 157

https://rtd.tubemogul.com/upi/?sid=y6Q0bLoY9W90bLo82l0X HTTP 302
https://rtd-tm.everesttech.net/upi/?sid=y6Q0bLoY9W90bLo82l0X HTTP 302
https://rtd-tm.everesttech.net/ct/upi/?sid=y6Q0bLoY9W90bLo82l0X&_test=YlmE1AAAUCjzhwBj

Request Chain 172

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHxDKpLBmJjpaqQpfQKkMZQ&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHxDKpLBmJjpaqQpfQKkMZQ&google_cver=1&C=1

Request Chain 173

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YlmE1bXezUAGPlrrX3or9wAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHxDKpLBmJjpaqQpfQKkMZQ&google_cver=1

Request Chain 174

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEPI_obqv2AXHDdyil0eG3yU&google_cver=1

Request Chain 175

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjkxMjEyOTQyODYyNzYyNDM1OQ%3D%3D

Request Chain 197

https://fw.adsafeprotected.com/rfw/st/904480/59616668/4.js?adContainerId=brand_safety_1YRZYt7GH9Lq_gSDoqHYBQ&cbFunctionName=goog_wrapCb_1YRZYt7GH9Lq_gSDoqHYBQ&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_728x90.js&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Fwww.tmonews.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:8db5d41d-9d34-efff-6d47-04c255b5f0d4,c:9RHmZE,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-764c94599f-4gqpg,rg:va,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,br:c,abv:na,an:n,oam:0,nbld:0,mtim:3,fm:t35jZLm+11%7C12%7C13%7C14%7C15%7C16*.904480-59616668%7C161%7C162%7C163%7C171,idMap:16*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:DIV,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:27,oid:92f5f176-bcca-11ec-839c-9673a7f18d84,v:19.8.299,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/4.js?adContainerId=brand_safety_1YRZYt7GH9Lq_gSDoqHYBQ&cbFunctionName=goog_wrapCb_1YRZYt7GH9Lq_gSDoqHYBQ&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_728x90.js

Request Chain 207

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESELTsWaW268d42fOMTEPOYBM&google_cver=1

Request Chain 208

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZWJjZWQyMGMtNDViZS0yM2E5LWNhNTAtM2JkM2VmMWIwNDMz

Request Chain 209

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEJhaOOKnifj-Bwxl2Na5lwc&google_cver=1

Request Chain 210

https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=ODg2NTFjNDUtMjFkMC00ZGM5LTgwMDMtNTYyMzZmZmMzZmYy

Request Chain 212

https://fw.adsafeprotected.com/rfw/bgd/903356/59200475/xbbe/creative/adj?p=APEucNW0z-JBUge5xHz3GGIHmS0V-C9EKAyMiXagdocLreQHvktvMQ4&d=CnkAoCZ_4LgmSQKKt4NDVlvN2srOFBRP2URc4T9DPws5o7pP89z-dgt9nHAyh_HYEDIoGtwRTVH_NnZ4pY9U7prGtjZTJoZZbCKNK-NFXEZVhWOYrKKIRvyEz7RvO21yF4G9FCiaOeWyC35hD_Bs23JtokGe2ud7j65NEpkSAKAmf-DSkFgblmk5Exh1gx_mRXyHeXMtX-1iFKFwlEOXtfHxsnSTohEALjOdXjB0b-xGs5-hzZ6nLbBSbHRu_FXz8EsR9rADfSDyrMtu4ibzJNhAQ7KWT7m71dOAer7NM4k-e95VEq-AumtGAIdkocTBz8jkFCXoJDbb1Cf8bbffJQG4jUx8G5ZzYluKlGkZkUYoFO5nAjnLu-P41TMrtLpyrh0gLhxvXXkLSsjOW1fOE-bPRkao5VUHHCN0_ztAP_uG4gI_t2JNR4vsG-9RPP-KMhcl50ew1mBr8jQ1tBn5hM2O7FJV-9X6pox-ThTvEi3W7AymxUqVn6JMP8C5Xrr5IbKMlOlatOl5Byq0gBe0RBLu4e4iTivAa9lfPESeuDrLTk4Sj2LkACsW2TDGzyZwpQkjTZf8Ye5uNgBiykj3mb4ps8B1OCj48mRIuCNo3sSws-mY5Q1zK9U2dhyI4782zbYBtmJQALafSkvUjCkz202mjmpL5rYkNqgRN84rlTRPMfu6rxsFB8WlCgf-VpTaAqjK43OlADDyvCZAuJIbRMe5-rSCJbo7DCnszhHAOb0pllvFDx63xha221kNq-9Pr0rcHHaQwwHq9QUR9CFEu3cNe-eL9LtxDiNjvADRfA5ct1UqO9GJBF0YYjWE0IRZiwTDgKUhzsNOXpMWy-KeXkzN5v3VFjPc0zNkcLSZkfYLLpCyBNpLHYOqHoeTZp-wJhpk3_d8NwEzgU3X6je-gkHClh6DJ0PQQ79JNrEas08reH2CA7tGejSwWI3hACCW7o2LOMdHK4vJZZcncpwA6nigaJ_SUQODU0O_CLpbnrk3B-c5vKI5dZpqTmRKYr4cmdvz1bwX_83aFJ8wEGEk4G45LwePtfte5ROKzl7yJewT06gl-lrHUAIBOQFr1eG1jsq2qkiTZXILEYI0fAb2EfMZiGpUjbKLS7rLjGz9j-V7t5Wn3kKLWSDaTkiQkOFioxEiAv0FzbR7Z7QKzZ0ynZtridCstJ_JfhkcmkMZaG-JDyczPDRX-jt0LHADJjAsJbkFtAvh8u7Y1LNBuLfP6MAnqEaSw7_EBPmcd_0mf9CFXBDZCVZ4g6muW6P2AO7d8ZSUp6aLHx0zj3aAjmbmQvXTAMEyWKrY_JIS4T5GWHvMkb9Ju5y0vE9z1vOi4bWeeRyYYo7ZPsF7UXLy5iMPgAR6ad1iJ5bWMUL7sNlR6seiHwKc8-6q2vOcybpwagKasbAErefmHUu327dJFWse9CanNEHrr5qem-S4ZSEQM-Xf2tYJeZLjUec4rvqi-E7DD3WY4z_paSM5Ha7OlzvAw34xMVHNT3VIedCnzsGyXFtawc0XmIcq4xu8Voa6kZwQAYphJw3DeKW_Kk0u-8nYrkmoOBRBDRRJjs5RquXwWplwGtusCC_WzNQ5oIkH9DtuaPMWe6o4pZ8NzjljBebSwwjc5UnTPlefKGD8iT8NR055JMEXI8lqyH0YRM17IOpgVuqPiSLEIdYm5nt97aJvnmjIAnbJzMT8vaDgHOoqzyDNf8qmpsSArq7cGZ2mfXZA8vJ9a1Qt6QY6pvooYCtzsgnWdzZRbq0dyRTY8XyAs76rZRQrPIB6ytlXpEPaWXzRlg5cbpwRUPjP0YzVU4ZjnJNhTvybSKIOEj9hINL1rZzKKiJEia3fZyHRbfPg9Vc0QbXXACHVFtAoCcjjglmH_G6j7n07FleYq6pfPBERH7JGEsRvuxJy5JjZm_xQro4L47WmkaSImiRUEJ3Rd8nJfVLLkPnE7rITTew0DDlMhVyxEnji0H-61awmMdOelon-oGo0PUfww_-7sdKgFl-XrYdftCMzNof3x4BiUW9-Ot2c91fOA6sI-GziOJWHnj26xbs-dhvlR1IgVzqsFnOOmwNFWVELR7tTDPh6pOQ1J0KZYNfjOXzwc-L7k0kRHDhDhjn-_45tbKAzCfP74vJxFq9dngAEy8gL7DXyseVnsuBCswMWdP7OplTQc-sFq31jiwbbA4Kqk4m3COMhMH4ct3WbqfqzJDxQQH3p9RFT7tYqQkvPWjxPpqI1MhFyyQK5b0SKnhzaX8iushowHNwZcLsd5bnaf1I5sNXv5rUbk8uEQHRkL_duiukfJOhtlpKq-lik_mYtc7O_pUsKbjdXUZYvcnCb3WADrWYG4g6x8On_r_TaE_slffwj6ghHHD5romh37lTUEg4BNNwD-Zi7jJstQ50fsnzmu1PBmPyQIwvPbtIw558ld4-bz41PNI9OaSoP8H4s7TyRJqyj52g7mGnfvu-qP0AtMFjtDAku6wnUJGRr2g248Yyn9pTNq6qDLzEjsxSSvEY57LGxke4XdISRn_Czv61vetskZGFFBZ3hd2xiZJFcRSLqRDL_m4sjuQv3HHXMezo3VgONDbLcKJ479r1-ksVlQbJwNzId8-pA-NOXnCvCOWm5TPYo7WLyBPCOwKaRVXXrEmofXhWVCRI8fM87dY38zE4c5zLtVMT0A4qNmvGkkeJNS4kgNKUo6wn9g7xn8u3dgJ0YcvurpzttthhVs38C99L4zeengvq2HD-Y9n6afk_yXU3YPuqUi1sC6yMYt8a7eRxeD5kC-QFgBtUrEFuKRjFxJkxvZ8SSyQBXcoAEnyGeLDhLMZpNdZxeuN5PNpLEhc7-YKGk51PvCSfDdAUNBY1ztuJv_6qBiFb2TF5gBWJyC3sqsyA-VKoxwE4SJupUh8QBTU_dKR80czNKwW7YrVWHdEXJ3MCs0P0za3hP9Jx-NrzupMuISEIeQp550n_ztRK3Go5vcpCKZLnDoBIIXejRALQqZbOwCxyEjc8wKKJxcjqKdhMznSUn82u3XJdzN5825R7iI67hNpZO1jrgaibZAZBOqieXdgBXSiNgafnqOb5POQMhIV3ULJnxsWGU_1wn2RBrmdEVoYVfdmidDaIMOvj0geq4YSDu4uwOYVGh-Q2LeaSEJN_hFotdCwHrgQEHKsYFntNpv7WJdcqPymbF85qXASaNzjz0cnxyipjwipzPvtwjeGan3_Ejf3hWAsxhXH5STbMoAbGrmDoVrdNgU48azT6fbGfO2N5jZ_ro2_E7In9aGVHjo7NpHxosCAASKORoXP1sFWyTlGOuoNepSCVtpERtLR0XHd_ucLbx1PdX-pPBSpxW_W1gAQ&adsafe_url=https%3A%2F%2Fwww.tmonews.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:84f9e117-e172-a8cd-a2e8-b32f8642bfbf,c:9RHn1O,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-764c94599f-fq5b2,rg:va,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.300.600,am:i,cc:NaN.NaN.300.600,piv:0,obst:0,th:0,reas:r,br:c,abv:na,an:n,oam:0,scm:publ1,nbld:0,mtim:4,fm:t35jZNu+11%7C12%7C13%7C14%7C15%7C161%7C1621%7C163%7C164%7C17*.903356-59200475%7C171,idMap:17*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:29,oid:9306934b-bcca-11ec-9949-ea5b69822f17,v:19.8.299,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNW0z-JBUge5xHz3GGIHmS0V-C9EKAyMiXagdocLreQHvktvMQ4&d=CnkAoCZ_4LgmSQKKt4NDVlvN2srOFBRP2URc4T9DPws5o7pP89z-dgt9nHAyh_HYEDIoGtwRTVH_NnZ4pY9U7prGtjZTJoZZbCKNK-NFXEZVhWOYrKKIRvyEz7RvO21yF4G9FCiaOeWyC35hD_Bs23JtokGe2ud7j65NEpkSAKAmf-DSkFgblmk5Exh1gx_mRXyHeXMtX-1iFKFwlEOXtfHxsnSTohEALjOdXjB0b-xGs5-hzZ6nLbBSbHRu_FXz8EsR9rADfSDyrMtu4ibzJNhAQ7KWT7m71dOAer7NM4k-e95VEq-AumtGAIdkocTBz8jkFCXoJDbb1Cf8bbffJQG4jUx8G5ZzYluKlGkZkUYoFO5nAjnLu-P41TMrtLpyrh0gLhxvXXkLSsjOW1fOE-bPRkao5VUHHCN0_ztAP_uG4gI_t2JNR4vsG-9RPP-KMhcl50ew1mBr8jQ1tBn5hM2O7FJV-9X6pox-ThTvEi3W7AymxUqVn6JMP8C5Xrr5IbKMlOlatOl5Byq0gBe0RBLu4e4iTivAa9lfPESeuDrLTk4Sj2LkACsW2TDGzyZwpQkjTZf8Ye5uNgBiykj3mb4ps8B1OCj48mRIuCNo3sSws-mY5Q1zK9U2dhyI4782zbYBtmJQALafSkvUjCkz202mjmpL5rYkNqgRN84rlTRPMfu6rxsFB8WlCgf-VpTaAqjK43OlADDyvCZAuJIbRMe5-rSCJbo7DCnszhHAOb0pllvFDx63xha221kNq-9Pr0rcHHaQwwHq9QUR9CFEu3cNe-eL9LtxDiNjvADRfA5ct1UqO9GJBF0YYjWE0IRZiwTDgKUhzsNOXpMWy-KeXkzN5v3VFjPc0zNkcLSZkfYLLpCyBNpLHYOqHoeTZp-wJhpk3_d8NwEzgU3X6je-gkHClh6DJ0PQQ79JNrEas08reH2CA7tGejSwWI3hACCW7o2LOMdHK4vJZZcncpwA6nigaJ_SUQODU0O_CLpbnrk3B-c5vKI5dZpqTmRKYr4cmdvz1bwX_83aFJ8wEGEk4G45LwePtfte5ROKzl7yJewT06gl-lrHUAIBOQFr1eG1jsq2qkiTZXILEYI0fAb2EfMZiGpUjbKLS7rLjGz9j-V7t5Wn3kKLWSDaTkiQkOFioxEiAv0FzbR7Z7QKzZ0ynZtridCstJ_JfhkcmkMZaG-JDyczPDRX-jt0LHADJjAsJbkFtAvh8u7Y1LNBuLfP6MAnqEaSw7_EBPmcd_0mf9CFXBDZCVZ4g6muW6P2AO7d8ZSUp6aLHx0zj3aAjmbmQvXTAMEyWKrY_JIS4T5GWHvMkb9Ju5y0vE9z1vOi4bWeeRyYYo7ZPsF7UXLy5iMPgAR6ad1iJ5bWMUL7sNlR6seiHwKc8-6q2vOcybpwagKasbAErefmHUu327dJFWse9CanNEHrr5qem-S4ZSEQM-Xf2tYJeZLjUec4rvqi-E7DD3WY4z_paSM5Ha7OlzvAw34xMVHNT3VIedCnzsGyXFtawc0XmIcq4xu8Voa6kZwQAYphJw3DeKW_Kk0u-8nYrkmoOBRBDRRJjs5RquXwWplwGtusCC_WzNQ5oIkH9DtuaPMWe6o4pZ8NzjljBebSwwjc5UnTPlefKGD8iT8NR055JMEXI8lqyH0YRM17IOpgVuqPiSLEIdYm5nt97aJvnmjIAnbJzMT8vaDgHOoqzyDNf8qmpsSArq7cGZ2mfXZA8vJ9a1Qt6QY6pvooYCtzsgnWdzZRbq0dyRTY8XyAs76rZRQrPIB6ytlXpEPaWXzRlg5cbpwRUPjP0YzVU4ZjnJNhTvybSKIOEj9hINL1rZzKKiJEia3fZyHRbfPg9Vc0QbXXACHVFtAoCcjjglmH_G6j7n07FleYq6pfPBERH7JGEsRvuxJy5JjZm_xQro4L47WmkaSImiRUEJ3Rd8nJfVLLkPnE7rITTew0DDlMhVyxEnji0H-61awmMdOelon-oGo0PUfww_-7sdKgFl-XrYdftCMzNof3x4BiUW9-Ot2c91fOA6sI-GziOJWHnj26xbs-dhvlR1IgVzqsFnOOmwNFWVELR7tTDPh6pOQ1J0KZYNfjOXzwc-L7k0kRHDhDhjn-_45tbKAzCfP74vJxFq9dngAEy8gL7DXyseVnsuBCswMWdP7OplTQc-sFq31jiwbbA4Kqk4m3COMhMH4ct3WbqfqzJDxQQH3p9RFT7tYqQkvPWjxPpqI1MhFyyQK5b0SKnhzaX8iushowHNwZcLsd5bnaf1I5sNXv5rUbk8uEQHRkL_duiukfJOhtlpKq-lik_mYtc7O_pUsKbjdXUZYvcnCb3WADrWYG4g6x8On_r_TaE_slffwj6ghHHD5romh37lTUEg4BNNwD-Zi7jJstQ50fsnzmu1PBmPyQIwvPbtIw558ld4-bz41PNI9OaSoP8H4s7TyRJqyj52g7mGnfvu-qP0AtMFjtDAku6wnUJGRr2g248Yyn9pTNq6qDLzEjsxSSvEY57LGxke4XdISRn_Czv61vetskZGFFBZ3hd2xiZJFcRSLqRDL_m4sjuQv3HHXMezo3VgONDbLcKJ479r1-ksVlQbJwNzId8-pA-NOXnCvCOWm5TPYo7WLyBPCOwKaRVXXrEmofXhWVCRI8fM87dY38zE4c5zLtVMT0A4qNmvGkkeJNS4kgNKUo6wn9g7xn8u3dgJ0YcvurpzttthhVs38C99L4zeengvq2HD-Y9n6afk_yXU3YPuqUi1sC6yMYt8a7eRxeD5kC-QFgBtUrEFuKRjFxJkxvZ8SSyQBXcoAEnyGeLDhLMZpNdZxeuN5PNpLEhc7-YKGk51PvCSfDdAUNBY1ztuJv_6qBiFb2TF5gBWJyC3sqsyA-VKoxwE4SJupUh8QBTU_dKR80czNKwW7YrVWHdEXJ3MCs0P0za3hP9Jx-NrzupMuISEIeQp550n_ztRK3Go5vcpCKZLnDoBIIXejRALQqZbOwCxyEjc8wKKJxcjqKdhMznSUn82u3XJdzN5825R7iI67hNpZO1jrgaibZAZBOqieXdgBXSiNgafnqOb5POQMhIV3ULJnxsWGU_1wn2RBrmdEVoYVfdmidDaIMOvj0geq4YSDu4uwOYVGh-Q2LeaSEJN_hFotdCwHrgQEHKsYFntNpv7WJdcqPymbF85qXASaNzjz0cnxyipjwipzPvtwjeGan3_Ejf3hWAsxhXH5STbMoAbGrmDoVrdNgU48azT6fbGfO2N5jZ_ro2_E7In9aGVHjo7NpHxosCAASKORoXP1sFWyTlGOuoNepSCVtpERtLR0XHd_ucLbx1PdX-pPBSpxW_W1gAQ

Request Chain 245

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 260

https://cm.g.doubleclick.net/pixel?google_nid=tremor_video_dbm&google_cm&google_dbm HTTP 302
https://partners.tremorhub.com/sync?UIGL=CAESEOPCRFiPRF-x5ip24zgOsfM&google_cver=1

Request Chain 261

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEBYvTr4NFSXr7j1vbUGqNCw&google_cver=1 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEBYvTr4NFSXr7j1vbUGqNCw&google_cver=1&__user_check__=1&sync_id=93a7784b-bcca-11ec-bab1-11b5c0880403

Request Chain 262

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_id=93a77061-bcca-11ec-895c-177accdd0403 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=OTNhNzcwMTItYmNjYS0xMWVjLTg5NWMtMTc3YWNjZGQwNDAz

Request Chain 279

https://s.amazon-adsystem.com/iui3?d=forester-did&ex-fargs=%3Fid%3D4efe50bd-6048-315d-918a-6058841c4806%26type%3D55%26m%3D1&ex-fch=416613&ex-src=https://www.unicefusa.org/&ex-hargs=v%3D1.0%3Bc%3D1726611500801%3Bp%3D4EFE50BD-6048-315D-918A-6058841C4806%27 HTTP 302
https://s.amazon-adsystem.com/iui3?d=forester-did&ex-fargs=%3Fid%3D4efe50bd-6048-315d-918a-6058841c4806%26type%3D55%26m%3D1&ex-fch=416613&ex-src=https://www.unicefusa.org/&ex-hargs=v%3D1.0%3Bc%3D1726611500801%3Bp%3D4EFE50BD-6048-315D-918A-6058841C4806%27&dcc=t

Request Chain 280

https://9200789.fls.doubleclick.net/activityi;src=9200789;type=count0;cat=delve00u;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1 HTTP 302
https://9200789.fls.doubleclick.net/activityi;dc_pre=CJy-2pmnlvcCFcynnwodiekNpQ;src=9200789;type=count0;cat=delve00u;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1

Request Chain 326

https://gcdn.2mdn.net/videoplayback/id/4e77313c01a7b4e3/itag/343/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3790237481/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/signature/A406EAB7FAF3D74E6B5EC229B678ABFA4B6D1DB9.5DB6D0CACF42F480F8DB936DCF911B4CB6388D02/key/ck2/file/file.mp4 HTTP 302
https://r5---sn-ab5l6nzr.c.2mdn.net/videoplayback/id/4e77313c01a7b4e3/itag/343/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3790237481/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/6605DD8E341753FF8FFE854410D16BABEB4C1F27.7BC53FEEB2ECFAC82CBA0D6C382B1CC535E3774F/key/cms1/cms_redirect/yes/mh/GV/mip/2602:ffc8:2:104::17/mm/42/mn/sn-ab5l6nzr/ms/onc/mt/1650033571/mv/u/mvi/5/pl/48/file/file.mp4

333 HTTP transactions
10 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
www.tmonews.com/
Redirect Chain

http://tmonews.com/
https://www.tmonews.com/

156 KB
33 KB

313ms
83ms

Document
text/html

147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

a6a4fd99d19c6c49adac8d7f53ac4774609223b38440dd93ee9814fda4764175

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Cache-Control: max-age=180 public
Connection: keep-alive
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Content-Type: text/html; charset=UTF-8
Date: Fri, 15 Apr 2022 14:44:34 GMT
Link: <https://www.tmonews.com/wp-json/>; rel="https://api.w.org/"
Pragma: public
Server: nginx
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Cache: HIT
X-Cache-Test: 0

Redirect headers

Connection: keep-alive
Content-Length: 178
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Content-Type: text/html
Date: Fri, 15 Apr 2022 14:44:34 GMT
Location: https://www.tmonews.com/
Server: nginx

GET
H2 200 country.js Show response
slashdot.org/ 110 B
183 B 248ms
79ms Script
application/javascript 204.68.111.106
AIS-WEST

General

Check archive.org

Show headers Download Go to

Full URL: https://slashdot.org/country.js
Requested by: Host: www.tmonews.com
URL: https://www.tmonews.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 204.68.111.106 San Diego, United States, ASN6130 (AIS-WEST, US),
Reverse DNS
Software: nginx /
Resource Hash: 0a0e02f6e39434ca62ba78ba276b9f2733b444dcbda09ce04f379a3005456154

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:44:35 GMT
server: nginx
content-length: 110
content-type: application/javascript

GET
H2 200 cmp2.js Show response
a.fsdn.com/con/js/sftheme/ 18 KB
7 KB 120ms
61ms Script
application/javascript 2606:4700:4400::ac40:96e3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.fsdn.com/con/js/sftheme/cmp2.js
Requested by: Host: www.tmonews.com
URL: https://www.tmonews.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:96e3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a390b063c15d0848a8890e79b45c32b3f703949091ca8121eac86d7ea97569c3

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:44:34 GMT
content-encoding: br
cf-cache-status: HIT
age: 10002533
cf-polished: origSize=30630
cf-ray: 6fc575c64e4e19b2-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 20 Dec 2021 20:03:00 GMT
server: cloudflare
etag: W/"61c0e174-77a6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
expires: Sat, 15 Apr 2023 14:44:34 GMT
cache-control: public, max-age=31536000
timing-allow-origin: *
cf-bgj: minify

GET
H2 200 tmonews-homepage.min.js Show response
d3tglifpd8whs6.cloudfront.net/js/prebid/tmonews-homepage/ 235 KB
72 KB 95ms
23ms Script
application/javascript 13.225.210.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://d3tglifpd8whs6.cloudfront.net/js/prebid/tmonews-homepage/tmonews-homepage.min.js

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.210.128 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-210-128.ewr50.r.cloudfront.net

Software

nginx /

Resource Hash

74115ce236f462d54ebf3b3a6322d12d7846e3781f95e5f998c062f45c9ff262

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy: frame-ancestors 'self'; upgrade-insecure-requests
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 03 Mar 2022 21:56:02 GMT
server: nginx
age: 14906
date: Fri, 15 Apr 2022 10:59:22 GMT
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 ea450411fc852f7d373f7efbe784dd74.cloudfront.net (CloudFront)
x-amz-cf-pop: EWR50-C1
x-amz-cf-id: MPcX_tI1fZdtRhHlSnH-ffwwpddutQttQi4PxJfChhfrNa6BWM5EoQ==

GET
H2 200 cmp.css
a.fsdn.com/con/css/sftheme/sandiego/ 5 KB
2 KB 99ms
41ms Stylesheet
text/css 2606:4700:4400::ac40:96e3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.fsdn.com/con/css/sftheme/sandiego/cmp.css
Requested by: Host: www.tmonews.com
URL: https://www.tmonews.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:96e3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c3751dc6a2d62d57154db22bddca77f173d1a3e30c3043d686736dcd60579d0a

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:44:34 GMT
content-encoding: br
cf-cache-status: HIT
age: 28075177
cf-polished: origSize=5162
cf-ray: 6fc575c64e4b19b2-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 24 May 2021 15:30:32 GMT
server: cloudflare
etag: W/"60abc698-642"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
expires: Sat, 15 Apr 2023 14:44:34 GMT
cache-control: public, max-age=31536000
timing-allow-origin: *
cf-bgj: minify

GET
H/1.1 200
OK style.css
www.tmonews.com/wp-content/themes/phonedog-v4/ 74 KB
14 KB 170ms
78ms Stylesheet
text/css 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tmonews.com/wp-content/themes/phonedog-v4/style.css

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

1e5432b0eade4361e7be4d7836a40de78a2c54d44fbc394662d169a4f26eacb1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:34 GMT
Content-Encoding: gzip
Last-Modified: Mon, 09 Oct 2017 23:10:24 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=2592000, max-age=31449600, no-transform, public
Transfer-Encoding: chunked
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Expires: Sun, 15 May 2022 14:44:34 GMT

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/ 21 KB
5 KB 89ms
32ms Stylesheet
text/css 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0fb1bbca73646e8e2b93c82e8d8b219647b13d4b440c48e338290b9a685b8de1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:44:34 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 617, 617
age: 25086795
cdn-cachedat: 2021-06-16 21:47:13
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:53 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: a07dda4d9b8a876b3c240b20af5dce2e
cf-ray: 6fc575c64fe019cb-EWR
cdn-requestcountrycode: US
cdn-requestpullsuccess: True

GET
H/1.1 200
OK phonetool.css
www.tmonews.com/wp-content/themes/phonedog-v4/phonetool/css/ 962 KB
113 KB 243ms
102ms Stylesheet
text/css 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tmonews.com/wp-content/themes/phonedog-v4/phonetool/css/phonetool.css

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

c76e2865cdfdb4057f32105c643d979cf733b396314c15d6f03ab70ab583c147

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:35 GMT
Content-Encoding: gzip
Last-Modified: Mon, 02 Nov 2015 21:49:51 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=2592000, max-age=31449600, no-transform, public
Transfer-Encoding: chunked
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Expires: Sun, 15 May 2022 14:44:35 GMT

GET
H/1.1 200
OK layout.css
www.tmonews.com/wp-content/themes/whitelight/css/ 14 KB
4 KB 218ms
76ms Stylesheet
text/css 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tmonews.com/wp-content/themes/whitelight/css/layout.css?ver=4.5.3

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

1fab6bd83a2d91a50bb947043a7c3c7525ba6fa61830405113914403891a88ad

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:35 GMT
Content-Encoding: gzip
Last-Modified: Tue, 30 Sep 2014 16:18:43 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=2592000, max-age=31449600, no-transform, public
Transfer-Encoding: chunked
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Expires: Sun, 15 May 2022 14:44:35 GMT

GET
H/1.1 200
OK style.css
www.tmonews.com/wp-content/plugins/captcha/css/ 6 KB
2 KB 219ms
76ms Stylesheet
text/css 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tmonews.com/wp-content/plugins/captcha/css/style.css?ver=4.5.3

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

bee53f5b30d298afb9a5bfb5bf383f9da4f766f25f169359aca4d090a67d35de

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:35 GMT
Content-Encoding: gzip
Last-Modified: Tue, 05 Jul 2016 20:56:32 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=2592000, max-age=31449600, no-transform, public
Transfer-Encoding: chunked
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Expires: Sun, 15 May 2022 14:44:35 GMT

GET
H/1.1 200
OK dashicons.min.css
www.tmonews.com/wp-includes/css/ 45 KB
28 KB 247ms
104ms Stylesheet
text/css 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tmonews.com/wp-includes/css/dashicons.min.css?ver=4.5.3

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

5c68cf1f0dca577bf260a647a1e73410fae9b838e3da448412df4b142e4fc123

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:35 GMT
Content-Encoding: gzip
Last-Modified: Thu, 12 May 2016 17:37:02 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=2592000, max-age=31449600, no-transform, public
Transfer-Encoding: chunked
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Expires: Sun, 15 May 2022 14:44:35 GMT

GET
H/1.1 200
OK desktop_style.css
www.tmonews.com/wp-content/plugins/captcha/css/ 2 KB
846 B 218ms
75ms Stylesheet
text/css 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tmonews.com/wp-content/plugins/captcha/css/desktop_style.css?ver=4.5.3

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

e4104060cd9de722a62520940b75beb1b555fefe71972128e4636ec751e0e715

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:35 GMT
Content-Encoding: gzip
Last-Modified: Tue, 05 Jul 2016 20:56:32 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=2592000, max-age=31449600, no-transform, public
Transfer-Encoding: chunked
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Expires: Sun, 15 May 2022 14:44:35 GMT

GET
H/1.1 200
OK prettyPhoto.css
www.tmonews.com/wp-content/themes/whitelight/includes/css/ 19 KB
3 KB 247ms
76ms Stylesheet
text/css 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tmonews.com/wp-content/themes/whitelight/includes/css/prettyPhoto.css?ver=4.5.3

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

afa20251a559f167b4babc9665690f570c15b2204f35a52371afcc97d26e4632

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:35 GMT
Content-Encoding: gzip
Last-Modified: Tue, 30 Sep 2014 16:18:44 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=2592000, max-age=31449600, no-transform, public
Transfer-Encoding: chunked
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Expires: Sun, 15 May 2022 14:44:35 GMT

GET
H/1.1 200
OK blackbirdpie.css
www.tmonews.com/wp-content/plugins/twitter-blackbird-pie/css/ 1 KB
858 B 292ms
73ms Stylesheet
text/css 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tmonews.com/wp-content/plugins/twitter-blackbird-pie/css/blackbirdpie.css?ver=20110416

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

a6a568da5191d537c1dc45a605ebc5b60090e007169de7ca6d49d365eb8fddcc

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:35 GMT
Content-Encoding: gzip
Last-Modified: Tue, 30 Sep 2014 16:18:34 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=2592000, max-age=31449600, no-transform, public
Transfer-Encoding: chunked
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Expires: Sun, 15 May 2022 14:44:35 GMT

GET
H/1.1 200
OK jquery.js Show response
www.tmonews.com/wp-includes/js/jquery/ 95 KB
95 KB 376ms
82ms Script
application/javascript 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tmonews.com/wp-includes/js/jquery/jquery.js?ver=1.12.4

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

fc48d1d80ece71a79a7b39877f4104d49d3da6c3665cf6dc203000fb7df4447e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:35 GMT
Last-Modified: Tue, 05 Jul 2016 20:56:34 GMT
Server: nginx
Content-Type: application/javascript
Cache-Control: max-age=2592000, max-age=31449600, no-transform, public
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 97184
Expires: Sun, 15 May 2022 14:44:35 GMT

GET
H/1.1 200
OK jquery-migrate.min.js Show response
www.tmonews.com/wp-includes/js/jquery/ 10 KB
10 KB 375ms
81ms Script
application/javascript 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tmonews.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:35 GMT
Last-Modified: Tue, 05 Jul 2016 20:56:34 GMT
Server: nginx
Content-Type: application/javascript
Cache-Control: max-age=2592000, max-age=31449600, no-transform, public
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 10056
Expires: Sun, 15 May 2022 14:44:35 GMT

GET
H/1.1 200
OK general.js Show response
www.tmonews.com/wp-content/themes/phonedog-v4/includes/js/ 2 KB
2 KB 375ms
80ms Script
application/javascript 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tmonews.com/wp-content/themes/phonedog-v4/includes/js/general.js?ver=4.5.3

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

3bfea5a50612972dbbbaba90457eb6d3892d91969222098bdf94580fbb9e6594

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:35 GMT
Last-Modified: Tue, 30 Sep 2014 16:18:37 GMT
Server: nginx
Content-Type: application/javascript
Cache-Control: max-age=2592000, max-age=31449600, no-transform, public
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2063
Expires: Sun, 15 May 2022 14:44:35 GMT

GET
H/1.1 200
OK jquery.prettyPhoto.js Show response
www.tmonews.com/wp-content/themes/whitelight/includes/js/ 24 KB
25 KB 391ms
73ms Script
application/javascript 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tmonews.com/wp-content/themes/whitelight/includes/js/jquery.prettyPhoto.js?ver=4.5.3

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

838740e265954d7ecdb4bc78a3954145dc040479b26f82fbd8b4e0438775232a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:35 GMT
Last-Modified: Tue, 30 Sep 2014 16:18:44 GMT
Server: nginx
Content-Type: application/javascript
Cache-Control: max-age=2592000, max-age=31449600, no-transform, public
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 24867
Expires: Sun, 15 May 2022 14:44:35 GMT

GET
H/1.1 200
OK portfolio.js Show response
www.tmonews.com/wp-content/themes/whitelight/includes/js/ 4 KB
4 KB 395ms
73ms Script
application/javascript 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tmonews.com/wp-content/themes/whitelight/includes/js/portfolio.js?ver=4.5.3

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

98fe7343b2cf70401aca810c5251b46488443b5610730d1300050680ebc8dc38

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:35 GMT
Last-Modified: Tue, 30 Sep 2014 16:18:44 GMT
Server: nginx
Content-Type: application/javascript
Cache-Control: max-age=2592000, max-age=31449600, no-transform, public
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3847
Expires: Sun, 15 May 2022 14:44:35 GMT

GET
H/1.1 200
OK third-party.js Show response
www.tmonews.com/wp-content/themes/whitelight/includes/js/ 5 KB
5 KB 455ms
77ms Script
application/javascript 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tmonews.com/wp-content/themes/whitelight/includes/js/third-party.js?ver=4.5.3

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

71f2a13533b19771b9a6ae3843e61a8c05dba04c964f0eab559f3b352ac1439a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:35 GMT
Last-Modified: Tue, 30 Sep 2014 16:18:44 GMT
Server: nginx
Content-Type: application/javascript
Cache-Control: max-age=2592000, max-age=31449600, no-transform, public
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5005
Expires: Sun, 15 May 2022 14:44:35 GMT

GET
H/1.1 200
OK blackbirdpie.js Show response
www.tmonews.com/wp-content/plugins/twitter-blackbird-pie/js/ 1 KB
2 KB 454ms
76ms Script
application/javascript 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tmonews.com/wp-content/plugins/twitter-blackbird-pie/js/blackbirdpie.js?ver=20110404

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

4c31c7452a785f7efecf3ce2e9983d3bf7af71f0ab7839b424eeb812b3a9fb90

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:35 GMT
Last-Modified: Tue, 30 Sep 2014 16:18:34 GMT
Server: nginx
Content-Type: application/javascript
Cache-Control: max-age=2592000, max-age=31449600, no-transform, public
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1339
Expires: Sun, 15 May 2022 14:44:35 GMT

GET
H/1.1 200
OK default.css
www.tmonews.com/wp-content/themes/whitelight/styles/ 18 B
428 B 292ms
74ms Stylesheet
text/css 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tmonews.com/wp-content/themes/whitelight/styles/default.css

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

13d490516dc5cff874922cd12280b651452dad5224a45107d947e38854eff405

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:35 GMT
Last-Modified: Tue, 30 Sep 2014 16:18:45 GMT
Server: nginx
Content-Type: text/css
Cache-Control: max-age=2592000, max-age=31449600, no-transform, public
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 18
Expires: Sun, 15 May 2022 14:44:35 GMT

GET
H/1.1 200
OK shortcodes.css
www.tmonews.com/wp-content/themes/whitelight/functions/css/ 27 KB
5 KB 294ms
75ms Stylesheet
text/css 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tmonews.com/wp-content/themes/whitelight/functions/css/shortcodes.css

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

b790620eae762ad6cd6a86b02c8aed42b3cfb06dd15c6c339810b5d567935794

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:35 GMT
Content-Encoding: gzip
Last-Modified: Tue, 30 Sep 2014 16:18:43 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=2592000, max-age=31449600, no-transform, public
Transfer-Encoding: chunked
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Expires: Sun, 15 May 2022 14:44:35 GMT

GET
H/1.1 200
OK custom.css
www.tmonews.com/wp-content/themes/phonedog-v4/ 29 KB
7 KB 320ms
74ms Stylesheet
text/css 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tmonews.com/wp-content/themes/phonedog-v4/custom.css

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

c5ba4a507dc7d5832a1b6f079fe375c6b98e917a087d4806484a2aa6802c093c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:35 GMT
Content-Encoding: gzip
Last-Modified: Mon, 04 Jan 2021 19:57:33 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=2592000, max-age=31449600, no-transform, public
Transfer-Encoding: chunked
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Expires: Sun, 15 May 2022 14:44:35 GMT

GET
H/1.1 200
OK paging.js Show response
www.tmonews.com/wp-content/themes/phonedog-v4/js/ 944 B
1 KB 468ms
73ms Script
application/javascript 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tmonews.com/wp-content/themes/phonedog-v4/js/paging.js

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

1f387bab02202ab604ab69a42ac34ddd304921f8cabb285b53b4cc1f114793fe

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:35 GMT
Last-Modified: Wed, 17 Aug 2016 18:58:36 GMT
Server: nginx
Content-Type: application/javascript
Cache-Control: max-age=2592000, max-age=31449600, no-transform, public
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 944
Expires: Sun, 15 May 2022 14:44:35 GMT

GET
H/1.1 200
OK jquery-ui.min.js Show response
www.tmonews.com/wp-content/themes/phonedog-v4/js/ 235 KB
235 KB 532ms
74ms Script
application/javascript 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tmonews.com/wp-content/themes/phonedog-v4/js/jquery-ui.min.js

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

c4d8dbe77feb63e5a61bee0bead4e5f66e8fa6a927599bd1b74aced52467273c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:35 GMT
Last-Modified: Mon, 02 Nov 2015 21:49:51 GMT
Server: nginx
Content-Type: application/javascript
Cache-Control: max-age=2592000, max-age=31449600, no-transform, public
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 240427
Expires: Sun, 15 May 2022 14:44:35 GMT

GET
H/1.1 200
OK sidebar_tool.js Show response
www.tmonews.com/wp-content/themes/phonedog-v4/js/ 28 KB
28 KB 534ms
75ms Script
application/javascript 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tmonews.com/wp-content/themes/phonedog-v4/js/sidebar_tool.js

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

fb304551c9af6be51fbdcc7ba3deb7cad91f09c29e00fe42c07d321b73a4d5d0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:35 GMT
Last-Modified: Wed, 23 Dec 2020 20:23:55 GMT
Server: nginx
Content-Type: application/javascript
Cache-Control: max-age=2592000, max-age=31449600, no-transform, public
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 28243
Expires: Sun, 15 May 2022 14:44:35 GMT

GET
H/1.1 200
OK logo.png
www.tmonews.com/wp-content/themes/phonedog-v4/images/ 9 KB
9 KB 75ms
75ms Image
image/png 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tmonews.com/wp-content/themes/phonedog-v4/images/logo.png

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

27b3dcbffc046c160e52b2a3d4f91346c61d07b6489e88e7d84e89a7a0fc1787

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:35 GMT
Last-Modified: Tue, 05 Jul 2016 20:56:33 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=315360000, max-age=31449600, no-transform, public
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8996
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK search-button.png
www.tmonews.com/wp-content/themes/phonedog-v4/images/ 1 KB
2 KB 73ms
73ms Image
image/png 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tmonews.com/wp-content/themes/phonedog-v4/images/search-button.png

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

847cb019367c5995fe0ca6d8b7c85d6cbb2bda3a32b65a95ead3c650bde69b87

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:35 GMT
Last-Modified: Tue, 05 Jul 2016 20:56:33 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=315360000, max-age=31449600, no-transform, public
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1409
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK t-mobile-ubs-future-of-5g-event.jpeg
www.tmonews.com/wp-content/uploads/2021/05/ 157 KB
157 KB 98ms
97ms Image
image/jpeg 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tmonews.com/wp-content/uploads/2021/05/t-mobile-ubs-future-of-5g-event.jpeg

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

8595c9d8029dbff2de8591a6350db3a08296d879a7d944effe4778f56f24eef0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:35 GMT
Last-Modified: Fri, 28 May 2021 23:06:08 GMT
Server: nginx
Content-Type: image/jpeg
Cache-Control: max-age=315360000, max-age=31449600, no-transform, public
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 160697
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK t-mobile-google-one-membership.png
www.tmonews.com/wp-content/uploads/2022/04/ 90 KB
91 KB 80ms
78ms Image
image/png 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tmonews.com/wp-content/uploads/2022/04/t-mobile-google-one-membership.png

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

813d0550bb80c595499f6214f36802a4ba2ea23c34fe2f5bf0f21e3a249c8bff

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:35 GMT
Last-Modified: Tue, 12 Apr 2022 22:27:02 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=315360000, max-age=31449600, no-transform, public
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 92542
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK t-mobile-t-challenge.png
www.tmonews.com/wp-content/uploads/2022/04/ 204 KB
204 KB 94ms
90ms Image
image/png 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tmonews.com/wp-content/uploads/2022/04/t-mobile-t-challenge.png

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

ea4bb29c87aea7d236867b2f7c2833042b42d21b9b90a2f716d7326fa82f96d6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:35 GMT
Last-Modified: Thu, 07 Apr 2022 00:27:52 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=315360000, max-age=31449600, no-transform, public
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 208667
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK t-mobile-sprint-2nd-anniversary.png
www.tmonews.com/wp-content/uploads/2022/04/ 209 KB
209 KB 86ms
82ms Image
image/png 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tmonews.com/wp-content/uploads/2022/04/t-mobile-sprint-2nd-anniversary.png

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

5eb3c080a61c66dedea6e79f5ad7ab14f6ec9a805393f562e70bb5a164e7b54f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:35 GMT
Last-Modified: Fri, 01 Apr 2022 22:32:53 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=315360000, max-age=31449600, no-transform, public
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 213777
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK oneplus-10-pro-5g-t-mobile.jpg
www.tmonews.com/wp-content/uploads/2022/03/ 16 KB
17 KB 95ms
91ms Image
image/jpeg 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tmonews.com/wp-content/uploads/2022/03/oneplus-10-pro-5g-t-mobile.jpg

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

dcd4f2ab48d2af8bcca935cd421720d106b080c38c8041061b76bd2314745896

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:35 GMT
Last-Modified: Fri, 01 Apr 2022 00:40:13 GMT
Server: nginx
Content-Type: image/jpeg
Cache-Control: max-age=315360000, max-age=31449600, no-transform, public
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 16721
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK oneplus-10-pro-5g-t-mobile-250x170.png
www.tmonews.com/wp-content/uploads/2022/04/ 34 KB
35 KB 305ms
73ms Image
image/png 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tmonews.com/wp-content/uploads/2022/04/oneplus-10-pro-5g-t-mobile-250x170.png

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

80ac56c5a433f478beaae000c3a59581bb997f7f4085e81651be7f286507f3e4

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:36 GMT
Last-Modified: Fri, 15 Apr 2022 00:48:53 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=315360000, max-age=31449600, no-transform, public
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 35027
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK t-mobile-ubs-future-of-5g-event-250x170.jpeg
www.tmonews.com/wp-content/uploads/2021/05/ 13 KB
14 KB 342ms
78ms Image
image/jpeg 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tmonews.com/wp-content/uploads/2021/05/t-mobile-ubs-future-of-5g-event-250x170.jpeg

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

8323d76a1cfe88f9b72e718d66b1390cf8c5d77158db9dffb481161d753a16fa

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:36 GMT
Last-Modified: Fri, 28 May 2021 23:09:13 GMT
Server: nginx
Content-Type: image/jpeg
Cache-Control: max-age=315360000, max-age=31449600, no-transform, public
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 13761
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK t-mobile-for-business-affected-by-hack-too-250x170.png
www.tmonews.com/wp-content/uploads/2021/08/ 2 KB
2 KB 76ms
76ms Image
image/png 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tmonews.com/wp-content/uploads/2021/08/t-mobile-for-business-affected-by-hack-too-250x170.png

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

b7e23ad50b14464a19348537712c420940467b87d27ee939cec647f1ed3a184a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:36 GMT
Last-Modified: Wed, 25 Aug 2021 18:37:44 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=315360000, max-age=31449600, no-transform, public
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1752
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK metro-by-t-mobile-switcher-offer-250x170.png
www.tmonews.com/wp-content/uploads/2022/04/ 44 KB
44 KB 75ms
74ms Image
image/png 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tmonews.com/wp-content/uploads/2022/04/metro-by-t-mobile-switcher-offer-250x170.png

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

58bbcdcc9a97c8558bfb3e664b0309afff8f3e005712e4ba5177ed01c5d8e1a4

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:36 GMT
Last-Modified: Tue, 12 Apr 2022 22:51:26 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=315360000, max-age=31449600, no-transform, public
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 44877
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK t-mobile-google-one-membership-250x170.png
www.tmonews.com/wp-content/uploads/2022/04/ 27 KB
28 KB 75ms
74ms Image
image/png 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tmonews.com/wp-content/uploads/2022/04/t-mobile-google-one-membership-250x170.png

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

8c0f0b586e4a519ec50abcd3d9b623597296d81f4e3714da08e1b88b1a8bc35c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:36 GMT
Last-Modified: Tue, 12 Apr 2022 22:27:34 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=315360000, max-age=31449600, no-transform, public
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 28013
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK t-mobile-spam-message-250x170.png
www.tmonews.com/wp-content/uploads/2022/04/ 18 KB
19 KB 94ms
93ms Image
image/png 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tmonews.com/wp-content/uploads/2022/04/t-mobile-spam-message-250x170.png

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

c61e0724a2b6e1ca149316c16bbd65d99699b59009ea988e44d829743842b272

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:36 GMT
Last-Modified: Mon, 11 Apr 2022 23:25:09 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=315360000, max-age=31449600, no-transform, public
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 18785
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK t-mobile-reusable-thermal-lunch-tote-250x170.jpg
www.tmonews.com/wp-content/uploads/2022/04/ 13 KB
14 KB 83ms
82ms Image
image/jpeg 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tmonews.com/wp-content/uploads/2022/04/t-mobile-reusable-thermal-lunch-tote-250x170.jpg

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

2f129824302579e5d1e8d57dccd6a0af480501ef7d546b2a17f7e54426a4f74d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:36 GMT
Last-Modified: Thu, 07 Apr 2022 23:07:27 GMT
Server: nginx
Content-Type: image/jpeg
Cache-Control: max-age=315360000, max-age=31449600, no-transform, public
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 13481
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK jump-2.0-250x170.png
www.tmonews.com/wp-content/uploads/2022/04/ 75 KB
76 KB 81ms
80ms Image
image/png 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tmonews.com/wp-content/uploads/2022/04/jump-2.0-250x170.png

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

cfe07684c33a1dcece0cf583d226fa9d3560ae5ad3396fde399538df40fcd983

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:36 GMT
Last-Modified: Thu, 07 Apr 2022 22:40:04 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=315360000, max-age=31449600, no-transform, public
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 77300
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK t-mobile-t-challenge-250x170.png
www.tmonews.com/wp-content/uploads/2022/04/ 51 KB
51 KB 90ms
90ms Image
image/png 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tmonews.com/wp-content/uploads/2022/04/t-mobile-t-challenge-250x170.png

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

731d45be792c123ee813045b6f28b8be46691cdc738106241433203c6c0c5fc7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:36 GMT
Last-Modified: Thu, 07 Apr 2022 00:33:35 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=315360000, max-age=31449600, no-transform, public
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 52230
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK t-mobile-protection360-250x170.png
www.tmonews.com/wp-content/uploads/2022/04/ 46 KB
46 KB 78ms
78ms Image
image/png 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tmonews.com/wp-content/uploads/2022/04/t-mobile-protection360-250x170.png

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

fea7bfbf07344999928ae27ac15a0ef360decb240ab02fc3406614b21b70cc77

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:36 GMT
Last-Modified: Tue, 05 Apr 2022 00:26:22 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=315360000, max-age=31449600, no-transform, public
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 47089
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK t-mobile-oneplus-nord-n200-trade-in-offer-250x170.jpg
www.tmonews.com/wp-content/uploads/2022/04/ 15 KB
15 KB 75ms
74ms Image
image/jpeg 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tmonews.com/wp-content/uploads/2022/04/t-mobile-oneplus-nord-n200-trade-in-offer-250x170.jpg

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

438fdbf35c842d9b2b5748640dba220dfac47a9418089bade3316fbc6f4f0349

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:36 GMT
Last-Modified: Mon, 04 Apr 2022 23:05:17 GMT
Server: nginx
Content-Type: image/jpeg
Cache-Control: max-age=315360000, max-age=31449600, no-transform, public
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 15029
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK t-mobile-sprint-2nd-anniversary-250x170.png
www.tmonews.com/wp-content/uploads/2022/04/ 55 KB
55 KB 82ms
82ms Image
image/png 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tmonews.com/wp-content/uploads/2022/04/t-mobile-sprint-2nd-anniversary-250x170.png

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

845aea44a769c0d344fdc9eb4b2dc3ead4f629dd01cf2aa5449209acde30ace4

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:36 GMT
Last-Modified: Fri, 01 Apr 2022 22:34:35 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=315360000, max-age=31449600, no-transform, public
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 56211
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK sidebar-tool-header.png
www.tmonews.com/images/ 8 KB
8 KB 227ms
73ms Image
image/png 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tmonews.com/images/sidebar-tool-header.png

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

0720a06cde3c5a6993f59ca2c3e1cf0e1b25dd09d0ad49af9dea38698ffcbbf9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:36 GMT
Last-Modified: Wed, 23 Dec 2020 20:23:55 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=315360000, max-age=31449600, no-transform, public
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8039
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK sidebar-plantool-divider.png
www.tmonews.com/images/ 605 B
1019 B 264ms
73ms Image
image/png 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tmonews.com/images/sidebar-plantool-divider.png

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

87446743dc0636a9c71f843893433c0257c8f3566617480e167d1086e80957b7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:36 GMT
Last-Modified: Tue, 05 Jul 2016 20:56:32 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=315360000, max-age=31449600, no-transform, public
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 605
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK social-facebook.png
www.tmonews.com/wp-content/themes/phonedog-v4/images/ 603 B
1017 B 73ms
73ms Image
image/png 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tmonews.com/wp-content/themes/phonedog-v4/images/social-facebook.png

