heraldcourier.com Open in urlscan Pro
192.104.183.109 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.tri-citiescalendar.com/
Effective URL:
https://heraldcourier.com/events/
Submission: On February 18 via automatic, source certstream-suspicious (February 18th 2023, 1:07:19 pm UTC) — Scanned from DE

Summary HTTP 305 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 80 IPs in 11 countries across 68 domains to perform 305 HTTP transactions. The main IP is 192.104.183.109, located in United States and belongs to LEE-ASN, US. The main domain is heraldcourier.com. The Cisco Umbrella rank of the primary domain is 485324.
TLS certificate: Issued by GTS CA 1P5 on January 16th 2023. Valid for: 3 months.

This is the only time heraldcourier.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	192.104.182.209 192.104.182.209	10668 (LEE-ASN) (LEE-ASN)
7	192.104.183.109 192.104.183.109	10668 (LEE-ASN) (LEE-ASN)
23	104.16.133.24 104.16.133.24	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	18.64.79.126 18.64.79.126	16509 (AMAZON-02) (AMAZON-02)
3	18.64.83.82 18.64.83.82	16509 (AMAZON-02) (AMAZON-02)
5	104.16.132.24 104.16.132.24	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
1 1	151.101.193.194 151.101.193.194	54113 (FASTLY) (FASTLY)
1	2600:9000:225... 2600:9000:225a:1600:18:a82e:7180:93a1	16509 (AMAZON-02) (AMAZON-02)
8	18.66.147.43 18.66.147.43	16509 (AMAZON-02) (AMAZON-02)
9	2a00:1450:400... 2a00:1450:4001:829::2008	15169 (GOOGLE) (GOOGLE)
18	2a00:1450:400... 2a00:1450:400d:80a::2002	15169 (GOOGLE) (GOOGLE)
2	2606:4700:10:... 2606:4700:10::6816:3556	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	107.21.165.221 107.21.165.221	14618 (AMAZON-AES) (AMAZON-AES)
1	162.19.138.82 162.19.138.82	16276 (OVH) (OVH)
2	162.19.138.119 162.19.138.119	16276 (OVH) (OVH)
5	2a00:1450:400... 2a00:1450:4001:82f::200e	15169 (GOOGLE) (GOOGLE)
3	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1 2	107.178.250.234 107.178.250.234	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2600:9000:20e... 2600:9000:20e8:9c00:8:8845:1500:93a1	16509 (AMAZON-02) (AMAZON-02)
1 5	3.33.220.150 3.33.220.150	16509 (AMAZON-02) (AMAZON-02)
1	18.66.22.149 18.66.22.149	16509 (AMAZON-02) (AMAZON-02)
1	34.90.79.92 34.90.79.92	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 2	18.235.197.156 18.235.197.156	14618 (AMAZON-AES) (AMAZON-AES)
35	2600:9000:215... 2600:9000:2156:dc00:3:1a27:3000:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:400d:805::200e	15169 (GOOGLE) (GOOGLE)
3	99.86.3.236 99.86.3.236	16509 (AMAZON-02) (AMAZON-02)
6	99.84.144.128 99.84.144.128	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400d:808::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::2001	15169 (GOOGLE) (GOOGLE)
6	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:402... 2a00:1450:4025:402::9d	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:400d:806::2003	15169 (GOOGLE) (GOOGLE)
30	3.211.193.175 3.211.193.175	14618 (AMAZON-AES) (AMAZON-AES)
1	2600:9000:205... 2600:9000:2050:3600:a:e047:752:5701	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6810:5614	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
2 17	2a00:1450:400... 2a00:1450:4001:829::2001	15169 (GOOGLE) (GOOGLE)
1	52.87.57.81 52.87.57.81	14618 (AMAZON-AES) (AMAZON-AES)
1	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	2600:1f18:730... 2600:1f18:730:b120:4d89:3f20:fa5:8c17	14618 (AMAZON-AES) (AMAZON-AES)
1	34.232.54.150 34.232.54.150	14618 (AMAZON-AES) (AMAZON-AES)
1	44.210.156.48 44.210.156.48	14618 (AMAZON-AES) (AMAZON-AES)
1 5	2a00:1450:400... 2a00:1450:400d:80a::2004	15169 (GOOGLE) (GOOGLE)
3	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	2600:9000:226... 2600:9000:2260:4e00:8:4487:bd00:93a1	16509 (AMAZON-02) (AMAZON-02)
3 6	35.153.253.201 35.153.253.201	14618 (AMAZON-AES) (AMAZON-AES)
1	2a02:26f0:dc:... 2a02:26f0:dc::6853:4c1	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2400:52e0:1e0... 2400:52e0:1e00::1078:1	200325 (BUNNYCDN) (BUNNYCDN)
1	44.240.82.169 44.240.82.169	16509 (AMAZON-02) (AMAZON-02)
2	138.199.37.231 138.199.37.231	60068 (CDN77 ^_^) (CDN77 ^_^)
2 2	185.29.132.245 185.29.132.245	30419 (MEDIAMATH...) (MEDIAMATH-INC)
7 7	52.59.78.86 52.59.78.86	16509 (AMAZON-02) (AMAZON-02)
3 4	37.157.4.25 37.157.4.25	198622 (ADFORM) (ADFORM)
2	2600:1f18:ed:... 2600:1f18:ed:550a:9dcf:c5fe:8372:efac	14618 (AMAZON-AES) (AMAZON-AES)
2 2	52.50.166.52 52.50.166.52	16509 (AMAZON-02) (AMAZON-02)
1 3	23.35.209.176 23.35.209.176	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a04:4e42::300 2a04:4e42::300	54113 (FASTLY) (FASTLY)
1 1	64.74.236.191 64.74.236.191	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
6	2a00:1450:400... 2a00:1450:400d:806::2002	15169 (GOOGLE) (GOOGLE)
2	108.128.57.95 108.128.57.95	16509 (AMAZON-02) (AMAZON-02)
1	34.90.223.176 34.90.223.176	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
18 24	35.204.74.118 35.204.74.118	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
5 6	76.223.111.18 76.223.111.18	16509 (AMAZON-02) (AMAZON-02)
1	2600:1f18:612... 2600:1f18:612b:4264:b002:6706:c84b:49fb	14618 (AMAZON-AES) (AMAZON-AES)
1 2	34.111.113.62 34.111.113.62	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	52.59.157.154 52.59.157.154	16509 (AMAZON-02) (AMAZON-02)
1 1	52.29.55.65 52.29.55.65	16509 (AMAZON-02) (AMAZON-02)
2	99.84.146.70 99.84.146.70	16509 (AMAZON-02) (AMAZON-02)
2 2	2600:1901:0:8... 2600:1901:0:8eee::	15169 (GOOGLE) (GOOGLE)
2 3	34.254.143.3 34.254.143.3	16509 (AMAZON-02) (AMAZON-02)
1	52.72.248.126 52.72.248.126	14618 (AMAZON-AES) (AMAZON-AES)
1	216.52.2.48 216.52.2.48	30282 (AS-INAPCD...) (AS-INAPCDN-OCY)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1 1	142.250.180.194 142.250.180.194	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
1 2	185.94.180.125 185.94.180.125	35220 (SPOTX-AMS) (SPOTX-AMS)
4 5	37.252.171.53 37.252.171.53	29990 (ASN-APPNEX) (ASN-APPNEX)
4	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
1	34.98.64.218 34.98.64.218	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
5 5	142.251.208.98 142.251.208.98	15169 (GOOGLE) (GOOGLE)
1 4	34.243.37.252 34.243.37.252	16509 (AMAZON-02) (AMAZON-02)
3	216.52.2.39 216.52.2.39	30282 (AS-INAPCD...) (AS-INAPCDN-OCY)
5 5	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
3	35.157.139.91 35.157.139.91	16509 (AMAZON-02) (AMAZON-02)
4 4	3.73.186.215 3.73.186.215	16509 (AMAZON-02) (AMAZON-02)
3 3	37.157.3.29 37.157.3.29	198622 (ADFORM) (ADFORM)
4	2.18.36.193 2.18.36.193	16625 (AKAMAI-AS) (AKAMAI-AS)
1	185.64.189.115 185.64.189.115	62713 (AS-PUBMATIC) (AS-PUBMATIC)
6	185.64.190.80 185.64.190.80	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	213.155.156.167 213.155.156.167	1299 (TWELVE99 ...) (TWELVE99 Arelion)
1	178.250.0.163 178.250.0.163	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 1	2620:116:800d... 2620:116:800d:21:e365:4988:e8a7:3270	16509 (AMAZON-02) (AMAZON-02)
1 2	67.220.228.203 67.220.228.203	16509 (AMAZON-02) (AMAZON-02)
2 2	141.94.170.64 141.94.170.64	16276 (OVH) (OVH)
2 2	35.201.96.126 35.201.96.126	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	185.64.189.229 185.64.189.229	62713 (AS-PUBMATIC) (AS-PUBMATIC)
5 5	104.18.24.185 104.18.24.185	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	198.47.127.20 198.47.127.20	() ()
305	80