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

ba85e5898d4c596a38241f11da119600d264851cf6f692df792492fcb779daa8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:36 GMT
Last-Modified: Tue, 05 Jul 2016 20:56:33 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=315360000, max-age=31449600, no-transform, public
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 603
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK social-twitter.png
www.tmonews.com/wp-content/themes/phonedog-v4/images/ 639 B
1 KB 74ms
73ms Image
image/png 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tmonews.com/wp-content/themes/phonedog-v4/images/social-twitter.png

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

ec1c362d3f02336e6f572c8f110ebab8fd7e0ad11983d4410369a2e389ac806b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:36 GMT
Last-Modified: Tue, 05 Jul 2016 20:56:33 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=315360000, max-age=31449600, no-transform, public
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 639
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK social-youtube.png
www.tmonews.com/wp-content/themes/phonedog-v4/images/ 939 B
1 KB 74ms
74ms Image
image/png 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tmonews.com/wp-content/themes/phonedog-v4/images/social-youtube.png

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

f78bd6f486701c92c22bbe6f40e87daa66aa2bb5a544fbe87e1ab97cef281437

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:36 GMT
Last-Modified: Tue, 05 Jul 2016 20:56:33 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=315360000, max-age=31449600, no-transform, public
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 939
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK social-rss.png
www.tmonews.com/wp-content/themes/phonedog-v4/images/ 694 B
1 KB 86ms
85ms Image
image/png 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tmonews.com/wp-content/themes/phonedog-v4/images/social-rss.png

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

c35cb868f3206025b4885f4e4bafe24074b74a7cdc82fe0e95fb011dc9a4f653

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:36 GMT
Last-Modified: Tue, 05 Jul 2016 20:56:33 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=315360000, max-age=31449600, no-transform, public
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 694
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK wp-embed.min.js Show response
www.tmonews.com/wp-includes/js/ 1 KB
2 KB 74ms
74ms Script
application/javascript 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tmonews.com/wp-includes/js/wp-embed.min.js?ver=4.5.3

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

892ecb8e84801900fbec1f9f340f9dd7d53a6444079d82dda76d41581c501891

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:35 GMT
Last-Modified: Thu, 12 May 2016 17:37:03 GMT
Server: nginx
Content-Type: application/javascript
Cache-Control: max-age=2592000, max-age=31449600, no-transform, public
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1403
Expires: Sun, 15 May 2022 14:44:35 GMT

GET
H/1.1 200
OK ajax-share-widget.js Show response
www.tmonews.com/wp-content/themes/phonedog-v4/includes/js/ 2 KB
2 KB 74ms
74ms Script
application/javascript 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tmonews.com/wp-content/themes/phonedog-v4/includes/js/ajax-share-widget.js

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

ca314d000db9e70ba99df5c19a6bc202c220bd57f9a04f2e2138eadaec6fc995

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:35 GMT
Last-Modified: Wed, 21 Sep 2016 23:33:43 GMT
Server: nginx
Content-Type: application/javascript
Cache-Control: max-age=2592000, max-age=31449600, no-transform, public
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1962
Expires: Sun, 15 May 2022 14:44:35 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 994 B
1 KB 124ms
63ms XHR
application/json 68.67.179.77
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: d3tglifpd8whs6.cloudfront.net
URL: https://d3tglifpd8whs6.cloudfront.net/js/prebid/tmonews-homepage/tmonews-homepage.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.179.77 Secaucus, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

580.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

aa896976efcf8b2a8c7d985980a34658a223b085643414b5d43478d2dafe42be

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.tmonews.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain

Response headers

Date: Fri, 15 Apr 2022 14:44:35 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 96.9.249.39; 96.9.249.39; 580.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: c2495708-828b-4937-91ec-681070a7193d
Server: nginx/1.21.3
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.tmonews.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 v1 Show response
dmx.districtm.io/b/ 0
334 B 117ms
61ms XHR
text/plain 104.16.190.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dmx.districtm.io/b/v1

Requested by

Host: d3tglifpd8whs6.cloudfront.net
URL: https://d3tglifpd8whs6.cloudfront.net/js/prebid/tmonews-homepage/tmonews-homepage.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.190.66 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.tmonews.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 15 Apr 2022 14:44:35 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, POST
access-control-allow-origin: https://www.tmonews.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 6fc575c80d2f1a0f-EWR
access-control-allow-headers: origin, content-type

POST
H2 204 v1 Show response
dmx.districtm.io/b/ 0
38 B 120ms
64ms XHR
text/plain 104.16.190.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dmx.districtm.io/b/v1

Requested by

Host: d3tglifpd8whs6.cloudfront.net
URL: https://d3tglifpd8whs6.cloudfront.net/js/prebid/tmonews-homepage/tmonews-homepage.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.190.66 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.tmonews.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 15 Apr 2022 14:44:35 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, POST
access-control-allow-origin: https://www.tmonews.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 6fc575c80d301a0f-EWR
access-control-allow-headers: origin, content-type

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 1 KB
4 KB 496ms
277ms XHR
application/json 2602:803:c002:200::62
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=15680&site_id=109012&zone_id=516714%3B516714%3B516714%3B516712%3B516712%3B516712%3B516720%3B516722%3B516720&size_id=15%3B15%3B15%3B2%3B2%3B2%3B43%3B15%3B43&alt_size_ids=10%3B10%3B10%3B57%3B57%3B%3B%3B%3B&p_pos=atf%3Bbtf%3Bbtf%3Bbtf%3Bbtf%3Bbtf%3Batf%3Batf%3Bbtf&rf=https%3A%2F%2Fwww.tmonews.com%2F&tk_flint=pbjs_lite_v5.15.0&x_source.tid=3185baa1-609a-468d-9952-de4a601abaa6%3Bef22401d-96c6-481d-8895-a024df7fb2b0%3B568e48ab-d42e-4fe2-9938-202c1f182383%3Be927093f-5473-4e74-a1f6-dfb05fbeb977%3B5ccfea6d-5775-41a8-be12-37dfe2668893%3B10baa722-f67d-434b-9e66-621d88c9b47b%3Ba7a7143b-1174-4afe-b9a4-b085d7a4872a%3Bca5100a9-a71b-4102-bf3e-3b68df8b7677%3B03bf48e4-9e1e-4aa5-8b98-26ea1693a584&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=9&rand=0.09059162780580876
Requested by: Host: d3tglifpd8whs6.cloudfront.net
URL: https://d3tglifpd8whs6.cloudfront.net/js/prebid/tmonews-homepage/tmonews-homepage.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c002:200::62 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: eb1ee6ec055ac275db905e46cf05b708bae1dfb98de751b8bad8b38aa8c9673c

Request headers

Referer: https://www.tmonews.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 15 Apr 2022 14:44:35 GMT
Content-Encoding: gzip
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.tmonews.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 380
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 94 B
743 B 283ms
231ms XHR
application/json 23.92.190.68
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.15.0
Requested by: Host: d3tglifpd8whs6.cloudfront.net
URL: https://d3tglifpd8whs6.cloudfront.net/js/prebid/tmonews-homepage/tmonews-homepage.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.92.190.68 Charlotte, United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: /
Resource Hash: 100bd3d62d83a85ec995ab6d43ad553b4db8b6a0e70b2f982951a2ce7f40b5bd

Request headers

Referer: https://www.tmonews.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain

Response headers

Date: Fri, 15 Apr 2022 14:44:35 GMT
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://www.tmonews.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap2ewr1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 99

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 1 KB
1 KB 188ms
131ms XHR
application/json 68.67.179.77
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: d3tglifpd8whs6.cloudfront.net
URL: https://d3tglifpd8whs6.cloudfront.net/js/prebid/tmonews-homepage/tmonews-homepage.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.179.77 Secaucus, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

580.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

2f5ac0fde25b0b19ea159c785554766bd964635818a77c2d92c8e1911b1d72a5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.tmonews.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain

Response headers

Date: Fri, 15 Apr 2022 14:44:35 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 96.9.249.39; 96.9.249.39; 580.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 4f84bb6c-a78d-4d87-a68d-e148d4f5ac33
Server: nginx/1.21.3
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.tmonews.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET count.js
disquscdn.com/ 0
0

GET
H/1.1 200
OK logo.png
www.tmonews.com/wp-content/themes/phonedog-v4/images/ 0
9 KB 81ms
81ms Other
image/png 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tmonews.com/wp-content/themes/phonedog-v4/images/logo.png

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:36 GMT
Last-Modified: Tue, 05 Jul 2016 20:56:33 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=315360000, max-age=31449600, no-transform, public
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8996
Expires: Thu, 31 Dec 2037 23:55:55 GMT

POST
H2 204 v1 Show response
dmx.districtm.io/b/ 0
38 B 68ms
68ms XHR
text/plain 104.16.190.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dmx.districtm.io/b/v1

Requested by

Host: d3tglifpd8whs6.cloudfront.net
URL: https://d3tglifpd8whs6.cloudfront.net/js/prebid/tmonews-homepage/tmonews-homepage.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.190.66 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.tmonews.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 15 Apr 2022 14:44:35 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, POST
access-control-allow-origin: https://www.tmonews.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 6fc575c87dbd1a0f-EWR
access-control-allow-headers: origin, content-type

POST
H2 204 v1 Show response
dmx.districtm.io/b/ 0
38 B 62ms
62ms XHR
text/plain 104.16.190.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dmx.districtm.io/b/v1

Requested by

Host: d3tglifpd8whs6.cloudfront.net
URL: https://d3tglifpd8whs6.cloudfront.net/js/prebid/tmonews-homepage/tmonews-homepage.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.190.66 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.tmonews.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 15 Apr 2022 14:44:35 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, POST
access-control-allow-origin: https://www.tmonews.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 6fc575c87dbe1a0f-EWR
access-control-allow-headers: origin, content-type

POST
H2 204 v1 Show response
dmx.districtm.io/b/ 0
38 B 75ms
75ms XHR
text/plain 104.16.190.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dmx.districtm.io/b/v1

Requested by

Host: d3tglifpd8whs6.cloudfront.net
URL: https://d3tglifpd8whs6.cloudfront.net/js/prebid/tmonews-homepage/tmonews-homepage.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.190.66 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.tmonews.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 15 Apr 2022 14:44:35 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, POST
access-control-allow-origin: https://www.tmonews.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 6fc575c87dbf1a0f-EWR
access-control-allow-headers: origin, content-type

POST
H2 204 v1 Show response
dmx.districtm.io/b/ 0
38 B 73ms
73ms XHR
text/plain 104.16.190.66
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://dmx.districtm.io/b/v1

Requested by

Host: d3tglifpd8whs6.cloudfront.net
URL: https://d3tglifpd8whs6.cloudfront.net/js/prebid/tmonews-homepage/tmonews-homepage.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.190.66 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.tmonews.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 15 Apr 2022 14:44:35 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: origin, Accept-Encoding
access-control-allow-methods: OPTIONS, POST
access-control-allow-origin: https://www.tmonews.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 6fc575c87dc01a0f-EWR
access-control-allow-headers: origin, content-type

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 1 KB
5 KB 382ms
285ms XHR
application/json 2602:803:c002:200::62
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=15680&site_id=109012&zone_id=516714%3B516714%3B516714%3B516712%3B516712%3B516712%3B516720%3B516722%3B516720%3B516714&size_id=15%3B15%3B15%3B2%3B2%3B2%3B43%3B15%3B43%3B15&alt_size_ids=10%3B10%3B10%3B57%3B57%3B%3B%3B%3B%3B10&p_pos=atf%3Bbtf%3Bbtf%3Bbtf%3Bbtf%3Bbtf%3Batf%3Batf%3Bbtf%3Batf&rf=https%3A%2F%2Fwww.tmonews.com%2F&tk_flint=pbjs_lite_v5.15.0&x_source.tid=85150666-fc95-489c-a35a-711212ef2d94%3B0c516455-ccb9-4dfc-887e-e389a1c2b2fe%3B0d1a533e-41b6-427f-9d92-78eeb8b0fba2%3Ba228bfae-d8dc-46a3-9a8e-42d150f84d79%3B50521d0b-72cb-44e3-970c-48c8eff3e175%3B20d3ec6f-050c-4a2d-a138-4a2a7b34b0d3%3B64788e40-87bd-4acf-a29d-6eba6d637b92%3Bb1112dd4-6df9-4c69-883d-c0296df166d1%3B7b7cacef-9938-4944-b0de-0d1f32e28156%3B8349d3af-2467-43ab-b8ef-c13971816464&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=10&rand=0.4337526656843971
Requested by: Host: d3tglifpd8whs6.cloudfront.net
URL: https://d3tglifpd8whs6.cloudfront.net/js/prebid/tmonews-homepage/tmonews-homepage.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c002:200::62 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: dc361c2feff7d6509135ab25adf52fbb14d207545e5becff5a8ab2ed00acad44

Request headers

Referer: https://www.tmonews.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 15 Apr 2022 14:44:35 GMT
Content-Encoding: gzip
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.tmonews.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 411
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 1 KB
4 KB 243ms
106ms XHR
application/json 2602:803:c002:200::62
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=15680&site_id=109012&zone_id=516714%3B516714%3B516712%3B516712%3B516712%3B516720%3B516722%3B516720&size_id=15%3B15%3B2%3B2%3B2%3B43%3B15%3B43&alt_size_ids=10%3B10%3B57%3B57%3B%3B%3B%3B&p_pos=btf%3Bbtf%3Bbtf%3Bbtf%3Bbtf%3Batf%3Batf%3Bbtf&rf=https%3A%2F%2Fwww.tmonews.com%2F&tk_flint=pbjs_lite_v5.15.0&x_source.tid=ed65386c-0059-400e-adfb-491513469a1e%3Bcbbf5f52-7925-4e19-adea-6fceffa75620%3B8a458da3-26ef-45c9-8960-6a1c3b1bcc6d%3Baf4a8dbc-aa1e-445c-82c3-d664c9bef612%3B2d9dfc59-fed1-41f9-800b-3e4bcc88b4fc%3Bda163210-cbfa-438a-8482-a180624f21f6%3B2f087034-ede1-49f9-b110-98bb2e1beaaa%3B5c4623b4-19c6-420b-91e5-543f7b8fc72d&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=8&rand=0.02615621377167532
Requested by: Host: d3tglifpd8whs6.cloudfront.net
URL: https://d3tglifpd8whs6.cloudfront.net/js/prebid/tmonews-homepage/tmonews-homepage.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 2602:803:c002:200::62 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 0b3f8027f726d6d867bd250b35ee7f4ac42dfe09abf41a42e524b46f8793feef

Request headers

Referer: https://www.tmonews.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 15 Apr 2022 14:44:35 GMT
Content-Encoding: gzip
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://www.tmonews.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 358
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 2 KB
2 KB 213ms
213ms XHR
application/json 68.67.179.77
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: d3tglifpd8whs6.cloudfront.net
URL: https://d3tglifpd8whs6.cloudfront.net/js/prebid/tmonews-homepage/tmonews-homepage.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.179.77 Secaucus, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

580.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

9a75c3e9f9a26db4a4d4aa1e7e5aa105412a01ee807ff9aa95848648bac21960

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.tmonews.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain

Response headers

Date: Fri, 15 Apr 2022 14:44:35 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 96.9.249.39; 96.9.249.39; 580.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 1e22b104-9840-4206-a6d7-82185a1ab72d
Server: nginx/1.21.3
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.tmonews.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 360 B
1 KB 106ms
47ms XHR
application/json 68.67.179.77
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: d3tglifpd8whs6.cloudfront.net
URL: https://d3tglifpd8whs6.cloudfront.net/js/prebid/tmonews-homepage/tmonews-homepage.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.179.77 Secaucus, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

580.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

0db83b910a63e14402b531d4b6cc391faa62a238762b70f5fcd7efe915728b13

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.tmonews.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 15 Apr 2022 14:44:35 GMT
X-Proxy-Origin: 96.9.249.39; 96.9.249.39; 580.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid: 6316d23f-4572-4ed6-a22c-f077b9ffffae
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.tmonews.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 360
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 95 B
743 B 209ms
168ms XHR
application/json 23.92.190.68
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_5.15.0
Requested by: Host: d3tglifpd8whs6.cloudfront.net
URL: https://d3tglifpd8whs6.cloudfront.net/js/prebid/tmonews-homepage/tmonews-homepage.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.92.190.68 Charlotte, United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: /
Resource Hash: fbab74bc98f2aecb74475d2b7beb049322404728ad54f608382703ee5b1de635

Request headers

Referer: https://www.tmonews.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain

Response headers

Date: Fri, 15 Apr 2022 14:44:35 GMT
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://www.tmonews.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap2ewr1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 99

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 2 KB
2 KB 270ms
213ms XHR
application/json 68.67.179.77
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: d3tglifpd8whs6.cloudfront.net
URL: https://d3tglifpd8whs6.cloudfront.net/js/prebid/tmonews-homepage/tmonews-homepage.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.179.77 Secaucus, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

580.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

6c7238d00b5967d972b1af4e31b91bf862a061755b1b8ec13dad882ff807832c

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.tmonews.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain

Response headers

Date: Fri, 15 Apr 2022 14:44:35 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 96.9.249.39; 96.9.249.39; 580.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 6f3148c6-c619-4c12-8dfd-232acb68dee9
Server: nginx/1.21.3
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.tmonews.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 340 B
1 KB 87ms
30ms XHR
application/json 68.67.179.77
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: d3tglifpd8whs6.cloudfront.net
URL: https://d3tglifpd8whs6.cloudfront.net/js/prebid/tmonews-homepage/tmonews-homepage.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.179.77 Secaucus, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

580.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

8184fd2fad168d0542ca63664254cdb98fa99803993453274347cb0344cd03fd

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.tmonews.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 15 Apr 2022 14:44:35 GMT
X-Proxy-Origin: 96.9.249.39; 96.9.249.39; 580.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid: e2b77db5-4357-46f7-ac62-d9f6e98ebfd7
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.tmonews.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 340
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 83 KB
28 KB 116ms
49ms Script
text/javascript 142.250.80.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: d3tglifpd8whs6.cloudfront.net
URL: https://d3tglifpd8whs6.cloudfront.net/js/prebid/tmonews-homepage/tmonews-homepage.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.80.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s34-in-f2.1e100.net

Software

sffe /

Resource Hash

44da874709bff63f7566149ec8946973ded7e39f677ac1016488a67650670895

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:44:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28577
x-xss-protection: 0
server: sffe
etag: "1187 / 780 of 1000 / last-modified: 1650021009"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 15 Apr 2022 14:44:35 GMT

GET phonedog-electronics_tag.js
d3ezl4ajpp2zy8.cloudfront.net/ 0
0

GET
H2 200 all.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 81ms
21ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

788b901ac1cf2f21f58683101690b665e9032762d91e59f29f708bb07bdaff42

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:44:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-md5: +zHGrOWwgWDowkshBXeLmg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 1687
x-fb-rlafr: 0
x-fb-debug: N4Ac8ZArOrdEvfsPdfu2Cu1H8kPXX/iCahiUzeB22Oc3bb7Tg3Hn40Bw7N6kBNOenbZL2O9gZl6Mu7evjnrwCg==
x-fb-trip-id: 1512268381
x-fb-content-md5: 3a43818723a3cee8ca8aacbf7d695b74
x-frame-options: DENY
etag: "2af8d2faad5e712c021e594b6edc07fe"
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin: *
expires: Fri, 15 Apr 2022 14:46:23 GMT

GET
H/1.1 200
OK bg-nav.png
www.tmonews.com/wp-content/themes/phonedog-v4/images/ 102 B
516 B 90ms
78ms Image
image/png 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tmonews.com/wp-content/themes/phonedog-v4/images/bg-nav.png

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/wp-content/themes/phonedog-v4/custom.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

f66e96723a5fed514d40358f37251d17d80a07b284728415ee475806555fee06

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/wp-content/themes/phonedog-v4/custom.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:35 GMT
Last-Modified: Thu, 12 May 2016 20:43:14 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=315360000, max-age=31449600, no-transform, public
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 102
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK bg-nav-active.png
www.tmonews.com/wp-content/themes/phonedog-v4/images/ 145 B
559 B 270ms
72ms Image
image/png 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tmonews.com/wp-content/themes/phonedog-v4/images/bg-nav-active.png

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/wp-content/themes/phonedog-v4/custom.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

28269c3d1d5ca3dac09de3bc1f15e51ef6c3f553c809f34e784397e5d55b954d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/wp-content/themes/phonedog-v4/custom.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:36 GMT
Last-Modified: Tue, 05 Jul 2016 20:56:33 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=315360000, max-age=31449600, no-transform, public
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 145
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK bg-hottopics.png
www.tmonews.com/wp-content/themes/phonedog-v4/images/ 123 B
537 B 247ms
77ms Image
image/png 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tmonews.com/wp-content/themes/phonedog-v4/images/bg-hottopics.png

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/wp-content/themes/phonedog-v4/custom.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

b9eb7045246c07ad8d8e31eccff19ed44a53ce5a15c0d2d287a214cd65b4fc83

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/wp-content/themes/phonedog-v4/custom.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:36 GMT
Last-Modified: Tue, 05 Jul 2016 20:56:33 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=315360000, max-age=31449600, no-transform, public
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 123
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK ym.min.js Show response
static.yieldmo.com/ 398 KB
106 KB 215ms
54ms Script
application/javascript 23.52.162.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://static.yieldmo.com/ym.min.js
Requested by: Host: www.tmonews.com
URL: https://www.tmonews.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.52.162.201 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-162-201.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 1a38abc258b9c785c56ece0e8e61fcaf7fadacd671e9a4ab340e9982b290f1c4

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id: KSV_5sicp32Qcbegv8UvfPRbMU9h3Hyx
Content-Encoding: gzip
ETag: "bc39a10b1c8f124b0e0de609e8437f01"
x-amz-request-id: 2CF8XC0DKCHRR9ZP
Transfer-Encoding: chunked
x-amz-replication-status: COMPLETED
Connection: keep-alive, Transfer-Encoding
x-amz-id-2: vMIy3TLQR0v/PxGpBYPv60w9+a+8HeZ8XXeDnDIAMPfdnOeRBAcd5+TF8thY7lnt5WYazKONcwU=
Last-Modified: Tue, 12 Apr 2022 18:27:43 GMT
Server: AmazonS3
Date: Fri, 15 Apr 2022 14:44:36 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=1800
Accept-Ranges: bytes

GET
H/1.1 200
OK bg-latest-news.png
www.tmonews.com/wp-content/themes/phonedog-v4/images/ 731 B
1 KB 263ms
72ms Image
image/png 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tmonews.com/wp-content/themes/phonedog-v4/images/bg-latest-news.png

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/wp-content/themes/phonedog-v4/custom.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

84989ff4b642f4c374a1b9e027e702c9d40517d833e28f95ef9ec0ec5aa9d2bb

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/wp-content/themes/phonedog-v4/custom.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:36 GMT
Last-Modified: Thu, 12 May 2016 20:43:14 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=315360000, max-age=31449600, no-transform, public
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 731
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK share-widget-buttons.png
www.tmonews.com/wp-content/themes/phonedog-v4/images/ 2 KB
2 KB 287ms
73ms Image
image/png 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tmonews.com/wp-content/themes/phonedog-v4/images/share-widget-buttons.png

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/wp-content/themes/phonedog-v4/custom.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

499d5f4acd054d657485cafe64a7a3aa19503432d0803a58395e93dd6888db1f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/wp-content/themes/phonedog-v4/custom.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:36 GMT
Last-Modified: Tue, 05 Jul 2016 20:56:33 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=315360000, max-age=31449600, no-transform, public
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2105
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 102c02a9eaf69cb2a6e6b18ce826828e74b3b71d38913f2478a2b0c9b0739e01

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H/1.1 200
OK icomoon.woff
www.tmonews.com/wp-content/themes/phonedog-v4/phonetool/css/fonts/icons/ 13 KB
13 KB 144ms
73ms Font
application/font-woff 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tmonews.com/wp-content/themes/phonedog-v4/phonetool/css/fonts/icons/icomoon.woff?1446220656

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/wp-content/themes/phonedog-v4/phonetool/css/phonetool.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

3196efa005510fadc0d0ba8a953342aa3ded831148148df8831dbfccfa081b32

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

Referer: https://www.tmonews.com/wp-content/themes/phonedog-v4/phonetool/css/phonetool.css
Origin: https://www.tmonews.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:35 GMT
Last-Modified: Mon, 02 Nov 2015 21:49:51 GMT
Server: nginx
Content-Type: application/font-woff
Cache-Control: max-age=315360000, max-age=31449600, no-transform, public
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 12940
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 fontawesome-webfont.woff
maxcdn.bootstrapcdn.com/font-awesome/4.2.0/fonts/ 64 KB
65 KB 65ms
37ms Font
font/woff 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.2.0/fonts/fontawesome-webfont.woff?v=4.2.0

Requested by

Host: maxcdn.bootstrapcdn.com
URL: https://maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

199411f659f41aaccb959bacb1b0de30e54f244352a48c6f9894e65ae0f8a9a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css
Origin: https://www.tmonews.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:44:35 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 617
age: 9865129
cdn-proxyver: 1.0
cdn-cachedat: 10/15/2021 15:17:09
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 65452
timing-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:53 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: font/woff
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 5781c609aa40fa5aa439acdfae5fb16c
cdn-requestcountrycode: US
accept-ranges: bytes
cf-ray: 6fc575cc49d19dff-EWR
cdn-cache: HIT
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 i.js Show response
load.instinctiveads.com/ 14 B
627 B 105ms
36ms Script
application/javascript 2606:4700:3031::ac43:9a6d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://load.instinctiveads.com/i.js
Requested by: Host: a.fsdn.com
URL: https://a.fsdn.com/con/js/sftheme/cmp2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:9a6d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 56a0d246c8fde9d7701441328de88b8d1480f9cb4c6439cbe1d5c84c2dac51ca

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:44:35 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 3801
etag: "632ed29a84a339329199b2affd3b47ec"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y527etKhvnwJnjWBevE6ECUXSrogEbMjmFsdF43Tpn0FnpJDesY6qJa3aT4moxS7i2v4gvckCEOF6qicxNblmCE7l%2BBVE49iVtVflXsM16HOVJQ7ygrCLI0aDj4vQG573jx401pmkdTYgsllJSroyYprXubLYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=0, must-revalidate
accept-ranges: bytes
cf-ray: 6fc575ccd883f025-EWR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 14

GET
H/1.1 200
OK site-139274.js Show response
ads.pro-market.net/ads/scripts/ 4 KB
2 KB 132ms
26ms Script
application/x-javascript 23.215.130.80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pro-market.net/ads/scripts/site-139274.js
Requested by: Host: a.fsdn.com
URL: https://a.fsdn.com/con/js/sftheme/cmp2.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.215.130.80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-215-130-80.deploy.static.akamaitechnologies.com
Software: nginx/1.0.15 /
Resource Hash: 087acefdf6ffa81b54a6c18faeba863e3358d30329afad824af34d1ee50d8992

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:36 GMT
Content-Encoding: gzip
Last-Modified: Wed, 24 Jul 2019 12:30:46 GMT
Server: nginx/1.0.15
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=86400
Connection: keep-alive
Content-Length: 1721

GET
H2 200 76923X1530375.skimlinks.js Show response
s.skimresources.com/js/ 49 KB
19 KB 65ms
17ms Script
application/octet-stream 151.139.128.11
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://s.skimresources.com/js/76923X1530375.skimlinks.js
Requested by: Host: a.fsdn.com
URL: https://a.fsdn.com/con/js/sftheme/cmp2.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0344342eef20413e362317203b636c06225787606fee95457bf991eaac4671f3

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:44:35 GMT
content-encoding: gzip
last-modified: Tue, 15 Mar 2022 10:37:46 GMT
server: AmazonS3
x-amz-request-id: 1ZS3H3QFTA2P8HYN
etag: "e0b97ebbcc391ab3c5e1642d8b580aae"
x-hw: 1650033875.cds002.tr2.hn,1650033875.cds010.tr2.c
content-type: application/octet-stream
cache-control: max-age=3600
accept-ranges: bytes
content-length: 18857
x-amz-id-2: HBcicFkqrPrL6RJn2ErUpC6bqIX9YTlPCk/1sG9ZUVsJL+eN9K4LphlcsVfaPJrHUrwy+q5+AXk=

GET
H2 200 tag.aspx Show response
ml314.com/ 31 KB
32 KB 66ms
21ms Script
application/javascript 34.111.234.236
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/tag.aspx?1532022
Requested by: Host: www.tmonews.com
URL: https://www.tmonews.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.234.236 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 236.234.111.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 75d893335a1d25db1bf02e25ab904d97a3af743128850d8566b93d197e56e9e9

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 13:45:07 GMT
age: 3568
x-guploader-uploadid: ADPycdvgnhatYZIsB1Vz_Epr3nx5-W1qPQ09_qtUB8_32vgW_A_6sYQAXBn3qPLjc1VA9cF2ADXeZtM3VnMH7dZUOp_OnQrw0qK_
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: clear
content-length: 32025
last-modified: Mon, 04 Apr 2022 15:43:44 GMT
server: UploadServer
cache-control: public,max-age=3600
etag: "25b1f355dd487bdf5381a749056080c4"
x-goog-hash: crc32c=dPpbog==, md5=JbHzVd1Ie99TgadJBWCAxA==
x-goog-generation: 1649087024620619
cache-id: LGA-991dec68
x-cache-hit: hit
x-goog-stored-content-length: 32025
accept-ranges: bytes
content-type: application/javascript

GET
H/1.1 200 s1.js Show response
tag.crsspxl.com/ 2 KB
1 KB 120ms
26ms Script
text/javascript 34.232.140.51
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.crsspxl.com/s1.js?d=43&cb=1650033875892
Requested by: Host: www.tmonews.com
URL: https://www.tmonews.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.232.140.51 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-232-140-51.compute-1.amazonaws.com
Software: /
Resource Hash: 974cb0465b86e42678a5d487cfe6c07bb5a2b0328a24b9771c5a29c1147a5630

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:35 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
Content-Type: text/javascript
Vary: Accept-Encoding
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT", CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

GET
H/1.1 200
OK piwik.js Show response
analytics.tmonews.com/ 64 KB
22 KB 343ms
159ms Script
application/javascript 216.105.38.9
AIS-WEST

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tmonews.com/piwik.js
Requested by: Host: www.tmonews.com
URL: https://www.tmonews.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 216.105.38.9 , United States, ASN6130 (AIS-WEST, US),
Reverse DNS
Software: nginx /
Resource Hash: 5c166a5d40aeefd0679a14f95e47ff28824e66abba82adfa30be41803cc25632

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:36 GMT
Content-Encoding: gzip
Last-Modified: Mon, 19 Nov 2018 03:20:15 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=2592000, max-age=31449600, no-transform, public
Connection: keep-alive
Content-Length: 22303
Expires: Sun, 15 May 2022 14:44:36 GMT

GET
H/1.1 200
OK geo.php Show response
www.tmonews.com/ 2 B
450 B 309ms
82ms XHR
text/html 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tmonews.com/geo.php

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/wp-includes/js/jquery/jquery.js?ver=1.12.4

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

9b202ecbc6d45c6d8901d989a918878397a3eb9d00e8f48022fc051b19d21a1d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

Accept: text/plain, */*; q=0.01
Referer: https://www.tmonews.com/
X-Requested-With: XMLHttpRequest
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 15 Apr 2022 14:44:36 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding
X-Cache: BYPASS
Content-Type: text/html; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
X-Cache-Test: 1
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Transfer-Encoding: chunked

GET
H/1.1 200
OK voip_compare.php Show response
www.tmonews.com/ 6 KB
3 KB 314ms
96ms XHR
text/html 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tmonews.com/voip_compare.php?type=main&id=676

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/wp-includes/js/jquery/jquery.js?ver=1.12.4

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

eea4934186ca71253445603b4d23175a8cda0562742c7338aa4e9f6e0a43e434

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

Accept: text/html, */*; q=0.01
Referer: https://www.tmonews.com/
X-Requested-With: XMLHttpRequest
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 15 Apr 2022 14:44:36 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding
X-Cache: BYPASS
Content-Type: text/html; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
X-Cache-Test: 1
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Transfer-Encoding: chunked

GET
H/1.1 200
OK count.js Show response
www.tmonews.com/wp-content/plugins/disqus-comment-system/media/js/ 841 B
1 KB 104ms
74ms XHR
application/javascript 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tmonews.com/wp-content/plugins/disqus-comment-system/media/js/count.js?ver=4.5.3

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/wp-includes/js/jquery/jquery.js?ver=1.12.4

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

3e38edd06ba18feece3a68f21026afaee36ee4422def14de88f348a25f2effd7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer: https://www.tmonews.com/
X-Requested-With: XMLHttpRequest
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:35 GMT
Last-Modified: Thu, 12 May 2016 20:43:10 GMT
Server: nginx
Content-Type: application/javascript
Cache-Control: max-age=2592000, max-age=31449600, no-transform, public
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 841
Expires: Sun, 15 May 2022 14:44:35 GMT

GET
H/1.1 200
OK count.js Show response
tmonews.disqus.com/ 1 KB
2 KB 104ms
25ms Script
application/javascript 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://tmonews.disqus.com/count.js

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:36 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 88
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 871
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 11 Apr 2022 19:06:38 GMT
Server: nginx
ETag: "62547c3e-367"
Strict-Transport-Security: max-age=300; includeSubdomains
Content-Type: application/javascript; charset=utf-8
Cache-Control: public, max-age=300
X-Amz-Cf-Pop: DFW3-C1
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
X-Amz-Cf-Id: Ru_Vq-WyL-atLN-kAGhR0-KVytPL_WDKXW4uNSnyvvuIVKkPvCFqnA==

GET
H3 200 all.js Show response
connect.facebook.net/en_US/ 284 KB
81 KB 46ms
21ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js?hash=95f03f4bb14a654b7051dd22d4055fb0

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

2db93501ec065f44da352de49a892a37f979a3843371a8b92c66d8361b442af3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.tmonews.com/
Origin: https://www.tmonews.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: 9xwTKPnBr7TdNIS7PItzqA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
expires: Sat, 15 Apr 2023 13:47:05 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 82867
x-fb-rlafr: 0
x-fb-debug: cozSK6eMtrfdM/jGXo5gtKYVDI9I3NFjlZzWFJIHYVwE7mG0uv1mwxlqAQwfYLBXLwJB37S0MQkPx0JmIWrJpA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: 17181f56df1ed7f10d7bcf7100ddfbfc
cross-origin-opener-policy: same-origin-allow-popups
date: Fri, 15 Apr 2022 14:44:36 GMT
x-frame-options: DENY
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "8d8a55e215b977ec4e738a0f1ae5830c"
timing-allow-origin: *
priority: u=3,i
access-control-expose-headers: X-FB-Content-MD5

GET
H2 200 utsync.ashx Show response
ml314.com/ 644 B
1 KB 36ms
36ms Script
application/javascript 34.111.234.236
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/utsync.ashx?pub=&adv=&et=0&eid=52620&ct=js&pi=&fp=&clid=&if=0&ps=&cl=&mlt=&data=&&cp=https%3A%2F%2Fwww.tmonews.com%2F&pv=1650033876060_xym1w2hu6&bl=en-us&cb=7557338&return=&ht=&d=&dc=&si=1650033876060_xym1w2hu6&cid=&s=1600x1200&rp=&v=2.5.1.2
Requested by: Host: ml314.com
URL: https://ml314.com/tag.aspx?1532022
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.234.236 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 236.234.111.34.bc.googleusercontent.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: fabcac79aac9f8bdd2acc7d65d31611fcca830d2b8ab9aa2677886bbbd11d750

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:35 GMT
via: 1.1 google
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
p3p: CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
cache-control: private
content-type: application/javascript; charset=utf-8
alt-svc: clear
content-length: 644
expires: 0

GET
H3 200 pubads_impl_2022041301.js Show response
securepubads.g.doubleclick.net/gpt/ 362 KB
123 KB 54ms
26ms Script
text/javascript 142.250.80.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js?cb=31067132

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s34-in-f2.1e100.net

Software

sffe /

Resource Hash

638d2f5ba5cf501a58131a42efe30aa2c2154904b0654a517cce4baeef308022

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 10:52:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 100326
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 125956
x-xss-protection: 0
last-modified: Wed, 13 Apr 2022 08:34:59 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 14 Apr 2023 10:52:30 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 159 B
136 B 64ms
35ms XHR
application/json 142.250.80.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.tmonews.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s34-in-f2.1e100.net

Software

cafe /

Resource Hash

fb71537dd0cf24fa57319e58e4dcf9978543f094861e5306f6142ab6473de2dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 15 Apr 2022 14:44:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 111
x-xss-protection: 0
expires: Fri, 15 Apr 2022 14:44:36 GMT

GET
H2 200 engine Show response
pbid.pro-market.net/ Frame 59E0 401 B
702 B 114ms
59ms Document
text/html 2600:1901:0:8eee::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pbid.pro-market.net/engine?site=139274;size=1x1;e=0;dt=0;category=uuffvwb;kw=u-dgsi4m%20hkao0%2C%206h7vnk%20aol%20fvwb;rnd=(1650033876097)
Requested by: Host: ads.pro-market.net
URL: https://ads.pro-market.net/ads/scripts/site-139274.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:8eee:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 0d25b2e34481eb72ef8fa31a0d00d28755be397330093f038b9987a058e05d63

Request headers

Referer: https://www.tmonews.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

access-control-allow-origin: *
alt-svc: clear
anserver: gapp2
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: text/html
date: Fri, 15 Apr 2022 14:44:36 GMT
expires: Mon, 1 Jan 1990 0:0:0 GMT
p3p: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
pragma: no-cache
server: Apache-Coyote/1.1
vary: Accept-Encoding
via: 1.1 google

GET
H2 206 robots.txt
t.skimresources.com/api/v2/ Frame B389 0
102 B 99ms
53ms Image
text/plain 35.201.67.47
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.skimresources.com/api/v2/robots.txt?__skimjs_preflight__please_ignore__=true&rnd=0.8729345998594382
Requested by: Host: www.tmonews.com
URL: https://www.tmonews.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.67.47 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 47.67.201.35.bc.googleusercontent.com
Software: Python/3.7 aiohttp/3.5.4 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:44:36 GMT
via: 1.1 google
server: Python/3.7 aiohttp/3.5.4
alt-svc: clear
content-length: 0
content-type: text/plain charset=UTF-8

GET
H2 200 px.gif
p.skimresources.com/ 43 B
244 B 107ms
39ms Image
image/gif 35.190.91.160
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.skimresources.com/px.gif?ch=1&rn=2.543155155809824
Requested by: Host: www.tmonews.com
URL: https://www.tmonews.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.91.160 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 160.91.190.35.bc.googleusercontent.com
Software: Skimlinks Pixel 1.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:44:36 GMT
via: 1.1 google
server: Skimlinks Pixel 1.0
p3p: policyref="http://skimlinks.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
alt-svc: clear
content-length: 43
content-type: image/gif

GET
H2 200 px.gif
p.skimresources.com/ 43 B
102 B 107ms
40ms Image
image/gif 35.190.91.160
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.skimresources.com/px.gif?ch=2&rn=2.543155155809824
Requested by: Host: www.tmonews.com
URL: https://www.tmonews.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.91.160 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 160.91.190.35.bc.googleusercontent.com
Software: Skimlinks Pixel 1.0 /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:44:36 GMT
via: 1.1 google
server: Skimlinks Pixel 1.0
p3p: policyref="http://skimlinks.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
alt-svc: clear
content-length: 43
content-type: image/gif

POST
H2 200 / Show response
r.skimresources.com/api/ 150 B
342 B 90ms
39ms XHR
application/json 35.190.59.101
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r.skimresources.com/api/

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/76923X1530375.skimlinks.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.59.101 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

101.59.190.35.bc.googleusercontent.com

Software

openresty/1.11.2.5 /

Resource Hash

aa9742f8cd67f33c24c49a89a47895b1395f3c328f4bd9aa345cd604ff7a1fe8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.tmonews.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

date: Fri, 15 Apr 2022 14:44:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: openresty/1.11.2.5
strict-transport-security: max-age=31536000
content-type: application/json
access-control-allow-origin: https://www.tmonews.com
vary: Accept-Encoding
access-control-allow-credentials: true
alt-svc: clear
via: 1.1 google

GET
H2

200

rid Show response
match.adsrvr.org/track/
Redirect Chain

https://matchadsrvr.yieldmo.com/track/rid?ttd_pid=yieldmo&fmt=json
https://match.adsrvr.org/track/rid?ttd_pid=yieldmo&fmt=json

108 B
634 B

30ms
29ms

XHR
application/json

52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=yieldmo&fmt=json
Requested by: Host: www.tmonews.com
URL: https://www.tmonews.com/
Protocol: H2
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 0f31ba25d5fed838d82d226372cdaa2e4a1d54a0c87fe79086283897b060c7f0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:44:36 GMT
x-aspnet-version: 4.0.30319
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length: 108
expires: Sun, 15 May 2022 14:44:36 GMT

Redirect headers

Date: Fri, 15 Apr 2022 14:44:36 GMT
Server: AkamaiGHost
Location: https://match.adsrvr.org/track/rid?ttd_pid=yieldmo&fmt=json
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: https://www.tmonews.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 0

GET
H2 200 ads Show response
ads.yieldmo.com/v002/t_ads/ 520 B
891 B 107ms
28ms XHR
application/json 34.199.75.209
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.yieldmo.com/v002/t_ads/ads?bust=1650033876193&_s=1&e=0&v=9.16.0-339&page_url=https%3A%2F%2Fwww.tmonews.com%2F&p=672859391481552762&description=Unofficial%20T-Mobile%20Blog%2C%20News%2C%20Videos%2C%20Articles%20and%20more&title=TmoNews%20-%20Unofficial%20T-Mobile%20Blog%2C%20News%2C%20Videos%2C%20Articles%20and%20more&dnt=false&scrd=1&h=1200&w=1600&lane=ym.min&pft=1650033876193&ct=1650033876154&pl_h=3499&pl_w=660&connect=4g&bwe=10Mb%2Fsec&rtt=0&sd=false
Requested by: Host: static.yieldmo.com
URL: https://static.yieldmo.com/ym.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.199.75.209 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-199-75-209.compute-1.amazonaws.com
Software: /
Resource Hash: b219826811e65b7c7ecd8af8b825115354b55f7a735908c78925289684c52e05

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:36 GMT
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.tmonews.com
access-control-allow-credentials: true
content-length: 520
access-control-request-headers: Cache-Control, Pragma

GET
H/1.1

200
OK

demconf.jpg
dpm.demdex.net/
Redirect Chain

https://dpm.demdex.net/ibs:dpid=22052&dpuuid=3626527436432211975&redir=
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=22052&dpuuid=3626527436432211975&redir=

42 B
943 B

36ms
35ms

Image
image/gif

54.205.31.112
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=22052&dpuuid=3626527436432211975&redir=

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Server

54.205.31.112 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-205-31-112.compute-1.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

DCS: dcs-prod-va6-1-v031-09247c017.edge-va6.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: xny+IIa0RS0=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-va6-1-v031-0efd9fd4f.edge-va6.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: QIQsT6UbQcI=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=22052&dpuuid=3626527436432211975&redir=
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2

200

csync.ashx
ml314.com/
Redirect Chain

https://idsync.rlcdn.com/395886.gif?partner_uid=3626527436432211975
https://idsync.rlcdn.com/1000.gif?memo=CO6UGBIeChoIARCuXxoTMzYyNjUyNzQzNjQzMjIxMTk3NRAAGg0I1InmkgYSBQjoBxAAQgBKAA
https://ml314.com/csync.ashx?fp=66d87356ce7144c60ea74a4389146dc7c191f1353b8976cf83651c29daeaf9b6f4cb09cee1a4f8eb&person_id=3626527436432211975&eid=50082

43 B
105 B

31ms
30ms

Image
image/gif

34.111.234.236
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ml314.com/csync.ashx?fp=66d87356ce7144c60ea74a4389146dc7c191f1353b8976cf83651c29daeaf9b6f4cb09cee1a4f8eb&person_id=3626527436432211975&eid=50082
Requested by: Host: www.tmonews.com
URL: https://www.tmonews.com/
Protocol: H2
Server: 34.111.234.236 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 236.234.111.34.bc.googleusercontent.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:44:36 GMT
via: 1.1 google
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: image/gif
cache-control: private
alt-svc: clear
content-length: 43
expires: Sat, 16 Apr 2022 10:44:36 GMT

Redirect headers

date: Fri, 15 Apr 2022 14:44:36 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://ml314.com/csync.ashx?fp=66d87356ce7144c60ea74a4389146dc7c191f1353b8976cf83651c29daeaf9b6f4cb09cee1a4f8eb&person_id=3626527436432211975&eid=50082
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2

200

csync.ashx
ml314.com/
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=d0tro1j&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=d0tro1j&ttd_tpi=1
https://ml314.com/utsync.ashx?eid=53819&et=0&fp=e3a32df7-082c-4f28-a4a9-54fe7e4ab411&gdpr=0&gdpr_consent=
https://ml314.com/csync.ashx?fp=e3a32df7-082c-4f28-a4a9-54fe7e4ab411&person_id=3626527436432211975&eid=53819

43 B
105 B

33ms
33ms

Image
image/gif

34.111.234.236
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ml314.com/csync.ashx?fp=e3a32df7-082c-4f28-a4a9-54fe7e4ab411&person_id=3626527436432211975&eid=53819
Requested by: Host: www.tmonews.com
URL: https://www.tmonews.com/
Protocol: H2
Server: 34.111.234.236 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 236.234.111.34.bc.googleusercontent.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:44:35 GMT
via: 1.1 google
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: image/gif
cache-control: private
alt-svc: clear
content-length: 43
expires: Sat, 16 Apr 2022 10:44:36 GMT

Redirect headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:35 GMT
via: 1.1 google
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
p3p: CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
location: https://ml314.com/csync.ashx?fp=e3a32df7-082c-4f28-a4a9-54fe7e4ab411&person_id=3626527436432211975&eid=53819
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: clear
content-length: 43
expires: 0,Sat, 16 Apr 2022 10:44:36 GMT

GET
H2

200

csync.ashx
ml314.com/
Redirect Chain

https://sync.crwdcntrl.net/map/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D3626527436432211975
https://sync.crwdcntrl.net/map/ct=y/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D3626527436432211975
https://ml314.com/csync.ashx?fp=4259660a8fe22f80cfec912d4c683dd4&eid=50146&person_id=3626527436432211975

43 B
139 B

29ms
29ms

Image
image/gif

34.111.234.236
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ml314.com/csync.ashx?fp=4259660a8fe22f80cfec912d4c683dd4&eid=50146&person_id=3626527436432211975
Requested by: Host: www.tmonews.com
URL: https://www.tmonews.com/
Protocol: H2
Server: 34.111.234.236 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 236.234.111.34.bc.googleusercontent.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:44:35 GMT
via: 1.1 google
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: image/gif
cache-control: private
alt-svc: clear
content-length: 43
expires: Sat, 16 Apr 2022 10:44:36 GMT

Redirect headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:36 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location: https://ml314.com/csync.ashx?fp=4259660a8fe22f80cfec912d4c683dd4&eid=50146&person_id=3626527436432211975
cache-control: no-cache
x-server: 10.40.32.189
content-length: 0
expires: 0

GET
H/1.1

200
OK

match
ps.eyeota.net/
Redirect Chain

https://ps.eyeota.net/pixel?pid=r8hrb20&t=gif
https://ps.eyeota.net/pixel/bounce/?pid=r8hrb20&t=gif
https://ml314.com/utsync.ashx?eid=50052&et=0&fp=25EqPmsYOJndpr2JaQiRNukgKqT8Pa5yvMpnwuDfsDMc&gdpr=0&gdpr_consent=&return=https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fbid%3Dr8hrb20%26uid%3Dnil%26referrer_p...
https://ml314.com/csync.ashx?fp=25EqPmsYOJndpr2JaQiRNukgKqT8Pa5yvMpnwuDfsDMc&person_id=3626527436432211975&eid=50052&return=https%3a%2f%2fps.eyeota.net%2fmatch%3fbid%3dr8hrb20%26uid%3dnil%26referre...
https://ps.eyeota.net/match?bid=r8hrb20&uid=nil&referrer_pid=r8hrb20

70 B
440 B

62ms
61ms

Image
image/gif

3.230.62.22
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ps.eyeota.net/match?bid=r8hrb20&uid=nil&referrer_pid=r8hrb20
Requested by: Host: www.tmonews.com
URL: https://www.tmonews.com/
Protocol: HTTP/1.1
Server: 3.230.62.22 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-230-62-22.compute-1.amazonaws.com
Software: /
Resource Hash: de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:36 GMT
Content-Type: image/gif
Content-Length: 70
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

Redirect headers

date: Fri, 15 Apr 2022 14:44:36 GMT
via: 1.1 google
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: text/html; charset=utf-8
location: https://ps.eyeota.net/match?bid=r8hrb20&uid=nil&referrer_pid=r8hrb20
cache-control: private
alt-svc: clear
content-length: 193
expires: Sat, 16 Apr 2022 10:44:36 GMT

GET
H2 200 status
www.facebook.com/x/oauth/ 0
0 91ms
33ms Fetch
text/plain 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/x/oauth/status?client_id=182434055141825&input_token&origin=1&redirect_uri=https%3A%2F%2Fwww.tmonews.com%2F&sdk=joey&wants_cookie_data=false

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js?hash=95f03f4bb14a654b7051dd22d4055fb0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: sUWeEf3ZuGqhBEspChleOtAT67Nn8Np68SQ5035RPmlnb+p0lLunNAlBGo8yPP0RzmdM7AFiOMke8spU3XWi/g==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
fb-s: unknown
date: Fri, 15 Apr 2022 14:44:36 GMT
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.tmonews.com
access-control-expose-headers: fb-s
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK count-data.js Show response
tmonews.disqus.com/ 851 B
1 KB 22ms
22ms Script
application/javascript 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://tmonews.disqus.com/count-data.js?1=53726%20https%3A%2F%2Fwww.tmonews.com%2F%3Fp%3D53726&1=53729%20https%3A%2F%2Fwww.tmonews.com%2F%3Fp%3D53729&1=53732%20https%3A%2F%2Fwww.tmonews.com%2F%3Fp%3D53732&1=53735%20https%3A%2F%2Fwww.tmonews.com%2F%3Fp%3D53735&1=53739%20https%3A%2F%2Fwww.tmonews.com%2F%3Fp%3D53739&1=53742%20https%3A%2F%2Fwww.tmonews.com%2F%3Fp%3D53742&1=53745%20https%3A%2F%2Fwww.tmonews.com%2F%3Fp%3D53745&1=53748%20https%3A%2F%2Fwww.tmonews.com%2F%3Fp%3D53748&1=53753%20https%3A%2F%2Fwww.tmonews.com%2F%3Fp%3D53753&1=53756%20https%3A%2F%2Fwww.tmonews.com%2F%3Fp%3D53756

Requested by

Host: tmonews.disqus.com
URL: https://tmonews.disqus.com/count.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

e29b31bb8cdc8443855c48062f8ebb1ba10e630fcdfe677cbce851c6ebc86ab9

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:36 GMT
X-Content-Type-Options: nosniff
Server: nginx
Age: 118
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Vary: Accept-Encoding
Cache-Control: public, max-age=600
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Type: application/javascript; charset=UTF-8
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 851
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK count-data.js Show response
tmonews.disqus.com/ 338 B
921 B 22ms
22ms Script
application/javascript 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://tmonews.disqus.com/count-data.js?1=53762%20https%3A%2F%2Fwww.tmonews.com%2F%3Fp%3D53762&1=53764%20https%3A%2F%2Fwww.tmonews.com%2F%3Fp%3D53764