1 192.104.182.209 (United States) 1 redirects

ASN10668 (LEE-ASN, US)
PTR: cms.chicago2.vip.townnews.com

www.tri-citiescalendar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 192.104.183.109 (United States)

ASN10668 (LEE-ASN, US)
PTR: cms.newyork1.vip.townnews.com

heraldcourier.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 104.16.133.24 (None, )

ASN13335 (CLOUDFLARENET, US)

bloximages.newyork1.vip.townnews.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.64.79.126 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-64-79-126.txl50.r.cloudfront.net

tags.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.64.83.82 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-64-83-82.txl50.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.16.132.24 (None, )

ASN13335 (CLOUDFLARENET, US)

bloximages.chicago2.vip.townnews.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.193.194 (United States) 1 redirects

ASN54113 (FASTLY, US)

production-evvnt-plugin-herokuapp-com.global.ssl.fastly.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:225a:1600:18:a82e:7180:93a1 (United States)

ASN16509 (AMAZON-02, US)

discovery.evvnt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 18.66.147.43 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-43.fra60.r.cloudfront.net

tagan.adlightning.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:829::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a00:1450:400d:80a::2002 (Ireland)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::6816:3556 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 107.21.165.221 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-107-21-165-221.compute-1.amazonaws.com

prod.us-east-1.cxm-bcn.publisher-services.amazon.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.19.138.82 (France)

ASN16276 (OVH, FR)
PTR: ns31532337.ip-162-19-138.eu

lb.eu-1-id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 162.19.138.119 (France)

ASN16276 (OVH, FR)
PTR: ns31533570.ip-162-19-138.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 107.178.250.234 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 234.250.178.107.bc.googleusercontent.com

js.matheranalytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:20e8:9c00:8:8845:1500:93a1 (United States)

ASN16509 (AMAZON-02, US)

b-code.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 3.33.220.150 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.22.149 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-22-149.vie50.r.cloudfront.net

d1eoo1tco6rr5e.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.90.79.92 (Groningen, Netherlands)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 92.79.90.34.bc.googleusercontent.com

tag.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.235.197.156 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-235-197-156.compute-1.amazonaws.com

trkn.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

35 2600:9000:2156:dc00:3:1a27:3000:93a1 (United States)

ASN16509 (AMAZON-02, US)

discoverevvnt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400d:805::200e (Ireland)

ASN15169 (GOOGLE, US)

ampcid.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ampcid.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 99.86.3.236 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-3-236.fra6.r.cloudfront.net

aax-dtb-cf.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 99.84.144.128 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-144-128.txl52.r.cloudfront.net

cdn.segment.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400d:808::2002 (Ireland)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

41c489be1c6100234d9199d69a77f8e1.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4025:402::9d (Den Helder, Netherlands)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:400d:806::2003 (Ireland)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 3.211.193.175 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-211-193-175.compute-1.amazonaws.com

bidder.newspassid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2050:3600:a:e047:752:5701 (United States)

ASN16509 (AMAZON-02, US)

cdn.prod.uidapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5614 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:829::2001 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.87.57.81 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-87-57-81.compute-1.amazonaws.com

www.i.matheranalytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:730:b120:4d89:3f20:fa5:8c17 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

rp.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.232.54.150 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-232-54-150.compute-1.amazonaws.com

rp4.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.210.156.48 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-210-156-48.compute-1.amazonaws.com

idx.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:400d:80a::2004 (Ireland) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2260:4e00:8:4487:bd00:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.prod.mktg.evvnt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 35.153.253.201 (Ashburn, United States) 3 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-153-253-201.compute-1.amazonaws.com

i.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:dc::6853:4c1 (Vienna, Austria)

ASN20940 (AKAMAI-ASN1, NL)

sli.heraldcourier.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2400:52e0:1e00::1078:1 (Slovenia)

ASN200325 (BUNNYCDN, SI)

survey.survicate.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.240.82.169 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-240-82-169.us-west-2.compute.amazonaws.com

api.segment.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 138.199.37.231 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)
PTR: 138-199-37-231.bunnyinfra.net

surveys-static.survicate.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.29.132.245 (United Kingdom) 2 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 52.59.78.86 (Frankfurt am Main, Germany) 7 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-59-78-86.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.157.4.25 (Denmark) 3 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1f18:ed:550a:9dcf:c5fe:8372:efac (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

i6.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.50.166.52 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-50-166-52.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.35.209.176 (Vienna, Austria) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-209-176.deploy.static.akamaitechnologies.com

x.dlx.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42::300 (United States)

ASN54113 (FASTLY, US)

trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.74.236.191 (United States) 1 redirects

ASN22075 (AS-OUTBRAIN, US)
PTR: chi.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:400d:806::2002 (Ireland)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 108.128.57.95 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-108-128-57-95.eu-west-1.compute.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.90.223.176 (Groningen, Netherlands)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 176.223.90.34.bc.googleusercontent.com

i.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 35.204.74.118 (Groningen, Netherlands) 18 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 118.74.204.35.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 76.223.111.18 (United States) 5 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:612b:4264:b002:6706:c84b:49fb (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

simplifi.partners.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.113.62 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 62.113.111.34.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.59.157.154 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-59-157-154.eu-central-1.compute.amazonaws.com

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.29.55.65 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-29-55-65.eu-central-1.compute.amazonaws.com

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 99.84.146.70 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-146-70.txl52.r.cloudfront.net

sync.intentiq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1901:0:8eee:: (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)

fei.pro-market.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.254.143.3 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-254-143-3.eu-west-1.compute.amazonaws.com

loadm.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
loada.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.72.248.126 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-72-248-126.compute-1.amazonaws.com

sync.bfmio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.52.2.48 (United States)

ASN30282 (AS-INAPCDN-OCY, US)

ce.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.180.194 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: bud02s33-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.94.180.125 (Amsterdam, Netherlands) 1 redirects

ASN35220 (SPOTX-AMS, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 37.252.171.53 (Frankfurt am Main, Germany) 4 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.64.218 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.251.208.98 (United States) 5 redirects

ASN15169 (GOOGLE, US)
PTR: bud02s41-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.243.37.252 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-243-37-252.eu-west-1.compute.amazonaws.com

ads.avct.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 216.52.2.39 (United States)

ASN30282 (AS-INAPCDN-OCY, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.227.252.103 (Kansas City, United States) 5 redirects

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.157.139.91 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-139-91.eu-central-1.compute.amazonaws.com

match.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.73.186.215 (Frankfurt am Main, Germany) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-73-186-215.eu-central-1.compute.amazonaws.com

ad2.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.157.3.29 (Denmark) 3 redirects