Requested by

Host: tmonews.disqus.com
URL: https://tmonews.disqus.com/count.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

a5254602a95ce7f504195698ebe0472143f9ce1632333fc913e838aaead7416a

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:36 GMT
X-Content-Type-Options: nosniff
Server: nginx
Age: 118
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Vary: Accept-Encoding
Cache-Control: public, max-age=600
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Content-Type: application/javascript; charset=UTF-8
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 338
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK wireless_plans_listing.js Show response
www.tmonews.com/wp-content/uploads/json/ 189 KB
189 KB 81ms
80ms XHR
application/javascript 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tmonews.com/wp-content/uploads/json/wireless_plans_listing.js

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/wp-includes/js/jquery/jquery.js?ver=1.12.4

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

ed9e64ad307370012bd73266c87c7592a5b13e6f0daefbc1b455dc17bf35776d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.tmonews.com/
X-Requested-With: XMLHttpRequest
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:36 GMT
Last-Modified: Thu, 19 Nov 2015 18:42:38 GMT
Server: nginx
Content-Type: application/javascript
Cache-Control: max-age=14400
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 193083
Expires: Fri, 15 Apr 2022 18:44:36 GMT

GET
H/1.1 200
OK wireless_phones_listing.js Show response
www.tmonews.com/wp-content/uploads/json/ 2 MB
2 MB 79ms
79ms XHR
application/javascript 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tmonews.com/wp-content/uploads/json/wireless_phones_listing.js

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/wp-includes/js/jquery/jquery.js?ver=1.12.4

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

b4a068d964954d1d62d670c61f0ab282999579a58c71ec8c3c1acf6b062c8991

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.tmonews.com/
X-Requested-With: XMLHttpRequest
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:36 GMT
Last-Modified: Thu, 19 Nov 2015 18:42:38 GMT
Server: nginx
Content-Type: application/javascript
Cache-Control: max-age=14400
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1716747
Expires: Fri, 15 Apr 2022 18:44:36 GMT

GET
H/1.1 200
OK arrow.png
www.tmonews.com/wp-content/themes/phonedog-v4/images/ 349 B
763 B 84ms
83ms Image
image/png 147.203.62.4
AIS-WEST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tmonews.com/wp-content/themes/phonedog-v4/images/arrow.png

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/wp-content/themes/phonedog-v4/custom.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.62.4 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

eab882f746044fa5a5624215b4027f1f74f97268c7c8794b9fc81beaf9f56837

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/wp-content/themes/phonedog-v4/custom.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:36 GMT
Last-Modified: Mon, 09 Oct 2017 21:54:21 GMT
Server: nginx
Content-Type: image/png
Cache-Control: max-age=315360000, max-age=31449600, no-transform, public
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 349
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK ai.php
a.tmonews.com/www/delivery/ 920 B
1 KB 314ms
79ms Image
image/gif 147.203.60.11
AIS-WEST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.tmonews.com/www/delivery/ai.php?filename=voipo_display_51.gif&contenttype=gif

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.60.11 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

d990cc0d4e57dd0349bb2713238c23eeb69f918821e3f0cef41f12c54e44bb18

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests
X-Content-Type-Options	nosniff
X-Frame-Options	SameOrigin

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:36 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 03 Nov 2017 17:38:33 GMT
Server: nginx
X-Frame-Options: SameOrigin
Content-Type: image/gif; name=voipo_display_51.gif
Transfer-Encoding: chunked
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive

GET
H/1.1 200
OK lg.php
a.tmonews.com/www/delivery/ 43 B
557 B 316ms
82ms Image
image/gif 147.203.60.11
AIS-WEST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.tmonews.com/www/delivery/lg.php?bannerid=22056&campaignid=2153&zoneid=5593&cb=b935090d4f

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.60.11 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests
X-Content-Type-Options	nosniff
X-Frame-Options	SameOrigin

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 15 Apr 2022 14:44:36 GMT
X-Content-Type-Options: nosniff
Server: nginx
X-Frame-Options: SameOrigin
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, max-age=0, no-cache
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK ai.php
a.tmonews.com/www/delivery/ 6 KB
6 KB 331ms
86ms Image
image/png 147.203.60.11
AIS-WEST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.tmonews.com/www/delivery/ai.php?filename=120-60_88.png&contenttype=png

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.60.11 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

647fa5842a1d6bda583722e91d327e27c709aab0a087a5c6a783080ab87bbe88

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests
X-Content-Type-Options	nosniff
X-Frame-Options	SameOrigin

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:36 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 08 Jun 2018 14:54:51 GMT
Server: nginx
X-Frame-Options: SameOrigin
Content-Type: image/png; name=120-60_88.png
Transfer-Encoding: chunked
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive

GET
H/1.1 200
OK lg.php
a.tmonews.com/www/delivery/ 43 B
557 B 315ms
84ms Image
image/gif 147.203.60.11
AIS-WEST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.tmonews.com/www/delivery/lg.php?bannerid=23044&campaignid=2225&zoneid=5597&cb=9bc2259310

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.60.11 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests
X-Content-Type-Options	nosniff
X-Frame-Options	SameOrigin

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 15 Apr 2022 14:44:36 GMT
X-Content-Type-Options: nosniff
Server: nginx
X-Frame-Options: SameOrigin
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, max-age=0, no-cache
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK lg.php
a.tmonews.com/www/delivery/ 43 B
557 B 312ms
83ms Image
image/gif 147.203.60.11
AIS-WEST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.tmonews.com/www/delivery/lg.php?bannerid=22973&campaignid=3475&zoneid=19036&loc=1&cb=7baa03345c

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.203.60.11 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests
X-Content-Type-Options	nosniff
X-Frame-Options	SameOrigin

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 15 Apr 2022 14:44:36 GMT
X-Content-Type-Options: nosniff
Server: nginx
X-Frame-Options: SameOrigin
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, max-age=0, no-cache
Content-Security-Policy: frame-ancestors 'self'; upgrade-insecure-requests
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6e9ba0d958d161dbc077072c991a79599a4e255f5013f8df57e77a53338ade44

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK dda4-1-9.js Show response
ads.pro-market.net/ads/scripts/ Frame 59E0 28 KB
9 KB 23ms
23ms Script
application/x-javascript 23.215.130.80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pro-market.net/ads/scripts/dda4-1-9.js
Requested by: Host: pbid.pro-market.net
URL: https://pbid.pro-market.net/engine?site=139274;size=1x1;e=0;dt=0;category=uuffvwb;kw=u-dgsi4m%20hkao0%2C%206h7vnk%20aol%20fvwb;rnd=(1650033876097)
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.215.130.80 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-215-130-80.deploy.static.akamaitechnologies.com
Software: nginx/1.0.15 /
Resource Hash: eaca34baacf359f13ec762af7805f85632d51ca4b2a59c04da909f4f225c9202

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pbid.pro-market.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:36 GMT
Content-Encoding: gzip
Last-Modified: Thu, 05 Aug 2021 08:18:28 GMT
Server: nginx/1.0.15
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=31536000
Connection: keep-alive
Content-Length: 8487

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 103ms
36ms Script
application/javascript 2607:f8b0:4006:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.tmonews.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js?cb=31067132

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 15 Apr 2022 14:44:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
442 B 136ms
79ms Image
image/gif 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_paw&pvsid=1608491980794987&vrg=2022041301&nw_id=41014381&nslots=6&eid=31067070%2C31067132%2C44759849%2C31062931&pub_url=https%3A%2F%2Fwww.tmonews.com%2F&sig=1&req=0&req_cnt=6&dm=8

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 43 KB
11 KB 1756ms
1755ms XHR
text/plain 142.250.80.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1608491980794987&correlator=916236044817486&eid=31067070%2C31067132%2C44759849%2C31062931&output=ldjh&gdfp_req=1&vrg=2022041301&ptt=17&impl=fif&iu_parts=41014381%2CTmoNews%2CTMO_HP_728x90_A&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=970x280%7C728x90&ifi=1&adks=2140514718&sfv=1-0-38&fsfs=1&fsbs=1&ecs=20220415&fsapi=false&cust_params=usingSafeFrame%3D1&sc=1&cookie_enabled=1&abxe=1&dt=1650033876320&lmt=1650033876&dlt=1650033874838&idt=1433&biw=1600&bih=1200&adxs=300&adys=226&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fwww.tmonews.com%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=1000x14&msz=1000x14&fws=4&ohw=1000&ga_vid=348889931.1650033876&ga_sid=1650033876&ga_hid=1206474778&ga_fc=false&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js?cb=31067132

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s34-in-f2.1e100.net

Software

cafe /

Resource Hash

385997a68810ee61dbe7378aa2d5a42e2d44145394b5a18db3665ee13af97c37

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:44:38 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11074
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.tmonews.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 14 KB
8 KB 1016ms
1015ms XHR
text/plain 142.250.80.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1608491980794987&correlator=916236044817486&eid=31067070%2C31067132%2C44759849%2C31062931&output=ldjh&gdfp_req=1&vrg=2022041301&ptt=17&impl=fif&iu_parts=41014381%2CTmoNews%2CTMO_HP_728x90_B&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90&ifi=2&adks=1257902694&sfv=1-0-38&fsfs=1&fsbs=1&ecs=20220415&fsapi=false&cust_params=usingSafeFrame%3D1&sc=1&cookie_enabled=1&abxe=1&dt=1650033876328&lmt=1650033876&dlt=1650033874838&idt=1433&biw=1600&bih=1200&adxs=300&adys=663&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fwww.tmonews.com%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=1000x32&msz=1000x14&fws=4&ohw=1600&ga_vid=348889931.1650033876&ga_sid=1650033876&ga_hid=1206474778&ga_fc=false&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js?cb=31067132

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s34-in-f2.1e100.net

Software

cafe /

Resource Hash

eb9348ac682613cd1222263c7c351225e096375b015df1ba9620265f73f66545

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:44:37 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7799
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.tmonews.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 24 KB
10 KB 1344ms
1343ms XHR
text/plain 142.250.80.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1608491980794987&correlator=916236044817486&eid=31067070%2C31067132%2C44759849%2C31062931&output=ldjh&gdfp_req=1&vrg=2022041301&ptt=17&impl=fif&iu_parts=41014381%2CTmoNews%2CTMO_HP_300x250_A&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x600%7C300x250&ifi=3&adks=2991940693&sfv=1-0-38&fsfs=1&fsbs=1&ecs=20220415&fsapi=false&cust_params=usingSafeFrame%3D1&sc=1&cookie_enabled=1&abxe=1&dt=1650033876331&lmt=1650033876&dlt=1650033874838&idt=1433&biw=1600&bih=1200&adxs=998&adys=1099&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fwww.tmonews.com%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=300x1074&msz=300x14&fws=4&ohw=1600&ga_vid=348889931.1650033876&ga_sid=1650033876&ga_hid=1206474778&ga_fc=false&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js?cb=31067132

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s34-in-f2.1e100.net

Software

cafe /

Resource Hash

0f028ae5d5368b1b1ffefb062298b224bfe078646888b3132cb3d072058917a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:44:37 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10271
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.tmonews.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 15 KB
8 KB 2069ms
2068ms XHR
text/plain 142.250.80.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1608491980794987&correlator=916236044817486&eid=31067070%2C31067132%2C44759849%2C31062931&output=ldjh&gdfp_req=1&vrg=2022041301&ptt=17&impl=fif&iu_parts=41014381%2CTmoNews%2CTMO_HP_300x250_B&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x250%7C300x600&ifi=4&adks=2005889625&sfv=1-0-38&fsfs=1&fsbs=1&ecs=20220415&fsapi=false&cust_params=usingSafeFrame%3D1&sc=1&cookie_enabled=1&abxe=1&dt=1650033876334&lmt=1650033876&dlt=1650033874838&idt=1433&biw=1600&bih=1200&adxs=998&adys=1118&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fwww.tmonews.com%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=300x1074&msz=300x14&fws=4&ohw=1600&ga_vid=348889931.1650033876&ga_sid=1650033876&ga_hid=1206474778&ga_fc=false&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js?cb=31067132

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s34-in-f2.1e100.net

Software

cafe /

Resource Hash

5af4774e66ec9b76ee816c50a444b99217b55ca753ca0eacbfbecda512cb9e55

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:44:38 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7973
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.tmonews.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 68 KB
21 KB 2387ms
2387ms XHR
text/plain 142.250.80.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1608491980794987&correlator=916236044817486&eid=31067070%2C31067132%2C44759849%2C31062931&output=ldjh&gdfp_req=1&vrg=2022041301&ptt=17&impl=fif&iu_parts=41014381%2CTmoNews%2CTMO_HP_300x250_C&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x600%7C300x250&ifi=5&adks=2146696614&sfv=1-0-38&fsfs=1&fsbs=1&ecs=20220415&fsapi=false&cust_params=usingSafeFrame%3D1&sc=1&cookie_enabled=1&abxe=1&dt=1650033876338&lmt=1650033876&dlt=1650033874838&idt=1433&biw=1600&bih=1200&adxs=998&adys=1404&ucis=5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fwww.tmonews.com%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=300x1074&msz=300x14&fws=4&ohw=1600&ga_vid=348889931.1650033876&ga_sid=1650033876&ga_hid=1206474778&ga_fc=false&btvi=1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js?cb=31067132

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s34-in-f2.1e100.net

Software

cafe /

Resource Hash

33bb04c30eaa69b8fbfb0a78bbafc90fa61da3ec78bc16738c398691a9df1026

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:44:38 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21739
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.tmonews.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 46 KB
18 KB 2698ms
2697ms XHR
text/plain 142.250.80.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1608491980794987&correlator=916236044817486&eid=31067070%2C31067132%2C44759849%2C31062931&output=ldjh&gdfp_req=1&vrg=2022041301&ptt=17&impl=fif&iu_parts=41014381%2CTmoNews%2CTMO_HP_728x90_C&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90&ifi=6&adks=2767787391&sfv=1-0-38&fsfs=1&fsbs=1&ecs=20220415&fsapi=false&cust_params=usingSafeFrame%3D1&sc=1&cookie_enabled=1&abxe=1&dt=1650033876341&lmt=1650033876&dlt=1650033874838&idt=1433&biw=1600&bih=1200&adxs=436&adys=4416&ucis=6&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fwww.tmonews.com%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=1000x90&msz=728x-1&fws=4&ohw=1600&ga_vid=348889931.1650033876&ga_sid=1650033876&ga_hid=1206474778&ga_fc=false&btvi=2&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js?cb=31067132

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s34-in-f2.1e100.net

Software

cafe /

Resource Hash

8ed51d0fccdcfd58a1766c7ae09e336e6b7bfd62e78ccaa9dfb303325ea4b91d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:44:39 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18569
x-xss-protection: 0
google-lineitem-id: 1749726381
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138388585758
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.tmonews.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame FEE7 6 KB
4 KB 111ms
35ms Document
text/html 2607:f8b0:4006:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js?cb=31067132

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tmonews.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 15 Apr 2022 14:44:36 GMT
expires: Sat, 15 Apr 2023 14:44:36 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H/1.1 200
OK /
kinesis.us-east-1.amazonaws.com/ Frame 0
0 81ms
25ms Preflight 3.91.171.156
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://kinesis.us-east-1.amazonaws.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.91.171.156 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-91-171-156.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,cache-control,content-type,pragma,x-amz-content-sha256,x-amz-date,x-amz-target,x-amz-user-agent
Access-Control-Request-Method: POST
Origin: https://www.tmonews.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Headers: authorization,cache-control,content-type,pragma,x-amz-content-sha256,x-amz-date,x-amz-target,x-amz-user-agent
Access-Control-Allow-Methods: POST
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-request-id,x-amz-id-2,x-amzn-ErrorMessage,Date
Access-Control-Max-Age: 172800
Content-Length: 0
Date: Fri, 15 Apr 2022 14:44:36 GMT
x-amzn-RequestId: cff548c3-1f26-71f4-9526-cfd751a2efc9

POST
H/1.1 200
OK / Show response
kinesis.us-east-1.amazonaws.com/ 133 B
569 B 31ms
30ms XHR
application/x-amz-json-1.1 3.91.171.156
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://kinesis.us-east-1.amazonaws.com/
Requested by: Host: static.yieldmo.com
URL: https://static.yieldmo.com/ym.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.91.171.156 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-91-171-156.compute-1.amazonaws.com
Software: /
Resource Hash: e6b8db589552fe49a9d8f13af137a778a1904a98ea65c36020cc77897cf1052d

Request headers

Pragma: no-cache
X-Amz-User-Agent: aws-sdk-js/2.10.0
accept-language: en-US,en;q=0.9
Authorization: AWS4-HMAC-SHA256 Credential=AKIAIPUUKKTGWLCOV32A/20220415/us-east-1/kinesis/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date;x-amz-target;x-amz-user-agent, Signature=c4846342adb65c8280482c316392bd5229d5bcab37ce8388e116b66cc9938b34
Content-Type: application/x-amz-json-1.1
X-Amz-Content-Sha256: 2abf7a07dc6faf281d6a30774b9c967c12c77122cbcc895c3ccd6ae9ad7b767b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Cache-Control: no-cache
X-Amz-Target: Kinesis_20131202.PutRecord
Referer: https://www.tmonews.com/
X-Amz-Date: 20220415T144436Z

Response headers

Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-request-id,x-amz-id-2,x-amzn-ErrorMessage,Date
x-amzn-RequestId: c6683956-3967-0a84-9cbb-be4277e394b9
Date: Fri, 15 Apr 2022 14:44:36 GMT
Content-Length: 133
x-amz-id-2: ioAZOMwept8LCv4OQfEc9pArgy2wCI+0RgjAWavegXdmejFt3GUy0+Zw61b3XurRNwh2m9R9wNffAyfGfCc3eNZKEY4SiL3s
Content-Type: application/x-amz-json-1.1

GET
H/1.1 200
OK piwik.php
analytics.tmonews.com/ 43 B
289 B 102ms
102ms Image
image/gif 216.105.38.9
AIS-WEST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.tmonews.com/piwik.php?action_name=TmoNews%20-%20Unofficial%20T-Mobile%20Blog%2C%20News%2C%20Videos%2C%20Articles%20and%20more&idsite=31&rec=1&r=347133&h=14&m=44&s=36&url=https%3A%2F%2Fwww.tmonews.com%2F&_id=420c2de52fb869f8&_idts=1650033876&_idvc=1&_idn=0&_refts=0&_viewts=1650033876&send_image=1&pdf=1&qt=0&realp=0&wma=0&dir=0&fla=0&java=0&gears=0&ag=0&cookie=1&res=1600x1200&gt_ms=198&pv_id=ThCwEv

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

216.105.38.9 , United States, ASN6130 (AIS-WEST, US),

Reverse DNS

Software

nginx /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SameOrigin

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:36 GMT
X-Content-Type-Options: nosniff
Server: nginx
X-Frame-Options: SameOrigin
Content-Type: image/gif
Cache-Control: no-store
Transfer-Encoding: chunked
Connection: keep-alive

POST
H2 200 link Show response
t.skimresources.com/api/v2/ 22 B
114 B 64ms
64ms XHR
application/javascript 35.201.67.47
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://t.skimresources.com/api/v2/link

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/76923X1530375.skimlinks.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.201.67.47 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

47.67.201.35.bc.googleusercontent.com

Software

Python/3.7 aiohttp/3.5.4 /

Resource Hash

fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.tmonews.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-type: text/plain

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:36 GMT
via: 1.1 google
x-content-type-options: nosniff
server: Python/3.7 aiohttp/3.5.4
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain; charset=utf-8, application/javascript
access-control-allow-origin: https://www.tmonews.com
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
warning: 299 - "Deprecated API"
alt-svc: clear
content-length: 22

POST
H2 200 page Show response
t.skimresources.com/api/v2/ 22 B
340 B 42ms
42ms XHR
application/javascript 35.201.67.47
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://t.skimresources.com/api/v2/page

Requested by

Host: s.skimresources.com
URL: https://s.skimresources.com/js/76923X1530375.skimlinks.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.201.67.47 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

47.67.201.35.bc.googleusercontent.com

Software

Python/3.7 aiohttp/3.5.4 /

Resource Hash

fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.tmonews.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-type: text/plain

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:36 GMT
via: 1.1 google
x-content-type-options: nosniff
server: Python/3.7 aiohttp/3.5.4
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain; charset=utf-8, application/javascript
access-control-allow-origin: https://www.tmonews.com
cache-control: no-store, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 22

GET
H2 200 ads Show response
ads.yieldmo.com/v002/t_ads/ 520 B
890 B 33ms
33ms XHR
application/json 34.199.75.209
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.yieldmo.com/v002/t_ads/ads?bust=1650033876720&ttdid=e3a32df7-082c-4f28-a4a9-54fe7e4ab411&_s=1&e=0&v=9.16.0-339&page_url=https%3A%2F%2Fwww.tmonews.com%2F&p=672859391481552762&description=Unofficial%20T-Mobile%20Blog%2C%20News%2C%20Videos%2C%20Articles%20and%20more&title=TmoNews%20-%20Unofficial%20T-Mobile%20Blog%2C%20News%2C%20Videos%2C%20Articles%20and%20more&dnt=false&scrd=1&h=1200&w=1600&lane=ym.min&pft=1650033876720&ct=1650033876154&pl_h=4444&pl_w=660&connect=4g&bwe=10Mb%2Fsec&rtt=0&sd=false
Requested by: Host: static.yieldmo.com
URL: https://static.yieldmo.com/ym.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.199.75.209 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-199-75-209.compute-1.amazonaws.com
Software: /
Resource Hash: cec6b2058ed741f2143e13a832d39347bbab2a63607e16681a03ddbbb99e4dfa

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:36 GMT
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.tmonews.com
access-control-allow-credentials: true
content-length: 520
access-control-request-headers: Cache-Control, Pragma

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
10 KB 72ms
43ms XHR
application/json 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022041301&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js?cb=31067132

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7d8dd6de154781e65e03d95907d9e8d15533a2c7a01d28020c90da0ebc03729b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 15 Apr 2022 14:44:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10553
x-xss-protection: 0

GET
H/1.1 200 s2.html Show response
tag.crsspxl.com/ Frame 6A82 1 KB
1 KB 29ms
28ms Document
text/html 34.232.140.51
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.crsspxl.com/s2.html?d=43&t=TmoNews%20-%20Unofficial%20T-Mobile%20Blog%2C%20News%2C%20Videos%2C%20Articles%20and%20more&u=https%3A%2F%2Fwww.tmonews.com%2F&b2=%20OnePlus%2010%20Pro%205G%20is%20now%20available%20at%20T-Mobile%20T-Mobile%3A%20Hosting%20Q1%202022%20Earnings%20Call%20on%20April%2027th%20Report%20suggests%20T-Mobile%20tried%20to%20buy%20back%20hacked%20customer%20info%20Check%20out%20this%20%2440%20unlimited%20plan%20offer%20from%20Metro%20by%20T-Mobile%20T-Mobile%20has%20a%20new%20Google%20One%20membership%20option%20T-Mobile%20customers%20are%20target%20of%20new%20spam%20message%20T-Mobile%20will%20be%20giving%20away%20free%20thermal%20lunch%20tote%20soon%20T-Mobile%20migrating%20customers%20to%20new%20JUMP!!%202.0%20program%20T-Mobile%20names%2020%20finalists%20of%20T-Challenge%20You%20now%20have%20a%20chance%20to%20enroll%20your%20device%20to%20Protection%20360%20T-Mobile%20Prepaid%20is%20giving%20away%20free%20OnePlus%20Nord%20N200%205G%20to%20eligible%203G%20trade-ins%20T-Mobile%20celebrates%202nd%20anniversary%20of%20its%20merger%20with%20Sprint%20%20%20%20%20%20%20
Requested by: Host: tag.crsspxl.com
URL: https://tag.crsspxl.com/s1.js?d=43&cb=1650033875892
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.232.140.51 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-232-140-51.compute-1.amazonaws.com
Software: /
Resource Hash: bb091da0b44663f1b57401072fccfaa8be7535daeb8b365247c0f5b160bfa369

Request headers

Referer: https://www.tmonews.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Connection: close
Content-Encoding: gzip
Content-Type: text/html
Date: Fri, 15 Apr 2022 14:44:36 GMT
Vary: Accept-Encoding

POST
H/1.1 200
OK / Show response
kinesis.us-east-1.amazonaws.com/ 133 B
569 B 61ms
33ms XHR
application/x-amz-json-1.1 3.91.171.156
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://kinesis.us-east-1.amazonaws.com/
Requested by: Host: static.yieldmo.com
URL: https://static.yieldmo.com/ym.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.91.171.156 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-91-171-156.compute-1.amazonaws.com
Software: /
Resource Hash: 0f9741ea2552db41827f347f3274b0714b975acbc4b68f1d8d7994ce47b85189

Request headers

Pragma: no-cache
X-Amz-User-Agent: aws-sdk-js/2.10.0
accept-language: en-US,en;q=0.9
Authorization: AWS4-HMAC-SHA256 Credential=AKIAIPUUKKTGWLCOV32A/20220415/us-east-1/kinesis/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date;x-amz-target;x-amz-user-agent, Signature=173b814d04d59aa322167cf0fe6b70c1216bddafd1f45463ab0381f1ebbc10e9
Content-Type: application/x-amz-json-1.1
X-Amz-Content-Sha256: cdd7e426a004928706e15166ac263e229ac5865a7e0303cf2d77aee13a37bf28
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Cache-Control: no-cache
X-Amz-Target: Kinesis_20131202.PutRecord
Referer: https://www.tmonews.com/
X-Amz-Date: 20220415T144436Z

Response headers

Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-request-id,x-amz-id-2,x-amzn-ErrorMessage,Date
x-amzn-RequestId: f9ac0d6f-a083-2d8c-a37f-8a7bee07b3b1
Date: Fri, 15 Apr 2022 14:44:36 GMT
Content-Length: 133
x-amz-id-2: CyuYPvtH9p9Lqu1mKBXjSe4sn8KFAYcNC6pgeSkJ7bVpXqv3DUoSODk22vUzkA7nqkmM6h0ZNRvMvqqJE6eNBnHz+ctqY823
Content-Type: application/x-amz-json-1.1

OPTIONS
H/1.1 200
OK /
kinesis.us-east-1.amazonaws.com/ Frame 0
0 25ms
25ms Preflight 3.91.171.156
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://kinesis.us-east-1.amazonaws.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.91.171.156 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-91-171-156.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,cache-control,content-type,pragma,x-amz-content-sha256,x-amz-date,x-amz-target,x-amz-user-agent
Access-Control-Request-Method: POST
Origin: https://www.tmonews.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Headers: authorization,cache-control,content-type,pragma,x-amz-content-sha256,x-amz-date,x-amz-target,x-amz-user-agent
Access-Control-Allow-Methods: POST
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-request-id,x-amz-id-2,x-amzn-ErrorMessage,Date
Access-Control-Max-Age: 172800
Content-Length: 0
Date: Fri, 15 Apr 2022 14:44:36 GMT
x-amzn-RequestId: e2e32ef0-a760-5728-b830-a9e4e9e4c915

POST
H/1.1 200
OK / Show response
kinesis.us-east-1.amazonaws.com/ 133 B
569 B 34ms
33ms XHR
application/x-amz-json-1.1 3.91.171.156
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://kinesis.us-east-1.amazonaws.com/
Requested by: Host: static.yieldmo.com
URL: https://static.yieldmo.com/ym.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.91.171.156 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-91-171-156.compute-1.amazonaws.com
Software: /
Resource Hash: 128393865321c7b9c0f45fd8dcc02630bf78cf14205623cf0cb267c225a7259d

Request headers

Pragma: no-cache
X-Amz-User-Agent: aws-sdk-js/2.10.0
accept-language: en-US,en;q=0.9
Authorization: AWS4-HMAC-SHA256 Credential=AKIAIPUUKKTGWLCOV32A/20220415/us-east-1/kinesis/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date;x-amz-target;x-amz-user-agent, Signature=71ebfd7ad67a44fb467cf0d646b3d681306cbc4ec73f2d054decbd66e8bb2794
Content-Type: application/x-amz-json-1.1
X-Amz-Content-Sha256: 6b56c4b6248db2dce56583dc1d232535f700e05ee69ec9cf8fac13c38ac31b6a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Cache-Control: no-cache
X-Amz-Target: Kinesis_20131202.PutRecord
Referer: https://www.tmonews.com/
X-Amz-Date: 20220415T144436Z

Response headers

Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-request-id,x-amz-id-2,x-amzn-ErrorMessage,Date
x-amzn-RequestId: d27a9523-e108-f0af-88a9-12378034247e
Date: Fri, 15 Apr 2022 14:44:36 GMT
Content-Length: 133
x-amz-id-2: m+tZBOe0lcVv/NE7+o8pi+7T+wmQT28C+WHvl9Xt89Q3p1GtkTSIDfB3MNGikRnifedCMJSZcIEQARxfJqv/l6liqXCi7oGR
Content-Type: application/x-amz-json-1.1

OPTIONS
H/1.1 200
OK /
kinesis.us-east-1.amazonaws.com/ Frame 0
0 51ms
25ms Preflight 3.91.171.156
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://kinesis.us-east-1.amazonaws.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.91.171.156 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-91-171-156.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,cache-control,content-type,pragma,x-amz-content-sha256,x-amz-date,x-amz-target,x-amz-user-agent
Access-Control-Request-Method: POST
Origin: https://www.tmonews.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Headers: authorization,cache-control,content-type,pragma,x-amz-content-sha256,x-amz-date,x-amz-target,x-amz-user-agent
Access-Control-Allow-Methods: POST
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: x-amzn-RequestId,x-amzn-ErrorType,x-amz-request-id,x-amz-id-2,x-amzn-ErrorMessage,Date
Access-Control-Max-Age: 172800
Content-Length: 0
Date: Fri, 15 Apr 2022 14:44:36 GMT
x-amzn-RequestId: c6c5aa20-6ac3-d3ca-9c16-2d3424474df7

GET
H/1.1

200

m.gif
tag.crsspxl.com/ Frame 6A82
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=CPX12&google_cm&google_hm=NzEzMzU3NTk4NzMzODQzNjI1Ng==
https://cm.g.doubleclick.net/pixel?google_nid=CPX12&google_cm=&google_hm=NzEzMzU3NTk4NzMzODQzNjI1Ng==&google_tc=
https://tag.crsspxl.com/m.gif?id=&google_gid=CAESEKyESPbC5cqTA7z-Crb-L88&google_cver=1

43 B
253 B

27ms
27ms

Image
image/gif

34.232.140.51
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tag.crsspxl.com/m.gif?id=&google_gid=CAESEKyESPbC5cqTA7z-Crb-L88&google_cver=1
Requested by: Host: tag.crsspxl.com
URL: https://tag.crsspxl.com/s2.html?d=43&t=TmoNews%20-%20Unofficial%20T-Mobile%20Blog%2C%20News%2C%20Videos%2C%20Articles%20and%20more&u=https%3A%2F%2Fwww.tmonews.com%2F&b2=%20OnePlus%2010%20Pro%205G%20is%20now%20available%20at%20T-Mobile%20T-Mobile%3A%20Hosting%20Q1%202022%20Earnings%20Call%20on%20April%2027th%20Report%20suggests%20T-Mobile%20tried%20to%20buy%20back%20hacked%20customer%20info%20Check%20out%20this%20%2440%20unlimited%20plan%20offer%20from%20Metro%20by%20T-Mobile%20T-Mobile%20has%20a%20new%20Google%20One%20membership%20option%20T-Mobile%20customers%20are%20target%20of%20new%20spam%20message%20T-Mobile%20will%20be%20giving%20away%20free%20thermal%20lunch%20tote%20soon%20T-Mobile%20migrating%20customers%20to%20new%20JUMP!!%202.0%20program%20T-Mobile%20names%2020%20finalists%20of%20T-Challenge%20You%20now%20have%20a%20chance%20to%20enroll%20your%20device%20to%20Protection%20360%20T-Mobile%20Prepaid%20is%20giving%20away%20free%20OnePlus%20Nord%20N200%205G%20to%20eligible%203G%20trade-ins%20T-Mobile%20celebrates%202nd%20anniversary%20of%20its%20merger%20with%20Sprint%20%20%20%20%20%20%20
Protocol: HTTP/1.1
Server: 34.232.140.51 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-232-140-51.compute-1.amazonaws.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tag.crsspxl.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:36 GMT
Content-Length: 43
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:36 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://tag.crsspxl.com/m.gif?id=&google_gid=CAESEKyESPbC5cqTA7z-Crb-L88&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 291
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200

m.gif
tag.crsspxl.com/ Frame 6A82
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=10012&redir=https://tag.crsspxl.com/m.gif?mmid=[MM_UUID]
https://tag.crsspxl.com/m.gif?mmid=5ba46259-84d5-4a00-9c03-de520c0dab91

43 B
253 B

26ms
26ms

Image
image/gif

34.232.140.51
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tag.crsspxl.com/m.gif?mmid=5ba46259-84d5-4a00-9c03-de520c0dab91
Requested by: Host: tag.crsspxl.com
URL: https://tag.crsspxl.com/s2.html?d=43&t=TmoNews%20-%20Unofficial%20T-Mobile%20Blog%2C%20News%2C%20Videos%2C%20Articles%20and%20more&u=https%3A%2F%2Fwww.tmonews.com%2F&b2=%20OnePlus%2010%20Pro%205G%20is%20now%20available%20at%20T-Mobile%20T-Mobile%3A%20Hosting%20Q1%202022%20Earnings%20Call%20on%20April%2027th%20Report%20suggests%20T-Mobile%20tried%20to%20buy%20back%20hacked%20customer%20info%20Check%20out%20this%20%2440%20unlimited%20plan%20offer%20from%20Metro%20by%20T-Mobile%20T-Mobile%20has%20a%20new%20Google%20One%20membership%20option%20T-Mobile%20customers%20are%20target%20of%20new%20spam%20message%20T-Mobile%20will%20be%20giving%20away%20free%20thermal%20lunch%20tote%20soon%20T-Mobile%20migrating%20customers%20to%20new%20JUMP!!%202.0%20program%20T-Mobile%20names%2020%20finalists%20of%20T-Challenge%20You%20now%20have%20a%20chance%20to%20enroll%20your%20device%20to%20Protection%20360%20T-Mobile%20Prepaid%20is%20giving%20away%20free%20OnePlus%20Nord%20N200%205G%20to%20eligible%203G%20trade-ins%20T-Mobile%20celebrates%202nd%20anniversary%20of%20its%20merger%20with%20Sprint%20%20%20%20%20%20%20
Protocol: HTTP/1.1
Server: 34.232.140.51 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-232-140-51.compute-1.amazonaws.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tag.crsspxl.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:36 GMT
Content-Length: 43
Content-Type: image/gif

Redirect headers

Date: Fri, 15 Apr 2022 14:44:36 GMT
Server: MT3 4335 2c68c00 master ord-pixel-x53 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://tag.crsspxl.com/m.gif?mmid=5ba46259-84d5-4a00-9c03-de520c0dab91
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Fri, 15 Apr 2022 14:44:35 GMT

GET
H/1.1

200

m.gif
tag.crsspxl.com/ Frame 6A82
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=crosspixel&ttd_tpi=1
https://tag.crsspxl.com/m.gif?tdid=e3a32df7-082c-4f28-a4a9-54fe7e4ab411

43 B
399 B

84ms
29ms

Image
image/gif

34.232.140.51
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tag.crsspxl.com/m.gif?tdid=e3a32df7-082c-4f28-a4a9-54fe7e4ab411
Requested by: Host: tag.crsspxl.com
URL: https://tag.crsspxl.com/s2.html?d=43&t=TmoNews%20-%20Unofficial%20T-Mobile%20Blog%2C%20News%2C%20Videos%2C%20Articles%20and%20more&u=https%3A%2F%2Fwww.tmonews.com%2F&b2=%20OnePlus%2010%20Pro%205G%20is%20now%20available%20at%20T-Mobile%20T-Mobile%3A%20Hosting%20Q1%202022%20Earnings%20Call%20on%20April%2027th%20Report%20suggests%20T-Mobile%20tried%20to%20buy%20back%20hacked%20customer%20info%20Check%20out%20this%20%2440%20unlimited%20plan%20offer%20from%20Metro%20by%20T-Mobile%20T-Mobile%20has%20a%20new%20Google%20One%20membership%20option%20T-Mobile%20customers%20are%20target%20of%20new%20spam%20message%20T-Mobile%20will%20be%20giving%20away%20free%20thermal%20lunch%20tote%20soon%20T-Mobile%20migrating%20customers%20to%20new%20JUMP!!%202.0%20program%20T-Mobile%20names%2020%20finalists%20of%20T-Challenge%20You%20now%20have%20a%20chance%20to%20enroll%20your%20device%20to%20Protection%20360%20T-Mobile%20Prepaid%20is%20giving%20away%20free%20OnePlus%20Nord%20N200%205G%20to%20eligible%203G%20trade-ins%20T-Mobile%20celebrates%202nd%20anniversary%20of%20its%20merger%20with%20Sprint%20%20%20%20%20%20%20
Protocol: HTTP/1.1
Server: 34.232.140.51 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-232-140-51.compute-1.amazonaws.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tag.crsspxl.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:36 GMT
Content-Length: 43
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:36 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://tag.crsspxl.com/m.gif?tdid=e3a32df7-082c-4f28-a4a9-54fe7e4ab411
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 173

GET
H/1.1

200

m.gif
tag.crsspxl.com/ Frame 6A82
Redirect Chain

https://ib.adnxs.com/getuid?https://tag.crsspxl.com/m.gif?anid=$UID
https://tag.crsspxl.com/m.gif?anid=2912129428627624359

43 B
385 B

81ms
30ms

Image
image/gif

34.232.140.51
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tag.crsspxl.com/m.gif?anid=2912129428627624359
Requested by: Host: tag.crsspxl.com
URL: https://tag.crsspxl.com/s2.html?d=43&t=TmoNews%20-%20Unofficial%20T-Mobile%20Blog%2C%20News%2C%20Videos%2C%20Articles%20and%20more&u=https%3A%2F%2Fwww.tmonews.com%2F&b2=%20OnePlus%2010%20Pro%205G%20is%20now%20available%20at%20T-Mobile%20T-Mobile%3A%20Hosting%20Q1%202022%20Earnings%20Call%20on%20April%2027th%20Report%20suggests%20T-Mobile%20tried%20to%20buy%20back%20hacked%20customer%20info%20Check%20out%20this%20%2440%20unlimited%20plan%20offer%20from%20Metro%20by%20T-Mobile%20T-Mobile%20has%20a%20new%20Google%20One%20membership%20option%20T-Mobile%20customers%20are%20target%20of%20new%20spam%20message%20T-Mobile%20will%20be%20giving%20away%20free%20thermal%20lunch%20tote%20soon%20T-Mobile%20migrating%20customers%20to%20new%20JUMP!!%202.0%20program%20T-Mobile%20names%2020%20finalists%20of%20T-Challenge%20You%20now%20have%20a%20chance%20to%20enroll%20your%20device%20to%20Protection%20360%20T-Mobile%20Prepaid%20is%20giving%20away%20free%20OnePlus%20Nord%20N200%205G%20to%20eligible%203G%20trade-ins%20T-Mobile%20celebrates%202nd%20anniversary%20of%20its%20merger%20with%20Sprint%20%20%20%20%20%20%20
Protocol: HTTP/1.1
Server: 34.232.140.51 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-232-140-51.compute-1.amazonaws.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tag.crsspxl.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:36 GMT
Content-Length: 43
Content-Type: image/gif

Redirect headers

Pragma: no-cache
Date: Fri, 15 Apr 2022 14:44:36 GMT
X-Proxy-Origin: 96.9.249.39; 96.9.249.39; 580.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid: 493f4e09-475e-4b0f-bb79-164e7eb5df9d
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://tag.crsspxl.com/m.gif?anid=2912129428627624359
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

204

usermatch.gif
beacon.krxd.net/ Frame 6A82
Redirect Chain

https://idsync.rlcdn.com/366518.gif?partner_uid=7133575987338436256
https://pippio.com/api/sync?pid=5324&it=1&iv=9dac119db7282338ade444c380bf182df2216b6e54113ee1ec47e175e7de3924791426b5417dce21&_=2
https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CMwpElsKVwgBEJInGlA5ZGFjMTE5ZGI3MjgyMzM4YWRlNDQ0YzM4MGJmMTgyZGYyMjE2YjZlNTQxMTNlZTFlYzQ3ZTE3NWU3ZGUzOTI0NzkxNDI2YjU...
https://pippio.com/api/sync/ddp?pid=2&m=CMwpElsKVwgBEJInGlA5ZGFjMTE5ZGI3MjgyMzM4YWRlNDQ0YzM4MGJmMTgyZGYyMjE2YjZlNTQxMTNlZTFlYzQ3ZTE3NWU3ZGUzOTI0NzkxNDI2YjU0MTdkY2UyMRAAGgwI1InmkgYSBAgCEABCAEoA&goog...
https://usermatch.krxd.net/um/v2?partner=liveramp_identity
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=liveramp_identity

0
338 B

91ms
27ms

Image
text/plain

52.205.48.68
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=liveramp_identity
Requested by: Host: tag.crsspxl.com
URL: https://tag.crsspxl.com/s2.html?d=43&t=TmoNews%20-%20Unofficial%20T-Mobile%20Blog%2C%20News%2C%20Videos%2C%20Articles%20and%20more&u=https%3A%2F%2Fwww.tmonews.com%2F&b2=%20OnePlus%2010%20Pro%205G%20is%20now%20available%20at%20T-Mobile%20T-Mobile%3A%20Hosting%20Q1%202022%20Earnings%20Call%20on%20April%2027th%20Report%20suggests%20T-Mobile%20tried%20to%20buy%20back%20hacked%20customer%20info%20Check%20out%20this%20%2440%20unlimited%20plan%20offer%20from%20Metro%20by%20T-Mobile%20T-Mobile%20has%20a%20new%20Google%20One%20membership%20option%20T-Mobile%20customers%20are%20target%20of%20new%20spam%20message%20T-Mobile%20will%20be%20giving%20away%20free%20thermal%20lunch%20tote%20soon%20T-Mobile%20migrating%20customers%20to%20new%20JUMP!!%202.0%20program%20T-Mobile%20names%2020%20finalists%20of%20T-Challenge%20You%20now%20have%20a%20chance%20to%20enroll%20your%20device%20to%20Protection%20360%20T-Mobile%20Prepaid%20is%20giving%20away%20free%20OnePlus%20Nord%20N200%205G%20to%20eligible%203G%20trade-ins%20T-Mobile%20celebrates%202nd%20anniversary%20of%20its%20merger%20with%20Sprint%20%20%20%20%20%20%20
Protocol: H2
Server: 52.205.48.68 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-205-48-68.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tag.crsspxl.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:44:37 GMT
cache-control: private, no-cache, no-store
x-request-time: D=44 t=1650033877
x-served-by: beacon-n001-ash-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=liveramp_identity
date: Fri, 15 Apr 2022 14:44:37 GMT
x-cache-hits: 0
x-age: 0
content-length: 0
x-cache: MISS
x-served-by: usermatch-a005-ash-prod.krxd.net

GET
H/1.1 200
OK 18282
tags.bluekai.com/site/ Frame 6A82 62 B
737 B 155ms
88ms Image
image/gif 23.3.124.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.bluekai.com/site/18282?phint=id%3D7133575987338436256
Requested by: Host: tag.crsspxl.com
URL: https://tag.crsspxl.com/s2.html?d=43&t=TmoNews%20-%20Unofficial%20T-Mobile%20Blog%2C%20News%2C%20Videos%2C%20Articles%20and%20more&u=https%3A%2F%2Fwww.tmonews.com%2F&b2=%20OnePlus%2010%20Pro%205G%20is%20now%20available%20at%20T-Mobile%20T-Mobile%3A%20Hosting%20Q1%202022%20Earnings%20Call%20on%20April%2027th%20Report%20suggests%20T-Mobile%20tried%20to%20buy%20back%20hacked%20customer%20info%20Check%20out%20this%20%2440%20unlimited%20plan%20offer%20from%20Metro%20by%20T-Mobile%20T-Mobile%20has%20a%20new%20Google%20One%20membership%20option%20T-Mobile%20customers%20are%20target%20of%20new%20spam%20message%20T-Mobile%20will%20be%20giving%20away%20free%20thermal%20lunch%20tote%20soon%20T-Mobile%20migrating%20customers%20to%20new%20JUMP!!%202.0%20program%20T-Mobile%20names%2020%20finalists%20of%20T-Challenge%20You%20now%20have%20a%20chance%20to%20enroll%20your%20device%20to%20Protection%20360%20T-Mobile%20Prepaid%20is%20giving%20away%20free%20OnePlus%20Nord%20N200%205G%20to%20eligible%203G%20trade-ins%20T-Mobile%20celebrates%202nd%20anniversary%20of%20its%20merger%20with%20Sprint%20%20%20%20%20%20%20
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.3.124.133 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-3-124-133.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tag.crsspxl.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:36 GMT
Connection: keep-alive
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Content-Length: 62
BK-Server: 265b
Content-Type: image/gif

GET
H/1.1

200

m.gif
tag.crsspxl.com/ Frame 6A82
Redirect Chain

https://cms.analytics.yahoo.com/cms?partner_id=CROEL
https://tag.crsspxl.com/m.gif?yahoo_id=y-6d3p2DpE2pN1qzIyds7M5VIdvBpAAD7qs_U-~A

43 B
253 B

78ms
27ms

Image
image/gif

34.232.140.51
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tag.crsspxl.com/m.gif?yahoo_id=y-6d3p2DpE2pN1qzIyds7M5VIdvBpAAD7qs_U-~A
Requested by: Host: tag.crsspxl.com
URL: https://tag.crsspxl.com/s2.html?d=43&t=TmoNews%20-%20Unofficial%20T-Mobile%20Blog%2C%20News%2C%20Videos%2C%20Articles%20and%20more&u=https%3A%2F%2Fwww.tmonews.com%2F&b2=%20OnePlus%2010%20Pro%205G%20is%20now%20available%20at%20T-Mobile%20T-Mobile%3A%20Hosting%20Q1%202022%20Earnings%20Call%20on%20April%2027th%20Report%20suggests%20T-Mobile%20tried%20to%20buy%20back%20hacked%20customer%20info%20Check%20out%20this%20%2440%20unlimited%20plan%20offer%20from%20Metro%20by%20T-Mobile%20T-Mobile%20has%20a%20new%20Google%20One%20membership%20option%20T-Mobile%20customers%20are%20target%20of%20new%20spam%20message%20T-Mobile%20will%20be%20giving%20away%20free%20thermal%20lunch%20tote%20soon%20T-Mobile%20migrating%20customers%20to%20new%20JUMP!!%202.0%20program%20T-Mobile%20names%2020%20finalists%20of%20T-Challenge%20You%20now%20have%20a%20chance%20to%20enroll%20your%20device%20to%20Protection%20360%20T-Mobile%20Prepaid%20is%20giving%20away%20free%20OnePlus%20Nord%20N200%205G%20to%20eligible%203G%20trade-ins%20T-Mobile%20celebrates%202nd%20anniversary%20of%20its%20merger%20with%20Sprint%20%20%20%20%20%20%20
Protocol: HTTP/1.1
Server: 34.232.140.51 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-232-140-51.compute-1.amazonaws.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tag.crsspxl.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:36 GMT
Content-Length: 43
Content-Type: image/gif

Redirect headers

date: Fri, 15 Apr 2022 14:44:36 GMT
via: http/1.1 spdc0113.tgt.bf1.yahoo.com (ApacheTrafficServer)
server: ATS
age: 0
strict-transport-security: max-age=31536000
content-type: text/html;charset=utf-8
location: https://tag.crsspxl.com/m.gif?yahoo_id=y-6d3p2DpE2pN1qzIyds7M5VIdvBpAAD7qs_U-~A
content-length: 0

GET
H/1.1 200
OK ibs:dpid=22083&dpuuid=7133575987338436256
dpm.demdex.net/ Frame 6A82 42 B
943 B 37ms
35ms Image
image/gif 54.205.31.112
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=22083&dpuuid=7133575987338436256

Requested by

Host: tag.crsspxl.com
URL: https://tag.crsspxl.com/s2.html?d=43&t=TmoNews%20-%20Unofficial%20T-Mobile%20Blog%2C%20News%2C%20Videos%2C%20Articles%20and%20more&u=https%3A%2F%2Fwww.tmonews.com%2F&b2=%20OnePlus%2010%20Pro%205G%20is%20now%20available%20at%20T-Mobile%20T-Mobile%3A%20Hosting%20Q1%202022%20Earnings%20Call%20on%20April%2027th%20Report%20suggests%20T-Mobile%20tried%20to%20buy%20back%20hacked%20customer%20info%20Check%20out%20this%20%2440%20unlimited%20plan%20offer%20from%20Metro%20by%20T-Mobile%20T-Mobile%20has%20a%20new%20Google%20One%20membership%20option%20T-Mobile%20customers%20are%20target%20of%20new%20spam%20message%20T-Mobile%20will%20be%20giving%20away%20free%20thermal%20lunch%20tote%20soon%20T-Mobile%20migrating%20customers%20to%20new%20JUMP!!%202.0%20program%20T-Mobile%20names%2020%20finalists%20of%20T-Challenge%20You%20now%20have%20a%20chance%20to%20enroll%20your%20device%20to%20Protection%20360%20T-Mobile%20Prepaid%20is%20giving%20away%20free%20OnePlus%20Nord%20N200%205G%20to%20eligible%203G%20trade-ins%20T-Mobile%20celebrates%202nd%20anniversary%20of%20its%20merger%20with%20Sprint%20%20%20%20%20%20%20

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.205.31.112 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-205-31-112.compute-1.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tag.crsspxl.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

DCS: dcs-prod-va6-1-v031-02389ce84.edge-va6.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: 5xe+yh9oSa4=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 204 sync.gif
dmp.truoptik.com/417381ab8bee90f7/ Frame 6A82 0
543 B 115ms
45ms Image
text/plain 104.16.111.154
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dmp.truoptik.com/417381ab8bee90f7/sync.gif?dm=&fck=7133575987338436256

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.111.154 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tag.crsspxl.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:36 GMT
x-content-type-options: nosniff
to-dmp-sync: s4-dmp-ny2-eqx.truoptik.com
server: cloudflare
user-agent: Tru Optik DMP 1.3.1
x-frame-options: SAMEORIGIN
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-origin: *
cache-control: no-store
strict-transport-security: max-age=15552000; includeSubDomains
cf-ray: 6fc575d27fe58c60-EWR
cf-cache-status: DYNAMIC
x-xss-protection: 1; mode=block
expires: 0