ASN198622 (ADFORM, DK)

cm.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2.18.36.193 (Vienna, Austria)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-36-193.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.115 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.64.190.80 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.167 (Sweden) 2 redirects

ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE)
PTR: 213-155-156-167.teliacarrier-cust.com

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.163 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:e365:4988:e8a7:3270 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 67.220.228.203 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

aax-eu.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 141.94.170.64 (France) 2 redirects

ASN16276 (OVH, FR)
PTR: pikafka-eu-7.cloudy.ovh

pixel.onaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.201.96.126 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 126.96.201.35.bc.googleusercontent.com

visitor.fiftyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.229 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

aud.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 104.18.24.185 (None, ) 5 redirects

ASN13335 (CLOUDFLARENET, US)

ssum.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.47.127.20 (None, )

ASN- ()

simage4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
35	discoverevvnt.com discoverevvnt.com — Cisco Umbrella Rank: 33342	311 KB
30	newspassid.com bidder.newspassid.com — Cisco Umbrella Rank: 20514	63 KB
30	doubleclick.net 6 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 186 stats.g.doubleclick.net — Cisco Umbrella Rank: 77 googleads.g.doubleclick.net — Cisco Umbrella Rank: 41 cm.g.doubleclick.net — Cisco Umbrella Rank: 205	221 KB
28	townnews.com bloximages.newyork1.vip.townnews.com — Cisco Umbrella Rank: 14544 bloximages.chicago2.vip.townnews.com — Cisco Umbrella Rank: 18739	325 KB
26	simpli.fi 18 redirects tag.simpli.fi — Cisco Umbrella Rank: 4257 i.simpli.fi — Cisco Umbrella Rank: 3460 um.simpli.fi — Cisco Umbrella Rank: 726	15 KB
24	googlesyndication.com 2 redirects 41c489be1c6100234d9199d69a77f8e1.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 137 pagead2.googlesyndication.com — Cisco Umbrella Rank: 101	2 MB
14	google.com 1 redirects ampcid.google.com — Cisco Umbrella Rank: 2162 adservice.google.com — Cisco Umbrella Rank: 72 region1.analytics.google.com — Cisco Umbrella Rank: 4596 www.google.com — Cisco Umbrella Rank: 2	2 KB
13	pubmatic.com ads.pubmatic.com — Cisco Umbrella Rank: 463 image6.pubmatic.com — Cisco Umbrella Rank: 731 simage2.pubmatic.com — Cisco Umbrella Rank: 657 image2.pubmatic.com — Cisco Umbrella Rank: 882 aud.pubmatic.com — Cisco Umbrella Rank: 4580 simage4.pubmatic.com	38 KB