GET
H/1.1 200
OK merge
ce.lijit.com/ Frame 6A82 43 B
854 B 72ms
25ms Image
image/gif 23.92.190.68
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=5110&3pid=7133575987338436256
Requested by: Host: tag.crsspxl.com
URL: https://tag.crsspxl.com/s2.html?d=43&t=TmoNews%20-%20Unofficial%20T-Mobile%20Blog%2C%20News%2C%20Videos%2C%20Articles%20and%20more&u=https%3A%2F%2Fwww.tmonews.com%2F&b2=%20OnePlus%2010%20Pro%205G%20is%20now%20available%20at%20T-Mobile%20T-Mobile%3A%20Hosting%20Q1%202022%20Earnings%20Call%20on%20April%2027th%20Report%20suggests%20T-Mobile%20tried%20to%20buy%20back%20hacked%20customer%20info%20Check%20out%20this%20%2440%20unlimited%20plan%20offer%20from%20Metro%20by%20T-Mobile%20T-Mobile%20has%20a%20new%20Google%20One%20membership%20option%20T-Mobile%20customers%20are%20target%20of%20new%20spam%20message%20T-Mobile%20will%20be%20giving%20away%20free%20thermal%20lunch%20tote%20soon%20T-Mobile%20migrating%20customers%20to%20new%20JUMP!!%202.0%20program%20T-Mobile%20names%2020%20finalists%20of%20T-Challenge%20You%20now%20have%20a%20chance%20to%20enroll%20your%20device%20to%20Protection%20360%20T-Mobile%20Prepaid%20is%20giving%20away%20free%20OnePlus%20Nord%20N200%205G%20to%20eligible%203G%20trade-ins%20T-Mobile%20celebrates%202nd%20anniversary%20of%20its%20merger%20with%20Sprint%20%20%20%20%20%20%20
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.92.190.68 Charlotte, United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tag.crsspxl.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 15 Apr 2022 14:44:36 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap2ewr1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H2 200 tpid=7133575987338436256&gdpr=0&gdpr_consent=
sync.crwdcntrl.net/map/c=3602/tp=CPPB/ Frame 6A82 49 B
265 B 89ms
87ms Image
image/gif 52.1.175.157
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/map/c=3602/tp=CPPB/tpid=7133575987338436256&gdpr=0&gdpr_consent=
Requested by: Host: tag.crsspxl.com
URL: https://tag.crsspxl.com/s2.html?d=43&t=TmoNews%20-%20Unofficial%20T-Mobile%20Blog%2C%20News%2C%20Videos%2C%20Articles%20and%20more&u=https%3A%2F%2Fwww.tmonews.com%2F&b2=%20OnePlus%2010%20Pro%205G%20is%20now%20available%20at%20T-Mobile%20T-Mobile%3A%20Hosting%20Q1%202022%20Earnings%20Call%20on%20April%2027th%20Report%20suggests%20T-Mobile%20tried%20to%20buy%20back%20hacked%20customer%20info%20Check%20out%20this%20%2440%20unlimited%20plan%20offer%20from%20Metro%20by%20T-Mobile%20T-Mobile%20has%20a%20new%20Google%20One%20membership%20option%20T-Mobile%20customers%20are%20target%20of%20new%20spam%20message%20T-Mobile%20will%20be%20giving%20away%20free%20thermal%20lunch%20tote%20soon%20T-Mobile%20migrating%20customers%20to%20new%20JUMP!!%202.0%20program%20T-Mobile%20names%2020%20finalists%20of%20T-Challenge%20You%20now%20have%20a%20chance%20to%20enroll%20your%20device%20to%20Protection%20360%20T-Mobile%20Prepaid%20is%20giving%20away%20free%20OnePlus%20Nord%20N200%205G%20to%20eligible%203G%20trade-ins%20T-Mobile%20celebrates%202nd%20anniversary%20of%20its%20merger%20with%20Sprint%20%20%20%20%20%20%20
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.1.175.157 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-1-175-157.compute-1.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tag.crsspxl.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:36 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.40.47.229
content-type: image/gif
content-length: 49
expires: 0

GET
H/1.1

200

m.gif
tag.crsspxl.com/ Frame 6A82
Redirect Chain

https://u.openx.net/w/1.0/cm?id=d3d03dbd-5946-4cba-8d30-3c0226699028&r=https%3A%2F%2Ftag.crsspxl.com%2Fm.gif%3Foxid%3D
https://u.openx.net/w/1.0/cm?cc=1&id=d3d03dbd-5946-4cba-8d30-3c0226699028&r=https%3A%2F%2Ftag.crsspxl.com%2Fm.gif%3Foxid%3D
https://tag.crsspxl.com/m.gif?oxid=a4bf8a18-c506-40e5-9f5d-d6946179992c

43 B
253 B

26ms
26ms

Image
image/gif

34.232.140.51
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tag.crsspxl.com/m.gif?oxid=a4bf8a18-c506-40e5-9f5d-d6946179992c
Requested by: Host: tag.crsspxl.com
URL: https://tag.crsspxl.com/s2.html?d=43&t=TmoNews%20-%20Unofficial%20T-Mobile%20Blog%2C%20News%2C%20Videos%2C%20Articles%20and%20more&u=https%3A%2F%2Fwww.tmonews.com%2F&b2=%20OnePlus%2010%20Pro%205G%20is%20now%20available%20at%20T-Mobile%20T-Mobile%3A%20Hosting%20Q1%202022%20Earnings%20Call%20on%20April%2027th%20Report%20suggests%20T-Mobile%20tried%20to%20buy%20back%20hacked%20customer%20info%20Check%20out%20this%20%2440%20unlimited%20plan%20offer%20from%20Metro%20by%20T-Mobile%20T-Mobile%20has%20a%20new%20Google%20One%20membership%20option%20T-Mobile%20customers%20are%20target%20of%20new%20spam%20message%20T-Mobile%20will%20be%20giving%20away%20free%20thermal%20lunch%20tote%20soon%20T-Mobile%20migrating%20customers%20to%20new%20JUMP!!%202.0%20program%20T-Mobile%20names%2020%20finalists%20of%20T-Challenge%20You%20now%20have%20a%20chance%20to%20enroll%20your%20device%20to%20Protection%20360%20T-Mobile%20Prepaid%20is%20giving%20away%20free%20OnePlus%20Nord%20N200%205G%20to%20eligible%203G%20trade-ins%20T-Mobile%20celebrates%202nd%20anniversary%20of%20its%20merger%20with%20Sprint%20%20%20%20%20%20%20
Protocol: HTTP/1.1
Server: 34.232.140.51 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-232-140-51.compute-1.amazonaws.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tag.crsspxl.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:36 GMT
Content-Length: 43
Content-Type: image/gif

Redirect headers

date: Fri, 15 Apr 2022 14:44:36 GMT
content-encoding: gzip
server: OXGW/18.0.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://tag.crsspxl.com/m.gif?oxid=a4bf8a18-c506-40e5-9f5d-d6946179992c
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
via: 1.1 google

GET
H2

200

bk_sync.xgi
x.dlx.addthis.com/e/ Frame 6A82
Redirect Chain

https://e.dlx.addthis.com/e/a-1625/s-3300?cb=1650033876769
https://e.dlx.addthis.com/e/a-1625/s-3300?cb=1650033876769&rd=Y
https://stags.bluekai.com/site/1407?partner=1&uhint=na_id=2022041514443700014404711807&redir=https%3A%2F%2Fx.dlx.addthis.com%2Fe%2Fbk_sync.xgi%3Fna_exid%3D%24_BK_UUID
https://x.dlx.addthis.com/e/bk_sync.xgi?na_exid=tSUY1CPY99YgQPki

43 B
605 B

98ms
87ms

Image
image/gif

23.3.124.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://x.dlx.addthis.com/e/bk_sync.xgi?na_exid=tSUY1CPY99YgQPki

Requested by

Protocol

Server

23.3.124.133 Secaucus, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-3-124-133.deploy.static.akamaitechnologies.com

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=2628000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tag.crsspxl.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:37 GMT
cache-control: max-age=0, no-cache, no-store
expires: Fri, 15 Apr 2022 14:44:37 GMT
content-length: 43
strict-transport-security: max-age=2628000
content-type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:37 GMT
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
location: https://x.dlx.addthis.com/e/bk_sync.xgi?na_exid=tSUY1CPY99YgQPki
cache-control: max-age=0, no-cache, no-store
content-length: 0
bk-server: b27e
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2

200

/
rtd-tm.everesttech.net/ct/upi/ Frame 6A82
Redirect Chain

https://rtd.tubemogul.com/upi/?sid=y6Q0bLoY9W90bLo82l0X
https://rtd-tm.everesttech.net/upi/?sid=y6Q0bLoY9W90bLo82l0X
https://rtd-tm.everesttech.net/ct/upi/?sid=y6Q0bLoY9W90bLo82l0X&_test=YlmE1AAAUCjzhwBj

0
163 B

29ms
29ms

Image
text/plain

151.101.130.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtd-tm.everesttech.net/ct/upi/?sid=y6Q0bLoY9W90bLo82l0X&_test=YlmE1AAAUCjzhwBj
Requested by: Host: tag.crsspxl.com
URL: https://tag.crsspxl.com/s2.html?d=43&t=TmoNews%20-%20Unofficial%20T-Mobile%20Blog%2C%20News%2C%20Videos%2C%20Articles%20and%20more&u=https%3A%2F%2Fwww.tmonews.com%2F&b2=%20OnePlus%2010%20Pro%205G%20is%20now%20available%20at%20T-Mobile%20T-Mobile%3A%20Hosting%20Q1%202022%20Earnings%20Call%20on%20April%2027th%20Report%20suggests%20T-Mobile%20tried%20to%20buy%20back%20hacked%20customer%20info%20Check%20out%20this%20%2440%20unlimited%20plan%20offer%20from%20Metro%20by%20T-Mobile%20T-Mobile%20has%20a%20new%20Google%20One%20membership%20option%20T-Mobile%20customers%20are%20target%20of%20new%20spam%20message%20T-Mobile%20will%20be%20giving%20away%20free%20thermal%20lunch%20tote%20soon%20T-Mobile%20migrating%20customers%20to%20new%20JUMP!!%202.0%20program%20T-Mobile%20names%2020%20finalists%20of%20T-Challenge%20You%20now%20have%20a%20chance%20to%20enroll%20your%20device%20to%20Protection%20360%20T-Mobile%20Prepaid%20is%20giving%20away%20free%20OnePlus%20Nord%20N200%205G%20to%20eligible%203G%20trade-ins%20T-Mobile%20celebrates%202nd%20anniversary%20of%20its%20merger%20with%20Sprint%20%20%20%20%20%20%20
Protocol: H2
Server: 151.101.130.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Jetty(9.4.35.v20201120) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tag.crsspxl.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:37 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1650033877.009087,VS0,VE8
x-served-by: cache-ewr18139-EWR
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

Redirect headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:36 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1650033877.978374,VS0,VE9
x-served-by: cache-ewr18139-EWR
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
location: https://rtd-tm.everesttech.net/ct/upi/?sid=y6Q0bLoY9W90bLo82l0X&_test=YlmE1AAAUCjzhwBj
cache-control: no-cache
accept-ranges: bytes
access-control-allow-origin: *
content-length: 0
x-cache-hits: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 127ms
63ms Script
text/javascript 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js?cb=31067132

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:44:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 15 Apr 2022 14:44:36 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 65C1 13 KB
5 KB 51ms
21ms Document
text/html 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tmonews.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 48977
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 15 Apr 2022 01:08:20 GMT
expires: Sat, 15 Apr 2023 01:08:20 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame C658 783 B
1 KB 92ms
41ms Document
text/html 2607:f8b0:4006:816::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

7c569ee6059fba73f3e72ab40d7710dfe74e639a4d4bfd345b82880fbad1c45a

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-0nciMP/62EQqiP0kNJwswA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.tmonews.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-0nciMP/62EQqiP0kNJwswA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 15 Apr 2022 14:44:37 GMT
expires: Fri, 15 Apr 2022 14:44:37 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 k-Lxrj_3cR5KhrMTVpzAVOH1CgwXrUvkekFpn42ZeoQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 65C1 35 KB
13 KB 52ms
23ms Script
text/javascript 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/k-Lxrj_3cR5KhrMTVpzAVOH1CgwXrUvkekFpn42ZeoQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

93e2f1ae3ff7711e4a86b313569cc054e1f50a0c17ad4be47a41699f8d997a84

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 02:57:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 42451
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13613
x-xss-protection: 0
last-modified: Mon, 11 Apr 2022 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 15 Apr 2023 02:57:06 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame C658 0
0 54ms
54ms Image
text/html 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022041301&jk=1608491980794987&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 65C1 0
9 B 22ms
21ms Image
text/plain 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?MfNfpg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:44:37 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 container.html Show response
6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame B6B9 6 KB
3 KB 49ms
21ms Document
text/html 2607:f8b0:4006:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js?cb=31067132

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tmonews.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 15 Apr 2022 14:44:36 GMT
expires: Sat, 15 Apr 2023 14:44:36 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 1A7B 624 B
838 B 89ms
39ms Document
text/html 2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CIGpfRDM07aKAxi57b6-ATAB&v=APEucNVyDg1IewQBcuzDDQqZRBfg_t0O5iV8dNU0aEmMS61el8o71fsQlZro0_ShTe3UrbhmoOdHT-bszuEE8BT_PXjIkldwYA

Requested by

Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 15 Apr 2022 14:44:37 GMT
expires: Fri, 15 Apr 2022 14:44:37 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame B6B9 91 KB
35 KB 116ms
67ms Script
text/javascript 2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DMcgD3Zv3ewwWYXKTWJqK0HahJxjen36j47LcVXYHQpsQkboDGdIKew92eMLJmXJ5Gn2wLub2HXBBpPUTjk-rZOoMcBA&cry=1&dbm_d=AKAmf-AlwJy0jGDqaB8MzzG6vyzkzd9MPxRmWLN7om90IbZMSoloXZeg2F_sE0qrEyUiptMGeT0DHm0stsGY0Pe5UfF7EhwNoDTa6MvKJ2Q3cIc5LFy9gSNra3sIPp4-VKQMvhPVOhNMFHS0Q_AsyCfbfajlFsTRfo7RSP260QIuTP6CB2j3FtMMC-4h1AWX8g_2Er-RZdO89BfPANvbY8GBaTZCjikrCNnA19JbgEejGoN9n7_deGoPtUUK0I7YBXSXwqI8SwxkQM4gw6MVLtMdcVAxPQaXGleyJtf618LrE2A4jhtTBf-vr09eKdTZDNAdYE9_jRdXpVTW5CgwOGrU9Fi_Vco_qd3wFefDZ2hZQVhKLWp11oSiXW9vSKY1VdEEAYlLy71ob8NBLNauP1Ay7gFSQk8UkPiGGMP5tiwJ-8OTmcXXasJa3s18zosSs1w-0UIDtEi7iMPGR18J4lnW05HGqOwpYpmuq83DtBYvG40zrjsfEmypNjciT6nKQTZDxlICZlOKm1VI9q0FwhXJqo9bY2fuO8U0xhOwRW0WUIbMafsJ9-2iKLdFSFm1hAKGP28RBPbmX5xwnfHNVQ40HJ8Zx3uglcOHjSpHm3pt4V98UFX8xD6guUxuFg1F0HpyvHK7_0DyJ7jM_83IOpJ03Qs733-3p9avh7DNkpdA1cMD8DjL2f9q9O0yyeoU3sYBvfFG3fOCuawlieg7q5HrMYdKQ4kPzE9HXssVdQG8hVcPScssML7feKruNrY2gsd5_LLi47ERN0OPZbaDDwW_WLWccNfkttcBvl3hbxbpVRc6mRBzbQDAgOzKjucg5ktDX7UwI4wgHnHpSZAEMgqxuff9cAO5YMH-EOFHTG6gc5BOd19sBBZPQF_pozx5Qz4KEt_8NozM6KgaIC-FBQD3L9850UY3Br22zRWN9E1_NG0m_5oWLt8SWcZvCctgay6JfV0OTP_7LO7nCnOUjD15c_XGCKssah9oRZTLbvwUSqLAoqeeBtoVO73gRqKPWuCrXTCSOM0F4yW3l-ces2K6lGDXPDQ7xQJ2CecpMs-Way9pDWz6-RZ_GyW_ZJ4yDsTjsLZIDU3AmuQQQB_y28FC6bZxuYF1rwRTfaWdGmiRSF3K3eZ3UFe-HXXzp6Epqp2Brhee9sTUeJbM6LjD5qIT4rJ-ZQKyz0mn1fEoDy8G-Sw2JRQBRn2AT0lCEoGJTO7Gv3jOASOlvZgvILNLVBReRJSpIg47AUlbBZwiGLiqpJ44EbnWcRvGIzPyr0CK4duoISscPtWUd-e4gWiP7s0U8_Hqg9Jpx3jYJ2mSKlelUODELaWM9CNttLaLqTtLfjRh6LMO9WMlVu-53qMytfsaaIvRMlvyMLTkB1jEB8Pm-wGT44-Z-ZEOx_cV9JY7qf7DmMewlM3WQRppoBjzCa0qd0eNRMFcWxrKRjPirZOoX8tl34Fmzr47UnjD9BfKMyBMwDvVDQbfQigJzitr12iwk5_dk0kwIpoRw4gWCWqQpRan6UTm9SrcpqPvmPw_p9MBZyKs0r6o0na1MUXE8jhNfrug6hUnqssTGKBLBBJTcsdHNjYWma9Rwt-hn7dEj4T2acsMhwpe9k0CI7UUzqYg8R2K1Oo74WUMqT7I3t4-zt90etM4gGo4jBn8FiBChgcBfHXtBireV7k0UCnhfOFncvHuead4F6LTK0egL5roRZbDEp6u1rMg6bt5D1aiSy434hJUOOXsk7edW2WH3LjtvzwHnzBC0Nle2MOGhC6AlaVqdFPpuZXkJwEpAhEveyxQe22zGDelmMgSpvdV4DOSYBjctlCKW4-423aozlekI7aUj-GmQLfMYbKnSrrllks_J0Kh-Q2rVYNQK69oazusgjdfOzp9nfjgULuWF_-H7EUpb3Nf1lXD_qlKCfxdUvcMSyWilSTa77nj9YOYTo8aU40ZU-KNt8Tdb3UPdBSHHaUJimC3y7VXYZHj9LN5C5ILp0SfV5rpQD_ZsQcUZUY70vp5aV76fFAjpCNaI5CcLR61pbyh5f1irRG3JnBGs93n59r3vvzUPWAT4_sFm8MAE8ZO1CgC1EY7OFHV9eet0JcYdvvy0qEXxPgkfIzMZLq5cfoMvDzQcoVcKOPRDoQH8bbWN2F-_OLAVEBLDhVGTEOl3Ku38az-RS3Q98E4sOSSvsqxa7vuzoBxIZgAwHhcB8a4d8iS7ATqZXFjT1G7FV7gRWX6TVYLNeXUkH5_N2ewftRQEpTAwYYcOTL6ROpJtlkjq3aq1Nvp4QJsf3Mac6QajXHeKIaYtoAEhyAKlJ2te9TtocTB3YsuS-a36dZ7sKRheLQUsmv0cm8ExxH9mov9EJY0w1l_S56DLrEwiFqisMoC0lfv_pdnAi_Yy3XbpDNWfgFgo9jEh8DyONCo990JPVLSRCQnj3Jzii5__Uqqd41G20tI38LKe_ovTlCKoAQOH2U3ZLXmslVfLncgTcldZAVt4VceV9iogLjPbTRK2vzctRDNASBRnOTBDXWFFDEBEDY4g16Rse507xKPJYc5iTnlxAk52zUIg5wNvPP4GBLlPbAS4BXJNh_JIXA10j9vywF1VuwrMVzSWH1XDVG16SR_4v65qiVQ9WnsZx_Hg_ye_DpWjKgbV3k8indl9JZGRDZ327-zzkgLQ0X8zbyElnxzeSjim0iVtwtsiZtRaoHZ-69ZyjeLp_Fcd1BZ4_AHs8DBZnPgmLVHMxLEBssC5w4MbIoIVFpvZFBxQgetEIV3T2eUKIqOa3jt25vX3-NHKZACpqJWFWPw1pSw6JXwI8vR_8CetPzCEs9VM7P1FmIxzdSr3YDtxuNAbVQr3vc5gYhvk4PNcSVs2zXrPlpskuj3OCmSjAAQS6x4HHGR8cXuhdwpa1TW4k6-9-zuBhdmzrycxBCfYI0gdEoh3IHLoqlT4Jzp2vMgtki8mTXPP7EPKIc9J4yxURclMb8X36P-xF3xrTMat5tck_HPYKFB-fdRyomM4irYmPisooebV5siMOXcZwIHDkBd_rIESK8GEb39NQ&cid=CAASJ-Roi-DGegiYfV1OAa38mBywZB3aCOkrrRk0s82u_VGFAlanjWbd9A&rfl=1%2Chttps%253A%252F%252Fwww.tmonews.com%252F%240

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a80ecca84286562a757ca2bdc02a1af2647709ee149147f80178ef16ad5fce0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:37 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35633
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame B6B9 42 B
63 B 80ms
80ms Image
image/gif 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CCIz-7saaiI4Vp2unAEA4NnA4vCu1HhWzTwgmGgALFDrykorWBtf04gwPyy__gmOtdCw3o2LAV8_8O1ONltfXHZjhL-QKxBPDubAKXgN7479IZUos

Requested by

Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:37 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame B6B9 3 KB
1 KB 21ms
20ms Script
text/javascript 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/window_focus_fy2019.js

Requested by

Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:43:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 90
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 29 Apr 2022 14:43:07 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B6B9 119 KB
37 KB 104ms
45ms Script
text/javascript 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

708369fe8dc1fd8fce92d3a7078852bb50ba4ba1a1884b1358c3bf03e1670d50

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:44:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36909
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1649897599747219"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 15 Apr 2022 14:44:37 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame B6B9 15 KB
6 KB 22ms
21ms Script
text/javascript 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4a29964e922a0ddad04e2feb2b4496f1019838b0cd9754da5bc95f6e20a14e98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:39:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 305
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6409
x-xss-protection: 0
server: cafe
etag: 15284592792851369840
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 29 Apr 2022 14:39:32 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame B6B9 0
0 67ms
37ms Image
text/html 2607:f8b0:4006:816::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTDZRs09XrF57z7WhYLPSMIgQVclGFTgNf0Pd22G8_aVIRQQWZMLYcgMwJ3n_GZL9twv2dU4xqiFvKYfqwimcGydNVV_w
Requested by: Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:816::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 1A7B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHxDKpLBmJjpaqQpfQKkMZQ&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHxDKpLBmJjpaqQpfQKkMZQ&google_cver=1&C=1

43 B
1013 B

41ms
41ms

Image
image/gif

23.52.162.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHxDKpLBmJjpaqQpfQKkMZQ&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIGpfRDM07aKAxi57b6-ATAB&v=APEucNVyDg1IewQBcuzDDQqZRBfg_t0O5iV8dNU0aEmMS61el8o71fsQlZro0_ShTe3UrbhmoOdHT-bszuEE8BT_PXjIkldwYA
Protocol: HTTP/1.1
Server: 23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-162-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 15 Apr 2022 14:44:37 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 15 Apr 2022 14:44:37 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 15 Apr 2022 14:44:37 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHxDKpLBmJjpaqQpfQKkMZQ&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Fri, 15 Apr 2022 14:44:37 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 1A7B
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YlmE1bXezUAGPlrrX3or9wAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHxDKpLBmJjpaqQpfQKkMZQ&google_cver=1

43 B
893 B

53ms
53ms

Image
image/gif

23.52.162.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHxDKpLBmJjpaqQpfQKkMZQ&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIGpfRDM07aKAxi57b6-ATAB&v=APEucNVyDg1IewQBcuzDDQqZRBfg_t0O5iV8dNU0aEmMS61el8o71fsQlZro0_ShTe3UrbhmoOdHT-bszuEE8BT_PXjIkldwYA
Protocol: HTTP/1.1
Server: 23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-162-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 15 Apr 2022 14:44:37 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 15 Apr 2022 14:44:37 GMT

Redirect headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:37 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEHxDKpLBmJjpaqQpfQKkMZQ&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 1A7B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEPI_obqv2AXHDdyil0eG3yU&google_cver=1

43 B
1012 B

40ms
40ms

Image
image/gif

68.67.179.77
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEPI_obqv2AXHDdyil0eG3yU&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIGpfRDM07aKAxi57b6-ATAB&v=APEucNVyDg1IewQBcuzDDQqZRBfg_t0O5iV8dNU0aEmMS61el8o71fsQlZro0_ShTe3UrbhmoOdHT-bszuEE8BT_PXjIkldwYA

Protocol

HTTP/1.1

Server

68.67.179.77 Secaucus, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

580.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 15 Apr 2022 14:44:37 GMT
X-Proxy-Origin: 96.9.249.39; 96.9.249.39; 580.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid: bb87a011-2517-4bb8-9f95-73b03ad4fc6a
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:37 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEPI_obqv2AXHDdyil0eG3yU&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 1A7B
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjkxMjEyOTQyODYyNzYyNDM1OQ%3D%3D

170 B
188 B

37ms
36ms

Image
image/png

142.250.65.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjkxMjEyOTQyODYyNzYyNDM1OQ%3D%3D

Requested by

Protocol

Server

142.250.65.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s71-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:37 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 15 Apr 2022 14:44:37 GMT
X-Proxy-Origin: 96.9.249.39; 96.9.249.39; 580.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid: 1198529c-4180-4f8e-a285-8b462cd112ed
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjkxMjEyOTQyODYyNzYyNDM1OQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/904480/59616668/ Frame B6B9 231 KB
70 KB 110ms
44ms Script
application/javascript 34.200.35.154
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/904480/59616668/skeleton.js
Requested by: Host: www.tmonews.com
URL: https://www.tmonews.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.200.35.154 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-200-35-154.compute-1.amazonaws.com
Software: /
Resource Hash: 98f0b8b956f17b40cac75488e3af7a807c59a3af15a8042b89d746fab42fedf7

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:37 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame B6B9 106 KB
38 KB 89ms
20ms Script
text/javascript 2607:f8b0:4006:807::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:807::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
Origin: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 05:56:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 31693
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37892
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 16 Apr 2022 05:56:24 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220413/r20110914/elements/html/ Frame B6B9 8 KB
3 KB 21ms
21ms Script
text/javascript 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220413/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DMcgD3Zv3ewwWYXKTWJqK0HahJxjen36j47LcVXYHQpsQkboDGdIKew92eMLJmXJ5Gn2wLub2HXBBpPUTjk-rZOoMcBA&cry=1&dbm_d=AKAmf-AlwJy0jGDqaB8MzzG6vyzkzd9MPxRmWLN7om90IbZMSoloXZeg2F_sE0qrEyUiptMGeT0DHm0stsGY0Pe5UfF7EhwNoDTa6MvKJ2Q3cIc5LFy9gSNra3sIPp4-VKQMvhPVOhNMFHS0Q_AsyCfbfajlFsTRfo7RSP260QIuTP6CB2j3FtMMC-4h1AWX8g_2Er-RZdO89BfPANvbY8GBaTZCjikrCNnA19JbgEejGoN9n7_deGoPtUUK0I7YBXSXwqI8SwxkQM4gw6MVLtMdcVAxPQaXGleyJtf618LrE2A4jhtTBf-vr09eKdTZDNAdYE9_jRdXpVTW5CgwOGrU9Fi_Vco_qd3wFefDZ2hZQVhKLWp11oSiXW9vSKY1VdEEAYlLy71ob8NBLNauP1Ay7gFSQk8UkPiGGMP5tiwJ-8OTmcXXasJa3s18zosSs1w-0UIDtEi7iMPGR18J4lnW05HGqOwpYpmuq83DtBYvG40zrjsfEmypNjciT6nKQTZDxlICZlOKm1VI9q0FwhXJqo9bY2fuO8U0xhOwRW0WUIbMafsJ9-2iKLdFSFm1hAKGP28RBPbmX5xwnfHNVQ40HJ8Zx3uglcOHjSpHm3pt4V98UFX8xD6guUxuFg1F0HpyvHK7_0DyJ7jM_83IOpJ03Qs733-3p9avh7DNkpdA1cMD8DjL2f9q9O0yyeoU3sYBvfFG3fOCuawlieg7q5HrMYdKQ4kPzE9HXssVdQG8hVcPScssML7feKruNrY2gsd5_LLi47ERN0OPZbaDDwW_WLWccNfkttcBvl3hbxbpVRc6mRBzbQDAgOzKjucg5ktDX7UwI4wgHnHpSZAEMgqxuff9cAO5YMH-EOFHTG6gc5BOd19sBBZPQF_pozx5Qz4KEt_8NozM6KgaIC-FBQD3L9850UY3Br22zRWN9E1_NG0m_5oWLt8SWcZvCctgay6JfV0OTP_7LO7nCnOUjD15c_XGCKssah9oRZTLbvwUSqLAoqeeBtoVO73gRqKPWuCrXTCSOM0F4yW3l-ces2K6lGDXPDQ7xQJ2CecpMs-Way9pDWz6-RZ_GyW_ZJ4yDsTjsLZIDU3AmuQQQB_y28FC6bZxuYF1rwRTfaWdGmiRSF3K3eZ3UFe-HXXzp6Epqp2Brhee9sTUeJbM6LjD5qIT4rJ-ZQKyz0mn1fEoDy8G-Sw2JRQBRn2AT0lCEoGJTO7Gv3jOASOlvZgvILNLVBReRJSpIg47AUlbBZwiGLiqpJ44EbnWcRvGIzPyr0CK4duoISscPtWUd-e4gWiP7s0U8_Hqg9Jpx3jYJ2mSKlelUODELaWM9CNttLaLqTtLfjRh6LMO9WMlVu-53qMytfsaaIvRMlvyMLTkB1jEB8Pm-wGT44-Z-ZEOx_cV9JY7qf7DmMewlM3WQRppoBjzCa0qd0eNRMFcWxrKRjPirZOoX8tl34Fmzr47UnjD9BfKMyBMwDvVDQbfQigJzitr12iwk5_dk0kwIpoRw4gWCWqQpRan6UTm9SrcpqPvmPw_p9MBZyKs0r6o0na1MUXE8jhNfrug6hUnqssTGKBLBBJTcsdHNjYWma9Rwt-hn7dEj4T2acsMhwpe9k0CI7UUzqYg8R2K1Oo74WUMqT7I3t4-zt90etM4gGo4jBn8FiBChgcBfHXtBireV7k0UCnhfOFncvHuead4F6LTK0egL5roRZbDEp6u1rMg6bt5D1aiSy434hJUOOXsk7edW2WH3LjtvzwHnzBC0Nle2MOGhC6AlaVqdFPpuZXkJwEpAhEveyxQe22zGDelmMgSpvdV4DOSYBjctlCKW4-423aozlekI7aUj-GmQLfMYbKnSrrllks_J0Kh-Q2rVYNQK69oazusgjdfOzp9nfjgULuWF_-H7EUpb3Nf1lXD_qlKCfxdUvcMSyWilSTa77nj9YOYTo8aU40ZU-KNt8Tdb3UPdBSHHaUJimC3y7VXYZHj9LN5C5ILp0SfV5rpQD_ZsQcUZUY70vp5aV76fFAjpCNaI5CcLR61pbyh5f1irRG3JnBGs93n59r3vvzUPWAT4_sFm8MAE8ZO1CgC1EY7OFHV9eet0JcYdvvy0qEXxPgkfIzMZLq5cfoMvDzQcoVcKOPRDoQH8bbWN2F-_OLAVEBLDhVGTEOl3Ku38az-RS3Q98E4sOSSvsqxa7vuzoBxIZgAwHhcB8a4d8iS7ATqZXFjT1G7FV7gRWX6TVYLNeXUkH5_N2ewftRQEpTAwYYcOTL6ROpJtlkjq3aq1Nvp4QJsf3Mac6QajXHeKIaYtoAEhyAKlJ2te9TtocTB3YsuS-a36dZ7sKRheLQUsmv0cm8ExxH9mov9EJY0w1l_S56DLrEwiFqisMoC0lfv_pdnAi_Yy3XbpDNWfgFgo9jEh8DyONCo990JPVLSRCQnj3Jzii5__Uqqd41G20tI38LKe_ovTlCKoAQOH2U3ZLXmslVfLncgTcldZAVt4VceV9iogLjPbTRK2vzctRDNASBRnOTBDXWFFDEBEDY4g16Rse507xKPJYc5iTnlxAk52zUIg5wNvPP4GBLlPbAS4BXJNh_JIXA10j9vywF1VuwrMVzSWH1XDVG16SR_4v65qiVQ9WnsZx_Hg_ye_DpWjKgbV3k8indl9JZGRDZ327-zzkgLQ0X8zbyElnxzeSjim0iVtwtsiZtRaoHZ-69ZyjeLp_Fcd1BZ4_AHs8DBZnPgmLVHMxLEBssC5w4MbIoIVFpvZFBxQgetEIV3T2eUKIqOa3jt25vX3-NHKZACpqJWFWPw1pSw6JXwI8vR_8CetPzCEs9VM7P1FmIxzdSr3YDtxuNAbVQr3vc5gYhvk4PNcSVs2zXrPlpskuj3OCmSjAAQS6x4HHGR8cXuhdwpa1TW4k6-9-zuBhdmzrycxBCfYI0gdEoh3IHLoqlT4Jzp2vMgtki8mTXPP7EPKIc9J4yxURclMb8X36P-xF3xrTMat5tck_HPYKFB-fdRyomM4irYmPisooebV5siMOXcZwIHDkBd_rIESK8GEb39NQ&cid=CAASJ-Roi-DGegiYfV1OAa38mBywZB3aCOkrrRk0s82u_VGFAlanjWbd9A&rfl=1%2Chttps%253A%252F%252Fwww.tmonews.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:41:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 199
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 29 Apr 2022 14:41:18 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220413/r20110914/ Frame B6B9 25 KB
10 KB 20ms
20ms Script
text/javascript 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220413/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e66bfceb15a6ee125dff79826be02a07b766843e6c660edf55ec0c22d1a407c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:39:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 317
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9777
x-xss-protection: 0
server: cafe
etag: 12512753850102923420
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 29 Apr 2022 14:39:20 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame B6B9 41 KB
15 KB 21ms
20ms Script
text/javascript 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 05:56:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 31693
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 05:56:24 GMT

GET
DATA 200
OK truncated
/ Frame B6B9 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 98c2bbf9762e2cda593c1f8ee5bfa9d8234d253dae4870a317fa22d30a9e73e3

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 4E2A 22 KB
8 KB 21ms
20ms Document
text/html 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 31693
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 15 Apr 2022 05:56:24 GMT
expires: Sat, 15 Apr 2023 05:56:24 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 56ms
56ms Image
text/html 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022041301&jk=1608491980794987&bg=!Y2ClYCTNAAZvJBiFTyQ7ACkAdvg8Wnx2bAdotmbbE93fq_jAQVxTcZLN5E0MvSvzdIAZLBAawHpgbgIAAABIUgAAAAJoAQeZApxo8Q5FrPy5Buqny70d3TjOC8xXpKT6z9PsAXv9sH7cktX7cNIQTCvaX--9k6-08Bu9vcuu4Jmt3zBWuVD_HiNFVAwThGlXfvOUyQf7SnzKKPqdgLEgrInJQd3V13mSOMINj2jv-H_IhD28yiDyzmgEtOJ_BEc8BtlHPE7Kr96cWNzFfdHmoP_4r0-FqoTaKSY67ElmK-2i4fbzfQ8Jx99KCHc3XnKOilPKVvyLMO7EZF6rFZK2wtu7J57t4CW3dj9Ytw9aHM5xzRH4CDOlOuyUDsOWMZ-ZFjA5JyIl9pnp0sbd1f7R7aR1s3XAfAYfIqLqIhlVBeQoAAonXiMKOQwcj1x016_rGWZNioXJAW6syS5Zu7EOahMNnYnhqrHHO-IwabuhOQTYTkLi9p1wFfJhArzBn6zPVGScbWnxvpUl2CFvpJ5rCruj-GzF6X7XuAA-5-jk9bDnH--gOUjyRPo_HWgQdnrACZfvpdQnkyknPGknei4xJQ2DfsJKq2D9-TvzhqkS41uH46nBHGoEpB6nQEHX8NFBt3Vxqd5bdXJmwE24XC04eJs-RDZCZHj-0_K6XtEGnJDkRZBiPX4mwCiogUMT_LgKDNtL6oe_g3E8VxcDhzosbtdiHaiqOdsmWrQDaDV0fcQwxk3vqEPubeh2axS02ErryabeN4QWa0aITNqpYokeNgZeM_dbw5KVMxnyN-GPSSDA8uQL0jfwdOlvALg94tCUuq9vTc1xyE3TIqiM_vYytDaf__ea2kvMy9skhuPjWDYIEoc28yKg4w_WtNFLQaLL6SqDbl_rnnVNHRbzZzZ9su_5z4HKWLyPzhH4QkaQBTR8e8lrXEgyOKF2cAcxV6qn5d38aCOiAsXdkUYqBYXz4yWbTKNh8Q
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

GET
H3 200 container.html Show response
6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame DB3B 6 KB
3 KB 21ms
20ms Document
text/html 2607:f8b0:4006:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js?cb=31067132

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tmonews.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 15 Apr 2022 14:44:36 GMT
expires: Sat, 15 Apr 2023 14:44:36 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 hrb_ct_diy_filefreeonline_html_10_728x90_v1_na_img.html Show response
s0.2mdn.net/sadbundle/17727687641421316096/hrb_ct_diy_filefreeonline_html_10_728x90_v1_na_img/ Frame 1C4B 20 KB
6 KB 49ms
22ms Document
text/html 2607:f8b0:4006:807::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17727687641421316096/hrb_ct_diy_filefreeonline_html_10_728x90_v1_na_img/hrb_ct_diy_filefreeonline_html_10_728x90_v1_na_img.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

79c769495cad81cc6b2196fc2748748f8e93ceba6a873af3fd7995b3435f977f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 319960
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5873
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Mon, 11 Apr 2022 21:51:57 GMT
expires: Tue, 11 Apr 2023 21:51:57 GMT
last-modified: Fri, 21 Jan 2022 21:33:25 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame B6B9 0
622 B 107ms
48ms Ping
image/gif 142.250.81.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvRXA2D_G_A451Gbwq6BJ0BEImTJZIstqcqJekhRwYBwFys2757m9-uWYlEUxUPd2BBLntebyEkO4ZQ2qEJjQZ8FwWF3FpmjWpmk6qZ7_dSEURCzFDu4u0erQHnQWByCE7R6pA0GMTPaK5tpxv9YZfu7rtBSBOnjA6YOAodiLNe1_bgnaPWnHQ6b4RQB9ByODwrZKjYDP1WQZfTnKRQDq4h4VplYOF-ldWWnkDnsg2mpOwpwWa2qi6n17XIWWFu_OTFjsP-Dr67c9pRAe7lxkTAphYvYN6b4T-c3mNs0t_KL4EBZPfZDlfpVvrFRBPrYfIF8gefYCmDS95ITc1Q6M0PUjU3CEfExhbZrlEfuy5UfENgvyGueKwYfKo2PbO__9k3FCYml20HU64z5nMr-NJLgSIAxobnlliApRfIog4wPdq1O2Q1FLsj7p_67zs_6l0zKCdVwu5XvgMcMTM8asqCee1q9AQvERjGRpjwBSz0rGTd_LGuuLuykiqcqchVvngTgsl2fKqBkVQKOAaP_gWHvhwRzlQfsIkZ_gx27Rinztv_LlXkWZ6MxkZlAuHQctJjaoKdXD66y-OtaOdVBAkmps-NOByK31TLy5RRRoIhD01dxPGRoFFwcseaVDF4l5jGxS-ISiovPfOVU9RhK8Jj7Yb5apg43xEA6GicQfwmA34q7wBj4Ma1fCrEzw_Q5b847F9MucrTt9i6SVJLSwJFKgoeG1ebqPoP7a79dgveLhK3tw1RAEmev5Qyu_QRrOKocXyxKWMwHwQtNUeSKsE3It4joC-P94gcUseT0Mp4dkL1eXMZrBkPpGHCVsHwLXqNIfWFpP_jkBEx9F3eRNkybjuvRQDRtOAQDyCl75WQVp4QSnEEywI5FB79lQYk1roUzG4G_wKgij-5ZJcO42OY6Nz8etjnAvpcEMrrTfer31YpxRAZvpeSiS-AsPrirr1ZLlbeQzfk2MxNPyZgGrg3-o8GRIIOZzYiOFuR7xWlRi4F9A1AmhD9dRvdpy-DMLhbdNDXtFYp410ScF7GhYtF0FYKHZlp3_SgY4kwQmFxUGpDl62wDznOf3n2r9raKNogP-Ch096EHvCtFL88ialJ6Pby6K72trWV-dCGck0l457UdRFqZFd3OquIQ_lWUtdsnIYpzPoQDDCX1-5bVK0mt2E&sai=AMfl-YQX_4GEqz5VLbN8_yaJNdcUXNsGb5hdEJ1rhgKH9Mc9nm4gMsnX9NK8jmnmMZFkcrK17lq2X8f0_8GsQuQ0JhWVjBYAKtHufq5bX4kJ45qcEvB6JAuLYUXGmHiZNHjV0bbaqCTJPQcM3Jm90wzezHzZDpc01waiqPwG0_q0158EIRHRiih36a_2_h2G9kdNe_zPhDPrt56_yn-ucpp0jvs0obMGU9w&sig=Cg0ArKJSzA_gN-jkTM4bEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=135&cbvp=1&cstd=131&cisv=r20220413.73148&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.81.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s74-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date: Fri, 15 Apr 2022 14:44:37 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 v1
p.tvpixel.com/com.snowplowanalytics.iglu/ Frame B6B9 43 B
380 B 84ms
26ms Image
image/gif 3.217.188.123
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.tvpixel.com/com.snowplowanalytics.iglu/v1?schema=iglu:com.dataplusmath/display_impression/jsonschema/1-0-0&aid=hr-block-3b2605dc-5ccc-4a88-9436-5cddea1827c1&cb=3870129081&pub_id=7166125&adv_id=9121585&adv_nm=&c_id=26947108&c_nm=&pl_id=324540996&pl_nm=&ad_id=517414665&ad_nm=165185621&width=&height=&u_id=&u_ip=&app_id=&app_nm=&dvc_typ=&dvc_id=&dvc_lat=&us_privacy=
Requested by: Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.217.188.123 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-217-188-123.compute-1.amazonaws.com
Software: nginx /
Resource Hash: caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:44:37 GMT
server: nginx
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
content-length: 43

GET
H3 200 k-Lxrj_3cR5KhrMTVpzAVOH1CgwXrUvkekFpn42ZeoQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 4E2A 35 KB
13 KB 21ms
20ms Script
text/javascript 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/k-Lxrj_3cR5KhrMTVpzAVOH1CgwXrUvkekFpn42ZeoQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

93e2f1ae3ff7711e4a86b313569cc054e1f50a0c17ad4be47a41699f8d997a84

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 02:57:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 42451
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13613
x-xss-protection: 0
last-modified: Mon, 11 Apr 2022 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 15 Apr 2023 02:57:06 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame AF98 640 B
318 B 65ms
36ms Document
text/html 2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CICj_QEQvsn-ARj3rrq9ATAB&v=APEucNVEHDb33GjUm5Dht0eLwm1OQRTlwD3EHmFxZ2xesxLKIzkjClR97HlGQJegnMDXadgQjZ33cHMUgtoqkTYsm7A7TDxuew

Requested by

Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 295
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 15 Apr 2022 14:44:37 GMT
expires: Fri, 15 Apr 2022 14:44:37 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame DB3B 14 KB
11 KB 85ms
58ms Script
text/javascript 2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DsFhulTrJZxXpL9-r27H62Vc8q3IoTO3NYiYpDHMdKxiM5QQXpBtSeCIKgpRzXRu-nSpurkgi004MrWoiPQYcM-ZjcLyi-XaGQr3ZF6POM-kpHumwn1aOjCEZkWts5YaTQd8tiqWjfsXcavCarRz0VlG7yNw&dbm_d=AKAmf-CiWF3g_tC7JmhSzD5oWXi7JTIelWislQY9bDnvpZcbvqMlc2mfQgcbJ6thhezVTa3PmYSuWWpdav-bzYnlKI98_VbN8ZHg7xpj6XzUJsSiTz1UiHQnFSsj5k_21G3-vTJ23s5f3hMwy76BNe17FHgEMGBJlD43_epCy8NVhAgzfrUht867BiexB0v3dABQLfY7SsN_hjJPK_9Vsk0SwXtdbbcdvFOFqbkmHWRXC5Z87xBdbtA0eshQ8BRk1sdLSitkCrGiqRE_q4FHv4XzcnpHUUQXW4nwcj4flbwZlcOp9tf2wfrfl1eMSVHq90efpgO32lhOhrrgB58dnfiK9qWL43Ofq6zWb0D51LWMU7Mq5-MNxm91safjSEvp_T7FWkmSCuGgJXjgx5b5EIDCSQJ2ftrz4_19XkRIWwUiWm81Mg-qTRf4TT-MViJ4sKYIvkzqPkz32-2EbB0vUt-rxXIBoCrvdOYCF-jah4Et__ogJ4bXzce4ijEjbHqXzdjGHy0Fy3ak_Gba4jhucboP2e2o0IqtKHWSHOVqhYYw7I8GHCOlLgmS6fCIX9wkAQbZ-IfxhU-frgNhWuvUkF_zAlM2jkBYnmTmyKaLkPx7L-8JCpv1VMudt7QME9ay0iCw1W0oB5GiJxyUC4Pf7gW6SRV-dt6CFCloakT1hRUbffBT1fu5mxFK3OyEuyBhZ8T8DPFtDETj92KA2e8ugTh4O-tQfxZTxv1RGvDmRh-R3PyYXQ_IycxxV59fseCd9E8c-6hZ9V8MIJK59R_JMxlRHYITG0MDoJZZh1HanUeavM1P05KNVIOm95fWQqVIXREwQelEbcLyGwCqi1-f-ym9FXrpXvV49VwMwDflsL3QUr5k8y36bT_EDr4St8Eh0-IUevFOaBaPdWUA7qyJAuasFfMENWCWH46QoCTt6qvqtWNaP0uB_UGucxftePY3TXOhPD6DU6pdjPKzKRWKyskTM7ZcHcxjlN_m3c-EzIUmGpKSTCWIF8APgwMntlBOsd7qVZLTMTasyQET7kbvCs1nD1bfT-_ssB6N1Buf_obCo3CumRYcJYu6Fed0OzrGGvAgLHlS4zo4ltMHS9gExhTj-swUOgSkzi6Jd30epAPxBph0GMnftxv1FYLShehN5Rw1BcmN-2bZrNCEoAcnK4Rxrhguxh8KAgKQyPK8R0-EXnaqoULCmRBxXWCLffZemmVcsxqk3lZd7odypphRQZrtysz9jwQ8p7EiPsYPd9J8WPKYxGxeI5tU5a-nEvcYiWs8dG5JM-4rdUCf8HJoX0mx6OTbOaRoiMyqixqFuWcyofHkJEUjb_AFjtmc2ysjpgHgNfFJ-6_efJ4C3g0-u3XOL2Silbbk9idwwLS-Lx_2FJrAkSj3QIqCN4eOXCz80yp8v9Z_7DqdtvCX50j4bODqwDzM_LyIgrt8WyLTKsxEbC-kSRCX_TaMd3MGKYq7YFxk2IevbW92GubWKUF-GNpNqRC5fScKBapx1_L0DE_B6fZHLUi5noNKNC4kmUzMPaJkrXaQNZFTM7x9B4D7J_-bvdTwobpEjV-BYeUg2ktYCv9s6iHqtFijCECcezsoeVXb7wOmuMQkdiuYUl1yvU-7VowxB247UBL1Ipmify0Kl3edh0RDhz0iKGo0qCkm1tOjw-x_sx1UvvRv9bLts7OHOOGvdp7eI8hCX9VOZIyyqEIooB3yZzLGIUhEPovE8ffXD-gUusCLcFU9w5cS6vSYNqsZqzyncUf5nEcIt-64OM8I42spBufilPxDVAgwOMFvpI7NN_e4sRQA0Fu7AxD9AZ7lK7kB2XxRu24414cAFYzdtv40H4fIRNHQf0QJMraKfdY96o7vZ7nFHy8SlanY7zSEpPWoIk_VYvEVe9hvzOiBamMb3c7zd1tY1ru94gK1wBC1lpDQMBwAxbs4hXpTLyu5dtRYB0OJXKe9bgVqGGYPfAGlxGtpMyBAd_a4W3o3jFy2O5WB2xyRsgvn2twlHMaDn6uUky-zk4Ys4XIr0iu016cJIEwliEao7xcAzJ-r1Rr07Fm89dzWAt7q7GChhDPrM5qj-NZpwylX4cpZGtMeyLsAqom6Z68ROvMf0gtuSONc8W-trNs8fr6xBHxZdvntmd3Mw9qR1sb3llHcsxBjllJmuPjSjaWlvLDNUEcUgu1QIv57Q8c1hQ9wrVgbJe6zkw-pZypXaUkh6XYOpWePMN4UCWAyPzbIxF3SFw796U84el1CYAZZzuKU3yYwHG8H3veo98cdQm20rGSaP6UyqRHv6EhRX7n6fUNSawD8xVJ8ouc9qxD0IvADLw0cpIaCKJzvy-HXLicEhWTtqk7U7yWr0-OG57KpCmxjHi8MDmctR32sQbAsGJu7Q3kTkMlsq-AxKmT8XYxWoI3dHEaNJrZg_TAYjyEVJJcQDuKe9c2fI86UlRSMTPqZFZ0b9lVxQ8DYiz85O89KmOyvqyDWeDxV6F03srQz-FYoc_ckUhlJWVeBGeVZWrlLaFKSQLdeLbTye7P2mJekXXxdpRQ9WNX8Viuc-QPawxPaX_VYjbqSgcnMaxciVSoDvyJSyatC0JbtfhG9wB_1dX619PGLQveYRBTo6uLxUVpeaSVXurJI3j3hVIvI3fTbew8wi5Z808GYN_kYXI0DOO_6ch4COijOqzI&cid=CAASKORoXP1sFWyTlGOuoNepSCVtpERtLR0XHd_ucLbx1PdX-pPBSpxW_W0&rfl=1%2Chttps%253A%252F%252Fwww.tmonews.com%252F%240

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

192cd11715f243759f3de70eb7e045b1e4412af00ed2d7a9498d3d505e5b13f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:37 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10765
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame DB3B 42 B
63 B 81ms
79ms Image
image/gif 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DHaYbXLrpgrhup6kGquGIjoMRTTy19Kf3TbK66rVFhwIT6UQbUuVPdMuvJR5KPlNO1kAEA_6cnuN0jdNltc0a2eTMdtXH33IWY1Z-ulyej3sEBqZA

Requested by

Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:37 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adj Show response
fw.adsafeprotected.com/rjss/bgd/903356/59200475/xbbe/creative/ Frame DB3B 238 KB
73 KB 34ms
31ms Script
application/javascript 34.200.35.154
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/bgd/903356/59200475/xbbe/creative/adj?p=APEucNW0z-JBUge5xHz3GGIHmS0V-C9EKAyMiXagdocLreQHvktvMQ4&d=CnkAoCZ_4LgmSQKKt4NDVlvN2srOFBRP2URc4T9DPws5o7pP89z-dgt9nHAyh_HYEDIoGtwRTVH_NnZ4pY9U7prGtjZTJoZZbCKNK-NFXEZVhWOYrKKIRvyEz7RvO21yF4G9FCiaOeWyC35hD_Bs23JtokGe2ud7j65NEpkSAKAmf-DSkFgblmk5Exh1gx_mRXyHeXMtX-1iFKFwlEOXtfHxsnSTohEALjOdXjB0b-xGs5-hzZ6nLbBSbHRu_FXz8EsR9rADfSDyrMtu4ibzJNhAQ7KWT7m71dOAer7NM4k-e95VEq-AumtGAIdkocTBz8jkFCXoJDbb1Cf8bbffJQG4jUx8G5ZzYluKlGkZkUYoFO5nAjnLu-P41TMrtLpyrh0gLhxvXXkLSsjOW1fOE-bPRkao5VUHHCN0_ztAP_uG4gI_t2JNR4vsG-9RPP-KMhcl50ew1mBr8jQ1tBn5hM2O7FJV-9X6pox-ThTvEi3W7AymxUqVn6JMP8C5Xrr5IbKMlOlatOl5Byq0gBe0RBLu4e4iTivAa9lfPESeuDrLTk4Sj2LkACsW2TDGzyZwpQkjTZf8Ye5uNgBiykj3mb4ps8B1OCj48mRIuCNo3sSws-mY5Q1zK9U2dhyI4782zbYBtmJQALafSkvUjCkz202mjmpL5rYkNqgRN84rlTRPMfu6rxsFB8WlCgf-VpTaAqjK43OlADDyvCZAuJIbRMe5-rSCJbo7DCnszhHAOb0pllvFDx63xha221kNq-9Pr0rcHHaQwwHq9QUR9CFEu3cNe-eL9LtxDiNjvADRfA5ct1UqO9GJBF0YYjWE0IRZiwTDgKUhzsNOXpMWy-KeXkzN5v3VFjPc0zNkcLSZkfYLLpCyBNpLHYOqHoeTZp-wJhpk3_d8NwEzgU3X6je-gkHClh6DJ0PQQ79JNrEas08reH2CA7tGejSwWI3hACCW7o2LOMdHK4vJZZcncpwA6nigaJ_SUQODU0O_CLpbnrk3B-c5vKI5dZpqTmRKYr4cmdvz1bwX_83aFJ8wEGEk4G45LwePtfte5ROKzl7yJewT06gl-lrHUAIBOQFr1eG1jsq2qkiTZXILEYI0fAb2EfMZiGpUjbKLS7rLjGz9j-V7t5Wn3kKLWSDaTkiQkOFioxEiAv0FzbR7Z7QKzZ0ynZtridCstJ_JfhkcmkMZaG-JDyczPDRX-jt0LHADJjAsJbkFtAvh8u7Y1LNBuLfP6MAnqEaSw7_EBPmcd_0mf9CFXBDZCVZ4g6muW6P2AO7d8ZSUp6aLHx0zj3aAjmbmQvXTAMEyWKrY_JIS4T5GWHvMkb9Ju5y0vE9z1vOi4bWeeRyYYo7ZPsF7UXLy5iMPgAR6ad1iJ5bWMUL7sNlR6seiHwKc8-6q2vOcybpwagKasbAErefmHUu327dJFWse9CanNEHrr5qem-S4ZSEQM-Xf2tYJeZLjUec4rvqi-E7DD3WY4z_paSM5Ha7OlzvAw34xMVHNT3VIedCnzsGyXFtawc0XmIcq4xu8Voa6kZwQAYphJw3DeKW_Kk0u-8nYrkmoOBRBDRRJjs5RquXwWplwGtusCC_WzNQ5oIkH9DtuaPMWe6o4pZ8NzjljBebSwwjc5UnTPlefKGD8iT8NR055JMEXI8lqyH0YRM17IOpgVuqPiSLEIdYm5nt97aJvnmjIAnbJzMT8vaDgHOoqzyDNf8qmpsSArq7cGZ2mfXZA8vJ9a1Qt6QY6pvooYCtzsgnWdzZRbq0dyRTY8XyAs76rZRQrPIB6ytlXpEPaWXzRlg5cbpwRUPjP0YzVU4ZjnJNhTvybSKIOEj9hINL1rZzKKiJEia3fZyHRbfPg9Vc0QbXXACHVFtAoCcjjglmH_G6j7n07FleYq6pfPBERH7JGEsRvuxJy5JjZm_xQro4L47WmkaSImiRUEJ3Rd8nJfVLLkPnE7rITTew0DDlMhVyxEnji0H-61awmMdOelon-oGo0PUfww_-7sdKgFl-XrYdftCMzNof3x4BiUW9-Ot2c91fOA6sI-GziOJWHnj26xbs-dhvlR1IgVzqsFnOOmwNFWVELR7tTDPh6pOQ1J0KZYNfjOXzwc-L7k0kRHDhDhjn-_45tbKAzCfP74vJxFq9dngAEy8gL7DXyseVnsuBCswMWdP7OplTQc-sFq31jiwbbA4Kqk4m3COMhMH4ct3WbqfqzJDxQQH3p9RFT7tYqQkvPWjxPpqI1MhFyyQK5b0SKnhzaX8iushowHNwZcLsd5bnaf1I5sNXv5rUbk8uEQHRkL_duiukfJOhtlpKq-lik_mYtc7O_pUsKbjdXUZYvcnCb3WADrWYG4g6x8On_r_TaE_slffwj6ghHHD5romh37lTUEg4BNNwD-Zi7jJstQ50fsnzmu1PBmPyQIwvPbtIw558ld4-bz41PNI9OaSoP8H4s7TyRJqyj52g7mGnfvu-qP0AtMFjtDAku6wnUJGRr2g248Yyn9pTNq6qDLzEjsxSSvEY57LGxke4XdISRn_Czv61vetskZGFFBZ3hd2xiZJFcRSLqRDL_m4sjuQv3HHXMezo3VgONDbLcKJ479r1-ksVlQbJwNzId8-pA-NOXnCvCOWm5TPYo7WLyBPCOwKaRVXXrEmofXhWVCRI8fM87dY38zE4c5zLtVMT0A4qNmvGkkeJNS4kgNKUo6wn9g7xn8u3dgJ0YcvurpzttthhVs38C99L4zeengvq2HD-Y9n6afk_yXU3YPuqUi1sC6yMYt8a7eRxeD5kC-QFgBtUrEFuKRjFxJkxvZ8SSyQBXcoAEnyGeLDhLMZpNdZxeuN5PNpLEhc7-YKGk51PvCSfDdAUNBY1ztuJv_6qBiFb2TF5gBWJyC3sqsyA-VKoxwE4SJupUh8QBTU_dKR80czNKwW7YrVWHdEXJ3MCs0P0za3hP9Jx-NrzupMuISEIeQp550n_ztRK3Go5vcpCKZLnDoBIIXejRALQqZbOwCxyEjc8wKKJxcjqKdhMznSUn82u3XJdzN5825R7iI67hNpZO1jrgaibZAZBOqieXdgBXSiNgafnqOb5POQMhIV3ULJnxsWGU_1wn2RBrmdEVoYVfdmidDaIMOvj0geq4YSDu4uwOYVGh-Q2LeaSEJN_hFotdCwHrgQEHKsYFntNpv7WJdcqPymbF85qXASaNzjz0cnxyipjwipzPvtwjeGan3_Ejf3hWAsxhXH5STbMoAbGrmDoVrdNgU48azT6fbGfO2N5jZ_ro2_E7In9aGVHjo7NpHxosCAASKORoXP1sFWyTlGOuoNepSCVtpERtLR0XHd_ucLbx1PdX-pPBSpxW_W1gAQ
Requested by: Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.200.35.154 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-200-35-154.compute-1.amazonaws.com
Software: /
Resource Hash: 8c4c75718a1be6d6a85a27f4532b34e8a343231543f55fa452a4112b1963bbe6

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:37 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame DB3B 3 KB
1 KB 22ms
20ms Script
text/javascript 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/window_focus_fy2019.js

Requested by

Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:43:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 90
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 29 Apr 2022 14:43:07 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame DB3B 119 KB
36 KB 75ms
47ms Script
text/javascript 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

708369fe8dc1fd8fce92d3a7078852bb50ba4ba1a1884b1358c3bf03e1670d50

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:44:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36909
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1649897599747219"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 15 Apr 2022 14:44:37 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame DB3B 15 KB
6 KB 22ms
21ms Script
text/javascript 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4a29964e922a0ddad04e2feb2b4496f1019838b0cd9754da5bc95f6e20a14e98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:39:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 305
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6409
x-xss-protection: 0
server: cafe
etag: 15284592792851369840
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 29 Apr 2022 14:39:32 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame DB3B 0
0 38ms
37ms Image
text/html 2607:f8b0:4006:816::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS56o53o2_51LgrMlxUU1ufoQFNMFK1iczW0muVX3lLsWJ3fmd0hOo7KxyZA4t7HyhSM3yA_Yj1aYXyu4RE1Ma6IDQM-A
Requested by: Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:816::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

GET
H2

200

4.js Show response
static.adsafeprotected.com/ Frame B6B9
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/904480/59616668/4.js?adContainerId=brand_safety_1YRZYt7GH9Lq_gSDoqHYBQ&cbFunctionName=goog_wrapCb_1YRZYt7GH9Lq_gSDoqHYBQ&true_pb=https%3A%2F%2Fstatic.adsafepro...
https://static.adsafeprotected.com/4.js?adContainerId=brand_safety_1YRZYt7GH9Lq_gSDoqHYBQ&cbFunctionName=goog_wrapCb_1YRZYt7GH9Lq_gSDoqHYBQ&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassba...

1 KB
1 KB

70ms
25ms

Script
application/javascript

2600:9000:21dd:9400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/4.js?adContainerId=brand_safety_1YRZYt7GH9Lq_gSDoqHYBQ&cbFunctionName=goog_wrapCb_1YRZYt7GH9Lq_gSDoqHYBQ&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_728x90.js
Requested by: Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Server: 2600:9000:21dd:9400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 460ff0b1da5bacd95df6905ad1c8df05bdda30aa4189e2fef38b53b6318e42ff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-amz-version-id: Un_.8Vp_TKwliNJVsYlZHVB1x_sghLWA
content-encoding: gzip
etag: W/"96e16e7453ae2e6952bc6d2a20ea29f7"
age: 197766
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 01 Mar 2022 19:10:48 GMT
server: AmazonS3
date: Wed, 13 Apr 2022 07:48:32 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 0a84c1b70b100e694edd23e638bf7fa8.cloudfront.net (CloudFront)
cache-control: max-age=604800
x-amz-cf-pop: EWR53-C2
x-amz-cf-id: Jn9XfdusRnWuHB1y-Dt2k2_VhzIFDR67smAu-oo8NE3iHVddXQUKMg==

Redirect headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:37 GMT
x-server-name: app15.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/4.js?adContainerId=brand_safety_1YRZYt7GH9Lq_gSDoqHYBQ&cbFunctionName=goog_wrapCb_1YRZYt7GH9Lq_gSDoqHYBQ&true_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2Fpassback_728x90.js
cache-control: no-cache
content-length: 0
server: nginx

GET
H2 200 sca.17.5.12.js Show response
static.adsafeprotected.com/ Frame E744 80 KB
21 KB 104ms
23ms Script
application/javascript 2600:9000:21dd:9400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.5.12.js
Requested by: Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21dd:9400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 27 Nov 2021 03:16:10 GMT
content-encoding: gzip
age: 12050908
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 19 Aug 2021 16:31:24 GMT
server: AmazonS3
etag: W/"9304f57298c3834ff107ea7ccb547996"
vary: Accept-Encoding
x-amz-version-id: 9YodSBhG3Q8HTUbQ_WDUpcPK09tSZ5ja
via: 1.1 0a84c1b70b100e694edd23e638bf7fa8.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: EWR53-C2
content-type: application/javascript
x-amz-cf-id: U3Qoh-8KpIXxNQLJQZWz2lv41p0yz1nhZClsMbEDL2sdejprpGlQBQ==

GET
H2 200 dt
dt.adsafeprotected.com/ Frame B6B9 43 B
215 B 233ms
73ms Image
image/gif 52.41.89.5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=904480&asId=8db5d41d-9d34-efff-6d47-04c255b5f0d4&tv=%7Bc:9RHn0n,pingTime:-3,time:71,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:26%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:71,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:25,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B64~0%5D,as:%5B64~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:t35jZLm+11%7C12%7C13%7C14%7C15%7C16*.904480-59616668%7C161%7C162%7C163%7C171,idMap:16*,rmeas:1,rend:0,renddet:DIV%7D&br=c
Requested by: Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.41.89.5 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-41-89-5.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:38 GMT
x-server-name: dt01.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame B6B9 43 B
216 B 228ms
72ms Image
image/gif 52.41.89.5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=904480&asId=8db5d41d-9d34-efff-6d47-04c255b5f0d4&tv=%7Bc:9RHn0p,pingTime:-6,time:73,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:73,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:25,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B66~0%5D,as:%5B66~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:t35jZLm+11%7C12%7C13%7C14%7C15%7C16*.904480-59616668%7C161%7C162%7C163%7C171,idMap:16*,rmeas:1,rend:0,renddet:DIV%7D&tpiLookup=ao:www.tmonews.com*&br=c
Requested by: Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.41.89.5 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-41-89-5.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:38 GMT
x-server-name: dt11.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 Graphik-Bold.woff2
s0.2mdn.net/sadbundle/17727687641421316096/hrb_ct_diy_filefreeonline_html_10_728x90_v1_na_img/fonts/ Frame 1C4B 21 KB
21 KB 21ms
20ms Font
font/woff2 2607:f8b0:4006:807::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17727687641421316096/hrb_ct_diy_filefreeonline_html_10_728x90_v1_na_img/fonts/Graphik-Bold.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17727687641421316096/hrb_ct_diy_filefreeonline_html_10_728x90_v1_na_img/hrb_ct_diy_filefreeonline_html_10_728x90_v1_na_img.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

967ff8234f92c23a8b49e563a7d6d737634ab5c62b1f227505bd59147a8d3370

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/17727687641421316096/hrb_ct_diy_filefreeonline_html_10_728x90_v1_na_img/hrb_ct_diy_filefreeonline_html_10_728x90_v1_na_img.html
Origin: https://s0.2mdn.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 21:52:01 GMT
x-content-type-options: nosniff
age: 319956
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21556
x-xss-protection: 0
last-modified: Fri, 21 Jan 2022 21:33:25 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Apr 2023 21:52:01 GMT

GET
H3 200 Graphik-Regular.woff2
s0.2mdn.net/sadbundle/17727687641421316096/hrb_ct_diy_filefreeonline_html_10_728x90_v1_na_img/fonts/ Frame 1C4B 20 KB
20 KB 25ms
23ms Font
font/woff2 2607:f8b0:4006:807::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17727687641421316096/hrb_ct_diy_filefreeonline_html_10_728x90_v1_na_img/fonts/Graphik-Regular.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17727687641421316096/hrb_ct_diy_filefreeonline_html_10_728x90_v1_na_img/hrb_ct_diy_filefreeonline_html_10_728x90_v1_na_img.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0d676790cf5fb78e031970275c9ec7e5e6a9ded28edd02912aa8535840328186

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/17727687641421316096/hrb_ct_diy_filefreeonline_html_10_728x90_v1_na_img/hrb_ct_diy_filefreeonline_html_10_728x90_v1_na_img.html
Origin: https://s0.2mdn.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 15:33:01 GMT
x-content-type-options: nosniff
age: 169896
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20628
x-xss-protection: 0
last-modified: Fri, 21 Jan 2022 21:33:25 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 13 Apr 2023 15:33:01 GMT

GET
H3 200 Graphik-Medium.woff2
s0.2mdn.net/sadbundle/17727687641421316096/hrb_ct_diy_filefreeonline_html_10_728x90_v1_na_img/fonts/ Frame 1C4B 21 KB
21 KB 35ms
34ms Font
font/woff2 2607:f8b0:4006:807::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17727687641421316096/hrb_ct_diy_filefreeonline_html_10_728x90_v1_na_img/fonts/Graphik-Medium.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17727687641421316096/hrb_ct_diy_filefreeonline_html_10_728x90_v1_na_img/hrb_ct_diy_filefreeonline_html_10_728x90_v1_na_img.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0b2f1186fbef585443e2da57208e35cfd5a33f2de348c1497feec9254ca89d8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/17727687641421316096/hrb_ct_diy_filefreeonline_html_10_728x90_v1_na_img/hrb_ct_diy_filefreeonline_html_10_728x90_v1_na_img.html
Origin: https://s0.2mdn.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Mon, 11 Apr 2022 21:52:01 GMT
x-content-type-options: nosniff
age: 319956
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21672
x-xss-protection: 0
last-modified: Fri, 21 Jan 2022 21:33:25 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Apr 2023 21:52:01 GMT

GET
H3 200 Graphik-Semibold.woff2
s0.2mdn.net/sadbundle/17727687641421316096/hrb_ct_diy_filefreeonline_html_10_728x90_v1_na_img/fonts/ Frame 1C4B 21 KB
21 KB 41ms
39ms Font
font/woff2 2607:f8b0:4006:807::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17727687641421316096/hrb_ct_diy_filefreeonline_html_10_728x90_v1_na_img/fonts/Graphik-Semibold.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17727687641421316096/hrb_ct_diy_filefreeonline_html_10_728x90_v1_na_img/hrb_ct_diy_filefreeonline_html_10_728x90_v1_na_img.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

56275d6f348c93a8cbd4e39347d343252f39f7a9f2ef157d47d120ddb68059d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/17727687641421316096/hrb_ct_diy_filefreeonline_html_10_728x90_v1_na_img/hrb_ct_diy_filefreeonline_html_10_728x90_v1_na_img.html
Origin: https://s0.2mdn.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 04:25:39 GMT
x-content-type-options: nosniff
age: 123538
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21752
x-xss-protection: 0
last-modified: Fri, 21 Jan 2022 21:33:25 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 14 Apr 2023 04:25:39 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.6.0/ Frame 1C4B 87 KB
31 KB 71ms
20ms Script
text/javascript 2607:f8b0:4006:821::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17727687641421316096/hrb_ct_diy_filefreeonline_html_10_728x90_v1_na_img/hrb_ct_diy_filefreeonline_html_10_728x90_v1_na_img.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 08:35:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 108559
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31017
x-xss-protection: 0
last-modified: Wed, 10 Mar 2021 14:28:09 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 14 Apr 2023 08:35:18 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame B6B9 43 B
215 B 197ms
74ms Image
image/gif 52.41.89.5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=904480&asId=8db5d41d-9d34-efff-6d47-04c255b5f0d4&tv=%7Bc:9RHn0Y,pingTime:-2,time:108,type:a,im:%7Bsf:0,pom:1,prf:%7BmdA:210,mdZ:372,beA:389,beZ:390,mfA:392,cmA:394,inA:394,inZ:399,prA:399,prZ:408,si:416,poA:417,poZ:441,cmZ:441,mfZ:441,loA:462,loZ:465,ltA:497,ltZ:497%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:728.90,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:26%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:108,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:25,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B101~0%5D,as:%5B101~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:t35jZLm+11%7C12%7C13%7C14%7C15%7C16*.904480-59616668%7C161%7C162%7C163%7C171,idMap:16*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:0,renddet:DIV,sinceFw:80,readyFired:true%7D&br=c
Requested by: Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.41.89.5 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-41-89-5.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:38 GMT
x-server-name: dt14.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame AF98
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESELTsWaW268d42fOMTEPOYBM&google_cver=1

43 B
61 B

29ms
28ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESELTsWaW268d42fOMTEPOYBM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CICj_QEQvsn-ARj3rrq9ATAB&v=APEucNVEHDb33GjUm5Dht0eLwm1OQRTlwD3EHmFxZ2xesxLKIzkjClR97HlGQJegnMDXadgQjZ33cHMUgtoqkTYsm7A7TDxuew
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/18.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:37 GMT
via: 1.1 google
server: OXGW/18.0.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:37 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESELTsWaW268d42fOMTEPOYBM&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame AF98
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZWJjZWQyMGMtNDViZS0yM2E5LWNhNTAtM2JkM2VmMWIwNDMz

170 B
188 B

38ms
38ms

Image
image/png

142.250.65.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZWJjZWQyMGMtNDViZS0yM2E5LWNhNTAtM2JkM2VmMWIwNDMz

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CICj_QEQvsn-ARj3rrq9ATAB&v=APEucNVEHDb33GjUm5Dht0eLwm1OQRTlwD3EHmFxZ2xesxLKIzkjClR97HlGQJegnMDXadgQjZ33cHMUgtoqkTYsm7A7TDxuew

Protocol

Server

142.250.65.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s71-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:37 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 15 Apr 2022 14:44:37 GMT
content-encoding: gzip
server: OXGW/18.0.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ZWJjZWQyMGMtNDViZS0yM2E5LWNhNTAtM2JkM2VmMWIwNDMz
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
via: 1.1 google

GET
H2

200

um
sync.teads.tv/ Frame AF98
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEJhaOOKnifj-Bwxl2Na5lwc&google_cver=1

23 B
287 B

86ms
45ms

Image
image/gif

23.52.164.7
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEJhaOOKnifj-Bwxl2Na5lwc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CICj_QEQvsn-ARj3rrq9ATAB&v=APEucNVEHDb33GjUm5Dht0eLwm1OQRTlwD3EHmFxZ2xesxLKIzkjClR97HlGQJegnMDXadgQjZ33cHMUgtoqkTYsm7A7TDxuew
Protocol: H2
Server: 23.52.164.7 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-164-7.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.7 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:38 GMT
cache-control: max-age=0, no-cache, no-store
expires: Fri, 15 Apr 2022 14:44:38 GMT
server: akka-http/10.2.7
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:37 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.teads.tv/um?eid=3&uid=CAESEJhaOOKnifj-Bwxl2Na5lwc&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame AF98
Redirect Chain

https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=ODg2NTFjNDUtMjFkMC00ZGM5LTgwMDMtNTYyMzZmZmMzZmYy

170 B
188 B

40ms
39ms

Image
image/png

142.250.65.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=ODg2NTFjNDUtMjFkMC00ZGM5LTgwMDMtNTYyMzZmZmMzZmYy

Requested by

Protocol

Server

142.250.65.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s71-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:38 GMT
server: akka-http/10.2.7
content-type: text/html; charset=UTF-8
location: https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=ODg2NTFjNDUtMjFkMC00ZGM5LTgwMDMtNTYyMzZmZmMzZmYy
cache-control: max-age=0, no-cache, no-store
content-length: 189
expires: Fri, 15 Apr 2022 14:44:38 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame DB3B 41 KB
15 KB 21ms
20ms Script
text/javascript 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DsFhulTrJZxXpL9-r27H62Vc8q3IoTO3NYiYpDHMdKxiM5QQXpBtSeCIKgpRzXRu-nSpurkgi004MrWoiPQYcM-ZjcLyi-XaGQr3ZF6POM-kpHumwn1aOjCEZkWts5YaTQd8tiqWjfsXcavCarRz0VlG7yNw&dbm_d=AKAmf-CiWF3g_tC7JmhSzD5oWXi7JTIelWislQY9bDnvpZcbvqMlc2mfQgcbJ6thhezVTa3PmYSuWWpdav-bzYnlKI98_VbN8ZHg7xpj6XzUJsSiTz1UiHQnFSsj5k_21G3-vTJ23s5f3hMwy76BNe17FHgEMGBJlD43_epCy8NVhAgzfrUht867BiexB0v3dABQLfY7SsN_hjJPK_9Vsk0SwXtdbbcdvFOFqbkmHWRXC5Z87xBdbtA0eshQ8BRk1sdLSitkCrGiqRE_q4FHv4XzcnpHUUQXW4nwcj4flbwZlcOp9tf2wfrfl1eMSVHq90efpgO32lhOhrrgB58dnfiK9qWL43Ofq6zWb0D51LWMU7Mq5-MNxm91safjSEvp_T7FWkmSCuGgJXjgx5b5EIDCSQJ2ftrz4_19XkRIWwUiWm81Mg-qTRf4TT-MViJ4sKYIvkzqPkz32-2EbB0vUt-rxXIBoCrvdOYCF-jah4Et__ogJ4bXzce4ijEjbHqXzdjGHy0Fy3ak_Gba4jhucboP2e2o0IqtKHWSHOVqhYYw7I8GHCOlLgmS6fCIX9wkAQbZ-IfxhU-frgNhWuvUkF_zAlM2jkBYnmTmyKaLkPx7L-8JCpv1VMudt7QME9ay0iCw1W0oB5GiJxyUC4Pf7gW6SRV-dt6CFCloakT1hRUbffBT1fu5mxFK3OyEuyBhZ8T8DPFtDETj92KA2e8ugTh4O-tQfxZTxv1RGvDmRh-R3PyYXQ_IycxxV59fseCd9E8c-6hZ9V8MIJK59R_JMxlRHYITG0MDoJZZh1HanUeavM1P05KNVIOm95fWQqVIXREwQelEbcLyGwCqi1-f-ym9FXrpXvV49VwMwDflsL3QUr5k8y36bT_EDr4St8Eh0-IUevFOaBaPdWUA7qyJAuasFfMENWCWH46QoCTt6qvqtWNaP0uB_UGucxftePY3TXOhPD6DU6pdjPKzKRWKyskTM7ZcHcxjlN_m3c-EzIUmGpKSTCWIF8APgwMntlBOsd7qVZLTMTasyQET7kbvCs1nD1bfT-_ssB6N1Buf_obCo3CumRYcJYu6Fed0OzrGGvAgLHlS4zo4ltMHS9gExhTj-swUOgSkzi6Jd30epAPxBph0GMnftxv1FYLShehN5Rw1BcmN-2bZrNCEoAcnK4Rxrhguxh8KAgKQyPK8R0-EXnaqoULCmRBxXWCLffZemmVcsxqk3lZd7odypphRQZrtysz9jwQ8p7EiPsYPd9J8WPKYxGxeI5tU5a-nEvcYiWs8dG5JM-4rdUCf8HJoX0mx6OTbOaRoiMyqixqFuWcyofHkJEUjb_AFjtmc2ysjpgHgNfFJ-6_efJ4C3g0-u3XOL2Silbbk9idwwLS-Lx_2FJrAkSj3QIqCN4eOXCz80yp8v9Z_7DqdtvCX50j4bODqwDzM_LyIgrt8WyLTKsxEbC-kSRCX_TaMd3MGKYq7YFxk2IevbW92GubWKUF-GNpNqRC5fScKBapx1_L0DE_B6fZHLUi5noNKNC4kmUzMPaJkrXaQNZFTM7x9B4D7J_-bvdTwobpEjV-BYeUg2ktYCv9s6iHqtFijCECcezsoeVXb7wOmuMQkdiuYUl1yvU-7VowxB247UBL1Ipmify0Kl3edh0RDhz0iKGo0qCkm1tOjw-x_sx1UvvRv9bLts7OHOOGvdp7eI8hCX9VOZIyyqEIooB3yZzLGIUhEPovE8ffXD-gUusCLcFU9w5cS6vSYNqsZqzyncUf5nEcIt-64OM8I42spBufilPxDVAgwOMFvpI7NN_e4sRQA0Fu7AxD9AZ7lK7kB2XxRu24414cAFYzdtv40H4fIRNHQf0QJMraKfdY96o7vZ7nFHy8SlanY7zSEpPWoIk_VYvEVe9hvzOiBamMb3c7zd1tY1ru94gK1wBC1lpDQMBwAxbs4hXpTLyu5dtRYB0OJXKe9bgVqGGYPfAGlxGtpMyBAd_a4W3o3jFy2O5WB2xyRsgvn2twlHMaDn6uUky-zk4Ys4XIr0iu016cJIEwliEao7xcAzJ-r1Rr07Fm89dzWAt7q7GChhDPrM5qj-NZpwylX4cpZGtMeyLsAqom6Z68ROvMf0gtuSONc8W-trNs8fr6xBHxZdvntmd3Mw9qR1sb3llHcsxBjllJmuPjSjaWlvLDNUEcUgu1QIv57Q8c1hQ9wrVgbJe6zkw-pZypXaUkh6XYOpWePMN4UCWAyPzbIxF3SFw796U84el1CYAZZzuKU3yYwHG8H3veo98cdQm20rGSaP6UyqRHv6EhRX7n6fUNSawD8xVJ8ouc9qxD0IvADLw0cpIaCKJzvy-HXLicEhWTtqk7U7yWr0-OG57KpCmxjHi8MDmctR32sQbAsGJu7Q3kTkMlsq-AxKmT8XYxWoI3dHEaNJrZg_TAYjyEVJJcQDuKe9c2fI86UlRSMTPqZFZ0b9lVxQ8DYiz85O89KmOyvqyDWeDxV6F03srQz-FYoc_ckUhlJWVeBGeVZWrlLaFKSQLdeLbTye7P2mJekXXxdpRQ9WNX8Viuc-QPawxPaX_VYjbqSgcnMaxciVSoDvyJSyatC0JbtfhG9wB_1dX619PGLQveYRBTo6uLxUVpeaSVXurJI3j3hVIvI3fTbew8wi5Z808GYN_kYXI0DOO_6ch4COijOqzI&cid=CAASKORoXP1sFWyTlGOuoNepSCVtpERtLR0XHd_ucLbx1PdX-pPBSpxW_W0&rfl=1%2Chttps%253A%252F%252Fwww.tmonews.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 05:56:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 31693
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 05:56:24 GMT

GET
H2

200

adj Show response
bid.g.doubleclick.net/xbbe/creative/ Frame DB3B
Redirect Chain

https://fw.adsafeprotected.com/rfw/bgd/903356/59200475/xbbe/creative/adj?p=APEucNW0z-JBUge5xHz3GGIHmS0V-C9EKAyMiXagdocLreQHvktvMQ4&d=CnkAoCZ_4LgmSQKKt4NDVlvN2srOFBRP2URc4T9DPws5o7pP89z-dgt9nHAyh_HY...
https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNW0z-JBUge5xHz3GGIHmS0V-C9EKAyMiXagdocLreQHvktvMQ4&d=CnkAoCZ_4LgmSQKKt4NDVlvN2srOFBRP2URc4T9DPws5o7pP89z-dgt9nHAyh_HYEDIoGtwRTVH_NnZ4pY9U7prGt...

61 KB
21 KB

143ms
69ms

Script
text/javascript

172.253.62.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNW0z-JBUge5xHz3GGIHmS0V-C9EKAyMiXagdocLreQHvktvMQ4&d=CnkAoCZ_4LgmSQKKt4NDVlvN2srOFBRP2URc4T9DPws5o7pP89z-dgt9nHAyh_HYEDIoGtwRTVH_NnZ4pY9U7prGtjZTJoZZbCKNK-NFXEZVhWOYrKKIRvyEz7RvO21yF4G9FCiaOeWyC35hD_Bs23JtokGe2ud7j65NEpkSAKAmf-DSkFgblmk5Exh1gx_mRXyHeXMtX-1iFKFwlEOXtfHxsnSTohEALjOdXjB0b-xGs5-hzZ6nLbBSbHRu_FXz8EsR9rADfSDyrMtu4ibzJNhAQ7KWT7m71dOAer7NM4k-e95VEq-AumtGAIdkocTBz8jkFCXoJDbb1Cf8bbffJQG4jUx8G5ZzYluKlGkZkUYoFO5nAjnLu-P41TMrtLpyrh0gLhxvXXkLSsjOW1fOE-bPRkao5VUHHCN0_ztAP_uG4gI_t2JNR4vsG-9RPP-KMhcl50ew1mBr8jQ1tBn5hM2O7FJV-9X6pox-ThTvEi3W7AymxUqVn6JMP8C5Xrr5IbKMlOlatOl5Byq0gBe0RBLu4e4iTivAa9lfPESeuDrLTk4Sj2LkACsW2TDGzyZwpQkjTZf8Ye5uNgBiykj3mb4ps8B1OCj48mRIuCNo3sSws-mY5Q1zK9U2dhyI4782zbYBtmJQALafSkvUjCkz202mjmpL5rYkNqgRN84rlTRPMfu6rxsFB8WlCgf-VpTaAqjK43OlADDyvCZAuJIbRMe5-rSCJbo7DCnszhHAOb0pllvFDx63xha221kNq-9Pr0rcHHaQwwHq9QUR9CFEu3cNe-eL9LtxDiNjvADRfA5ct1UqO9GJBF0YYjWE0IRZiwTDgKUhzsNOXpMWy-KeXkzN5v3VFjPc0zNkcLSZkfYLLpCyBNpLHYOqHoeTZp-wJhpk3_d8NwEzgU3X6je-gkHClh6DJ0PQQ79JNrEas08reH2CA7tGejSwWI3hACCW7o2LOMdHK4vJZZcncpwA6nigaJ_SUQODU0O_CLpbnrk3B-c5vKI5dZpqTmRKYr4cmdvz1bwX_83aFJ8wEGEk4G45LwePtfte5ROKzl7yJewT06gl-lrHUAIBOQFr1eG1jsq2qkiTZXILEYI0fAb2EfMZiGpUjbKLS7rLjGz9j-V7t5Wn3kKLWSDaTkiQkOFioxEiAv0FzbR7Z7QKzZ0ynZtridCstJ_JfhkcmkMZaG-JDyczPDRX-jt0LHADJjAsJbkFtAvh8u7Y1LNBuLfP6MAnqEaSw7_EBPmcd_0mf9CFXBDZCVZ4g6muW6P2AO7d8ZSUp6aLHx0zj3aAjmbmQvXTAMEyWKrY_JIS4T5GWHvMkb9Ju5y0vE9z1vOi4bWeeRyYYo7ZPsF7UXLy5iMPgAR6ad1iJ5bWMUL7sNlR6seiHwKc8-6q2vOcybpwagKasbAErefmHUu327dJFWse9CanNEHrr5qem-S4ZSEQM-Xf2tYJeZLjUec4rvqi-E7DD3WY4z_paSM5Ha7OlzvAw34xMVHNT3VIedCnzsGyXFtawc0XmIcq4xu8Voa6kZwQAYphJw3DeKW_Kk0u-8nYrkmoOBRBDRRJjs5RquXwWplwGtusCC_WzNQ5oIkH9DtuaPMWe6o4pZ8NzjljBebSwwjc5UnTPlefKGD8iT8NR055JMEXI8lqyH0YRM17IOpgVuqPiSLEIdYm5nt97aJvnmjIAnbJzMT8vaDgHOoqzyDNf8qmpsSArq7cGZ2mfXZA8vJ9a1Qt6QY6pvooYCtzsgnWdzZRbq0dyRTY8XyAs76rZRQrPIB6ytlXpEPaWXzRlg5cbpwRUPjP0YzVU4ZjnJNhTvybSKIOEj9hINL1rZzKKiJEia3fZyHRbfPg9Vc0QbXXACHVFtAoCcjjglmH_G6j7n07FleYq6pfPBERH7JGEsRvuxJy5JjZm_xQro4L47WmkaSImiRUEJ3Rd8nJfVLLkPnE7rITTew0DDlMhVyxEnji0H-61awmMdOelon-oGo0PUfww_-7sdKgFl-XrYdftCMzNof3x4BiUW9-Ot2c91fOA6sI-GziOJWHnj26xbs-dhvlR1IgVzqsFnOOmwNFWVELR7tTDPh6pOQ1J0KZYNfjOXzwc-L7k0kRHDhDhjn-_45tbKAzCfP74vJxFq9dngAEy8gL7DXyseVnsuBCswMWdP7OplTQc-sFq31jiwbbA4Kqk4m3COMhMH4ct3WbqfqzJDxQQH3p9RFT7tYqQkvPWjxPpqI1MhFyyQK5b0SKnhzaX8iushowHNwZcLsd5bnaf1I5sNXv5rUbk8uEQHRkL_duiukfJOhtlpKq-lik_mYtc7O_pUsKbjdXUZYvcnCb3WADrWYG4g6x8On_r_TaE_slffwj6ghHHD5romh37lTUEg4BNNwD-Zi7jJstQ50fsnzmu1PBmPyQIwvPbtIw558ld4-bz41PNI9OaSoP8H4s7TyRJqyj52g7mGnfvu-qP0AtMFjtDAku6wnUJGRr2g248Yyn9pTNq6qDLzEjsxSSvEY57LGxke4XdISRn_Czv61vetskZGFFBZ3hd2xiZJFcRSLqRDL_m4sjuQv3HHXMezo3VgONDbLcKJ479r1-ksVlQbJwNzId8-pA-NOXnCvCOWm5TPYo7WLyBPCOwKaRVXXrEmofXhWVCRI8fM87dY38zE4c5zLtVMT0A4qNmvGkkeJNS4kgNKUo6wn9g7xn8u3dgJ0YcvurpzttthhVs38C99L4zeengvq2HD-Y9n6afk_yXU3YPuqUi1sC6yMYt8a7eRxeD5kC-QFgBtUrEFuKRjFxJkxvZ8SSyQBXcoAEnyGeLDhLMZpNdZxeuN5PNpLEhc7-YKGk51PvCSfDdAUNBY1ztuJv_6qBiFb2TF5gBWJyC3sqsyA-VKoxwE4SJupUh8QBTU_dKR80czNKwW7YrVWHdEXJ3MCs0P0za3hP9Jx-NrzupMuISEIeQp550n_ztRK3Go5vcpCKZLnDoBIIXejRALQqZbOwCxyEjc8wKKJxcjqKdhMznSUn82u3XJdzN5825R7iI67hNpZO1jrgaibZAZBOqieXdgBXSiNgafnqOb5POQMhIV3ULJnxsWGU_1wn2RBrmdEVoYVfdmidDaIMOvj0geq4YSDu4uwOYVGh-Q2LeaSEJN_hFotdCwHrgQEHKsYFntNpv7WJdcqPymbF85qXASaNzjz0cnxyipjwipzPvtwjeGan3_Ejf3hWAsxhXH5STbMoAbGrmDoVrdNgU48azT6fbGfO2N5jZ_ro2_E7In9aGVHjo7NpHxosCAASKORoXP1sFWyTlGOuoNepSCVtpERtLR0XHd_ucLbx1PdX-pPBSpxW_W1gAQ

Requested by

Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

172.253.62.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f154.1e100.net

Software

cafe /

Resource Hash

95f4375a13bf1971559112ab84c1e012ccffc1336b3a96c2f6d7a952442ec0c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:38 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21407
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:37 GMT
x-server-name: app07.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNW0z-JBUge5xHz3GGIHmS0V-C9EKAyMiXagdocLreQHvktvMQ4&d=CnkAoCZ_4LgmSQKKt4NDVlvN2srOFBRP2URc4T9DPws5o7pP89z-dgt9nHAyh_HYEDIoGtwRTVH_NnZ4pY9U7prGtjZTJoZZbCKNK-NFXEZVhWOYrKKIRvyEz7RvO21yF4G9FCiaOeWyC35hD_Bs23JtokGe2ud7j65NEpkSAKAmf-DSkFgblmk5Exh1gx_mRXyHeXMtX-1iFKFwlEOXtfHxsnSTohEALjOdXjB0b-xGs5-hzZ6nLbBSbHRu_FXz8EsR9rADfSDyrMtu4ibzJNhAQ7KWT7m71dOAer7NM4k-e95VEq-AumtGAIdkocTBz8jkFCXoJDbb1Cf8bbffJQG4jUx8G5ZzYluKlGkZkUYoFO5nAjnLu-P41TMrtLpyrh0gLhxvXXkLSsjOW1fOE-bPRkao5VUHHCN0_ztAP_uG4gI_t2JNR4vsG-9RPP-KMhcl50ew1mBr8jQ1tBn5hM2O7FJV-9X6pox-ThTvEi3W7AymxUqVn6JMP8C5Xrr5IbKMlOlatOl5Byq0gBe0RBLu4e4iTivAa9lfPESeuDrLTk4Sj2LkACsW2TDGzyZwpQkjTZf8Ye5uNgBiykj3mb4ps8B1OCj48mRIuCNo3sSws-mY5Q1zK9U2dhyI4782zbYBtmJQALafSkvUjCkz202mjmpL5rYkNqgRN84rlTRPMfu6rxsFB8WlCgf-VpTaAqjK43OlADDyvCZAuJIbRMe5-rSCJbo7DCnszhHAOb0pllvFDx63xha221kNq-9Pr0rcHHaQwwHq9QUR9CFEu3cNe-eL9LtxDiNjvADRfA5ct1UqO9GJBF0YYjWE0IRZiwTDgKUhzsNOXpMWy-KeXkzN5v3VFjPc0zNkcLSZkfYLLpCyBNpLHYOqHoeTZp-wJhpk3_d8NwEzgU3X6je-gkHClh6DJ0PQQ79JNrEas08reH2CA7tGejSwWI3hACCW7o2LOMdHK4vJZZcncpwA6nigaJ_SUQODU0O_CLpbnrk3B-c5vKI5dZpqTmRKYr4cmdvz1bwX_83aFJ8wEGEk4G45LwePtfte5ROKzl7yJewT06gl-lrHUAIBOQFr1eG1jsq2qkiTZXILEYI0fAb2EfMZiGpUjbKLS7rLjGz9j-V7t5Wn3kKLWSDaTkiQkOFioxEiAv0FzbR7Z7QKzZ0ynZtridCstJ_JfhkcmkMZaG-JDyczPDRX-jt0LHADJjAsJbkFtAvh8u7Y1LNBuLfP6MAnqEaSw7_EBPmcd_0mf9CFXBDZCVZ4g6muW6P2AO7d8ZSUp6aLHx0zj3aAjmbmQvXTAMEyWKrY_JIS4T5GWHvMkb9Ju5y0vE9z1vOi4bWeeRyYYo7ZPsF7UXLy5iMPgAR6ad1iJ5bWMUL7sNlR6seiHwKc8-6q2vOcybpwagKasbAErefmHUu327dJFWse9CanNEHrr5qem-S4ZSEQM-Xf2tYJeZLjUec4rvqi-E7DD3WY4z_paSM5Ha7OlzvAw34xMVHNT3VIedCnzsGyXFtawc0XmIcq4xu8Voa6kZwQAYphJw3DeKW_Kk0u-8nYrkmoOBRBDRRJjs5RquXwWplwGtusCC_WzNQ5oIkH9DtuaPMWe6o4pZ8NzjljBebSwwjc5UnTPlefKGD8iT8NR055JMEXI8lqyH0YRM17IOpgVuqPiSLEIdYm5nt97aJvnmjIAnbJzMT8vaDgHOoqzyDNf8qmpsSArq7cGZ2mfXZA8vJ9a1Qt6QY6pvooYCtzsgnWdzZRbq0dyRTY8XyAs76rZRQrPIB6ytlXpEPaWXzRlg5cbpwRUPjP0YzVU4ZjnJNhTvybSKIOEj9hINL1rZzKKiJEia3fZyHRbfPg9Vc0QbXXACHVFtAoCcjjglmH_G6j7n07FleYq6pfPBERH7JGEsRvuxJy5JjZm_xQro4L47WmkaSImiRUEJ3Rd8nJfVLLkPnE7rITTew0DDlMhVyxEnji0H-61awmMdOelon-oGo0PUfww_-7sdKgFl-XrYdftCMzNof3x4BiUW9-Ot2c91fOA6sI-GziOJWHnj26xbs-dhvlR1IgVzqsFnOOmwNFWVELR7tTDPh6pOQ1J0KZYNfjOXzwc-L7k0kRHDhDhjn-_45tbKAzCfP74vJxFq9dngAEy8gL7DXyseVnsuBCswMWdP7OplTQc-sFq31jiwbbA4Kqk4m3COMhMH4ct3WbqfqzJDxQQH3p9RFT7tYqQkvPWjxPpqI1MhFyyQK5b0SKnhzaX8iushowHNwZcLsd5bnaf1I5sNXv5rUbk8uEQHRkL_duiukfJOhtlpKq-lik_mYtc7O_pUsKbjdXUZYvcnCb3WADrWYG4g6x8On_r_TaE_slffwj6ghHHD5romh37lTUEg4BNNwD-Zi7jJstQ50fsnzmu1PBmPyQIwvPbtIw558ld4-bz41PNI9OaSoP8H4s7TyRJqyj52g7mGnfvu-qP0AtMFjtDAku6wnUJGRr2g248Yyn9pTNq6qDLzEjsxSSvEY57LGxke4XdISRn_Czv61vetskZGFFBZ3hd2xiZJFcRSLqRDL_m4sjuQv3HHXMezo3VgONDbLcKJ479r1-ksVlQbJwNzId8-pA-NOXnCvCOWm5TPYo7WLyBPCOwKaRVXXrEmofXhWVCRI8fM87dY38zE4c5zLtVMT0A4qNmvGkkeJNS4kgNKUo6wn9g7xn8u3dgJ0YcvurpzttthhVs38C99L4zeengvq2HD-Y9n6afk_yXU3YPuqUi1sC6yMYt8a7eRxeD5kC-QFgBtUrEFuKRjFxJkxvZ8SSyQBXcoAEnyGeLDhLMZpNdZxeuN5PNpLEhc7-YKGk51PvCSfDdAUNBY1ztuJv_6qBiFb2TF5gBWJyC3sqsyA-VKoxwE4SJupUh8QBTU_dKR80czNKwW7YrVWHdEXJ3MCs0P0za3hP9Jx-NrzupMuISEIeQp550n_ztRK3Go5vcpCKZLnDoBIIXejRALQqZbOwCxyEjc8wKKJxcjqKdhMznSUn82u3XJdzN5825R7iI67hNpZO1jrgaibZAZBOqieXdgBXSiNgafnqOb5POQMhIV3ULJnxsWGU_1wn2RBrmdEVoYVfdmidDaIMOvj0geq4YSDu4uwOYVGh-Q2LeaSEJN_hFotdCwHrgQEHKsYFntNpv7WJdcqPymbF85qXASaNzjz0cnxyipjwipzPvtwjeGan3_Ejf3hWAsxhXH5STbMoAbGrmDoVrdNgU48azT6fbGfO2N5jZ_ro2_E7In9aGVHjo7NpHxosCAASKORoXP1sFWyTlGOuoNepSCVtpERtLR0XHd_ucLbx1PdX-pPBSpxW_W1gAQ
cache-control: no-cache
content-length: 0
server: nginx

GET
H2 200 sca.17.5.12.js Show response
static.adsafeprotected.com/ Frame 274B 80 KB
21 KB 23ms
23ms Script
application/javascript 2600:9000:21dd:9400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.5.12.js
Requested by: Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21dd:9400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Sat, 27 Nov 2021 03:16:10 GMT
content-encoding: gzip
age: 12050908
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 19 Aug 2021 16:31:24 GMT
server: AmazonS3
etag: W/"9304f57298c3834ff107ea7ccb547996"
vary: Accept-Encoding
x-amz-version-id: 9YodSBhG3Q8HTUbQ_WDUpcPK09tSZ5ja
via: 1.1 0a84c1b70b100e694edd23e638bf7fa8.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: EWR53-C2
content-type: application/javascript
x-amz-cf-id: 5e7ZVZ7zmFu2nO_KDL5_tUjB2rOT9FZOHx5p__BPXo06ZImhZSinCw==

GET
H2 200 dt
dt.adsafeprotected.com/ Frame DB3B 43 B
215 B 99ms
75ms Image
image/gif 52.41.89.5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=903356&asId=84f9e117-e172-a8cd-a2e8-b32f8642bfbf&tv=%7Bc:9RHn2z,pingTime:-3,time:75,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:600,t:28%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:75,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:27,wc:0.0.1600.1200,ac:NaN.NaN.300.600,am:i,cc:NaN.NaN.300.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B66~0%5D,as:%5B66~300.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:t35jZNu+11%7C12%7C13%7C14%7C15%7C161%7C1621%7C163%7C164%7C17*.903356-59200475%7C171,idMap:17*,rmeas:1,rend:0,renddet:IMG.us%7D&br=c
Requested by: Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.41.89.5 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-41-89-5.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:38 GMT
x-server-name: dt15.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame DB3B 43 B
215 B 94ms
73ms Image
image/gif 52.41.89.5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=903356&asId=84f9e117-e172-a8cd-a2e8-b32f8642bfbf&tv=%7Bc:9RHn2B,pingTime:-6,time:77,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:77,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:27,wc:0.0.1600.1200,ac:NaN.NaN.300.600,am:i,cc:NaN.NaN.300.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B68~0%5D,as:%5B68~300.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:t35jZNu+11%7C12%7C13%7C14%7C15%7C161%7C1621%7C163%7C164%7C17*.903356-59200475%7C171,idMap:17*,rmeas:1,rend:0,renddet:IMG.us%7D&tpiLookup=ao:www.tmonews.com*&br=c
Requested by: Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.41.89.5 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-41-89-5.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:38 GMT
x-server-name: dt12.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame DB3B 43 B
215 B 148ms
141ms Image
image/gif 52.41.89.5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=903356&asId=84f9e117-e172-a8cd-a2e8-b32f8642bfbf&tv=%7Bc:9RHn2Q,pingTime:-2,time:92,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:199,beZ:201,mfA:203,cmA:205,inA:205,inZ:210,prA:210,prZ:219,si:228,poA:229,poZ:253,cmZ:253,mfZ:253,loA:275,loZ:278,ltA:290,ltZ:290%7D%7D,sca:%7Bdfp:%7Bdf:0%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:600,t:28%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:92,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:27,wc:0.0.1600.1200,ac:NaN.NaN.300.600,am:i,cc:NaN.NaN.300.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B83~0%5D,as:%5B83~300.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:t35jZLm+11%7C12%7C13%7C14%7C15%7C16.904480-59616668%7C161%7C1621%7C163%7C164%7C17*.903356-59200475%7C171,idMap:17*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:0,renddet:IMG.us,sinceFw:61,readyFired:false%7D&br=c
Requested by: Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.41.89.5 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-41-89-5.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:38 GMT
x-server-name: dt13.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 5D58 22 KB
8 KB 22ms
20ms Document
text/html 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 31694
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 15 Apr 2022 05:56:24 GMT
expires: Sat, 15 Apr 2023 05:56:24 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 21CL_HRB_3C_AF44241_RFR.jpg
s0.2mdn.net/sadbundle/17727687641421316096/hrb_ct_diy_filefreeonline_html_10_728x90_v1_na_img/ Frame 1C4B 58 KB
58 KB 22ms
21ms Image
image/jpeg 2607:f8b0:4006:807::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17727687641421316096/hrb_ct_diy_filefreeonline_html_10_728x90_v1_na_img/21CL_HRB_3C_AF44241_RFR.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17727687641421316096/hrb_ct_diy_filefreeonline_html_10_728x90_v1_na_img/hrb_ct_diy_filefreeonline_html_10_728x90_v1_na_img.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3a368dc54294b94b6a16f9ac2c5fad6eea42a6dfc7f0dd9879f75302e0f79365

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17727687641421316096/hrb_ct_diy_filefreeonline_html_10_728x90_v1_na_img/hrb_ct_diy_filefreeonline_html_10_728x90_v1_na_img.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 11:00:53 GMT
x-content-type-options: nosniff
age: 99825
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 59320
x-xss-protection: 0
last-modified: Fri, 21 Jan 2022 21:33:25 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 14 Apr 2023 11:00:53 GMT

GET
DATA 200
OK truncated
/ Frame 1C4B 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 85dce6f3ea3e30168330db951dc0ef20ec01e265b861b5119edf54c95dde133f