13	liadm.com 4 redirects b-code.liadm.com — Cisco Umbrella Rank: 2597 rp.liadm.com — Cisco Umbrella Rank: 1506 rp4.liadm.com — Cisco Umbrella Rank: 6908 idx.liadm.com — Cisco Umbrella Rank: 2477 i.liadm.com — Cisco Umbrella Rank: 575 i6.liadm.com — Cisco Umbrella Rank: 2182	21 KB
9	google.de adservice.google.de — Cisco Umbrella Rank: 9006 www.google.de — Cisco Umbrella Rank: 6232 ampcid.google.de — Cisco Umbrella Rank: 67859	2 KB
9	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 50	632 KB
8	adlightning.com tagan.adlightning.com — Cisco Umbrella Rank: 1711	217 KB
8	amazon-adsystem.com 1 redirects c.amazon-adsystem.com — Cisco Umbrella Rank: 285 aax-dtb-cf.amazon-adsystem.com — Cisco Umbrella Rank: 477 aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 936	61 KB
8	heraldcourier.com heraldcourier.com — Cisco Umbrella Rank: 485324 sli.heraldcourier.com	70 KB
7	adform.net 6 redirects c1.adform.net — Cisco Umbrella Rank: 590 cm.adform.net — Cisco Umbrella Rank: 1239	2 KB
7	bidswitch.net 7 redirects x.bidswitch.net — Cisco Umbrella Rank: 284	2 KB
6	openx.net 5 redirects us-u.openx.net — Cisco Umbrella Rank: 420 rtb.openx.net — Cisco Umbrella Rank: 1408	1 KB
6	3lift.com 5 redirects eb2.3lift.com — Cisco Umbrella Rank: 337	2 KB
6	segment.com cdn.segment.com — Cisco Umbrella Rank: 1377	63 KB
5	casalemedia.com 5 redirects ssum.casalemedia.com — Cisco Umbrella Rank: 1360	3 KB
5	adnxs.com 4 redirects ib.adnxs.com — Cisco Umbrella Rank: 203	5 KB
5	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 183	239 KB
5	adsrvr.org 1 redirects insight.adsrvr.org — Cisco Umbrella Rank: 568 match.adsrvr.org — Cisco Umbrella Rank: 295	1 KB
5	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 35	21 KB
4	360yield.com 4 redirects ad2.360yield.com — Cisco Umbrella Rank: 15361	1 KB
4	avct.cloud 1 redirects ads.avct.cloud — Cisco Umbrella Rank: 3723	535 B
4	rubiconproject.com pixel.rubiconproject.com — Cisco Umbrella Rank: 316	956 B
4	lijit.com ce.lijit.com — Cisco Umbrella Rank: 883 ap.lijit.com — Cisco Umbrella Rank: 591	1 KB
4	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 927 id5-sync.com — Cisco Umbrella Rank: 396	35 KB
3	sharethrough.com match.sharethrough.com — Cisco Umbrella Rank: 515	103 B
3	exelator.com 2 redirects loadm.exelator.com — Cisco Umbrella Rank: 1447 loada.exelator.com — Cisco Umbrella Rank: 25431	2 KB
3	survicate.com survey.survicate.com — Cisco Umbrella Rank: 5283 surveys-static.survicate.com — Cisco Umbrella Rank: 6092	96 KB
3	facebook.com www.facebook.com — Cisco Umbrella Rank: 106	253 B