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame B6B9 0
26 B 71ms
42ms Ping
image/gif 142.250.81.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvRXA2D_G_A451Gbwq6BJ0BEImTJZIstqcqJekhRwYBwFys2757m9-uWYlEUxUPd2BBLntebyEkO4ZQ2qEJjQZ8FwWF3FpmjWpmk6qZ7_dSEURCzFDu4u0erQHnQWByCE7R6pA0GMTPaK5tpxv9YZfu7rtBSBOnjA6YOAodiLNe1_bgnaPWnHQ6b4RQB9ByODwrZKjYDP1WQZfTnKRQDq4h4VplYOF-ldWWnkDnsg2mpOwpwWa2qi6n17XIWWFu_OTFjsP-Dr67c9pRAe7lxkTAphYvYN6b4T-c3mNs0t_KL4EBZPfZDlfpVvrFRBPrYfIF8gefYCmDS95ITc1Q6M0PUjU3CEfExhbZrlEfuy5UfENgvyGueKwYfKo2PbO__9k3FCYml20HU64z5nMr-NJLgSIAxobnlliApRfIog4wPdq1O2Q1FLsj7p_67zs_6l0zKCdVwu5XvgMcMTM8asqCee1q9AQvERjGRpjwBSz0rGTd_LGuuLuykiqcqchVvngTgsl2fKqBkVQKOAaP_gWHvhwRzlQfsIkZ_gx27Rinztv_LlXkWZ6MxkZlAuHQctJjaoKdXD66y-OtaOdVBAkmps-NOByK31TLy5RRRoIhD01dxPGRoFFwcseaVDF4l5jGxS-ISiovPfOVU9RhK8Jj7Yb5apg43xEA6GicQfwmA34q7wBj4Ma1fCrEzw_Q5b847F9MucrTt9i6SVJLSwJFKgoeG1ebqPoP7a79dgveLhK3tw1RAEmev5Qyu_QRrOKocXyxKWMwHwQtNUeSKsE3It4joC-P94gcUseT0Mp4dkL1eXMZrBkPpGHCVsHwLXqNIfWFpP_jkBEx9F3eRNkybjuvRQDRtOAQDyCl75WQVp4QSnEEywI5FB79lQYk1roUzG4G_wKgij-5ZJcO42OY6Nz8etjnAvpcEMrrTfer31YpxRAZvpeSiS-AsPrirr1ZLlbeQzfk2MxNPyZgGrg3-o8GRIIOZzYiOFuR7xWlRi4F9A1AmhD9dRvdpy-DMLhbdNDXtFYp410ScF7GhYtF0FYKHZlp3_SgY4kwQmFxUGpDl62wDznOf3n2r9raKNogP-Ch096EHvCtFL88ialJ6Pby6K72trWV-dCGck0l457UdRFqZFd3OquIQ_lWUtdsnIYpzPoQDDCX1-5bVK0mt2E&sai=AMfl-YQX_4GEqz5VLbN8_yaJNdcUXNsGb5hdEJ1rhgKH9Mc9nm4gMsnX9NK8jmnmMZFkcrK17lq2X8f0_8GsQuQ0JhWVjBYAKtHufq5bX4kJ45qcEvB6JAuLYUXGmHiZNHjV0bbaqCTJPQcM3Jm90wzezHzZDpc01waiqPwG0_q0158EIRHRiih36a_2_h2G9kdNe_zPhDPrt56_yn-ucpp0jvs0obMGU9w&sig=Cg0ArKJSzA_gN-jkTM4bEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=466&vt=11&dtpt=331&dett=3&cstd=131&cisv=r20220413.73148&vwbs=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.81.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s74-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 15 Apr 2022 14:44:38 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 k-Lxrj_3cR5KhrMTVpzAVOH1CgwXrUvkekFpn42ZeoQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 5D58 35 KB
13 KB 21ms
21ms Script
text/javascript 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/k-Lxrj_3cR5KhrMTVpzAVOH1CgwXrUvkekFpn42ZeoQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

93e2f1ae3ff7711e4a86b313569cc054e1f50a0c17ad4be47a41699f8d997a84

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 02:57:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 42452
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13613
x-xss-protection: 0
last-modified: Mon, 11 Apr 2022 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 15 Apr 2023 02:57:06 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4E2A 0
20 B 84ms
84ms Image
image/gif 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BdFMN1YRZYt7GH9Lq_gSDoqHYBQAAAAA4AeAEAg&bg=!qaqlqu7NAAZvJBiFTyQ7ACkAdvg8Wqsco3tqmS-w-UxMoOQNvBN8CheE489PGIqGcE-J4vnmyPWOJAIAAADeUgAAAAFoAQeZAt988d0-ONTY2JvJele7Wt5N_51MewajkjYP2V2JkKLPW4OwJuS41gGXP6KjzYoL2SrOj6ZxbWn3Hlh1mTUhD5lR-_djBFYeIcRVoVQXdkkhEJtpSBs472FAKsDuXTI2CaXLkrfE3-C1nsD2nP6BWoKJOS0F9LS-77ur5AYQWG9oUJKD58swlpbvtyxM5t2Kl6KNEydvl413bixSZnjPNo_Ynu6Uu4C5lEYfbeKNMLpglUNPMILXV8jRinFkXWehTQ4Ft_ZemPhrxkzGqOeM_pVQi_JSWeP6EFMnBSXwZsf6WRU3_dMdmwloVscyUOfJLF8u6fgeW_JNgdeQuAUOhCLiT0cLh3YkgFOFFRVuXpiw4EWCMkVWkO4LxLfRopECbo_o8B0Rsf9ZY9w4DjR7GQWKMUshDvQI54ffPyQxg1fwz2fmBi6POinZ3zKVpt-rH_be8dd15Hx79UjLAlgCKdMDuo42S0Rx_-soqZuZcl4E2qEa-nVWXw0LL1ae5xxJH0eOzMto3mR1riAUbvwF8yGaH0TUUfuva9LdEIJXSdW_Wzm3-Xv5OW-3dO8y3SYDAalsTB8s8YN0OdTsY1gzr-4C9Ec5IT9rf8PRfIM7fwJlRJCEa04yDqIazv56Y7oDh-MUEvn3waEoUGIFaIQfoWZr826EAtNLBeNtyAPAxdQ6PeI25n1Y-UrHmUdsFKLby4KWwZSEs5FHbPHwI-0Ouc0_Maw6SVfp2Q6bKtcbazYSlCLFI_knq95DR7uMxLVuhuLzdP-zoCC8ybVm1Jq92NF8JBydr4Nx5gTbzPPWxTmZx2-vbUewApnfE5hSruX_AiIbpIsbI8K5N0HqYMScciKvWzzqoHCy3AcQQEmzoMb681DFfHdUTMAt5zzca0HAqD_Y2XqNqZqXwznJw1PXbBYv2ZkaxxYldfaMb7QKEzkq3Ppf0c5-zFCBlQFCEwyv_RVP6Lp9Wba-zqXscgY2XnY

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 container.html Show response
6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 0BF6 6 KB
3 KB 21ms
20ms Document
text/html 2607:f8b0:4006:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js?cb=31067132

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tmonews.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 15 Apr 2022 14:44:36 GMT
expires: Sat, 15 Apr 2023 14:44:36 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 amp4ads-host-v0.js Show response
cdn.ampproject.org/rtv/012203150226000/ 23 KB
8 KB 140ms
68ms Script
text/javascript 2607:f8b0:4006:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012203150226000/amp4ads-host-v0.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js?cb=31067132

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9479b3e3bef0f6427206cadb155b1f1e0197e6d87356db3a4dee7732273b2b80

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.tmonews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 568577
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8029
x-xss-protection: 0
server: sffe
date: Sat, 09 Apr 2022 00:48:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "e862474745e2e7b9"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sun, 09 Apr 2023 00:48:21 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame B6B9 43 B
215 B 73ms
72ms Image
image/gif 52.41.89.5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=904480&asId=8db5d41d-9d34-efff-6d47-04c255b5f0d4&tv=%7Bc:9RHn4T,time:351,type:e,im:%7Bimprf:%7Bttecl:407,ecd:130,tsecr:70%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:351,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:25,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B344~0%5D,as:%5B344~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:211,fm:t35jZLm+11%7C12%7C13%7C14%7C15%7C16*.904480-59616668%7C161%7C162%7C163%7C17.903356-59200475%7C171,idMap:16*,rmeas:1,rend:0,renddet:DIV%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.41.89.5 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-41-89-5.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:38 GMT
x-server-name: dt02.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame DB3B 169 KB
59 KB 48ms
20ms Script
text/javascript 2607:f8b0:4006:807::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
Origin: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 02:57:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42454
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60173
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:51 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 16 Apr 2022 02:57:04 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220413/r20110914/elements/html/ Frame DB3B 8 KB
3 KB 21ms
20ms Script
text/javascript 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220413/r20110914/elements/html/omrhp.js

Requested by

Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rfw/bgd/903356/59200475/xbbe/creative/adj?p=APEucNW0z-JBUge5xHz3GGIHmS0V-C9EKAyMiXagdocLreQHvktvMQ4&d=CnkAoCZ_4LgmSQKKt4NDVlvN2srOFBRP2URc4T9DPws5o7pP89z-dgt9nHAyh_HYEDIoGtwRTVH_NnZ4pY9U7prGtjZTJoZZbCKNK-NFXEZVhWOYrKKIRvyEz7RvO21yF4G9FCiaOeWyC35hD_Bs23JtokGe2ud7j65NEpkSAKAmf-DSkFgblmk5Exh1gx_mRXyHeXMtX-1iFKFwlEOXtfHxsnSTohEALjOdXjB0b-xGs5-hzZ6nLbBSbHRu_FXz8EsR9rADfSDyrMtu4ibzJNhAQ7KWT7m71dOAer7NM4k-e95VEq-AumtGAIdkocTBz8jkFCXoJDbb1Cf8bbffJQG4jUx8G5ZzYluKlGkZkUYoFO5nAjnLu-P41TMrtLpyrh0gLhxvXXkLSsjOW1fOE-bPRkao5VUHHCN0_ztAP_uG4gI_t2JNR4vsG-9RPP-KMhcl50ew1mBr8jQ1tBn5hM2O7FJV-9X6pox-ThTvEi3W7AymxUqVn6JMP8C5Xrr5IbKMlOlatOl5Byq0gBe0RBLu4e4iTivAa9lfPESeuDrLTk4Sj2LkACsW2TDGzyZwpQkjTZf8Ye5uNgBiykj3mb4ps8B1OCj48mRIuCNo3sSws-mY5Q1zK9U2dhyI4782zbYBtmJQALafSkvUjCkz202mjmpL5rYkNqgRN84rlTRPMfu6rxsFB8WlCgf-VpTaAqjK43OlADDyvCZAuJIbRMe5-rSCJbo7DCnszhHAOb0pllvFDx63xha221kNq-9Pr0rcHHaQwwHq9QUR9CFEu3cNe-eL9LtxDiNjvADRfA5ct1UqO9GJBF0YYjWE0IRZiwTDgKUhzsNOXpMWy-KeXkzN5v3VFjPc0zNkcLSZkfYLLpCyBNpLHYOqHoeTZp-wJhpk3_d8NwEzgU3X6je-gkHClh6DJ0PQQ79JNrEas08reH2CA7tGejSwWI3hACCW7o2LOMdHK4vJZZcncpwA6nigaJ_SUQODU0O_CLpbnrk3B-c5vKI5dZpqTmRKYr4cmdvz1bwX_83aFJ8wEGEk4G45LwePtfte5ROKzl7yJewT06gl-lrHUAIBOQFr1eG1jsq2qkiTZXILEYI0fAb2EfMZiGpUjbKLS7rLjGz9j-V7t5Wn3kKLWSDaTkiQkOFioxEiAv0FzbR7Z7QKzZ0ynZtridCstJ_JfhkcmkMZaG-JDyczPDRX-jt0LHADJjAsJbkFtAvh8u7Y1LNBuLfP6MAnqEaSw7_EBPmcd_0mf9CFXBDZCVZ4g6muW6P2AO7d8ZSUp6aLHx0zj3aAjmbmQvXTAMEyWKrY_JIS4T5GWHvMkb9Ju5y0vE9z1vOi4bWeeRyYYo7ZPsF7UXLy5iMPgAR6ad1iJ5bWMUL7sNlR6seiHwKc8-6q2vOcybpwagKasbAErefmHUu327dJFWse9CanNEHrr5qem-S4ZSEQM-Xf2tYJeZLjUec4rvqi-E7DD3WY4z_paSM5Ha7OlzvAw34xMVHNT3VIedCnzsGyXFtawc0XmIcq4xu8Voa6kZwQAYphJw3DeKW_Kk0u-8nYrkmoOBRBDRRJjs5RquXwWplwGtusCC_WzNQ5oIkH9DtuaPMWe6o4pZ8NzjljBebSwwjc5UnTPlefKGD8iT8NR055JMEXI8lqyH0YRM17IOpgVuqPiSLEIdYm5nt97aJvnmjIAnbJzMT8vaDgHOoqzyDNf8qmpsSArq7cGZ2mfXZA8vJ9a1Qt6QY6pvooYCtzsgnWdzZRbq0dyRTY8XyAs76rZRQrPIB6ytlXpEPaWXzRlg5cbpwRUPjP0YzVU4ZjnJNhTvybSKIOEj9hINL1rZzKKiJEia3fZyHRbfPg9Vc0QbXXACHVFtAoCcjjglmH_G6j7n07FleYq6pfPBERH7JGEsRvuxJy5JjZm_xQro4L47WmkaSImiRUEJ3Rd8nJfVLLkPnE7rITTew0DDlMhVyxEnji0H-61awmMdOelon-oGo0PUfww_-7sdKgFl-XrYdftCMzNof3x4BiUW9-Ot2c91fOA6sI-GziOJWHnj26xbs-dhvlR1IgVzqsFnOOmwNFWVELR7tTDPh6pOQ1J0KZYNfjOXzwc-L7k0kRHDhDhjn-_45tbKAzCfP74vJxFq9dngAEy8gL7DXyseVnsuBCswMWdP7OplTQc-sFq31jiwbbA4Kqk4m3COMhMH4ct3WbqfqzJDxQQH3p9RFT7tYqQkvPWjxPpqI1MhFyyQK5b0SKnhzaX8iushowHNwZcLsd5bnaf1I5sNXv5rUbk8uEQHRkL_duiukfJOhtlpKq-lik_mYtc7O_pUsKbjdXUZYvcnCb3WADrWYG4g6x8On_r_TaE_slffwj6ghHHD5romh37lTUEg4BNNwD-Zi7jJstQ50fsnzmu1PBmPyQIwvPbtIw558ld4-bz41PNI9OaSoP8H4s7TyRJqyj52g7mGnfvu-qP0AtMFjtDAku6wnUJGRr2g248Yyn9pTNq6qDLzEjsxSSvEY57LGxke4XdISRn_Czv61vetskZGFFBZ3hd2xiZJFcRSLqRDL_m4sjuQv3HHXMezo3VgONDbLcKJ479r1-ksVlQbJwNzId8-pA-NOXnCvCOWm5TPYo7WLyBPCOwKaRVXXrEmofXhWVCRI8fM87dY38zE4c5zLtVMT0A4qNmvGkkeJNS4kgNKUo6wn9g7xn8u3dgJ0YcvurpzttthhVs38C99L4zeengvq2HD-Y9n6afk_yXU3YPuqUi1sC6yMYt8a7eRxeD5kC-QFgBtUrEFuKRjFxJkxvZ8SSyQBXcoAEnyGeLDhLMZpNdZxeuN5PNpLEhc7-YKGk51PvCSfDdAUNBY1ztuJv_6qBiFb2TF5gBWJyC3sqsyA-VKoxwE4SJupUh8QBTU_dKR80czNKwW7YrVWHdEXJ3MCs0P0za3hP9Jx-NrzupMuISEIeQp550n_ztRK3Go5vcpCKZLnDoBIIXejRALQqZbOwCxyEjc8wKKJxcjqKdhMznSUn82u3XJdzN5825R7iI67hNpZO1jrgaibZAZBOqieXdgBXSiNgafnqOb5POQMhIV3ULJnxsWGU_1wn2RBrmdEVoYVfdmidDaIMOvj0geq4YSDu4uwOYVGh-Q2LeaSEJN_hFotdCwHrgQEHKsYFntNpv7WJdcqPymbF85qXASaNzjz0cnxyipjwipzPvtwjeGan3_Ejf3hWAsxhXH5STbMoAbGrmDoVrdNgU48azT6fbGfO2N5jZ_ro2_E7In9aGVHjo7NpHxosCAASKORoXP1sFWyTlGOuoNepSCVtpERtLR0XHd_ucLbx1PdX-pPBSpxW_W1gAQ&adsafe_url=https%3A%2F%2Fwww.tmonews.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:84f9e117-e172-a8cd-a2e8-b32f8642bfbf,c:9RHn1O,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-764c94599f-fq5b2,rg:va,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.300.600,am:i,cc:NaN.NaN.300.600,piv:0,obst:0,th:0,reas:r,br:c,abv:na,an:n,oam:0,scm:publ1,nbld:0,mtim:4,fm:t35jZNu+11%7C12%7C13%7C14%7C15%7C161%7C1621%7C163%7C164%7C17*.903356-59200475%7C171,idMap:17*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:29,oid:9306934b-bcca-11ec-9949-ea5b69822f17,v:19.8.299,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:41:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 29 Apr 2022 14:41:18 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220413/r20110914/ Frame DB3B 25 KB
10 KB 21ms
21ms Script
text/javascript 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220413/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e66bfceb15a6ee125dff79826be02a07b766843e6c660edf55ec0c22d1a407c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:39:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 318
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9777
x-xss-protection: 0
server: cafe
etag: 12512753850102923420
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 29 Apr 2022 14:39:20 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012203150226000/ Frame 0BF6 222 KB
62 KB 24ms
20ms Script
text/javascript 2607:f8b0:4006:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012203150226000/amp4ads-v0.mjs

Requested by

Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b94ed570e00f5bba0eaed65da67bf6f2fc5e107446a682eb045f20dbd12ab0e8

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 568580
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62084
x-xss-protection: 0
server: sffe
date: Sat, 09 Apr 2022 00:48:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "fa1474a6dd6481f4"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sun, 09 Apr 2023 00:48:18 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012203150226000/v0/ Frame 0BF6 16 KB
6 KB 59ms
57ms Script
text/javascript 2607:f8b0:4006:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012203150226000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aec5ee5147fdc283bcb601dc6231c234d9bec077d32756aef2a75eeedf78038f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 568579
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5728
x-xss-protection: 0
server: sffe
date: Sat, 09 Apr 2022 00:48:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "d91e62368f79b48d"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sun, 09 Apr 2023 00:48:19 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012203150226000/v0/ Frame 0BF6 96 KB
29 KB 60ms
57ms Script
text/javascript 2607:f8b0:4006:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012203150226000/v0/amp-analytics-0.1.mjs

Requested by

Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

213738a8de7a1e55874dcbc92825c84599256579b64f60f19c2514e61844e6bb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 568579
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29618
x-xss-protection: 0
server: sffe
date: Sat, 09 Apr 2022 00:48:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "9a9baa9802fa29d2"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sun, 09 Apr 2023 00:48:19 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012203150226000/v0/ Frame 0BF6 5 KB
2 KB 71ms
68ms Script
text/javascript 2607:f8b0:4006:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012203150226000/v0/amp-fit-text-0.1.mjs

Requested by

Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2eb2a641ec9143273f4f5ba4f1526364fd4b1a040b628b4be54b77dbe362690f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 568579
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1900
x-xss-protection: 0
server: sffe
date: Sat, 09 Apr 2022 00:48:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "3393210d007db9ca"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sun, 09 Apr 2023 00:48:19 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012203150226000/v0/ Frame 0BF6 42 KB
13 KB 72ms
69ms Script
text/javascript 2607:f8b0:4006:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012203150226000/v0/amp-form-0.1.mjs

Requested by

Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0b43999f77e447254a78e068f55a6cc9075071b252277337b901e095e607e474

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 568579
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13669
x-xss-protection: 0
server: sffe
date: Sat, 09 Apr 2022 00:48:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "565eca32a909292d"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sun, 09 Apr 2023 00:48:19 GMT

GET
H3 200 6743731445385897924
tpc.googlesyndication.com/simgad/ Frame 0BF6 30 KB
30 KB 25ms
23ms Image
image/png 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/6743731445385897924?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qmWKg7vUM1pLDdFAgFuuYy41xVURg

Requested by

Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4aedfe852f3e66d42f112b122916b409291b1eb5b2cc10515c4c1a1eeab18751

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 08 Apr 2022 18:12:00 GMT
x-content-type-options: nosniff
age: 592358
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30604
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 18:15:26 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 08 Apr 2023 18:12:00 GMT

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 0BF6 2 KB
2 KB 23ms
22ms Image
image/png 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 08:32:25 GMT
x-content-type-options: nosniff
server: cafe
age: 22333
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 14819457070020093239
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Sat, 16 Apr 2022 08:32:25 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 0BF6 295 B
319 B 21ms
20ms Image
image/png 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 11:15:13 GMT
x-content-type-options: nosniff
server: cafe
age: 12565
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 426692510519060060
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Sat, 16 Apr 2022 11:15:13 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 0BF6 0
0 38ms
37ms Image
text/html 2607:f8b0:4006:816::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQlDQEtLkYDjJ3wJjG9Ht-J9TQ_KH4fxfPRrvwk-hXLaQUYx1We9vIf9DQ9xOlcr4nadgc3FRnS0oa59IxiE7huoJ4s3g
Requested by: Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:816::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 0BF6 0
0 48ms
47ms Image
text/html 142.250.80.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CfoL21YRZYvfBKIaDjvQPlbOpwAS-y-yXYPPJ3-DlDtuV9f0IEAEg7bvrLmDJ7o6LwKSMEKAB2Nzs1gPIAQLgAgCoAwHIAwiqBOQBT9BBhSlymc_LJ5Ryprs-gsUpKH01CI5Pxg67Yom6NUNMdGBlALWFWyODvDMQ5uMdF1v_-ZfNqzkyDxOgpiBAOa-VjVml1sMk0eq83_g5fnORjTOd-PBv6qgANMt-2raBc4C74Gd-vPzYWKsBFc0nZwrtz2lgAzDGeBMsUWQNgTm_wP4QKXzF2qN_f2di-M6NOupaF6RuDZboV4aS7WRtMdQpzujunk-LXISJo48N3Z5AgB95luh10si-S9_dTvvFJ8SVgD4Gfyk1X_4ITDnJM5fqJ-19AB3b7uaP0NrbqaQGn3p8wAS39uyVsQPgBAGSBQQIBBgBkgUECAUYBKAGAoAH26i1KagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcEEJ2AMNIIBwiIYRABGB2ACgPICwHYEw3QFQGYFgGAFwGyFx4KHAgAEhRwdWItNjc5NjkyNzE2MjM5MzczNxjN8hw&sigh=C1_qP1a4Jbw&uach_m=[UACH]
Requested by: Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.80.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga34s34-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame 0BF6 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 93134a11e41c2af39ccb5e414f854deebe239f48471de407baa6779dedb9fd9f

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame DB3B 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c4bed352d6913e02240906e22a9fbd0976fd9d9fbed2bf187a1145be17620dfb

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/11665302330420713410/ Frame 2238 1 KB
585 B 35ms
35ms Document
text/html 2607:f8b0:4006:807::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/11665302330420713410/index.html?e=69&leftOffset=0&topOffset=0&c=XdPyXESuOd&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf71649a94fef9bcb6afe446c063998a992d26d9e5d783a636c56415741ee876

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 557
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 15 Apr 2022 14:44:38 GMT
expires: Sat, 15 Apr 2023 14:44:38 GMT
last-modified: Wed, 13 Apr 2022 19:30:41 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame DB3B 0
26 B 41ms
41ms Ping
image/gif 142.250.81.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuKITx5tw8-GFtQorub5hfRuaav49xLBpie_su1B_iDuevxIK2qYgrileGf8p1ZYc3iRE940fABOo0U6egrtyL7P3__hhW5vNW5Y91wN_GGuUR1xradGe-JxSOmUOtvsvs&sai=AMfl-YSF-Dp_fR07HZP7KgpMXkyfn1R1OheMnlJkaAkW7XxmA1WTA3qTK3-2sdiX60xZzFm3XoZvaDAYSU1YIsfLsFUvPZMqhr4JOsXlh-HQAxCKzzjFJ8q1X4vKKMzj25wB&sig=Cg0ArKJSzIJgnWQe55aHEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=182&cbvp=1&cstd=174&cisv=r20220413.80321&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.81.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s74-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 15 Apr 2022 14:44:38 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 74416
stags.bluekai.com/site/ Frame DB3B 62 B
389 B 93ms
93ms Image
image/gif 23.3.124.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://stags.bluekai.com/site/74416?phint=event%3Dimp&phint=cid%3D26987211&phint=dcmsite%3D5176513&phint=placement%3D323146242&phint=crid%3D164471858&phint=adversion%3D522309347
Requested by: Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.3.124.133 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-3-124-133.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:38 GMT
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
cache-control: max-age=0, no-cache, no-store
content-type: image/gif
content-length: 62
bk-server: 41e
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame B6B9 43 B
215 B 73ms
72ms Image
image/gif 52.41.89.5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=904480&asId=8db5d41d-9d34-efff-6d47-04c255b5f0d4&tv=%7Bc:9RHn9p,pingTime:-10,time:631,type:s,mvn:ZnNjPTEyLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNS4xMnYxMjAwfHwxNjAwfHwxfHwxfHwyNHx8MTIwMHx8MHx8MHx8MXx8bGFuZHNjYXBlLXByaW1hcnl8fDI0fHw0LzN8fDQvM3x8MHx8MTYwMA--,no:MTcuNS4xMnZNb3ppbGxhfHxOZXRzY2FwZXx8bnx8bnx8MHx8bnx8TGludXggeDg2XzY0fHxHZWNrb3x8MjAwMzAxMDd8fDB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMDAuMC40ODk2Ljc1IFNhZmFyaS81MzcuMzZ8fDF8fDF8fEdvb2dsZSBJbmMufHxu,ch:n,fsc:17.5.12v220002022000220000022002220000022220200000222200022220002022022022222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222202220022202200022002220222202,asp:1650033878394%7C%7C3eba8096db1678ce84d3de24cb890972%7C%7Ceb4f03ab9dc867f6a5bdb2294b85db99%7C%7C72bdb0dc20f816f519d99a42b0fa4266%7C%7C19f0a1aa155d5d3262b2a80abecbe52b%7C%7C13fad5db421e7b2ec58dde57d08748d9%7C%7C81d3076bbfb2ae68972eb98648a2f311%7C%7C3b5c57606c70d3d64b36c715e3292fc8%7C%7C1629390669%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.41.89.5 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-41-89-5.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:38 GMT
x-server-name: dt10.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 0BF6
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

39ms
38ms

Image
text/html

2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Server: 2607:f8b0:4006:821::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Redirect headers

date: Fri, 15 Apr 2022 14:44:38 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 container.html Show response
6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame BC0E 6 KB
3 KB 21ms
21ms Document
text/html 2607:f8b0:4006:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js?cb=31067132

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tmonews.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 15 Apr 2022 14:44:36 GMT
expires: Sat, 15 Apr 2023 14:44:36 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 main.css
s0.2mdn.net/sadbundle/11665302330420713410/ Frame 2238 5 KB
2 KB 22ms
21ms Stylesheet
text/css 2607:f8b0:4006:807::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/11665302330420713410/main.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11665302330420713410/index.html?e=69&leftOffset=0&topOffset=0&c=XdPyXESuOd&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b7d68cb00b5b7f040f9582688f92c8fa2c16b46c1c167182bf7cf9ed40231d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11665302330420713410/index.html?e=69&leftOffset=0&topOffset=0&c=XdPyXESuOd&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 22:27:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 145048
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2359
x-xss-protection: 0
last-modified: Wed, 13 Apr 2022 19:30:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 13 Apr 2023 22:27:10 GMT

GET
H3 200 Enabler_01_248.js Show response
s0.2mdn.net/879366/ Frame 2238 118 KB
40 KB 23ms
22ms Script
text/javascript 2607:f8b0:4006:807::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_248.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11665302330420713410/index.html?e=69&leftOffset=0&topOffset=0&c=XdPyXESuOd&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4701dc5781a4f2bcdddd33cfe6b025b2e532b562faae5f3756973975556b4a38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11665302330420713410/index.html?e=69&leftOffset=0&topOffset=0&c=XdPyXESuOd&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 10:06:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16664
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41094
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:45:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 16 Apr 2022 10:06:54 GMT

GET
H3 200 gsap_3.2.4_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 2238 57 KB
23 KB 35ms
35ms Script
text/javascript 2607:f8b0:4006:807::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.2.4_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11665302330420713410/index.html?e=69&leftOffset=0&topOffset=0&c=XdPyXESuOd&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8403779d45a9590b43c0ecf984ebe11e75fd2982630d658390a6001a6768770

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11665302330420713410/index.html?e=69&leftOffset=0&topOffset=0&c=XdPyXESuOd&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:44:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23276
x-xss-protection: 0
last-modified: Thu, 05 Mar 2020 03:53:22 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 15 Apr 2022 14:44:38 GMT

GET
H3 200 main.js Show response
s0.2mdn.net/sadbundle/11665302330420713410/ Frame 2238 21 KB
6 KB 26ms
26ms Script
application/x-javascript 2607:f8b0:4006:807::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/11665302330420713410/main.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11665302330420713410/index.html?e=69&leftOffset=0&topOffset=0&c=XdPyXESuOd&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9edd0be2f0db70ffa8c2b27277fdfdc053105afb9005d3b7be48de3fea298694

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11665302330420713410/index.html?e=69&leftOffset=0&topOffset=0&c=XdPyXESuOd&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 22:27:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 145048
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5780
x-xss-protection: 0
last-modified: Wed, 13 Apr 2022 19:30:41 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 13 Apr 2023 22:27:10 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame BF31 482 B
274 B 39ms
39ms Document
text/html 2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMPv6gEQ-tTwARi58J3DATAB&v=APEucNVqe_P3StxWrs9nOPxQOOVk3kiT48Iik2E8JWdGQLLOmWnwNzzNjjmIlpue4mxj0Uo3mxTnUJIEA03scTCbpiPrva5B0A

Requested by

Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7599e0a5ce1ba2a12f036e998e19e60b6e982178e4363d4630ab3a91ca73bf62

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 253
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 15 Apr 2022 14:44:38 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame BC0E 78 KB
33 KB 78ms
78ms Script
text/javascript 2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CLQR3ppQ9JVFwQPWTF9FjCwuAadTj4IGdXCxs13f4WLkLN7mDRnJm-48gqdVTxJedtQnWN2CVFBTPrLD_xVlqlma-fEIkXmsomgBKAqnWT4ku96UjsodibS1uBbutEm_R56bXrVxb0AVspVM6I-97sxNrihw&dbm_d=AKAmf-AHnEmQV-CkrVJNMtBc8ga9P_CHanZIjY7M-Wz5ID1VZUh-KBhPT2gWq5dij_mctqqSyWGPVm1chWA0H_KhwcwjZOv9exrgi80v-RdQCONobvZJwjEzwuO8PxxNWmu0n7HHC28zy6m14fuFeSmRy2jfUisjhA2iRme1RENpjbwSOeLPCHHfqljMwKggj6uxvOgAFRH-yJQ0ggy0EwBx4I3JYiSJFxKqdzXQM0YnaXp8WCA7QaRhjegrc7bvKVlrh13x0nSs7v40eH2bafIopj_odiVnbmQBPjaHTAEPvLkEUMxQ5cqGIrXTkAIyWpmRnEORcrLcxi0dDa-IZu0FV-DmyXVhbwGgk26nLKDyRP7T48d2pNBjpXalCUxPDcvH71dtcc-dkSmzd1qMApHeKtZrHdsM79mmc5HuOnTYxkkJLKld6CBhOwk2FekNb9eBo0p0ZRcUk_RShTucis49h7k0xuZe0-Xyo5OIhYDzMPYnplFxN1d3fgg--lpHUZiYCOMz6z29DstbOqJQ4ei45WrvQY_Ax6MYE5zKvLLcofuRNsKxr30OAMHDWhNJSB5FhDPJyUV6IGibaNOfH1IsoN4ZVRKL97O3J5k2AUG67k7NEk3w5JA---xTndz-Uj32sIiT2496IKKahbR_LCNfptHJdPEOUY4qjxrp9gxxDaLOPeIq8bBVEM-DlAUxR8QX5Q0GS85JJ7nA8bxQRdf1epM47nFOHv451mfvMuqxM3V5sNeuQAdqIo4K_zu4Lbvn2oXM7VSFREiUX1ZlDP5GwEKZ34Vs9ZDbqULONu0Mm3_Elk09S-UkMWUcD9eXWchCEDCrOHYhA_I_OonnS0vmxtLI41KxSNEuRi3oMSFsoav2TxFFj7toZYAR0E-3IjwU3bt5g-vsaIiAB5e7hME0a_gUutfl9mnP52xjnvxe4az5f7APpm5IOBtgT3aHTK7pB1ZLXlSc8GOalrasZFlpKsUhTSDOPWGGwq9B5qKMZsBjD4SUxDmMG6sSl6XQVpIrIpg3MnFH0CTsgz6DGg7L3bx1CJMZZCm79jA_yTAPEVaGqjUk_We60Lh9CJX9LpwongsdlrH6PNeBl12yQHX-WO_t6vepin82fVh8rmFJd0WLYgorQpkhwSfq5viZCcQubf1rkGlSQQblsfo6883aMJp-YUjqTbum_PRg4ub-BSml2UCYnAfoKvquHxk-SOOr4wIpNP1v0tXj911Q-aOdkYhpazvftpMqZ89J3uyKkMDM2vKFZw4yFJibwibaVLOWiB8Cg_zUfdvgeFhORh6f9kTn5IWCaFsKOoX_UKra5ey5nr-cviL08tKfndvmWdctjlcSOwrdh2X0IZPzfgFsYOCOPlZoWoSLMpVFApsnPDrkJAg0H2MtNmus9KMSi-JvOgPF33iQyYbcOnjTusKA3JuONZCRMrhWmPXZfGo8ItEQB5enXF8f2gAyB7_42370CMgDAD2NU47WEhxPlyepe4BcN6sR12l_AuoPDTwq82GM_e7l_LIeFsB-HfV33tPkfQbKTtM6whP4NJwaJmb2QLmkxLktFl2EbD1lPzqK0HgPrG6wi-enEia0GspDXyQtXrstCWIpI8Hvwl4lRiuX0daVWA3b-YEE_z_KnjPosQVj2fcCJtKSBn1arztcdfIIn0Jc4DwQs0xSJWWGL9WvNPAanZZvIR5F9WOq9hu7m0UHHxL2oGzJMoj3RPVGzBMLqRDktZ2Pen9BPLaZZSyXj_o9AlakTbo9X6djzVWJuIEXGY_H0EKuJxk4OdL209hG2RDh14sD8_vryl7x_EijjvOCrjs8A1keNIEydE7jm7QZ3OLRgZeLOFUjVXJiaVESZZP_Jpgj9AjF6S2wjLGV3BeL65oD12fp5LSBUrE8GtsK_iwHyDmSCed7Zp-riGmkSxrRm5Jv5O4x1FbBSHhIZ_xmYWcOT5SpOLUzGg_gFMTeJu_Dabnrq4q38cMwXbqBdIEgS4e7o55KDTUvnqmVkTuN5zHpRmpk-WYN1kfv6g1dmunsCRIjXi1tY4z-JaNLvxjPSp1CBNowaB9y6cMQhuPTPMtD_4rmoxcMzXG9yC7Xx2jCfZ75UGRDpoR_fm3TyynxBne5ka5WDVITpp6CJCMio5BKHHuMZXJVJ77Z8DcZmFk5LXXupmbvo6iHF7e7yjKF36Q4ib74UbxH0nmhG03hP6-cNHfhuFuZHXf47PfJFMbUO6Rup8vezfr4Mh7B58cgULtS3AlxVm1rgd6aXmIzeiDoa8vX2TohsC9ZseHd7LGZL6HVvXtqRjLXxH2DEzapPk9u0UI8ZH6zvmKpOso-MnxTxlBFt92SaI853oANNt3JSkhjWLR9_gJX9Tw31b1MtQujHOK7_JJxWWvv-s-53rFJ8M851neffUq713ZMzBUQd669-rVr14nlUhARHAAULyIXCLVL8AWdZpuMIdCKVuSTOvj3mnUeLNHo1fshyMaCYqZS_2NilmkXGdx7o8p0AIbGQACfO5mPljoZXBjtIfNRm326xCtRnr64yJChtfOm06Ai-IfP_f_RIJ2EqmqP7R2VUs1CgdQqd8FAkPiAdc5IsEVEcNJdxgF7TKYQ91noO11vaGmRW0iZoFrN4tNAQ9KyeYd2CBMg-NFIOEe_JJzSa4koT-vcv9W4x4QqKmQUEP50hKb13HGQHBNCV3Noj0d8ZaQnFbNy8Sq4TPMjGQb2GQBFcQN4UhGH70MTDvMwrQuj8I0yU8tDQs8Y6WpOi6mtikpp955mM9bnX-XYfut6iuyt5UeUfk6xOfp1UYYFG90sqewKrNqBiQGceKSLGS7rrS4lmfZSRSfzPIY6p1gjAfkqFqopLbNj0-wcTS5IDHZ7cRP3Bcv_eZGbeBEMal52PSgT3MetDrEvnthAVICDPkldmIiUT_i9ay93m4FChI0_5z5JkgPVduc7NJkFGyNikWVfg7LPYsB7kpFhTcrJZvjQfGUv6VuqYVGGGragkPuivLOU9nr6XUcgXwxmgDbaMjZt-zOk2ZHkuVghHfqMit8AffDGpXbVZhn8UkHvs04mS62wiL34ZcrJyJrzIrSII2avq4T1BvI9xGhj3vsPR6E68rICrIPwhQOL06wDKibvyP47lg2dk_Q3h8k6AyKJLo-nRMnICLEbhytwTbvXNbR-0srtR8FPZnWYbPVAsxUJV75WW6diN9JiuX5qPYPT&cid=CAASJ-RoRm8kzM8AXBWcRzhyCuJAYEFNDtVoWGXBILLly3Sx9kIG7CVDPQ&rfl=1%2Chttps%253A%252F%252Fwww.tmonews.com%252F%240

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a9bc4e5242b40d8b915bce507e936124973ec1e2d14db57171a6e349827ff29a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:38 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33363
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame BC0E 42 B
63 B 80ms
79ms Image
image/gif 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Aur7KPDA0G6UkE9Qly3dqO_nHMroDY-N8-vx5X1wGlGiOSZKO4CbjuynDvzPbkBGtJiAbQpLZy2gLJQV3jSYtOtOhI5zlLWj5yNFy8vI7ZU0TJknw

Requested by

Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame BC0E 3 KB
1 KB 21ms
20ms Script
text/javascript 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/window_focus_fy2019.js

Requested by

Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:43:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 91
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 29 Apr 2022 14:43:07 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame BC0E 119 KB
36 KB 46ms
45ms Script
text/javascript 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

708369fe8dc1fd8fce92d3a7078852bb50ba4ba1a1884b1358c3bf03e1670d50

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:44:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36909
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1649897599747219"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 15 Apr 2022 14:44:38 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame BC0E 15 KB
6 KB 21ms
21ms Script
text/javascript 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4a29964e922a0ddad04e2feb2b4496f1019838b0cd9754da5bc95f6e20a14e98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:39:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 306
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6409
x-xss-protection: 0
server: cafe
etag: 15284592792851369840
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 29 Apr 2022 14:39:32 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame BC0E 0
0 38ms
37ms Image
text/html 2607:f8b0:4006:816::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaR2AdKHx_m10x9nyJYnK1DMKIFC8Y-lPid0j85ft5mz1b08rlOBQ0X-FxwLrd8Fs_Q7oRZSfpjui10hnUKdTIv_x1vxgA
Requested by: Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:816::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame DB3B 0
26 B 42ms
41ms Ping
image/gif 142.250.81.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuKITx5tw8-GFtQorub5hfRuaav49xLBpie_su1B_iDuevxIK2qYgrileGf8p1ZYc3iRE940fABOo0U6egrtyL7P3__hhW5vNW5Y91wN_GGuUR1xradGe-JxSOmUOtvsvs&sai=AMfl-YSF-Dp_fR07HZP7KgpMXkyfn1R1OheMnlJkaAkW7XxmA1WTA3qTK3-2sdiX60xZzFm3XoZvaDAYSU1YIsfLsFUvPZMqhr4JOsXlh-HQAxCKzzjFJ8q1X4vKKMzj25wB&sig=Cg0ArKJSzIJgnWQe55aHEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=410&vt=11&dtpt=228&dett=3&cstd=174&cisv=r20220413.80321&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.81.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s74-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 15 Apr 2022 14:44:38 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5D58 0
20 B 84ms
83ms Image
image/gif 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BcHdD1YRZYrWzMcaLxAO58aH4DQAAAAA4AeAEAg&bg=!5-Sl5KDNAAZvJBiFTyQ7ACkAdvg8Wll9hZUfvaJbKw1RiIZM17K6PW87Q8H35g2A-vGl0Cz2-AlmkAIAAAGOUgAAAAJoAQcKABkvxXG71_DhnlUaLFEJuxjUg4D2508tYUR3mQL3dLtQXn8gA95SJrLTijYQ783W1zo_MPKdMfHeqFCKJScVJs1JZQVcjdfimU3tczBzqwNVEK9KvPHi4JujJpL3Mje5V-1QsYIRXnrUm1OCPUzxaq_Xahq4UboUF4p5jPmRS9nGCf8eg_fjOVe_IR9N4kbspfcT2XYo1AaX3geaDtuDBLfyqGsyVVNll5gAmK-ttbKTCpVEYsHRtuzpo1kR16XsJxjIjzEpTrObsiZG2kCzaG4w93mqA3gR4rG5j71NwB3SrftguQQRD9kBi3l5d1vvfodNMwfbVelSNHTCeIoue4hEtCKICIRqtvFk07jD7cF-O-hEX1px7JYstrJnw8O3JSRbocY6Q_7YswgPnsIWxRii32ojYi1BwODUxI6Aq71DVaCsD6BfgjS6wJmkgjKaWa6-boauPnr__jGbYMWkd2kDJe0sgUbQZpRDEj17bFG9TQpveZH_KZYF2ErMbDUzo51Y6oRMDzNH8t1z4_rZU2rG17y4osD8rTKIzWffkLgvL4ATcYCowfd0MJ__VSRls43zxfgOEfPqtaVCa3JDOWc8EJMFABIApYCw6RtmOiUbhqIpNlCBx4Uo4vLSBhyvenp8aVklf_TKF5n_8frpOEGPAVzecJiu1YfUl6Mmu1jk-kBhvMPYehF-gRSVygZ_mQej1Wl59oHZQGhgIv28STSxn8rjJfJVuX5vZrDr-wavmkYlN8WpO-3RuCL2zKHJq_eJ4TLOalySPCN0p_rGJhOJ3jEAQhl0hggLssK7rAD0V3sABBTbFJfVhXz9rWBOVBkIUEzxfghvZhj94a4BaNYfAFjkbHY2afj7fzm3q5I8-xrSuHWJUl2TBWlctxeW-76XYwd3uUF7wd8MF4tMIfVSU4zi1qpKvX9KvclAfXm2zewWq5SV-vHezHiB7kUJnGt36pzrKvb43_NPk69K8xtcfotnaDArjBBnfoRbTFmJ8YR_sDSEAiVlJAANlzYzpbQ_IegGQ-WZIKaNg3EiH7Nayv7-

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET

sync
partners.tremorhub.com/ Frame BF31
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=tremor_video_dbm&google_cm&google_dbm
https://partners.tremorhub.com/sync?UIGL=CAESEOPCRFiPRF-x5ip24zgOsfM&google_cver=1

0
0

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame BF31
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEBYvTr4NFSXr7j1vbUGqNCw&google_cver=1
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEBYvTr4NFSXr7j1vbUGqNCw&google_cver=1&__user_check__=1&sync_id=93a7784b-bcca-11ec-bab1-11b5c0880403

43 B
549 B

39ms
37ms

Image
image/gif

192.35.249.127
SPOTX-IAD

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEBYvTr4NFSXr7j1vbUGqNCw&google_cver=1&__user_check__=1&sync_id=93a7784b-bcca-11ec-bab1-11b5c0880403
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMPv6gEQ-tTwARi58J3DATAB&v=APEucNVqe_P3StxWrs9nOPxQOOVk3kiT48Iik2E8JWdGQLLOmWnwNzzNjjmIlpue4mxj0Uo3mxTnUJIEA03scTCbpiPrva5B0A
Protocol: HTTP/1.1
Server: 192.35.249.127 Ashburn, United States, ASN11742 (SPOTX-IAD, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:38 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 394
Connection: keep-alive
Content-Length: 43

Redirect headers

Date: Fri, 15 Apr 2022 14:44:38 GMT
Server: nginx
Location: /partner?adv_id=7025&uid=CAESEBYvTr4NFSXr7j1vbUGqNCw&google_cver=1&__user_check__=1&sync_id=93a7784b-bcca-11ec-bab1-11b5c0880403
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 379
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BF31
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_i...
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=OTNhNzcwMTItYmNjYS0xMWVjLTg5NWMtMTc3YWNjZGQwNDAz

170 B
188 B

37ms
36ms

Image
image/png

142.250.65.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=OTNhNzcwMTItYmNjYS0xMWVjLTg5NWMtMTc3YWNjZGQwNDAz

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMPv6gEQ-tTwARi58J3DATAB&v=APEucNVqe_P3StxWrs9nOPxQOOVk3kiT48Iik2E8JWdGQLLOmWnwNzzNjjmIlpue4mxj0Uo3mxTnUJIEA03scTCbpiPrva5B0A

Protocol

Server

142.250.65.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s71-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 15 Apr 2022 14:44:38 GMT
Server: nginx
Location: https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=OTNhNzcwMTItYmNjYS0xMWVjLTg5NWMtMTc3YWNjZGQwNDAz
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 178
Connection: keep-alive
Content-Length: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 2238 7 KB
5 KB 40ms
40ms XHR
application/json 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_248&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_248.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f5aa215c945a77bc27d34aa198bb2bf65746e4180f2fc044e462b65bd7d09d95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 15 Apr 2022 14:44:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5554
x-xss-protection: 0

GET
H3 200 all-bg-1.jpg
s0.2mdn.net/sadbundle/11665302330420713410/ Frame 2238 40 KB
40 KB 23ms
22ms Image
image/jpeg 2607:f8b0:4006:807::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11665302330420713410/all-bg-1.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ef47d5f799b22e1714dfb0084cce280f89ce6b85ef50880df228efd6796e236e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11665302330420713410/index.html?e=69&leftOffset=0&topOffset=0&c=XdPyXESuOd&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 22:27:10 GMT
x-content-type-options: nosniff
age: 145048
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41130
x-xss-protection: 0
last-modified: Wed, 13 Apr 2022 19:30:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 13 Apr 2023 22:27:10 GMT

GET
H3 200 all.png
s0.2mdn.net/sadbundle/11665302330420713410/ Frame 2238 39 KB
39 KB 26ms
26ms Image
image/png 2607:f8b0:4006:807::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11665302330420713410/all.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bca8589c9fe459f1609945e093b7999662d4ff9b681d1394c5816ea2ebd38088

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11665302330420713410/index.html?e=69&leftOffset=0&topOffset=0&c=XdPyXESuOd&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 22:27:10 GMT
x-content-type-options: nosniff
age: 145048
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40340
x-xss-protection: 0
last-modified: Wed, 13 Apr 2022 19:30:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 13 Apr 2023 22:27:10 GMT

GET
H3 200 cta.png
s0.2mdn.net/sadbundle/11665302330420713410/ Frame 2238 3 KB
3 KB 21ms
21ms Image
image/png 2607:f8b0:4006:807::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11665302330420713410/cta.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

418fbc553b3878d6b878b8f15fbde1889d0df7bc74f1530cbe8ae598703802ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11665302330420713410/index.html?e=69&leftOffset=0&topOffset=0&c=XdPyXESuOd&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 22:27:10 GMT
x-content-type-options: nosniff
age: 145048
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2781
x-xss-protection: 0
last-modified: Wed, 13 Apr 2022 19:30:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 13 Apr 2023 22:27:10 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame DB3B 43 B
215 B 74ms
73ms Image
image/gif 52.41.89.5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=903356&asId=84f9e117-e172-a8cd-a2e8-b32f8642bfbf&tv=%7Bc:9RHndb,time:733,type:e,im:%7Bpci:%7Btdr:542%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:733,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:27,wc:0.0.1600.1200,ac:NaN.NaN.300.600,am:i,cc:NaN.NaN.300.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B724~0%5D,as:%5B724~300.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:177,fm:t35jZLm+11%7C12%7C13%7C14%7C15%7C16.904480-59616668%7C161%7C1621%7C163%7C164%7C17*.903356-59200475%7C171,idMap:17*,rmeas:1,rend:1,renddet:DIV.qs.sn%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.41.89.5 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-41-89-5.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:38 GMT
x-server-name: dt08.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame BC0E 169 KB
59 KB 20ms
20ms Script
text/javascript 2607:f8b0:4006:807::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
Origin: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 02:57:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42454
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60173
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:51 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 16 Apr 2022 02:57:04 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220413/r20110914/elements/html/ Frame BC0E 8 KB
3 KB 21ms
20ms Script
text/javascript 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220413/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CLQR3ppQ9JVFwQPWTF9FjCwuAadTj4IGdXCxs13f4WLkLN7mDRnJm-48gqdVTxJedtQnWN2CVFBTPrLD_xVlqlma-fEIkXmsomgBKAqnWT4ku96UjsodibS1uBbutEm_R56bXrVxb0AVspVM6I-97sxNrihw&dbm_d=AKAmf-AHnEmQV-CkrVJNMtBc8ga9P_CHanZIjY7M-Wz5ID1VZUh-KBhPT2gWq5dij_mctqqSyWGPVm1chWA0H_KhwcwjZOv9exrgi80v-RdQCONobvZJwjEzwuO8PxxNWmu0n7HHC28zy6m14fuFeSmRy2jfUisjhA2iRme1RENpjbwSOeLPCHHfqljMwKggj6uxvOgAFRH-yJQ0ggy0EwBx4I3JYiSJFxKqdzXQM0YnaXp8WCA7QaRhjegrc7bvKVlrh13x0nSs7v40eH2bafIopj_odiVnbmQBPjaHTAEPvLkEUMxQ5cqGIrXTkAIyWpmRnEORcrLcxi0dDa-IZu0FV-DmyXVhbwGgk26nLKDyRP7T48d2pNBjpXalCUxPDcvH71dtcc-dkSmzd1qMApHeKtZrHdsM79mmc5HuOnTYxkkJLKld6CBhOwk2FekNb9eBo0p0ZRcUk_RShTucis49h7k0xuZe0-Xyo5OIhYDzMPYnplFxN1d3fgg--lpHUZiYCOMz6z29DstbOqJQ4ei45WrvQY_Ax6MYE5zKvLLcofuRNsKxr30OAMHDWhNJSB5FhDPJyUV6IGibaNOfH1IsoN4ZVRKL97O3J5k2AUG67k7NEk3w5JA---xTndz-Uj32sIiT2496IKKahbR_LCNfptHJdPEOUY4qjxrp9gxxDaLOPeIq8bBVEM-DlAUxR8QX5Q0GS85JJ7nA8bxQRdf1epM47nFOHv451mfvMuqxM3V5sNeuQAdqIo4K_zu4Lbvn2oXM7VSFREiUX1ZlDP5GwEKZ34Vs9ZDbqULONu0Mm3_Elk09S-UkMWUcD9eXWchCEDCrOHYhA_I_OonnS0vmxtLI41KxSNEuRi3oMSFsoav2TxFFj7toZYAR0E-3IjwU3bt5g-vsaIiAB5e7hME0a_gUutfl9mnP52xjnvxe4az5f7APpm5IOBtgT3aHTK7pB1ZLXlSc8GOalrasZFlpKsUhTSDOPWGGwq9B5qKMZsBjD4SUxDmMG6sSl6XQVpIrIpg3MnFH0CTsgz6DGg7L3bx1CJMZZCm79jA_yTAPEVaGqjUk_We60Lh9CJX9LpwongsdlrH6PNeBl12yQHX-WO_t6vepin82fVh8rmFJd0WLYgorQpkhwSfq5viZCcQubf1rkGlSQQblsfo6883aMJp-YUjqTbum_PRg4ub-BSml2UCYnAfoKvquHxk-SOOr4wIpNP1v0tXj911Q-aOdkYhpazvftpMqZ89J3uyKkMDM2vKFZw4yFJibwibaVLOWiB8Cg_zUfdvgeFhORh6f9kTn5IWCaFsKOoX_UKra5ey5nr-cviL08tKfndvmWdctjlcSOwrdh2X0IZPzfgFsYOCOPlZoWoSLMpVFApsnPDrkJAg0H2MtNmus9KMSi-JvOgPF33iQyYbcOnjTusKA3JuONZCRMrhWmPXZfGo8ItEQB5enXF8f2gAyB7_42370CMgDAD2NU47WEhxPlyepe4BcN6sR12l_AuoPDTwq82GM_e7l_LIeFsB-HfV33tPkfQbKTtM6whP4NJwaJmb2QLmkxLktFl2EbD1lPzqK0HgPrG6wi-enEia0GspDXyQtXrstCWIpI8Hvwl4lRiuX0daVWA3b-YEE_z_KnjPosQVj2fcCJtKSBn1arztcdfIIn0Jc4DwQs0xSJWWGL9WvNPAanZZvIR5F9WOq9hu7m0UHHxL2oGzJMoj3RPVGzBMLqRDktZ2Pen9BPLaZZSyXj_o9AlakTbo9X6djzVWJuIEXGY_H0EKuJxk4OdL209hG2RDh14sD8_vryl7x_EijjvOCrjs8A1keNIEydE7jm7QZ3OLRgZeLOFUjVXJiaVESZZP_Jpgj9AjF6S2wjLGV3BeL65oD12fp5LSBUrE8GtsK_iwHyDmSCed7Zp-riGmkSxrRm5Jv5O4x1FbBSHhIZ_xmYWcOT5SpOLUzGg_gFMTeJu_Dabnrq4q38cMwXbqBdIEgS4e7o55KDTUvnqmVkTuN5zHpRmpk-WYN1kfv6g1dmunsCRIjXi1tY4z-JaNLvxjPSp1CBNowaB9y6cMQhuPTPMtD_4rmoxcMzXG9yC7Xx2jCfZ75UGRDpoR_fm3TyynxBne5ka5WDVITpp6CJCMio5BKHHuMZXJVJ77Z8DcZmFk5LXXupmbvo6iHF7e7yjKF36Q4ib74UbxH0nmhG03hP6-cNHfhuFuZHXf47PfJFMbUO6Rup8vezfr4Mh7B58cgULtS3AlxVm1rgd6aXmIzeiDoa8vX2TohsC9ZseHd7LGZL6HVvXtqRjLXxH2DEzapPk9u0UI8ZH6zvmKpOso-MnxTxlBFt92SaI853oANNt3JSkhjWLR9_gJX9Tw31b1MtQujHOK7_JJxWWvv-s-53rFJ8M851neffUq713ZMzBUQd669-rVr14nlUhARHAAULyIXCLVL8AWdZpuMIdCKVuSTOvj3mnUeLNHo1fshyMaCYqZS_2NilmkXGdx7o8p0AIbGQACfO5mPljoZXBjtIfNRm326xCtRnr64yJChtfOm06Ai-IfP_f_RIJ2EqmqP7R2VUs1CgdQqd8FAkPiAdc5IsEVEcNJdxgF7TKYQ91noO11vaGmRW0iZoFrN4tNAQ9KyeYd2CBMg-NFIOEe_JJzSa4koT-vcv9W4x4QqKmQUEP50hKb13HGQHBNCV3Noj0d8ZaQnFbNy8Sq4TPMjGQb2GQBFcQN4UhGH70MTDvMwrQuj8I0yU8tDQs8Y6WpOi6mtikpp955mM9bnX-XYfut6iuyt5UeUfk6xOfp1UYYFG90sqewKrNqBiQGceKSLGS7rrS4lmfZSRSfzPIY6p1gjAfkqFqopLbNj0-wcTS5IDHZ7cRP3Bcv_eZGbeBEMal52PSgT3MetDrEvnthAVICDPkldmIiUT_i9ay93m4FChI0_5z5JkgPVduc7NJkFGyNikWVfg7LPYsB7kpFhTcrJZvjQfGUv6VuqYVGGGragkPuivLOU9nr6XUcgXwxmgDbaMjZt-zOk2ZHkuVghHfqMit8AffDGpXbVZhn8UkHvs04mS62wiL34ZcrJyJrzIrSII2avq4T1BvI9xGhj3vsPR6E68rICrIPwhQOL06wDKibvyP47lg2dk_Q3h8k6AyKJLo-nRMnICLEbhytwTbvXNbR-0srtR8FPZnWYbPVAsxUJV75WW6diN9JiuX5qPYPT&cid=CAASJ-RoRm8kzM8AXBWcRzhyCuJAYEFNDtVoWGXBILLly3Sx9kIG7CVDPQ&rfl=1%2Chttps%253A%252F%252Fwww.tmonews.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:41:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 200
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 29 Apr 2022 14:41:18 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220413/r20110914/ Frame BC0E 25 KB
10 KB 21ms
20ms Script
text/javascript 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220413/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e66bfceb15a6ee125dff79826be02a07b766843e6c660edf55ec0c22d1a407c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:39:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 318
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9777
x-xss-protection: 0
server: cafe
etag: 12512753850102923420
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 29 Apr 2022 14:39:20 GMT

GET
H3 200 all-bg-1.jpg
s0.2mdn.net/sadbundle/11665302330420713410/ Frame 2238 40 KB
40 KB 20ms
20ms Image
image/jpeg 2607:f8b0:4006:807::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11665302330420713410/all-bg-1.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ef47d5f799b22e1714dfb0084cce280f89ce6b85ef50880df228efd6796e236e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11665302330420713410/index.html?e=69&leftOffset=0&topOffset=0&c=XdPyXESuOd&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 22:27:10 GMT
x-content-type-options: nosniff
age: 145048
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41130
x-xss-protection: 0
last-modified: Wed, 13 Apr 2022 19:30:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 13 Apr 2023 22:27:10 GMT

GET
H3 200 all.png
s0.2mdn.net/sadbundle/11665302330420713410/ Frame 2238 39 KB
39 KB 24ms
24ms Image
image/png 2607:f8b0:4006:807::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11665302330420713410/all.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bca8589c9fe459f1609945e093b7999662d4ff9b681d1394c5816ea2ebd38088

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11665302330420713410/index.html?e=69&leftOffset=0&topOffset=0&c=XdPyXESuOd&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 22:27:10 GMT
x-content-type-options: nosniff
age: 145048
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40340
x-xss-protection: 0
last-modified: Wed, 13 Apr 2022 19:30:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 13 Apr 2023 22:27:10 GMT

GET
H3 200 cta.png
s0.2mdn.net/sadbundle/11665302330420713410/ Frame 2238 3 KB
3 KB 27ms
26ms Image
image/png 2607:f8b0:4006:807::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11665302330420713410/cta.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

418fbc553b3878d6b878b8f15fbde1889d0df7bc74f1530cbe8ae598703802ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11665302330420713410/index.html?e=69&leftOffset=0&topOffset=0&c=XdPyXESuOd&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 22:27:10 GMT
x-content-type-options: nosniff
age: 145048
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2781
x-xss-protection: 0
last-modified: Wed, 13 Apr 2022 19:30:41 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 13 Apr 2023 22:27:10 GMT

GET
DATA 200
OK truncated
/ Frame 2238 1015 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 067d0bd30358c7a31e4f42ded3dfa16e316004889d0df81ce5288f36e52ade72

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 2238 17 KB
6 KB 46ms
46ms Script
text/javascript 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_248.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:44:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 15 Apr 2022 14:44:38 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame B6B9 42 B
64 B 43ms
41ms Fetch
image/gif 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstSFCacsUQMt4eURzYG5OrPiUYaqXwTjHbxVZqFWlNKQlNB4XhdJtAJUXzEVg5B8b-DbByGBCl1O8D5X3DM7fBoqhpns3lQuIllqUGm4yVU45cCqbU&sai=AMfl-YRnRbeOVn7gY1gZxecwSD-s2bed9QUITZBGlh2NBR57BjW0aW1PLBkE-DudPCrBdCUV0aE-nxt9lt8wk79u_1fcnVMfXdzPimPcY9cR28CQ-3DNnfaJ4OlplRd69aY&sig=Cg0ArKJSzKg7bODFlc7VEAE&cid=CAASJ-Roi-DGegiYfV1OAa38mBywZB3aCOkrrRk0s82u_VGFAlanjWbd9A&id=lidar2&mcvt=1005&p=663,436,753,1164&mtos=1005,1005,1005,1005,1005&tos=1005,0,0,0,0&v=20220413&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1257902694&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1650033877375&rpt=270&isd=0&lsd=0&met=ce&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:38 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame BC0E 41 KB
15 KB 21ms
21ms Script
text/javascript 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 05:56:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 31694
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 15 Apr 2023 05:56:24 GMT

GET
DATA 200
OK truncated
/ Frame BC0E 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0a48538aa9bd30d69fdf267f795b550b42f636b4608d75ec8980bf00011f8465

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1

200
OK

iui3 Show response
s.amazon-adsystem.com/ Frame BC0E
Redirect Chain

https://s.amazon-adsystem.com/iui3?d=forester-did&ex-fargs=%3Fid%3D4efe50bd-6048-315d-918a-6058841c4806%26type%3D55%26m%3D1&ex-fch=416613&ex-src=https://www.unicefusa.org/&ex-hargs=v%3D1.0%3Bc%3D17...
https://s.amazon-adsystem.com/iui3?d=forester-did&ex-fargs=%3Fid%3D4efe50bd-6048-315d-918a-6058841c4806%26type%3D55%26m%3D1&ex-fch=416613&ex-src=https://www.unicefusa.org/&ex-hargs=v%3D1.0%3Bc%3D17...

43 B
932 B

47ms
47ms

Script
image/gif

209.54.180.144
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.amazon-adsystem.com/iui3?d=forester-did&ex-fargs=%3Fid%3D4efe50bd-6048-315d-918a-6058841c4806%26type%3D55%26m%3D1&ex-fch=416613&ex-src=https://www.unicefusa.org/&ex-hargs=v%3D1.0%3Bc%3D1726611500801%3Bp%3D4EFE50BD-6048-315D-918A-6058841C4806%27&dcc=t

Requested by

Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

HTTP/1.1

Server

209.54.180.144 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

2fce2feb1cb59a8c53b5b46d1d758949090324d34b2a941a972240d6ccf63db6

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 15 Apr 2022 14:44:38 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: EPF3MR3ATA1060APE9JE
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 15 Apr 2022 14:44:38 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: GYNG6227SKATQ6841R92
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/iui3?d=forester-did&ex-fargs=%3Fid%3D4efe50bd-6048-315d-918a-6058841c4806%26type%3D55%26m%3D1&ex-fch=416613&ex-src=https://www.unicefusa.org/&ex-hargs=v%3D1.0%3Bc%3D1726611500801%3Bp%3D4EFE50BD-6048-315D-918A-6058841C4806%27&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

activityi;dc_pre=CJy-2pmnlvcCFcynnwodiekNpQ;src=9200789;type=count0;cat=delve00u;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1 Show response
9200789.fls.doubleclick.net/ Frame BC0E
Redirect Chain

https://9200789.fls.doubleclick.net/activityi;src=9200789;type=count0;cat=delve00u;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1?
https://9200789.fls.doubleclick.net/activityi;dc_pre=CJy-2pmnlvcCFcynnwodiekNpQ;src=9200789;type=count0;cat=delve00u;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1?

0
0

74ms
45ms

Script
text/html

142.251.40.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://9200789.fls.doubleclick.net/activityi;dc_pre=CJy-2pmnlvcCFcynnwodiekNpQ;src=9200789;type=count0;cat=delve00u;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1?
Requested by: Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Server: 142.251.40.102 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga25s79-in-f6.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Redirect headers

date: Fri, 15 Apr 2022 14:44:38 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
location: https://9200789.fls.doubleclick.net/activityi;dc_pre=CJy-2pmnlvcCFcynnwodiekNpQ;src=9200789;type=count0;cat=delve00u;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;ord=1?
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/10099019064060487289/ Frame D9FD 3 KB
1 KB 35ms
35ms Document
text/html 2607:f8b0:4006:807::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10099019064060487289/index.html?e=69&leftOffset=0&topOffset=0&c=1dPRyatCxl&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

58619b0ef7928fafa3ebf95986ac968996e495325ffe1ae58d906a175706a065

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 1282
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 15 Apr 2022 14:44:38 GMT
expires: Sat, 15 Apr 2023 14:44:38 GMT
last-modified: Thu, 03 Mar 2022 11:06:24 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame BC0E 0
27 B 49ms
49ms Ping
image/gif 142.250.81.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu-xFbWlNA3IVOcbwCbbuXvPc6hYuCQRKfJMnQ-ZgyAa8jskkGLZ2MPYM8qSNk8yjxAZKvr1eVswbLnf01gVvSG24peyFeL5qaK7RahzeeYkA2i3hXwVVTV8E1XqRhgZ8EDlalb6p0H69SPFXRNZvOBN1q767ud_KTESEjyDRw2IWGzjgnIwzRg6oEW8eApDFBPv16N0nCfYFqiQMpRBIU3PEh8CYzGk6tU83tCP_H5jEypnilIkxrEdF_rNYRkkvBLqZcl3Qg7ZRD8Y4goVz8642Omm1WXbH_tigOyphNoUBS4tCmkSG7tpVqwMhnZlsQGSZ7bOopNenHzG2glxeXjUL5ItIasPPJo_2stlDiYmkg5TsrYjpRri4MRqGE5nLtubWYyzLk6U55OxA47airp142P5_wVKNCCccfNIdfNXBy1X871LTXNVvF3cexXy_WHIIuHsvRqLynfGm-LSczNxpYkaW1TVN8VjuY1r4h6QQHv7phAvebZun1D9o6UY23p040iVOJOPddx5V4xYcjCJ4TmlFq-RZUx0iZgwj3y8hXF0DPtHf_2VsfnV9-PUCegyMmJGksNei4JlKAclsOQyjyHwRuUfpwFSub8caM2MLNx1-mSLmFIXTjcuomNtm6_JGVpB_tvhI1kn8g5GufxbTDrNAin6NdH7X84LQ2VA-pWn-9TgGAahMN_DdGegg96DlSU3XdkkKW8QGdWGXOHy-lW-H8mX3rgXUZmhkzs7xTLD3FDa4AVnmG2bhlsRpwU9EL52z0YFszQEPSBze2cAt3X7VwwJWBFCrWY-ft_1RWyEbI0JaXEs6Ovj_HJ0CUBoEyF26obnVQKkO6oIBs9iBrC7H3ViuubHdjW16flYXA_43Ppr2A-KeRbtH78rvlDpmzGlqGMc1I_EC_fZ1tGZykxfxAloMIJJ2Waj0aXMjdAf30Pge-b39ylkG2OAFCWg4NhWYGlHe5TFi5PL026bfQ9U5HGh5yBUUeRNvNxBTmG8Ag4Ws5yGcbJ1K9b2m9eDAeQ0oxQBpqtdSaIT0RkaHYJ2nc05hsXSEExz4d5VqxaZqanz5dMGvb4gKrOVd56iFBWQEcbhMM8AWMSOpF_m9xdzI4TvCX9tXPUuLqYpfyvavoKlviUdoJGHIm4CHGtaBQ0QwVhLbmwZ9IzWh7CbizCDYuTGMW0-bM5tlYVWVM&sai=AMfl-YSIUtUhGlNbARfanBnPp5GNAS3pGssDlpMWnimtcFMtQbusizAX53wmpLJioLm00cf91WDYvg9krZ9GpIfFY3ucs1h0rEIpMlKmGFT19UauxSfPTfBWvP6d659KRCxqNOoVY57-_jbqnEB8W2smuelmD1XP0c4Tom6faks4CsdFFkaHmTWHdNyp5otasHhMMZ5dqDVrUZVjopoth4PWTevjuF_QpwM&sig=Cg0ArKJSzAjVPHIT-5iVEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=58&cbvp=1&cstd=54&cisv=r20220413.10413&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.81.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s74-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date: Fri, 15 Apr 2022 14:44:38 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 k-Lxrj_3cR5KhrMTVpzAVOH1CgwXrUvkekFpn42ZeoQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 2906 35 KB
13 KB 21ms
20ms Script
text/javascript 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/k-Lxrj_3cR5KhrMTVpzAVOH1CgwXrUvkekFpn42ZeoQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

93e2f1ae3ff7711e4a86b313569cc054e1f50a0c17ad4be47a41699f8d997a84

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 02:57:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 42452
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13613
x-xss-protection: 0
last-modified: Mon, 11 Apr 2022 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 15 Apr 2023 02:57:06 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 9EA0 22 KB
8 KB 20ms
20ms Document
text/html 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 31694
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 15 Apr 2022 05:56:24 GMT
expires: Sat, 15 Apr 2023 05:56:24 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame AC68 6 KB
3 KB 21ms
20ms Document
text/html 2607:f8b0:4006:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js?cb=31067132

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tmonews.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 15 Apr 2022 14:44:36 GMT
expires: Sat, 15 Apr 2023 14:44:36 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 initial.css
s0.2mdn.net/sadbundle/10099019064060487289/ Frame D9FD 3 KB
923 B 22ms
22ms Stylesheet
text/css 2607:f8b0:4006:807::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10099019064060487289/initial.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10099019064060487289/index.html?e=69&leftOffset=0&topOffset=0&c=1dPRyatCxl&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e4b7ba7e986cfaa7a192099c92dfa32c8830102d97e9615e628627727e65d81

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10099019064060487289/index.html?e=69&leftOffset=0&topOffset=0&c=1dPRyatCxl&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 11:07:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 99401
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 894
x-xss-protection: 0
last-modified: Thu, 03 Mar 2022 11:06:24 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 14 Apr 2023 11:07:57 GMT

GET
H2 200 css2
fonts.googleapis.com/ Frame D9FD 5 KB
1 KB 85ms
35ms Stylesheet
text/css 2607:f8b0:4006:824::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Barlow+Condensed:wght@300;400;500;600&display=swap

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10099019064060487289/index.html?e=69&leftOffset=0&topOffset=0&c=1dPRyatCxl&t=1&renderingType=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aa7fcea6935ccba51c30406ce3012768bc3fdd3e2009ab70df6e2d8697d17243

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 15 Apr 2022 13:26:02 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Fri, 15 Apr 2022 14:44:38 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 15 Apr 2022 14:44:38 GMT

GET
H3 200 SplitText.min.js Show response
s0.2mdn.net/sadbundle/10099019064060487289/ Frame D9FD 9 KB
4 KB 27ms
25ms Script
application/x-javascript 2607:f8b0:4006:807::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10099019064060487289/SplitText.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10099019064060487289/index.html?e=69&leftOffset=0&topOffset=0&c=1dPRyatCxl&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b12639fc87f5b28725a50369a47a4eff9d9ed4604a2fbc0af7dc70c883df7d5e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10099019064060487289/index.html?e=69&leftOffset=0&topOffset=0&c=1dPRyatCxl&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 11:07:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 99401
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3823
x-xss-protection: 0
last-modified: Thu, 03 Mar 2022 11:06:24 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 14 Apr 2023 11:07:57 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame D9FD 118 KB
40 KB 22ms
21ms Script
text/javascript 2607:f8b0:4006:807::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10099019064060487289/index.html?e=69&leftOffset=0&topOffset=0&c=1dPRyatCxl&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10099019064060487289/index.html?e=69&leftOffset=0&topOffset=0&c=1dPRyatCxl&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 10:15:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16165
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 16 Apr 2022 10:15:13 GMT

GET
H3 200 gsap_3.9.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame D9FD 63 KB
25 KB 41ms
40ms Script
text/javascript 2607:f8b0:4006:807::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.9.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10099019064060487289/index.html?e=69&leftOffset=0&topOffset=0&c=1dPRyatCxl&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6dbe9c2e13cf06c6633ea3fcf6d7bd30452561202a205c75a035cd1d8b93368f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10099019064060487289/index.html?e=69&leftOffset=0&topOffset=0&c=1dPRyatCxl&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:44:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25329
x-xss-protection: 0
last-modified: Wed, 29 Dec 2021 19:08:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 15 Apr 2022 14:44:38 GMT

GET
H3 200 threejs_2.0.0_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame D9FD 596 KB
148 KB 44ms
43ms Script
text/javascript 2607:f8b0:4006:807::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/threejs_2.0.0_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10099019064060487289/index.html?e=69&leftOffset=0&topOffset=0&c=1dPRyatCxl&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9f90ea0f320e7edde055d595c7a2ec96d4cc8d6ff076aadeea373f53493c11dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10099019064060487289/index.html?e=69&leftOffset=0&topOffset=0&c=1dPRyatCxl&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:44:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 151736
x-xss-protection: 0
last-modified: Sun, 18 Jul 2021 04:03:55 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 15 Apr 2022 14:44:38 GMT

GET
H3 200 initial.js Show response
s0.2mdn.net/sadbundle/10099019064060487289/ Frame D9FD 8 KB
2 KB 27ms
26ms Script
application/x-javascript 2607:f8b0:4006:807::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10099019064060487289/initial.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10099019064060487289/index.html?e=69&leftOffset=0&topOffset=0&c=1dPRyatCxl&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ea4963337ff5bbd2df1422f2b1af841ecfe7efc477584e7a85b030518484501e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10099019064060487289/index.html?e=69&leftOffset=0&topOffset=0&c=1dPRyatCxl&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 11:07:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 99401
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2497
x-xss-protection: 0
last-modified: Thu, 03 Mar 2022 11:06:24 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 14 Apr 2023 11:07:57 GMT

GET
H3 200 k-Lxrj_3cR5KhrMTVpzAVOH1CgwXrUvkekFpn42ZeoQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 9EA0 35 KB
13 KB 24ms
24ms Script
text/javascript 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/k-Lxrj_3cR5KhrMTVpzAVOH1CgwXrUvkekFpn42ZeoQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

93e2f1ae3ff7711e4a86b313569cc054e1f50a0c17ad4be47a41699f8d997a84

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 02:57:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 42452
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13613
x-xss-protection: 0
last-modified: Mon, 11 Apr 2022 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 15 Apr 2023 02:57:06 GMT

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/ Frame AC68 19 KB
8 KB 23ms
23ms Script
text/javascript 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/abg_lite_fy2019.js

Requested by

Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a7d5c1bfe43c8beefab2fa059f4fcaa029fcbbace9a672aae1dfe1ffb7d6976c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:31:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 774
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8002
x-xss-protection: 0
server: cafe
etag: 5332015062585099865
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 29 Apr 2022 14:31:44 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame AC68 8 KB
787 B 35ms
34ms Stylesheet
text/css 2607:f8b0:4006:824::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Requested by

Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

32bc7c1c64fd1b755d48d6025b86b7e7a28ad35d1f420cf85cdc1123aa7dfcd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 15 Apr 2022 13:21:36 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Fri, 15 Apr 2022 14:44:38 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 15 Apr 2022 14:44:38 GMT

GET
H2 200 outstream.min.css
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20220413_RC00/ Frame AC68 14 KB
3 KB 87ms
20ms Stylesheet
text/css 2607:f8b0:4006:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20220413_RC00/outstream.min.css

Requested by

Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

48ca4c570f2d58d8ff837e1c8f7d73e418a485ae23b2c9322f2f351d71d93aa7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 13:04:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 178801
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2798
x-xss-protection: 0
last-modified: Wed, 13 Apr 2022 10:38:38 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 13 Apr 2023 13:04:37 GMT

GET
H2 200 outstream.min.js Show response
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20220413_RC00/ Frame AC68 347 KB
120 KB 88ms
21ms Script
text/javascript 2607:f8b0:4006:808::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20220413_RC00/outstream.min.js

Requested by

Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0900693ba4018c6de9126b543a8a3c50080eb74d1ed0696e5cc8fca0c0c99513

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 13:04:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 178801
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 122258
x-xss-protection: 0
last-modified: Wed, 13 Apr 2022 10:38:38 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 13 Apr 2023 13:04:37 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame AC68 15 KB
6 KB 22ms
21ms Script
text/javascript 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4a29964e922a0ddad04e2feb2b4496f1019838b0cd9754da5bc95f6e20a14e98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:39:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 306
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6409
x-xss-protection: 0
server: cafe
etag: 15284592792851369840
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 29 Apr 2022 14:39:32 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame AC68 0
0 39ms
38ms Image
text/html 2607:f8b0:4006:816::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQ82SgaCkF6W8KTQxmGmSk4zT30a9s6WdgqEn_gf_StD9hrLZRyCb0n9bEpYo68Rgr3zMEP0ekNGh4igMyFzGuHtq8axQ
Requested by: Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:816::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

GET
H3 200 city.jpg
s0.2mdn.net/sadbundle/10099019064060487289/ Frame D9FD 26 KB
26 KB 23ms
22ms Image
image/jpeg 2607:f8b0:4006:807::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10099019064060487289/city.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10099019064060487289/initial.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7752209aad3a9e6abac087226b54d3fa59da66a506b6caba98045e59e44493a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10099019064060487289/initial.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 11:07:57 GMT
x-content-type-options: nosniff
age: 99401
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26364
x-xss-protection: 0
last-modified: Thu, 03 Mar 2022 11:06:24 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 14 Apr 2023 11:07:57 GMT

GET
H3 200 img.jpg
s0.2mdn.net/sadbundle/10099019064060487289/ Frame D9FD 27 KB
27 KB 23ms
23ms Image
image/jpeg 2607:f8b0:4006:807::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10099019064060487289/img.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10099019064060487289/initial.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

277f602591bef0e21e0856aca722267155d7e61161d26a67b6a467c92771909c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10099019064060487289/initial.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 11:07:57 GMT
x-content-type-options: nosniff
age: 99401
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27715
x-xss-protection: 0
last-modified: Thu, 03 Mar 2022 11:06:24 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 14 Apr 2023 11:07:57 GMT

GET
H2 200 HTxwL3I-JCGChYJ8VI-L6OO_au7B4873z3bWuQ.woff2
fonts.gstatic.com/s/barlowcondensed/v11/ Frame D9FD 21 KB
21 KB 89ms
39ms Font
font/woff2 2607:f8b0:4006:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/barlowcondensed/v11/HTxwL3I-JCGChYJ8VI-L6OO_au7B4873z3bWuQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Barlow+Condensed:wght@300;400;500;600&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0b281bf2f4179c06ba68f0a427f2341287c41eacc2ce9d534c6f5c513ac633fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://s0.2mdn.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 20:17:30 GMT
x-content-type-options: nosniff
age: 152828
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21352
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 19:04:52 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 13 Apr 2023 20:17:30 GMT

GET
H2 200 HTx3L3I-JCGChYJ8VI-L6OO_au7B6xHT2g.woff2
fonts.gstatic.com/s/barlowcondensed/v11/ Frame D9FD 20 KB
20 KB 70ms
21ms Font
font/woff2 2607:f8b0:4006:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/barlowcondensed/v11/HTx3L3I-JCGChYJ8VI-L6OO_au7B6xHT2g.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Barlow+Condensed:wght@300;400;500;600&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

af91213cd670d6270b32ebdeb00a09625f6b74ccd780d12ff6724a14ea1efaff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://s0.2mdn.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 21:23:04 GMT
x-content-type-options: nosniff
age: 148894
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20200
x-xss-protection: 0
last-modified: Wed, 26 Jan 2022 19:05:23 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 13 Apr 2023 21:23:04 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame DB3B 43 B
215 B 72ms
72ms Image
image/gif 52.41.89.5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=903356&asId=84f9e117-e172-a8cd-a2e8-b32f8642bfbf&tv=%7Bc:9RHnix,pingTime:-10,time:1065,type:s,mvn:ZnNjPTEyLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNS4xMnYxMjAwfHwxNjAwfHwxfHwxfHwyNHx8MTIwMHx8MHx8MHx8MXx8bGFuZHNjYXBlLXByaW1hcnl8fDI0fHw0LzN8fDQvM3x8MHx8MTYwMA--,no:MTcuNS4xMnZNb3ppbGxhfHxOZXRzY2FwZXx8bnx8bnx8MHx8bnx8TGludXggeDg2XzY0fHxHZWNrb3x8MjAwMzAxMDd8fDB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMDAuMC40ODk2Ljc1IFNhZmFyaS81MzcuMzZ8fDF8fDF8fEdvb2dsZSBJbmMufHxu,ch:n,fsc:17.5.12v220002022000220000022002220000022220200000222200022220002022022022222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222202220022202200022002220222202,asp:1650033878394%7C%7C3eba8096db1678ce84d3de24cb890972%7C%7Ceb4f03ab9dc867f6a5bdb2294b85db99%7C%7C72bdb0dc20f816f519d99a42b0fa4266%7C%7C19f0a1aa155d5d3262b2a80abecbe52b%7C%7C13fad5db421e7b2ec58dde57d08748d9%7C%7C81d3076bbfb2ae68972eb98648a2f311%7C%7C3b5c57606c70d3d64b36c715e3292fc8%7C%7C1629390669,sca:%7Bspg:8db5d41d-9d34-efff-6d47-04c255b5f0d4%7D%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.41.89.5 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-41-89-5.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:38 GMT
x-server-name: dt14.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame D9FD 7 KB
6 KB 38ms
38ms XHR
application/json 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9b3d53eb6b7a685830f01a13bfb77ceb2a1894c0bcad40f0eaa3ca84c07776e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 15 Apr 2022 14:44:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5677
x-xss-protection: 0

POST
H2 204 csi
csi.gstatic.com/ Frame AC68 0
327 B 271ms
92ms Ping
image/gif 2607:f8b0:4005:80c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=1~l20jkhce&c=6990225453941&slotId=3495112726970.5&qqid=CJq2wZmnlvcCFQLahwodHSAM_A&fb=outstream-lima&sei=44729911%2C44730425%2C44730426%2C420706098&nsei=44714510%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=outstream
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20220413_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4005:80c::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:39 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame AC68 15 KB
15 KB 48ms
20ms Font
font/woff2 2607:f8b0:4006:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 01:28:42 GMT
x-content-type-options: nosniff
age: 47757
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:28 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 15 Apr 2023 01:28:42 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame AC68 15 KB
15 KB 48ms
22ms Font
font/woff2 2607:f8b0:4006:824::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Tue, 12 Apr 2022 16:23:56 GMT
x-content-type-options: nosniff
age: 253243
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 12 Apr 2023 16:23:56 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame AC68 0
20 B 82ms
81ms Image
image/gif 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=osv-info&clickstring=C6ql61oRZYprzF4K0nwSdwLDgD4r0-aNo4cnw0dkPj9-ivcABEAEg7bvrLmDJ7o6LwKSMEKABy5Dr0QHIAQWoAwHIA5sEqgTvAU_QGo-4xI7OyyoJclYX1RwDFsAoY3hUqAH-6Y4QlUPXyY13n_YamJTsF26Y6BoJG3xEousuJskL1rDa8dm3jd7Y41E8Cm7A8V3pNnRXt_TF8uMkUVCXBwG4urBYpv8TNQegvt6wQezO4xOHvtEiBmqetlNxyNy0zxTlAEpJ0SpR6woiobC_mPKOQAzo2sV0hKv9Y8ain_Bn-pKMqNrLZWVR1NjA5HHEBp8DHIB4IVgO_cp7hWHoEJKOqew6_haLe5IARQWjK2iSq9ukAM78hauMLYwWaEqac8vAiIvUBBEJYr1L-ZwlLMsoP7uoeHxDwASdovyUvwPgBAOQBgGgBk6AB53vlK4CqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIhhEAEYHYAKA5gLAcgLAYAMAbATx6zWDtATANgTC4gUBdgUAdAVAfgWAYAXAQ&eventType=clickstring&clientTime=1650033878999&ai=C6ql61oRZYprzF4K0nwSdwLDgD4r0-aNo4cnw0dkPj9-ivcABEAEg7bvrLmDJ7o6LwKSMEKABy5Dr0QHIAQWoAwHIA5sEqgTvAU_QGo-4xI7OyyoJclYX1RwDFsAoY3hUqAH-6Y4QlUPXyY13n_YamJTsF26Y6BoJG3xEousuJskL1rDa8dm3jd7Y41E8Cm7A8V3pNnRXt_TF8uMkUVCXBwG4urBYpv8TNQegvt6wQezO4xOHvtEiBmqetlNxyNy0zxTlAEpJ0SpR6woiobC_mPKOQAzo2sV0hKv9Y8ain_Bn-pKMqNrLZWVR1NjA5HHEBp8DHIB4IVgO_cp7hWHoEJKOqew6_haLe5IARQWjK2iSq9ukAM78hauMLYwWaEqac8vAiIvUBBEJYr1L-ZwlLMsoP7uoeHxDwASdovyUvwPgBAOQBgGgBk6AB53vlK4CqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIhhEAEYHYAKA5gLAcgLAYAMAbATx6zWDtATANgTC4gUBdgUAdAVAfgWAYAXAQ

Requested by

Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 vast Show response
bid.g.doubleclick.net/dbm/ Frame AC68 28 KB
15 KB 97ms
69ms XHR
text/xml 172.253.62.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-C5UJspHIm22xoJaeqavGRNP2qxyBeUDCDHMCyeBAqT1EJDSOHKDlY6wbPIKizdWB5mm3Kama4wdaeZ8IyDpACED8-6hg&dbm_d=AKAmf-BRacd_IuYqfm-m2_Svk-MpJ5xUY2FjCCFVU6jSotGGVqQsRC_X2j9gzY28gko3BHTP14oF1AIQucegbh522ljL7e8gDPiT6vz1bRMjHpp3NTLywxt0OTGLKYwXZNvF1Uhb3qezoSEeUDQMENJ-8u0YKOfyw8dZEZOZ5IWolp39tC4l63XsYdmJc7gR73Xq3-lDCgqjIRsYRGUUcAjeGrFSsud_Ig5DAYkpGD-jwanfeYV13vkRy8rI0k51SbF7fRbCZusibSvkXvR_UhV6rzhFkjazD-S__WgH4yTtaYX6Dgr4lZDMnQcrGEAsIWHC_f-GNTXVe_8QZ_Q_IWaIxssdD63N_Dk6OWcvz_jr_HxkYmKko_XMfa5DE4S1PPulbX9ESnuVdx0nkJlUChHT8teMMjY8yvMxCvKmf1tEnqEiOYYxgEzwrdvTX_JlgUYkUx-vPfJFqe6qpUlkfbUbUQM5Jql6YwJKiKGLJamziff_4D0FRIeZj_wOKLg_w67sLcn_OadUprCnrAc4OPVAq_m3hNm7d_A5sz5r-SfrmF7G8VwYB9UT4VJHl8jU17g0B9oCkHhP61B9BzIz3PcQKHLOBA5PGnab3VatLWGwJTeAnoDtSmpI7N7v4q62f45yYI0saAB6OryhPxbv4lQP3NcAfd-xkTM_hvR0CeQzqKh1XgVLydDrqUJkKt2ivwXet3EJBQyGwCGZNzjshDp09eqcFWpdgWbQIii76vdopAiP8-7Hxv4PsdeB4MB4n1ojPKQejcD7ADPtvvIx89dQGGuGJZ7HL75PyFE2IjMFKLXNMFf8qLttq5obAxaGOAih6utwW-zg_0F6_ycpqQR5QnPDaS7R3qH_OJnL8_tiFRJXTgYgi60vXBi_2tJSMobxHaBJlgqOwWM5J4YOxxZBsNSTRLee5s2VkSMdayJonFzcDgKyXyHdd7dxz6ySHZB7gKOIShP1IcAl6bstEoD77M6qDyN2zLs050CiirLTKmAJA3MFcxVJII3NOMIhvZTcCjd7ShOSYeO6EviSNyyq9YbUnlO92Zw-gvFGsgbzRczwyDon_fbxwpkYaYxp3WSJ2QMw4X69d49Bf9eqo0iksMtdqNOBLZ-psYIbhx9T1oprz7w5gCQRHh8EpZhMvknNo5kF-Fck8a2K6_BE4ZisS4XNYKbrnpVyxryKLDY_NZVUWgTu75610JCcSx4-F-oUUyVwdHRXy1RWhpjtY6EpLjCfFMRNETkaQmqZ39_7IXWsURUfuZpQGnClEclvttVihRE67G-LLpA6-Yw3OUj3YEN4np4xyF8tHpb_BhUAUvY45wleapooy-_HNv7fpbq4ZG4ml7F0sWAMC1raaBirIXmASxrzaqCn0xtc7q9x0JtU1iiFHV3_cTWcjnvBsMqCCrFWozdwE8lfuJHHSrJlJh6hhVtFc9GMCvUvjmBdDoZ7QqXN1gz3VcIrZd7SJbzCew-nVhI2uV_KkvuQgV6gRy_vyrer34t9aiYvQoZl32lK0dtiXpliZRk1tiBXoeHwzMOIOpW1JsSHkTRG-ev_SfiNaxq-2AYICsqRnASVrdJdCvHFUSOvtRdeY8BMDf6gJKM-xZS3zQJoBWmziEcrzR1aTCSGqn7GbM48o8D1BuyDV0TRxpFdpU9ppOnDb0aKY9cc8REtgOO-SCtzAwn01U_owFeu6SUTE6JHGoogl-JxVlTzLsR5YKa0DT0PGhUgxk7EvM96iCa1ALaQk0ndY1E08H6aU0Y2NiYGbpLkaDPCOBbrwf47UVsm5O2R53UCO8_RLLUrhGuyBAYxDnZS-Pf4CXkrzdDw2p5CnZKoKfsJoulAK1su2L4YpyqZuTTRrdVt9-5M42T0D-79NZtJGiZL8EdPReJFC1TR4yFTcRt1yBzuEl6w2xzeO3oj0lDONQ2pS50xahrQKoEcJx9N870hqMZYOLMetX3nBithfpaVQAtNsiLBJ3klDe8CJbPRBbENnze6v-Y6vLWCc_17G05NmZnThZH85YGvC1lDeE-aKVjgrco7hkYJCqr1Re45ThsnIeqIEvsxYTe368DZlwN4CLVcXQAiL07uaZrktogE_vbWOTUzNjBgLvNnQZmx8YTMJIPEngDFaPF3DEY81Z8UKfjJhuBOfLFCxRphFDWeNOYUWy5oxvJ_B3h-mJ6i5CsUnIThRCjNRQqHTqgIvOxf_gRWOvDD4oziwtnSEBbU9vkExd3THHtknpT_ikcPh_4wwAb2ZVLqFQFM5yRiZ-oHoTRzrEK14pIIhj0AcNfj5x0nQP08A-zmcwWiC1oIjHTuifIhTtjz1PgDkHnZQizhDJmETWhyVd79eAs7CIob-UWyin2knAB2LGjQR978vH9jzKsporWKZ3JBU3ajz62EgBjo08Tgj1fXHhzDGNfrarz3vlRPGITBGbHK-tmgx1RuozV9GxXnz9oh9ieqMyVvKVmKewY4hoPESmu0JyjFWnc5rq5vrBdCALG9Ht-LsexfFP7RFGRx74-JdHCV_wXGsGwRFGVlVfKKHPKCaFyGjsiIQ2FJHZ9MrbKjvHFwYuwazpUaCa79Xu8Rycyx3653otpjtLPK6lr4JsDceUhLadThGhSKBi4z7J1uOPru3LixnRDuoq9__ANl_AklY4cNMRZlColAGBNnQ0fN6t7MOnDKiNF9KKdtfSiiIvVHW3zRUZNuJDWcUj8-EX_6FBHO7WfIcmVEJULSaVLJZx4_bnQD8RfHrSfQ4icjNwQlR25iEyT1wcN2NlZImeHy-tmJQRSsloDhLDEJgFmEjgrElxOoGgRL9tGwEuc4itOu_ujpUeS0DSxwmHxou8qo_GC0cej-2WwaZSAs8p8Bwdd252d9LYiZc2ks3VrWOLCdV0kxoi9Gl3Jm7DGap6VqpGt73bUGPvpMGkSM8d8fd72gv5SrbzU0KEYG7qZXOrFw3cEGf_3fGEvWcFidJeRBAfsG-Lg8V9RfKWCpLBumy2VJJ4H-9IQ&cid=CAASKORoo8c4GXjwuKfp_EQXhAR8ZJBYG1WFmIusQn6bn76STo7ZIyGQoZQ&sdkv=h.0.0.0&osd=2&frm=2&vis=1&sdr=1

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20220413_RC00/outstream.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.62.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f154.1e100.net

Software

cafe /

Resource Hash

decf9a1c369de13f20accd56ad5c9a31cd6c9934c2ff4060d4d2698bd6c9c438

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:44:39 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15534
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame AC68 0
0 42ms
41ms Fetch
text/html 142.250.80.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=ChAGG1oRZYprzF4K0nwSdwLDgD4r0-aNo4cnw0dkPj9-ivcABEAEg7bvrLmDJ7o6LwKSMEKABy5Dr0QHIAQWoAwGqBOwBT9Aaj7jEjs7LKglyVhfVHAMWwChjeFSoAf7pjhCVQ9fJjXef9hqYlOwXbpjoGgkbfESi6y4myQvWsNrx2beN3tjjUTwKbsDxXek2dFe39MXy4yRRUJcHAbi6sFim_xM1B6C-3rBB7M7jE4e-0SIGap62U3HI3LTPFOUASknRKlHrCiKhsL-Y8o5ADOjaxXSEq_1jxqKf8Gf6koyo2stlZVHU2MDkccQGnwMcgHghWA79yiOE-x2DAMg7ZpMiCwinv8O1emTbTX8mhUql0eCPCIYElPSb38SdZHyepcy8z-Edepk-iQk0Q7T7pivABJ2i_JS_A-AEA4gF6uOGqi-SBQYIGxACGAGSBQYIHRAEGAGSBQYIHRABGAGSBQYIHhABGAGQBgGgBk6AB53vlK4CqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwoQjcRzGLnzq8MB0ggHCIhhEAEYHYAKA8gLAbATx6zWDsgT3-jTCdATANgTC4gUBdgUAdAVAYAXAbIXHgocCAASFHB1Yi02Nzk2OTI3MTYyMzkzNzM3GM3yHA&sigh=A7Kc4PkGpGI&uach_m=[UACH]&cid=CAQSPwCNIrLM58Wfb5LW_fweu4Mc3Qt0-Q0KP6KGu92Wl_OEU7swna3dPSZS9wCn_EAoX5bkAR80plWLYz1ZVBwJcg&vt=10
Requested by: Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.80.34 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga34s34-in-f2.1e100.net
Software: /
Resource Hash

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame AC68 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4d9654ed1ef4e650bc9859c4c8372b9ececef6ca1ef9d3313510ea2860c0cfa6

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 dt
dt.adsafeprotected.com/ Frame B6B9 43 B
215 B 74ms
73ms Image
image/gif 52.41.89.5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=904480&asId=8db5d41d-9d34-efff-6d47-04c255b5f0d4&tv=%7Bc:9RHnjQ,time:1278,type:e,im:%7Bpci:%7Btdr:1020%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:145,o:1133,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:25,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1127~0,0~100%5D,as:%5B1127~728.90%5D%7D%7D,%7Bsl:i,t:1133,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B145~100%5D,as:%5B145~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:122,fm:t35jZLm+11%7C12%7C13%7C14%7C15%7C16*.904480-59616668%7C161%7C162%7C163%7C17.903356-59200475%7C171,idMap:16*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.41.89.5 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-41-89-5.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:39 GMT
x-server-name: dt03.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame D9FD 17 KB
6 KB 44ms
44ms Script
text/javascript 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:44:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 15 Apr 2022 14:44:39 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame BC0E 0
26 B 41ms
41ms Ping
image/gif 142.250.81.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu-xFbWlNA3IVOcbwCbbuXvPc6hYuCQRKfJMnQ-ZgyAa8jskkGLZ2MPYM8qSNk8yjxAZKvr1eVswbLnf01gVvSG24peyFeL5qaK7RahzeeYkA2i3hXwVVTV8E1XqRhgZ8EDlalb6p0H69SPFXRNZvOBN1q767ud_KTESEjyDRw2IWGzjgnIwzRg6oEW8eApDFBPv16N0nCfYFqiQMpRBIU3PEh8CYzGk6tU83tCP_H5jEypnilIkxrEdF_rNYRkkvBLqZcl3Qg7ZRD8Y4goVz8642Omm1WXbH_tigOyphNoUBS4tCmkSG7tpVqwMhnZlsQGSZ7bOopNenHzG2glxeXjUL5ItIasPPJo_2stlDiYmkg5TsrYjpRri4MRqGE5nLtubWYyzLk6U55OxA47airp142P5_wVKNCCccfNIdfNXBy1X871LTXNVvF3cexXy_WHIIuHsvRqLynfGm-LSczNxpYkaW1TVN8VjuY1r4h6QQHv7phAvebZun1D9o6UY23p040iVOJOPddx5V4xYcjCJ4TmlFq-RZUx0iZgwj3y8hXF0DPtHf_2VsfnV9-PUCegyMmJGksNei4JlKAclsOQyjyHwRuUfpwFSub8caM2MLNx1-mSLmFIXTjcuomNtm6_JGVpB_tvhI1kn8g5GufxbTDrNAin6NdH7X84LQ2VA-pWn-9TgGAahMN_DdGegg96DlSU3XdkkKW8QGdWGXOHy-lW-H8mX3rgXUZmhkzs7xTLD3FDa4AVnmG2bhlsRpwU9EL52z0YFszQEPSBze2cAt3X7VwwJWBFCrWY-ft_1RWyEbI0JaXEs6Ovj_HJ0CUBoEyF26obnVQKkO6oIBs9iBrC7H3ViuubHdjW16flYXA_43Ppr2A-KeRbtH78rvlDpmzGlqGMc1I_EC_fZ1tGZykxfxAloMIJJ2Waj0aXMjdAf30Pge-b39ylkG2OAFCWg4NhWYGlHe5TFi5PL026bfQ9U5HGh5yBUUeRNvNxBTmG8Ag4Ws5yGcbJ1K9b2m9eDAeQ0oxQBpqtdSaIT0RkaHYJ2nc05hsXSEExz4d5VqxaZqanz5dMGvb4gKrOVd56iFBWQEcbhMM8AWMSOpF_m9xdzI4TvCX9tXPUuLqYpfyvavoKlviUdoJGHIm4CHGtaBQ0QwVhLbmwZ9IzWh7CbizCDYuTGMW0-bM5tlYVWVM&sai=AMfl-YSIUtUhGlNbARfanBnPp5GNAS3pGssDlpMWnimtcFMtQbusizAX53wmpLJioLm00cf91WDYvg9krZ9GpIfFY3ucs1h0rEIpMlKmGFT19UauxSfPTfBWvP6d659KRCxqNOoVY57-_jbqnEB8W2smuelmD1XP0c4Tom6faks4CsdFFkaHmTWHdNyp5otasHhMMZ5dqDVrUZVjopoth4PWTevjuF_QpwM&sig=Cg0ArKJSzAjVPHIT-5iVEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=405&vt=11&dtpt=347&dett=3&cstd=54&cisv=r20220413.10413&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.81.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s74-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 15 Apr 2022 14:44:39 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 container.html Show response
6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 6026 6 KB
3 KB 21ms
20ms Document
text/html 2607:f8b0:4006:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022041301.js?cb=31067132

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tmonews.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 3
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 15 Apr 2022 14:44:36 GMT
expires: Sat, 15 Apr 2023 14:44:36 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 6026 0
0 40ms
40ms Fetch
image/gif 142.250.80.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssEspHIBoyboqCMc3TY87ZgICZlA9_he0lQgPTC8hipvLUp4VNUonUUpUY6TBtUxouspjQyBS7EQJ-7ZqvORorFGLdu4AwvD9J8CtrpmeyUo94naOpzzFMPTNn0zsGMYg98A9n5VvDA2tAzjemgbjmPDWEi4esM-s9qiMqF_Y4eOjrs3IApFNh07ppTIetUcxHalGRInLGeVaAPW_BiwoQMR8kmdwy9qa03fot6bVu8hr-b13qUVEZUAtcI7g_g3N_jpp8_9STcBxKIGwqHK2qKi-3CGAW9rQFOKa8uIeDZ4LQ3MoQIky95HRV75Tfbno_n&sai=AMfl-YSBFOaV48kbsJ8uLPc8l8RMYVWAy9MJFOSOV51HHlQ68IQjHhe28o_zJ_nNQrrIXxLFnrgkU5HpxCmgG56uYTN6fNWqg3EVEmR0m1K4ecRqMEmol3QNCwkrjT_Vz-we&sig=Cg0ArKJSzPuGKXk3by0ZEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.tmonews.com
URL: https://www.tmonews.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s34-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 15 Apr 2022 14:44:39 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/ Frame 6026 19 KB
8 KB 20ms
20ms Script
text/javascript 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/abg_lite_fy2019.js

Requested by

Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a7d5c1bfe43c8beefab2fa059f4fcaa029fcbbace9a672aae1dfe1ffb7d6976c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:31:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 775
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8002
x-xss-protection: 0
server: cafe
etag: 5332015062585099865
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 29 Apr 2022 14:31:44 GMT

GET
H3 200 10300165606249578176
tpc.googlesyndication.com/simgad/ Frame 6026 70 KB
70 KB 23ms
22ms Image
image/png 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/10300165606249578176

Requested by

Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c94b3c2387350ddc9578983080b818e496f9314507a7313679cb7483527cfa9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 20:05:26 GMT
x-content-type-options: nosniff
age: 67153
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 71594
x-xss-protection: 0
last-modified: Thu, 14 Apr 2022 20:03:44 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 14 Apr 2023 20:05:26 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/ Frame 6026 3 KB
1 KB 29ms
28ms Script
text/javascript 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220413/r20110914/client/window_focus_fy2019.js

Requested by

Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:43:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 92
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 29 Apr 2022 14:43:07 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6026 119 KB
36 KB 55ms
54ms Script
text/javascript 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

708369fe8dc1fd8fce92d3a7078852bb50ba4ba1a1884b1358c3bf03e1670d50

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 14:44:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36909
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1649897599747219"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 15 Apr 2022 14:44:39 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 6026 0
0 38ms
38ms Image
text/html 2607:f8b0:4006:816::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRtzPoPTV31v8TumquvbEaW8As8x1doHoODF7Tt74dFWN7U-4AEa86o9SSakThzXd13Ifed5CkS05XY9ySiBLsZXFFmAg
Requested by: Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:816::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9EA0 0
20 B 84ms
83ms Image
image/gif 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BJA6V1oRZYsftIsn3zwWnno7ADwAAAAA4AeAEAg&bg=!YWKlYibNAAZvJBiFTyQ7ACkAdvg8WtY8WWvCfJ-3m1wjb9maRgFrrbh-0o_i8Yvau2R6DQdVLI35IQIAAADeUgAAAAJoAQcKAHPDX30dbrTKuFt69llGFkij_av2-ihCrA0TRODBF9EvCCDXjGXcFrT57NIFPR4BXP0URLEJ3gFSOpx28KbUBlWd-Qoizjwt99Dsg-F-ZnLiPJBSLPsJzuwXAiLxBkoZyRGJLeZJi4K7XK7Hd6SPd2maKkavmQLs-LqBnVPGgtPLLyuWmxOoSwBySMRFEGbVc84cQHzq6uo2FVOwFvDbmqjJ_LTrnBM75XHbsbpepujN0kQJEJ777ehGGtD5PZl13RirlfmCHOaBJCJi-AKiFBY9TFwhRDGXj9UzFTMafT-u_-ekvqHoMhJ0v1cabOsM1PrvIs3LGPkpNk-zX4ad92k2_4NRyzgM-DAw4rYpbvqO7E6XWg0Ft0nuFnGzc5G-tUW6TFxn5-JVppBUyq66GNrwIu5RmWdCcGp06fc-5tyjMjrjn6AodSnD_kcwpyz_S99ouEwqOA6AREYiDV1lm-rv2F5XUSsPWU_KjL_IhFGR8rd_flAJHckI2hjKqp37PUWCt8y4rqD5oWtfYDKdx4Zq5hqcDo06Bka4kSri6Ln8O_0JpVWYElOM7kmycHE6cFc08sacvDF0AfFvs2_rRA3PmY7N-VlHFijpCcidpW3YwPUYc5U519FoYMKoV5zL8gIo8xhmn768bvOWAXyzPkBtF29tlIZILASl56WC-SSWe_HSufI4uxTHcvXCGrA73a8JGdoBEmP7W8peseKCsCw5XtRscCBz1IgpWfVMtGW6A0Yo-a5ZOCYSy_7uTfSRQJsDW6jGNm1Ap9kj0Ej7KLf2WH170iQiRAMbzynshi4c6bN77op7UXgrk9ozamaw7EidhsrBUFCw6wH7Fe0oVousCz6DNPIJR-wiQsw783Kcdv-cwkD2jwF5mqI2uBQ5vseGVzXPeSWkZZvI7rftQ8hDwXghvCMSk1101T8s8c7N78h266m63PBsrUItFzXjiCR9hHeTou5eI7nkqwOWeFH0HbftKcTf7oBNR6OW9cA9IRLBfWpryFCktPhxfMH-YzsfMgehTVE5ikfWgj5sHSUlX7xhi3kfhI8kBWdsfpgClZOrvHfDFx9yMtKE980zre3Dj5cjkDsVdfKpA9-qCVPvBRancrhOubhOtrF_CdLTYS_N3usSYECLLpTofSWGCjgC4A

Requested by

Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 k-Lxrj_3cR5KhrMTVpzAVOH1CgwXrUvkekFpn42ZeoQ.js Show response
pagead2.googlesyndication.com/bg/ Frame C122 35 KB
13 KB 21ms
20ms Script
text/javascript 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/k-Lxrj_3cR5KhrMTVpzAVOH1CgwXrUvkekFpn42ZeoQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

93e2f1ae3ff7711e4a86b313569cc054e1f50a0c17ad4be47a41699f8d997a84

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 02:57:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 42453
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13613
x-xss-protection: 0
last-modified: Mon, 11 Apr 2022 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 15 Apr 2023 02:57:06 GMT

GET
H3 200 HdsydzJK.js Show response
tpc.googlesyndication.com/sodar/ Frame AC68 41 KB
15 KB 22ms
22ms Script
text/javascript 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20220413_RC00/outstream.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 06:33:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 202252
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15407
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 13 Apr 2023 06:33:47 GMT

HEAD
H/1.1

200
OK

file.mp4
r5---sn-ab5l6nzr.c.2mdn.net/videoplayback/id/4e77313c01a7b4e3/itag/343/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3790237481/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,m... Frame AC68
Redirect Chain

https://gcdn.2mdn.net/videoplayback/id/4e77313c01a7b4e3/itag/343/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3790237481/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/sig...
https://r5---sn-ab5l6nzr.c.2mdn.net/videoplayback/id/4e77313c01a7b4e3/itag/343/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3790237481/sparams/acao,ctier,expire,id,ip,ipbits,i...