3	matheranalytics.com 1 redirects js.matheranalytics.com — Cisco Umbrella Rank: 10305 www.i.matheranalytics.com — Cisco Umbrella Rank: 10141	43 KB
3	facebook.net connect.facebook.net — Cisco Umbrella Rank: 149	158 KB
3	evvnt.com discovery.evvnt.com — Cisco Umbrella Rank: 37936 cdn.prod.mktg.evvnt.com — Cisco Umbrella Rank: 71498	266 KB
3	crwdcntrl.net tags.crwdcntrl.net — Cisco Umbrella Rank: 1202 bcp.crwdcntrl.net — Cisco Umbrella Rank: 889	12 KB
2	fiftyt.com 2 redirects visitor.fiftyt.com — Cisco Umbrella Rank: 4037	1 KB
2	onaudience.com 2 redirects pixel.onaudience.com — Cisco Umbrella Rank: 2200	918 B
2	de17a.com 2 redirects d5p.de17a.com — Cisco Umbrella Rank: 4255	562 B
2	spotxchange.com 1 redirects sync.search.spotxchange.com — Cisco Umbrella Rank: 693	1 KB
2	pro-market.net 2 redirects fei.pro-market.net — Cisco Umbrella Rank: 2207	847 B
2	intentiq.com sync.intentiq.com — Cisco Umbrella Rank: 1242
2	agkn.com 2 redirects aa.agkn.com — Cisco Umbrella Rank: 482 d.agkn.com — Cisco Umbrella Rank: 661	1 KB
2	tapad.com 1 redirects pixel.tapad.com — Cisco Umbrella Rank: 426	1 KB
2	addthis.com 1 redirects x.dlx.addthis.com — Cisco Umbrella Rank: 1302	1 KB
2	demdex.net 2 redirects dpm.demdex.net — Cisco Umbrella Rank: 199	2 KB
2	mathtag.com 2 redirects sync.mathtag.com — Cisco Umbrella Rank: 460	1 KB
2	trkn.us 1 redirects trkn.us — Cisco Umbrella Rank: 2145	1 KB
2	amazon.dev prod.us-east-1.cxm-bcn.publisher-services.amazon.dev — Cisco Umbrella Rank: 671	456 B
2	gstatic.com www.gstatic.com	13 KB
1	quantserve.com 1 redirects cms.quantserve.com — Cisco Umbrella Rank: 643	587 B
1	criteo.com dis.criteo.com — Cisco Umbrella Rank: 683	363 B
1	googleadservices.com 1 redirects www.googleadservices.com — Cisco Umbrella Rank: 163	537 B
1	rlcdn.com idsync.rlcdn.com — Cisco Umbrella Rank: 340	98 B
1	bluekai.com stags.bluekai.com — Cisco Umbrella Rank: 489	453 B
1	bfmio.com sync.bfmio.com — Cisco Umbrella Rank: 1663	421 B
1	tremorhub.com simplifi.partners.tremorhub.com — Cisco Umbrella Rank: 6352	183 B
1	zemanta.com 1 redirects b1sync.zemanta.com — Cisco Umbrella Rank: 520	291 B
1	taboola.com trc.taboola.com — Cisco Umbrella Rank: 644	372 B
1	segment.io api.segment.io — Cisco Umbrella Rank: 997	175 B
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 196	4 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 346	1 KB
1	uidapi.com cdn.prod.uidapi.com — Cisco Umbrella Rank: 2695	2 KB
1	cloudfront.net d1eoo1tco6rr5e.cloudfront.net	668 B
1	eu-1-id5-sync.com lb.eu-1-id5-sync.com — Cisco Umbrella Rank: 1014	404 B
1	fastly.net 1 redirects production-evvnt-plugin-herokuapp-com.global.ssl.fastly.net — Cisco Umbrella Rank: 86057	360 B
1	tri-citiescalendar.com 1 redirects www.tri-citiescalendar.com	107 B
305	68