0
0

100ms
21ms

Fetch
video/mp4

2607:f8b0:401e:29::b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r5---sn-ab5l6nzr.c.2mdn.net/videoplayback/id/4e77313c01a7b4e3/itag/343/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3790237481/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/6605DD8E341753FF8FFE854410D16BABEB4C1F27.7BC53FEEB2ECFAC82CBA0D6C382B1CC535E3774F/key/cms1/cms_redirect/yes/mh/GV/mip/2602:ffc8:2:104::17/mm/42/mn/sn-ab5l6nzr/ms/onc/mt/1650033571/mv/u/mvi/5/pl/48/file/file.mp4

Protocol

HTTP/1.1

Server

2607:f8b0:401e:29::b , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Fri, 15 Apr 2022 14:44:39 GMT
X-Content-Type-Options: nosniff
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 2244727
Last-Modified: Fri, 25 Feb 2022 11:44:40 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Access-Control-Allow-Origin: null
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control: private, max-age=86400
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Timing-Allow-Origin: null
Expires: Fri, 15 Apr 2022 14:44:39 GMT

Redirect headers

date: Fri, 15 Apr 2022 14:44:39 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 651
x-xss-protection: 0
pragma: no-cache
server: ClientMapServer
location: https://r5---sn-ab5l6nzr.c.2mdn.net/videoplayback/id/4e77313c01a7b4e3/itag/343/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3790237481/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/6605DD8E341753FF8FFE854410D16BABEB4C1F27.7BC53FEEB2ECFAC82CBA0D6C382B1CC535E3774F/key/cms1/cms_redirect/yes/mh/GV/mip/2602:ffc8:2:104::17/mm/42/mn/sn-ab5l6nzr/ms/onc/mt/1650033571/mv/u/mvi/5/pl/48/file/file.mp4
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 H0ZEmIz7.html Show response
tpc.googlesyndication.com/sodar/ Frame 1BB2 23 KB
9 KB 21ms
21ms Document
text/html 2607:f8b0:4006:81f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 202252
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8727
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 13 Apr 2022 06:33:47 GMT
expires: Thu, 13 Apr 2023 06:33:47 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 6026 0
0 40ms
39ms Fetch
image/gif 142.250.80.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuX3HrGZyubqhUkIAiFnFPyhf_7WBbe34jqAqdzezlLFN7ZgnIf5TXNuOi8N_H_Ik6cvSzYASiTFAdRtQk458pcYb3M6GMSgYp1_fjciGKIxKmVQ-dBXcb-K3N7kWIZ60N00EcuTHjqtaL9nITTpbNpFGEdkVq_ODnu1jW_Tyqhiq4OA9aeCUw5ormXqDuXbvYY5UU6hB1ZSx77tex9jYpk4KnEPshotsQMPK-dgf6vzUnMdhsfOgsyk35shFHjd_JpYEso4bbHpHH_D-TetmtCW55MY3Ka7lcQoc5e761tY3oNua7KzNQA7kiICPjzG4AG6UI&sai=AMfl-YR4PtRhR0XNzhoO9bQpKZQ3YZ-s98uF-9BkVFnDnYyulYBjBaSczIQU5vF5MmTItqk_C_VW0d_0bOTtcMdPDCvo6DMD8ZOXh6xmfFFppgrm-tx54VwkI77U0roaCyz6&sig=Cg0ArKJSzKkpCLJVA_CrEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s34-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 15 Apr 2022 14:44:39 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Fri, 15 Apr 2022 14:44:39 GMT

GET
DATA 200
OK truncated
/ Frame 6026 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bc6f5d6157a018818841738dc10fd070072a3346981a436d7cff4d0f20b5cf09

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 LJGn0i2Pg8yG-wzimFR5htSsDE5oolsrGkll4HQxngw.js Show response
pagead2.googlesyndication.com/bg/ Frame 1BB2 35 KB
13 KB 22ms
21ms Script
text/javascript 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/LJGn0i2Pg8yG-wzimFR5htSsDE5oolsrGkll4HQxngw.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2c91a7d22d8f83cc86fb0ce298547986d4ac0c4e68a25b2b1a4965e074319e0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Fri, 15 Apr 2022 00:59:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 49485
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13643
x-xss-protection: 0
last-modified: Mon, 11 Apr 2022 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 15 Apr 2023 00:59:54 GMT

GET
H3 206 file.mp4
r5---sn-ab5l6nzr.c.2mdn.net/videoplayback/id/4e77313c01a7b4e3/itag/343/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3790237481/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,m... Frame AC68 2 MB
2 MB 49ms
21ms Media
video/mp4 2607:f8b0:401e:29::b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:401e:29::b , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

eb45241596572f8dd762965a929252b2b32620daebdb36e5fb1bce6e21676a12

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Range: bytes=0-

Response headers

date: Fri, 15 Apr 2022 14:44:39 GMT
x-content-type-options: nosniff
Content-Range: bytes 0-2244726/2244727
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 2244727
expires: Fri, 15 Apr 2022 14:44:39 GMT
last-modified: Fri, 25 Feb 2022 11:44:40 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
access-control-allow-origin: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=86400
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
client-protocol: quic

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1BB2 0
20 B 84ms
84ms Image
image/gif 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=34&t=2&li=v_h.0.0.0&bgai=Bx1Sn14RZYu7CBNTN_gTs_b-YAgAAAAA4AeAEAg&bg=!sLOls_fNAAZvJBiFTyQ7ACkAdvg8Wqez-814GShIaPM7Opc3m_WcNJBkcTV2oYQP1r3aczaA_gLjCAIAAABgUgAAAAVoAQeZAvVrDnW6t2ypYdQPPbMbkBYV1qB51OvQCv7FqFP9Rf-Lus9C2bwHnGtRaeqcbqYKz5QigB_wATNdy2HRjCHmuhPhI5fpGPkVRHlvZEz7A9Vg-0I5InbwTF6xVG4GTaQEDm1TaGovBiWhHMiMW6e_3zU6i0OOb5OLjRcN9ukZ9-Rv6ax6xs8zp0LpnPABRmXuXoLO6ZN1k2dmh1JQfTxLxzYA_0StTdAJYzOIkwRC11KKO-_2otC6Is9In2P_zG6yx6ib6KRrPKsjKMWlUUuRvgwWN26m2VcMi0cYNjMpy0-5shOmksFBjxnSBvMb6Lh2xMbDZDTabfbdepIHeXng5dgE0-il4EVfMrBK88un9HfaGnnbMgxnsePoa5bW8xOpPa-jhN9ou_nONAJZKS4nlRdhmjVe03jfV14nYpXpamJndDHNf7VgJzx9XxsBR_SCvzKKG2_yhsa8uI49NnrKVPvEdySJ5WNMx-aNofcEuR3u7XUMmiazxGyn73OUVejqF0C4qavVkwGSLRwyykvYQxt4B2cC9p4w4a-QOOExKqi-cQBPLSInW7b57luwZ-SCRBfIOoE1qXgJxPkCmaJ4VGhy9GMMsHpH5MEWOrrKdA5suHJu_m7jyhqjXAxpvsz7Y6NMO4avuHn3Ukm5lvXbYoPXGyWTIxXa7y13Ik_H3vjg0Odim6KqyRBKjtkNC-6dkGuuVAYNTd0KDGx0xKlOXPOoVitjZ0xcXSGOAsDa6SDiCPfx46l-we3vZrBXwLOdPxU85aa2xdCMZqyLv5bHlBbERsqE5O9dvcbeDupoEyXZffGPU_S631oiAs98Loy61BI83lwUhNaaY1ZPltV7J4rgoaPVqteAKAS5ajlDLiATSnbJx7wHij5-6Ec85KcrahsPlpbKDMX166qTytTluS43OFJdsvfL4h4vhO6cQ9GytGAOc5GQEglhc91MwgWbF6M2Iy6Yo9boGKL4pYK1vvK69IPKrTQahOnO0Guo1Ay7bpbOISOH

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 0BF6 42 B
64 B 42ms
41ms Image
image/gif 2607:f8b0:4006:81d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvh7wUdJ-ut7vsHqYoMEVSBNFCCTNBfs5djCD0r2Y6IR5BwNZ7Z5k3BtQPB1eA9UXg38zCNv2dZKEDle9aRmIpVG-69NcELi4R6StqPbueaEq1PiMA&sai=AMfl-YSUXQIFRRzI7hGDDBONWLKWjIFV2YnR_WhOVt_BqXQfT4111kBSaEzh0dyDlER9oQsHVpI_askwJpZ35fEGxyUX41SgNTLS59OYak3th923r5VabIqeLAufxrcZM-ii&sig=Cg0ArKJSzGj1pZW_1AbsEAE&id=ampim&o=436,226&d=728,90&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=404&tls=1404&g=100&h=100&tt=1404&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=2140514718

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:39 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame B6B9 43 B
215 B 74ms
74ms Image
image/gif 52.41.89.5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=904480&asId=8db5d41d-9d34-efff-6d47-04c255b5f0d4&tv=%7Bc:9RHnxF,pingTime:1,time:2135,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:26%7D,%7Bpiv:100,vs:i,r:,t:1133%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1002,o:1133,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:25,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1127~0,0~100%5D,as:%5B1127~728.90%5D%7D%7D,%7Bsl:i,t:1133,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~100%5D,as:%5B1001~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:94,fm:t35jZLm+11%7C12%7C13%7C14%7C15%7C16*.904480-59616668%7C161%7C162%7C163%7C17.903356-59200475%7C171,idMap:16*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.41.89.5 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-41-89-5.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:39 GMT
x-server-name: dt18.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame B6B9 43 B
215 B 73ms
73ms Image
image/gif 52.41.89.5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=904480&asId=8db5d41d-9d34-efff-6d47-04c255b5f0d4&tv=%7Bc:9RHnxF,pingTime:1,time:2135,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:26%7D,%7Bpiv:100,vs:i,r:,t:1133%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1002,o:1133,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:25,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1127~0,0~100%5D,as:%5B1127~728.90%5D%7D%7D,%7Bsl:i,t:1133,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~100%5D,as:%5B1001~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:94,fm:t35jZLm+11%7C12%7C13%7C14%7C15%7C16*.904480-59616668%7C161%7C162%7C163%7C17.903356-59200475%7C171,idMap:16*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.41.89.5 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-41-89-5.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:39 GMT
x-server-name: dt19.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

POST
H3 204 csi
csi.gstatic.com/ Frame AC68 0
17 B 186ms
92ms Ping
image/gif 2607:f8b0:4005:80c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=2~l20jkhcp&c=6990225453941&slotId=3495112726970.5&qqid=CJq2wZmnlvcCFQLahwodHSAM_A&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=1000&br=998&mt=video%2Fmp4&vs=640x360&ulv=1&cll=0&vmfc=12&vhc=0&msm=1&aits=18%2C22%2C37%2C59%2C342%2C343%2C344%2C345%2C346%2C347%2C692%2C0&webm=0&vp9=0&vamt=video%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4&hvmf=false&vms=1&bit=343&vsrc=doubleclick_dmm&ape=1&ple=1&umsem=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20220413_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4005:80c::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:40 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 logo.svg Show response
s0.2mdn.net/sadbundle/10099019064060487289/ Frame D9FD 8 KB
3 KB 22ms
21ms Fetch
image/svg+xml 2607:f8b0:4006:807::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/10099019064060487289/logo.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10099019064060487289/initial.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b57b40dd9b6db0dd6d605a08e230dc04872c749430632eea71fdc9a6697884d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10099019064060487289/index.html?e=69&leftOffset=0&topOffset=0&c=1dPRyatCxl&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 11:07:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 99405
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3167
x-xss-protection: 0
last-modified: Thu, 03 Mar 2022 11:06:24 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 14 Apr 2023 11:07:58 GMT

GET
H3 200 c2.png
s0.2mdn.net/sadbundle/10099019064060487289/ Frame D9FD 33 KB
33 KB 22ms
22ms Image
image/png 2607:f8b0:4006:807::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10099019064060487289/c2.png

Requested by

Host: 6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a169e27546ea3ad7db2e911864def04e205d9388b3e138956eec6af7b8939d28

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/10099019064060487289/index.html?e=69&leftOffset=0&topOffset=0&c=1dPRyatCxl&t=1&renderingType=2
Origin: https://s0.2mdn.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 11:07:58 GMT
x-content-type-options: nosniff
age: 99405
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34166
x-xss-protection: 0
last-modified: Thu, 03 Mar 2022 11:06:24 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 14 Apr 2023 11:07:58 GMT

GET
H3 200 img.jpg
s0.2mdn.net/sadbundle/10099019064060487289/ Frame D9FD 27 KB
27 KB 22ms
21ms Image
image/jpeg 2607:f8b0:4006:807::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/10099019064060487289/img.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/10099019064060487289/initial.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

277f602591bef0e21e0856aca722267155d7e61161d26a67b6a467c92771909c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/10099019064060487289/index.html?e=69&leftOffset=0&topOffset=0&c=1dPRyatCxl&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Thu, 14 Apr 2022 11:07:57 GMT
x-content-type-options: nosniff
age: 99406
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27715
x-xss-protection: 0
last-modified: Thu, 03 Mar 2022 11:06:24 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 14 Apr 2023 11:07:57 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame B6B9 43 B
215 B 73ms
73ms Image
image/gif 52.41.89.5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=904480&asId=8db5d41d-9d34-efff-6d47-04c255b5f0d4&tv=%7Bc:9RHoAa,pingTime:5,time:6134,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:26%7D,%7Bpiv:100,vs:i,r:,t:1133%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:5002,o:1133,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:25,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1127~0,0~100%5D,as:%5B1127~728.90%5D%7D%7D,%7Bsl:i,t:1133,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B5001~100%5D,as:%5B5001~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:78,fm:t35jZLm+11%7C12%7C13%7C14%7C15%7C16*.904480-59616668%7C161%7C162%7C163%7C17.903356-59200475%7C171,idMap:16*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.41.89.5 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-41-89-5.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:43 GMT
x-server-name: dt01.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H2 200 dt
dt.adsafeprotected.com/ Frame B6B9 43 B
215 B 74ms
73ms Image
image/gif 52.41.89.5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=904480&asId=8db5d41d-9d34-efff-6d47-04c255b5f0d4&tv=%7Bc:9RHoAb,pingTime:5,time:6135,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:26%7D,%7Bpiv:100,vs:i,r:,t:1133%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:5002,o:1133,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:25,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1127~0,0~100%5D,as:%5B1127~728.90%5D%7D%7D,%7Bsl:i,t:1133,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B5001~100%5D,as:%5B5001~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:78,fm:t35jZLm+11%7C12%7C13%7C14%7C15%7C16*.904480-59616668%7C161%7C162%7C163%7C17.903356-59200475%7C171,idMap:16*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.41.89.5 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-41-89-5.us-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 15 Apr 2022 14:44:43 GMT
x-server-name: dt11.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: disquscdn.com
URL: https://disquscdn.com/count.js

Domain: d3ezl4ajpp2zy8.cloudfront.net
URL: https://d3ezl4ajpp2zy8.cloudfront.net/phonedog-electronics_tag.js

Domain: partners.tremorhub.com
URL: https://partners.tremorhub.com/sync?UIGL=CAESEOPCRFiPRF-x5ip24zgOsfM&google_cver=1

Verdicts & Comments Add Verdict or Comment

105 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

76 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.lijit.com/	1970-01-20 11:06:09	Name: ljtrtb Value: eJyrrgUAAXUA%2BQ%3D%3D
.lijit.com/	1970-01-20 11:06:09	Name: ljt_reader Value: fa1d595c378916aab6911c7f
.adnxs.com/	1970-01-20 04:30:09	Name: icu Value: ChgIgNlEEAoYASABKAEw04nmkgY4AUABSAEQ04nmkgYYAA..
.adnxs.com/	1970-01-20 04:30:09	Name: uuid2 Value: 2912129428627624359
.rubiconproject.com/	1970-01-20 11:06:09	Name: khaos Value: L20JKEK2-1H-HI09
.rubiconproject.com/	1970-01-20 11:06:09	Name: audit Value: 1\|clb2f5t+FPpM/WAJGYyTU1Yvo2XO8wv+z0QnGM0pmGQbesp4+NIbzrzmuv9fBzWSG2ZvJFTwb4moZVZCJgsaTsxuhZpbWKLtZHpC3+27gWg=
.crsspxl.com/	1970-01-20 03:46:14	Name: uid Value: 7133575987338436256
.crsspxl.com/	1970-01-20 03:46:14	Name: uuid Value: 7628ebe5-3977-4177-b460-725d8ea3601b
.ml314.com/	1970-01-20 02:20:33	Name: u Value: aHR0cHM6Ly93d3cudG1vbmV3cy5jb20v
.ml314.com/	1970-01-20 11:06:09	Name: pi Value: 3626527436432211975
.ml314.com/	1970-01-20 02:40:43	Name: tp Value: 4%3b4%2f15%2f2022+10%3a44%3a36+AM%3b0
.pro-market.net/	1970-01-20 06:39:45	Name: anProfile Value: "0+1+4=8z+1f=1+1g=1+1j=57:1+rs=s+rt=2602FFC8000201040000000000000017+s0=(2w)+s2=(radyac)"
.yieldmo.com/	1970-01-20 11:06:09	Name: yieldmo_id Value: gea9a3ef52bd1eab0fbd%7C1650033876288%7C2987819805222879680%7C
.adsrvr.org/	1970-01-20 11:06:09	Name: TDID Value: e3a32df7-082c-4f28-a4a9-54fe7e4ab411
.rlcdn.com/	1970-01-20 11:06:09	Name: rlas3 Value: X///i3AVZkPzae23HkZmZBjcxNLwiZ6w9rSjcl+gVRY=
.demdex.net/	1970-01-20 06:39:45	Name: demdex Value: 48896381501057440784238777178638229202
.eyeota.net/	1970-01-20 11:06:09	Name: mako_uid Value: 1802daedd8b-2f220000010a5f39
.eyeota.net/	1970-01-20 02:20:34	Name: SERVERID Value: 24377~DM
www.tmonews.com/	1970-01-20 11:46:29	Name: _pk_id.31.8996 Value: 420c2de52fb869f8.1650033876.1.1650033876.1650033876.
www.tmonews.com/	1970-01-20 02:20:35	Name: _pk_ses.31.8996 Value: *
.crwdcntrl.net/	1970-01-20 08:49:19	Name: _cc_dc Value: 0
.crwdcntrl.net/	1970-01-20 08:49:19	Name: _cc_id Value: 4259660a8fe22f80cfec912d4c683dd4
.dpm.demdex.net/	1970-01-20 06:39:45	Name: dpm Value: 48896381501057440784238777178638229202
a.tmonews.com/	1970-01-20 11:06:09	Name: OAID Value: 779881897ebe42960fa87c19f45abea7
.crsspxl.com/	1970-01-20 03:03:02	Name: re Value: 1
.crsspxl.com/	1970-01-20 02:29:55	Name: uidc Value: 2
.crsspxl.com/	1970-01-20 02:29:55	Name: ua Value: 1
.adsrvr.org/	1970-01-20 11:06:09	Name: TDCPM Value: CAESFgoHZDB0cm8xahILCIyEg-2Pvs86EAUYASABKAIyCwjKqcWdpr7POhAFOAFaCmNyb3NzcGl4ZWxgAg..
.rlcdn.com/	1970-01-20 03:46:57	Name: pxrc Value: CNSJ5pIGEgUI6AcQABIFCOhHEAASBQjbThAA
.yahoo.com/	1970-01-20 11:06:31	Name: A3 Value: d=AQABBNSEWWICEDZgO_BVuc67whE6vKafxVMFEgEBAQHWWmJjYgAAAAAA_eMAAA&S=AQAAAhTnw5cbI_J_Y-EJswEBXL8
.lijit.com/	1970-01-20 11:06:09	Name: _ljtrtb_5110 Value: 7133575987338436256
.openx.net/	1970-01-20 11:06:09	Name: i Value: 140d3e9f-254e-42fa-8566-a98241def9ae\|1650033876
.crsspxl.com/	1970-01-20 02:27:02	Name: anid Value: 1
.crsspxl.com/	1970-01-20 03:03:02	Name: id_apnx Value: 2912129428627624359
.truoptik.com/	1970-01-20 11:06:09	Name: to_master_s Value: 8643e076573856fc488c155999839459
.truoptik.com/	1970-01-20 11:06:09	Name: to_version_s Value: b2
.crsspxl.com/	1970-01-20 02:29:55	Name: tdid Value: e3a32df7-082c-4f28-a4a9-54fe7e4ab411
.crsspxl.com/	1970-01-20 02:27:02	Name: dxid Value: 1
.pippio.com/	1970-01-20 11:06:09	Name: did Value: GzjuYBzinnBkq2pd
.pippio.com/	1970-01-20 11:06:09	Name: didts Value: 1650033876
.pippio.com/	1970-01-20 03:46:57	Name: nnls Value:
.bluekai.com/	1970-01-20 06:39:45	Name: bkdc Value: phx
.bluekai.com/	1970-01-20 06:39:45	Name: bku Value: SAz99BuWVVvZG1/0
.crsspxl.com/	1970-01-20 02:27:02	Name: oxid Value: 1
.doubleclick.net/	1970-01-20 19:51:45	Name: IDE Value: AHWqTUm8r149l-5T1A1a1pYYU5w71TquD67PjVorh9JjuLMWh4MQz_g63yZD0HPrR5c
.e.dlx.addthis.com/	1970-01-20 11:50:48	Name: na_tc Value: Y
.crsspxl.com/	1970-01-20 02:27:02	Name: dcid Value: 1
.everesttech.net/	1970-01-20 11:06:09	Name: everest_g_v2 Value: g_surferid~YlmE1AAAUCjzhwBj
.mathtag.com/	1970-01-20 11:46:29	Name: uuid Value: 5ba46259-84d5-4a00-9c03-de520c0dab91
.crsspxl.com/	1970-01-20 02:27:02	Name: mmid Value: 1
.pippio.com/	1970-01-20 03:46:57	Name: pxrc Value: CNWJ5pIGEgQIAhAAEgYI3awrEAA=
.addthis.com/	1970-01-20 11:50:48	Name: na_id Value: 2022041514443700014404711807
.addthis.com/	1970-01-20 11:50:48	Name: na_tc Value: Y
.addthis.com/	1970-01-20 11:50:48	Name: uid Value: 625984d5940d9c71
.addthis.com/	1970-01-20 11:50:48	Name: ouid Value: 625984d50001bda67cfe037685cc434e399f84dc9c6ba70d9018
.dlx.addthis.com/	1970-01-20 03:03:45	Name: na_rn Value: 0
.dlx.addthis.com/	1970-01-20 03:03:45	Name: na_sr Value: 20220415
.dlx.addthis.com/	1970-01-20 02:20:33	Name: na_srp Value: 3300
.dlx.addthis.com/	1970-01-20 03:03:45	Name: na_sc_e Value: 0
.krxd.net/	1970-01-20 06:39:45	Name: _kuid_ Value: Ox7H1Z99
.dlx.addthis.com/	1970-01-20 03:03:45	Name: na_sc_x Value: 1
.adnxs.com/	1970-01-20 04:30:09	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GU#sxUA>!]tbPl1M>e)ZlrFUfJ+tGXvX+F:/2.DD@9kOWR5rEW0wl[p6:c[80x2F=YxsbpRzqF1`b^s>%8Nw
.casalemedia.com/	1970-01-20 04:30:09	Name: CMPS Value: 1017
.casalemedia.com/	1970-01-20 02:22:00	Name: CMST Value: YlmE1WJZhNUA
.casalemedia.com/	1970-01-20 11:06:09	Name: CMID Value: YlmE1bXezUAGPlrrX3or.QAA
.casalemedia.com/	1970-01-20 04:30:09	Name: CMPRO Value: 141
.casalemedia.com/	1970-01-20 11:06:09	Name: CMRUM3 Value: 2d625984d52760CAESEHxDKpLBmJjpaqQpfQKkMZQ
.tvpixel.com/	1970-01-20 11:06:09	Name: sp Value: d6979ee6-5338-4024-9793-1956d198fb69
.teads.tv/	1970-01-20 11:04:43	Name: tt_viewer Value: b832284e-a53d-4fbe-9b35-7cc217c4aa94
.doubleclick.net/	1970-01-20 02:20:37	Name: DSID Value: NO_DATA
.doubleclick.net/	1970-01-20 02:20:34	Name: test_cookie Value: CheckForPermission
.spotxchange.com/	1970-01-20 11:06:13	Name: audience Value: 93a77012-bcca-11ec-895c-177accdd0403
.amazon-adsystem.com/	1970-01-20 08:36:24	Name: ad-id Value: A-ltg9CySUmplFlCRLsfimE
.amazon-adsystem.com/	1970-01-22 00:00:53	Name: ad-privacy Value: 0
.tmonews.com/	1970-01-20 11:42:09	Name: __gads Value: ID=9a1caf1d410970d5-22176bd9127c0034:T=1650033876:S=ALNI_MY9YY90H0TCbQDsyMvZjkpufNqxJg
.tmonews.com/	1970-01-20 11:42:09	Name: __gpi Value: UID=0000042f9783a47c:T=1650033876:RT=1650033876:S=ALNI_MaqHJtfl_lU8F1sZ_DbiH04iNsyew

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	warning	URL: https://www.tmonews.com/(Line 5) Message: Error parsing a meta element's content: ';' is not a valid key-value pair separator. Please use ',' instead.
network	error	URL: https://disquscdn.com/count.js Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: https://d3ezl4ajpp2zy8.cloudfront.net/phonedog-electronics_tag.js Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
other	warning	URL: https://cdn.ampproject.org/rtv/012203150226000/v0/amp-ad-exit-0.1.mjs(Line 1) Message: Unrecognized feature: 'attribution-reporting'.
security	error	URL: https://6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html Message: Refused to execute script from 'https://s.amazon-adsystem.com/iui3?d=forester-did&ex-fargs=%3Fid%3D4efe50bd-6048-315d-918a-6058841c4806%26type%3D55%26m%3D1&ex-fch=416613&ex-src=https://www.unicefusa.org/&ex-hargs=v%3D1.0%3Bc%3D1726611500801%3Bp%3D4EFE50BD-6048-315D-918A-6058841C4806%27&dcc=t' because its MIME type ('image/gif') is not executable.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self'; upgrade-insecure-requests

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

6f60b7d05db617311e0c74ec358d230b.safeframe.googlesyndication.com
9200789.fls.doubleclick.net
a.fsdn.com
a.tmonews.com
ads.pro-market.net
ads.yieldmo.com
adservice.google.com
ajax.googleapis.com
analytics.tmonews.com
ap.lijit.com
beacon.krxd.net
bid.g.doubleclick.net
cdn.ampproject.org
ce.lijit.com
cm.g.doubleclick.net
cms.analytics.yahoo.com
connect.facebook.net
csi.gstatic.com
d3ezl4ajpp2zy8.cloudfront.net
d3tglifpd8whs6.cloudfront.net
disquscdn.com
dmp.truoptik.com
dmx.districtm.io
dpm.demdex.net
dsum-sec.casalemedia.com
dt.adsafeprotected.com
e.dlx.addthis.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
fw.adsafeprotected.com
gcdn.2mdn.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
idsync.rlcdn.com
imasdk.googleapis.com
kinesis.us-east-1.amazonaws.com
load.instinctiveads.com
match.adsrvr.org
matchadsrvr.yieldmo.com
maxcdn.bootstrapcdn.com
ml314.com
p.skimresources.com
p.tvpixel.com
pagead2.googlesyndication.com
partners.tremorhub.com
pbid.pro-market.net
pippio.com
ps.eyeota.net
r.skimresources.com
r5---sn-ab5l6nzr.c.2mdn.net
rtd-tm.everesttech.net
rtd.tubemogul.com
s.amazon-adsystem.com
s.skimresources.com
s0.2mdn.net
securepubads.g.doubleclick.net
slashdot.org
stags.bluekai.com
static.adsafeprotected.com
static.yieldmo.com
sync.crwdcntrl.net
sync.mathtag.com
sync.search.spotxchange.com
sync.teads.tv
t.skimresources.com
tag.crsspxl.com
tags.bluekai.com
tmonews.com
tmonews.disqus.com
tpc.googlesyndication.com
u.openx.net
us-u.openx.net
usermatch.krxd.net
www.facebook.com
www.google.com
www.googletagservices.com
www.tmonews.com
x.dlx.addthis.com
d3ezl4ajpp2zy8.cloudfront.net
disquscdn.com
partners.tremorhub.com
104.16.111.154
104.16.190.66
107.178.254.65
13.225.210.128
142.250.65.162
142.250.80.34
142.250.81.226
142.251.40.102
147.203.60.11
147.203.62.4
151.101.130.49
151.101.194.49
151.139.128.11
172.253.62.154
192.35.249.127
199.232.196.134
204.68.111.106
209.54.180.144
216.105.38.9
216.200.232.249
23.215.130.80
23.3.124.133
23.52.162.201
23.52.162.21
23.52.164.7
23.92.190.68
2600:1400:d:5a3::2b44
2600:1901:0:8eee::
2600:9000:21dd:9400:8:48e:53c0:93a1
2602:803:c002:200::62
2606:4700:3031::ac43:9a6d
2606:4700:4400::ac40:96e3
2606:4700::6812:acf
2607:f8b0:4005:80c::2003
2607:f8b0:4006:807::2006
2607:f8b0:4006:808::2001
2607:f8b0:4006:808::200a
2607:f8b0:4006:80d::200e
2607:f8b0:4006:80f::2001
2607:f8b0:4006:816::2004
2607:f8b0:4006:81d::2002
2607:f8b0:4006:81f::2001
2607:f8b0:4006:81f::2002
2607:f8b0:4006:820::2002
2607:f8b0:4006:821::2002
2607:f8b0:4006:821::200a
2607:f8b0:4006:824::2003
2607:f8b0:4006:824::200a
2607:f8b0:401e:29::b
2a03:2880:f012:10c:face:b00c:0:3
2a03:2880:f112:182:face:b00c:0:25de
3.217.188.123
3.230.62.22
3.91.171.156
3.93.204.138
34.111.234.236
34.199.75.209
34.200.35.154
34.232.140.51
35.190.59.101
35.190.60.146
35.190.91.160
35.201.67.47
35.244.159.8
52.1.175.157
52.205.48.68
52.223.40.198
52.41.89.5
54.205.31.112
68.67.179.77
76.13.32.147
0344342eef20413e362317203b636c06225787606fee95457bf991eaac4671f3
067d0bd30358c7a31e4f42ded3dfa16e316004889d0df81ce5288f36e52ade72
0720a06cde3c5a6993f59ca2c3e1cf0e1b25dd09d0ad49af9dea38698ffcbbf9
087acefdf6ffa81b54a6c18faeba863e3358d30329afad824af34d1ee50d8992
0900693ba4018c6de9126b543a8a3c50080eb74d1ed0696e5cc8fca0c0c99513
0a0e02f6e39434ca62ba78ba276b9f2733b444dcbda09ce04f379a3005456154
0a48538aa9bd30d69fdf267f795b550b42f636b4608d75ec8980bf00011f8465
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80
0b281bf2f4179c06ba68f0a427f2341287c41eacc2ce9d534c6f5c513ac633fb
0b2f1186fbef585443e2da57208e35cfd5a33f2de348c1497feec9254ca89d8e
0b3f8027f726d6d867bd250b35ee7f4ac42dfe09abf41a42e524b46f8793feef
0b43999f77e447254a78e068f55a6cc9075071b252277337b901e095e607e474
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0d25b2e34481eb72ef8fa31a0d00d28755be397330093f038b9987a058e05d63
0d676790cf5fb78e031970275c9ec7e5e6a9ded28edd02912aa8535840328186
0db83b910a63e14402b531d4b6cc391faa62a238762b70f5fcd7efe915728b13
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
0f028ae5d5368b1b1ffefb062298b224bfe078646888b3132cb3d072058917a8
0f31ba25d5fed838d82d226372cdaa2e4a1d54a0c87fe79086283897b060c7f0
0f9741ea2552db41827f347f3274b0714b975acbc4b68f1d8d7994ce47b85189
0fb1bbca73646e8e2b93c82e8d8b219647b13d4b440c48e338290b9a685b8de1
100bd3d62d83a85ec995ab6d43ad553b4db8b6a0e70b2f982951a2ce7f40b5bd
102c02a9eaf69cb2a6e6b18ce826828e74b3b71d38913f2478a2b0c9b0739e01
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
128393865321c7b9c0f45fd8dcc02630bf78cf14205623cf0cb267c225a7259d
13d490516dc5cff874922cd12280b651452dad5224a45107d947e38854eff405
192cd11715f243759f3de70eb7e045b1e4412af00ed2d7a9498d3d505e5b13f3
199411f659f41aaccb959bacb1b0de30e54f244352a48c6f9894e65ae0f8a9a1
1a38abc258b9c785c56ece0e8e61fcaf7fadacd671e9a4ab340e9982b290f1c4
1b7d68cb00b5b7f040f9582688f92c8fa2c16b46c1c167182bf7cf9ed40231d1
1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306
1e5432b0eade4361e7be4d7836a40de78a2c54d44fbc394662d169a4f26eacb1
1f387bab02202ab604ab69a42ac34ddd304921f8cabb285b53b4cc1f114793fe
1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954
1fab6bd83a2d91a50bb947043a7c3c7525ba6fa61830405113914403891a88ad
213738a8de7a1e55874dcbc92825c84599256579b64f60f19c2514e61844e6bb
233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285
277f602591bef0e21e0856aca722267155d7e61161d26a67b6a467c92771909c
27b3dcbffc046c160e52b2a3d4f91346c61d07b6489e88e7d84e89a7a0fc1787
28269c3d1d5ca3dac09de3bc1f15e51ef6c3f553c809f34e784397e5d55b954d
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
2c91a7d22d8f83cc86fb0ce298547986d4ac0c4e68a25b2b1a4965e074319e0c
2db93501ec065f44da352de49a892a37f979a3843371a8b92c66d8361b442af3
2eb2a641ec9143273f4f5ba4f1526364fd4b1a040b628b4be54b77dbe362690f
2f129824302579e5d1e8d57dccd6a0af480501ef7d546b2a17f7e54426a4f74d
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
2f5ac0fde25b0b19ea159c785554766bd964635818a77c2d92c8e1911b1d72a5
2fce2feb1cb59a8c53b5b46d1d758949090324d34b2a941a972240d6ccf63db6
3196efa005510fadc0d0ba8a953342aa3ded831148148df8831dbfccfa081b32
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
32bc7c1c64fd1b755d48d6025b86b7e7a28ad35d1f420cf85cdc1123aa7dfcd7
33bb04c30eaa69b8fbfb0a78bbafc90fa61da3ec78bc16738c398691a9df1026
3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
385997a68810ee61dbe7378aa2d5a42e2d44145394b5a18db3665ee13af97c37
3a368dc54294b94b6a16f9ac2c5fad6eea42a6dfc7f0dd9879f75302e0f79365
3bfea5a50612972dbbbaba90457eb6d3892d91969222098bdf94580fbb9e6594
3e38edd06ba18feece3a68f21026afaee36ee4422def14de88f348a25f2effd7
3e4b7ba7e986cfaa7a192099c92dfa32c8830102d97e9615e628627727e65d81
418fbc553b3878d6b878b8f15fbde1889d0df7bc74f1530cbe8ae598703802ce
438fdbf35c842d9b2b5748640dba220dfac47a9418089bade3316fbc6f4f0349
44da874709bff63f7566149ec8946973ded7e39f677ac1016488a67650670895
460ff0b1da5bacd95df6905ad1c8df05bdda30aa4189e2fef38b53b6318e42ff
4701dc5781a4f2bcdddd33cfe6b025b2e532b562faae5f3756973975556b4a38
48ca4c570f2d58d8ff837e1c8f7d73e418a485ae23b2c9322f2f351d71d93aa7
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
499d5f4acd054d657485cafe64a7a3aa19503432d0803a58395e93dd6888db1f
4a29964e922a0ddad04e2feb2b4496f1019838b0cd9754da5bc95f6e20a14e98
4aedfe852f3e66d42f112b122916b409291b1eb5b2cc10515c4c1a1eeab18751
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c31c7452a785f7efecf3ce2e9983d3bf7af71f0ab7839b424eeb812b3a9fb90
4d9654ed1ef4e650bc9859c4c8372b9ececef6ca1ef9d3313510ea2860c0cfa6
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
56275d6f348c93a8cbd4e39347d343252f39f7a9f2ef157d47d120ddb68059d8
56a0d246c8fde9d7701441328de88b8d1480f9cb4c6439cbe1d5c84c2dac51ca
58619b0ef7928fafa3ebf95986ac968996e495325ffe1ae58d906a175706a065
58bbcdcc9a97c8558bfb3e664b0309afff8f3e005712e4ba5177ed01c5d8e1a4
5af4774e66ec9b76ee816c50a444b99217b55ca753ca0eacbfbecda512cb9e55
5c166a5d40aeefd0679a14f95e47ff28824e66abba82adfa30be41803cc25632
5c68cf1f0dca577bf260a647a1e73410fae9b838e3da448412df4b142e4fc123
5eb3c080a61c66dedea6e79f5ad7ab14f6ec9a805393f562e70bb5a164e7b54f
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
638d2f5ba5cf501a58131a42efe30aa2c2154904b0654a517cce4baeef308022
647fa5842a1d6bda583722e91d327e27c709aab0a087a5c6a783080ab87bbe88
6c7238d00b5967d972b1af4e31b91bf862a061755b1b8ec13dad882ff807832c
6c94b3c2387350ddc9578983080b818e496f9314507a7313679cb7483527cfa9
6dbe9c2e13cf06c6633ea3fcf6d7bd30452561202a205c75a035cd1d8b93368f
6e9ba0d958d161dbc077072c991a79599a4e255f5013f8df57e77a53338ade44
708369fe8dc1fd8fce92d3a7078852bb50ba4ba1a1884b1358c3bf03e1670d50
71f2a13533b19771b9a6ae3843e61a8c05dba04c964f0eab559f3b352ac1439a
731d45be792c123ee813045b6f28b8be46691cdc738106241433203c6c0c5fc7
74115ce236f462d54ebf3b3a6322d12d7846e3781f95e5f998c062f45c9ff262
7599e0a5ce1ba2a12f036e998e19e60b6e982178e4363d4630ab3a91ca73bf62
75d893335a1d25db1bf02e25ab904d97a3af743128850d8566b93d197e56e9e9
7752209aad3a9e6abac087226b54d3fa59da66a506b6caba98045e59e44493a0
788b901ac1cf2f21f58683101690b665e9032762d91e59f29f708bb07bdaff42
79c769495cad81cc6b2196fc2748748f8e93ceba6a873af3fd7995b3435f977f
7c569ee6059fba73f3e72ab40d7710dfe74e639a4d4bfd345b82880fbad1c45a
7d8dd6de154781e65e03d95907d9e8d15533a2c7a01d28020c90da0ebc03729b
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
80ac56c5a433f478beaae000c3a59581bb997f7f4085e81651be7f286507f3e4
813d0550bb80c595499f6214f36802a4ba2ea23c34fe2f5bf0f21e3a249c8bff
8184fd2fad168d0542ca63664254cdb98fa99803993453274347cb0344cd03fd
8323d76a1cfe88f9b72e718d66b1390cf8c5d77158db9dffb481161d753a16fa
838740e265954d7ecdb4bc78a3954145dc040479b26f82fbd8b4e0438775232a
845aea44a769c0d344fdc9eb4b2dc3ead4f629dd01cf2aa5449209acde30ace4
847cb019367c5995fe0ca6d8b7c85d6cbb2bda3a32b65a95ead3c650bde69b87
84989ff4b642f4c374a1b9e027e702c9d40517d833e28f95ef9ec0ec5aa9d2bb
8595c9d8029dbff2de8591a6350db3a08296d879a7d944effe4778f56f24eef0
85dce6f3ea3e30168330db951dc0ef20ec01e265b861b5119edf54c95dde133f
87446743dc0636a9c71f843893433c0257c8f3566617480e167d1086e80957b7
892ecb8e84801900fbec1f9f340f9dd7d53a6444079d82dda76d41581c501891
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8c0f0b586e4a519ec50abcd3d9b623597296d81f4e3714da08e1b88b1a8bc35c
8c4c75718a1be6d6a85a27f4532b34e8a343231543f55fa452a4112b1963bbe6
8ed51d0fccdcfd58a1766c7ae09e336e6b7bfd62e78ccaa9dfb303325ea4b91d
93134a11e41c2af39ccb5e414f854deebe239f48471de407baa6779dedb9fd9f
93e2f1ae3ff7711e4a86b313569cc054e1f50a0c17ad4be47a41699f8d997a84
9479b3e3bef0f6427206cadb155b1f1e0197e6d87356db3a4dee7732273b2b80
95f4375a13bf1971559112ab84c1e012ccffc1336b3a96c2f6d7a952442ec0c0
967ff8234f92c23a8b49e563a7d6d737634ab5c62b1f227505bd59147a8d3370
974cb0465b86e42678a5d487cfe6c07bb5a2b0328a24b9771c5a29c1147a5630
98c2bbf9762e2cda593c1f8ee5bfa9d8234d253dae4870a317fa22d30a9e73e3
98f0b8b956f17b40cac75488e3af7a807c59a3af15a8042b89d746fab42fedf7
98fe7343b2cf70401aca810c5251b46488443b5610730d1300050680ebc8dc38
9a75c3e9f9a26db4a4d4aa1e7e5aa105412a01ee807ff9aa95848648bac21960
9b202ecbc6d45c6d8901d989a918878397a3eb9d00e8f48022fc051b19d21a1d
9b3d53eb6b7a685830f01a13bfb77ceb2a1894c0bcad40f0eaa3ca84c07776e6
9edd0be2f0db70ffa8c2b27277fdfdc053105afb9005d3b7be48de3fea298694
9f90ea0f320e7edde055d595c7a2ec96d4cc8d6ff076aadeea373f53493c11dd
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a169e27546ea3ad7db2e911864def04e205d9388b3e138956eec6af7b8939d28
a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73
a390b063c15d0848a8890e79b45c32b3f703949091ca8121eac86d7ea97569c3
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5254602a95ce7f504195698ebe0472143f9ce1632333fc913e838aaead7416a
a6a4fd99d19c6c49adac8d7f53ac4774609223b38440dd93ee9814fda4764175
a6a568da5191d537c1dc45a605ebc5b60090e007169de7ca6d49d365eb8fddcc
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a7d5c1bfe43c8beefab2fa059f4fcaa029fcbbace9a672aae1dfe1ffb7d6976c
a80ecca84286562a757ca2bdc02a1af2647709ee149147f80178ef16ad5fce0e
a9bc4e5242b40d8b915bce507e936124973ec1e2d14db57171a6e349827ff29a
aa7fcea6935ccba51c30406ce3012768bc3fdd3e2009ab70df6e2d8697d17243
aa896976efcf8b2a8c7d985980a34658a223b085643414b5d43478d2dafe42be
aa9742f8cd67f33c24c49a89a47895b1395f3c328f4bd9aa345cd604ff7a1fe8
aec5ee5147fdc283bcb601dc6231c234d9bec077d32756aef2a75eeedf78038f
af91213cd670d6270b32ebdeb00a09625f6b74ccd780d12ff6724a14ea1efaff
afa20251a559f167b4babc9665690f570c15b2204f35a52371afcc97d26e4632
b12639fc87f5b28725a50369a47a4eff9d9ed4604a2fbc0af7dc70c883df7d5e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b219826811e65b7c7ecd8af8b825115354b55f7a735908c78925289684c52e05
b4a068d964954d1d62d670c61f0ab282999579a58c71ec8c3c1acf6b062c8991
b57b40dd9b6db0dd6d605a08e230dc04872c749430632eea71fdc9a6697884d8
b790620eae762ad6cd6a86b02c8aed42b3cfb06dd15c6c339810b5d567935794
b7e23ad50b14464a19348537712c420940467b87d27ee939cec647f1ed3a184a
b94ed570e00f5bba0eaed65da67bf6f2fc5e107446a682eb045f20dbd12ab0e8
b9eb7045246c07ad8d8e31eccff19ed44a53ce5a15c0d2d287a214cd65b4fc83
ba85e5898d4c596a38241f11da119600d264851cf6f692df792492fcb779daa8
bb091da0b44663f1b57401072fccfaa8be7535daeb8b365247c0f5b160bfa369
bc6f5d6157a018818841738dc10fd070072a3346981a436d7cff4d0f20b5cf09
bca8589c9fe459f1609945e093b7999662d4ff9b681d1394c5816ea2ebd38088
bee53f5b30d298afb9a5bfb5bf383f9da4f766f25f169359aca4d090a67d35de
c35cb868f3206025b4885f4e4bafe24074b74a7cdc82fe0e95fb011dc9a4f653
c3751dc6a2d62d57154db22bddca77f173d1a3e30c3043d686736dcd60579d0a
c4bed352d6913e02240906e22a9fbd0976fd9d9fbed2bf187a1145be17620dfb
c4d8dbe77feb63e5a61bee0bead4e5f66e8fa6a927599bd1b74aced52467273c
c5ba4a507dc7d5832a1b6f079fe375c6b98e917a087d4806484a2aa6802c093c
c61e0724a2b6e1ca149316c16bbd65d99699b59009ea988e44d829743842b272
c76e2865cdfdb4057f32105c643d979cf733b396314c15d6f03ab70ab583c147
ca314d000db9e70ba99df5c19a6bc202c220bd57f9a04f2e2138eadaec6fc995
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cec6b2058ed741f2143e13a832d39347bbab2a63607e16681a03ddbbb99e4dfa
cf71649a94fef9bcb6afe446c063998a992d26d9e5d783a636c56415741ee876
cfe07684c33a1dcece0cf583d226fa9d3560ae5ad3396fde399538df40fcd983
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d990cc0d4e57dd0349bb2713238c23eeb69f918821e3f0cef41f12c54e44bb18
dc361c2feff7d6509135ab25adf52fbb14d207545e5becff5a8ab2ed00acad44
dcd4f2ab48d2af8bcca935cd421720d106b080c38c8041061b76bd2314745896
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98
decf9a1c369de13f20accd56ad5c9a31cd6c9934c2ff4060d4d2698bd6c9c438
e29b31bb8cdc8443855c48062f8ebb1ba10e630fcdfe677cbce851c6ebc86ab9
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4104060cd9de722a62520940b75beb1b555fefe71972128e4636ec751e0e715
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e66bfceb15a6ee125dff79826be02a07b766843e6c660edf55ec0c22d1a407c1
e6b8db589552fe49a9d8f13af137a778a1904a98ea65c36020cc77897cf1052d
e8403779d45a9590b43c0ecf984ebe11e75fd2982630d658390a6001a6768770
ea4963337ff5bbd2df1422f2b1af841ecfe7efc477584e7a85b030518484501e
ea4bb29c87aea7d236867b2f7c2833042b42d21b9b90a2f716d7326fa82f96d6
eab882f746044fa5a5624215b4027f1f74f97268c7c8794b9fc81beaf9f56837
eaca34baacf359f13ec762af7805f85632d51ca4b2a59c04da909f4f225c9202
eb1ee6ec055ac275db905e46cf05b708bae1dfb98de751b8bad8b38aa8c9673c
eb45241596572f8dd762965a929252b2b32620daebdb36e5fb1bce6e21676a12
eb9348ac682613cd1222263c7c351225e096375b015df1ba9620265f73f66545
ec1c362d3f02336e6f572c8f110ebab8fd7e0ad11983d4410369a2e389ac806b
ed9e64ad307370012bd73266c87c7592a5b13e6f0daefbc1b455dc17bf35776d
eea4934186ca71253445603b4d23175a8cda0562742c7338aa4e9f6e0a43e434
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef47d5f799b22e1714dfb0084cce280f89ce6b85ef50880df228efd6796e236e
f5aa215c945a77bc27d34aa198bb2bf65746e4180f2fc044e462b65bd7d09d95
f66e96723a5fed514d40358f37251d17d80a07b284728415ee475806555fee06
f78bd6f486701c92c22bbe6f40e87daa66aa2bb5a544fbe87e1ab97cef281437
fabcac79aac9f8bdd2acc7d65d31611fcca830d2b8ab9aa2677886bbbd11d750
fb304551c9af6be51fbdcc7ba3deb7cad91f09c29e00fe42c07d321b73a4d5d0
fb71537dd0cf24fa57319e58e4dcf9978543f094861e5306f6142ab6473de2dd
fbab74bc98f2aecb74475d2b7beb049322404728ad54f608382703ee5b1de635
fc48d1d80ece71a79a7b39877f4104d49d3da6c3665cf6dc203000fb7df4447e
fcc83a5b6aef86420c1ad553167106df96bd0ff4192ffe52b1647599948edbcf
fea7bfbf07344999928ae27ac15a0ef360decb240ab02fc3406614b21b70cc77
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

www.tmonews.com Open in urlscan Pro 147.203.62.4 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

333 Requests

90 %HTTPS

35 %IPv6

50 Domains

80 Subdomains

64 IPs

2 Countries

8647 kBTransfer

13962 kBSize

76 Cookies

14 Outgoing links

Page URL History

Redirected requests

333 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 10 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.tmonews.com Open in urlscan Pro
147.203.62.4 Public Scan

Screenshot
Live screenshot

Full Image

333
Requests

90 %
HTTPS

35 %
IPv6

50
Domains

80
Subdomains

64
IPs

2
Countries

8647 kB
Transfer

13962 kB
Size

76
Cookies

333 HTTP transactions
10 data transactions