	Domain	Requested by
35	discoverevvnt.com	production-evvnt-plugin-herokuapp-com.global.ssl.fastly.net discoverevvnt.com
30	bidder.newspassid.com	bloximages.newyork1.vip.townnews.com bidder.newspassid.com
24	um.simpli.fi	18 redirects ads.pubmatic.com
23	bloximages.newyork1.vip.townnews.com	heraldcourier.com
18	securepubads.g.doubleclick.net	heraldcourier.com tagan.adlightning.com securepubads.g.doubleclick.net
17	tpc.googlesyndication.com	2 redirects tagan.adlightning.com heraldcourier.com bloximages.newyork1.vip.townnews.com
9	www.googletagmanager.com	heraldcourier.com www.googletagmanager.com
8	tagan.adlightning.com	heraldcourier.com tagan.adlightning.com
7	x.bidswitch.net	7 redirects
7	heraldcourier.com	heraldcourier.com
6	eb2.3lift.com	5 redirects
6	pagead2.googlesyndication.com	tagan.adlightning.com securepubads.g.doubleclick.net tpc.googlesyndication.com
6	i.liadm.com	3 redirects tagan.adlightning.com i.liadm.com
6	www.google.de	heraldcourier.com
6	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
6	region1.analytics.google.com	www.googletagmanager.com
6	cdn.segment.com	heraldcourier.com cdn.segment.com tagan.adlightning.com
5	ssum.casalemedia.com	5 redirects
5	rtb.openx.net	5 redirects
5	cm.g.doubleclick.net	5 redirects
5	ib.adnxs.com	4 redirects
5	www.google.com	1 redirects heraldcourier.com tagan.adlightning.com
5	www.googletagservices.com	tagan.adlightning.com
5	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com heraldcourier.com
5	bloximages.chicago2.vip.townnews.com	heraldcourier.com
4	image2.pubmatic.com	ads.pubmatic.com
4	ads.pubmatic.com	bidder.newspassid.com ads.pubmatic.com
4	ad2.360yield.com	4 redirects
4	ads.avct.cloud	1 redirects bidder.newspassid.com
4	pixel.rubiconproject.com	bidder.newspassid.com
4	c1.adform.net	3 redirects ads.pubmatic.com
3	cm.adform.net	3 redirects
3	match.sharethrough.com
3	ap.lijit.com	bidder.newspassid.com
3	match.adsrvr.org	i.liadm.com ads.pubmatic.com
3	www.facebook.com	heraldcourier.com
3	aax-dtb-cf.amazon-adsystem.com	c.amazon-adsystem.com
3	connect.facebook.net	heraldcourier.com connect.facebook.net
3	c.amazon-adsystem.com	heraldcourier.com c.amazon-adsystem.com
2	visitor.fiftyt.com	2 redirects
2	pixel.onaudience.com	2 redirects
2	aax-eu.amazon-adsystem.com	1 redirects ads.pubmatic.com
2	d5p.de17a.com	2 redirects
2	simage2.pubmatic.com	ads.pubmatic.com
2	sync.search.spotxchange.com	1 redirects
2	loadm.exelator.com	1 redirects
2	fei.pro-market.net	2 redirects
2	sync.intentiq.com
2	pixel.tapad.com	1 redirects
2	bcp.crwdcntrl.net	tagan.adlightning.com
2	x.dlx.addthis.com	1 redirects i.liadm.com
2	dpm.demdex.net	2 redirects
2	i6.liadm.com	i.liadm.com
2	sync.mathtag.com	2 redirects
2	surveys-static.survicate.com	tagan.adlightning.com survey.survicate.com
2	cdn.prod.mktg.evvnt.com	discoverevvnt.com
2	adservice.google.com	tagan.adlightning.com
2	adservice.google.de	tagan.adlightning.com
2	trkn.us	1 redirects heraldcourier.com
2	insight.adsrvr.org	1 redirects d1eoo1tco6rr5e.cloudfront.net
2	b-code.liadm.com	www.googletagmanager.com tagan.adlightning.com
2	js.matheranalytics.com	1 redirects heraldcourier.com
2	id5-sync.com	cdn.id5-sync.com
2	prod.us-east-1.cxm-bcn.publisher-services.amazon.dev	c.amazon-adsystem.com
2	cdn.id5-sync.com	heraldcourier.com tagan.adlightning.com
2	www.gstatic.com	heraldcourier.com
1	simage4.pubmatic.com	ads.pubmatic.com
1	aud.pubmatic.com	ads.pubmatic.com
1	loada.exelator.com	1 redirects
1	cms.quantserve.com	1 redirects
1	dis.criteo.com	ads.pubmatic.com
1	image6.pubmatic.com	ads.pubmatic.com
1	us-u.openx.net
1	googleads.g.doubleclick.net	1 redirects
1	www.googleadservices.com	1 redirects
1	idsync.rlcdn.com
1	ce.lijit.com
1	stags.bluekai.com
1	sync.bfmio.com
1	d.agkn.com	1 redirects
1	aa.agkn.com	1 redirects
1	simplifi.partners.tremorhub.com
1	i.simpli.fi	tagan.adlightning.com
1	b1sync.zemanta.com	1 redirects
1	trc.taboola.com	i.liadm.com
1	api.segment.io	cdn.segment.com
1	survey.survicate.com	cdn.segment.com
1	sli.heraldcourier.com	heraldcourier.com
1	idx.liadm.com	b-code.liadm.com
1	rp4.liadm.com	heraldcourier.com
1	rp.liadm.com	1 redirects
1	cdnjs.cloudflare.com	bloximages.newyork1.vip.townnews.com
1	www.i.matheranalytics.com	heraldcourier.com
1	cdn.jsdelivr.net	tagan.adlightning.com
1	cdn.prod.uidapi.com	tagan.adlightning.com
1	ampcid.google.de	www.google-analytics.com
1	41c489be1c6100234d9199d69a77f8e1.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	ampcid.google.com	www.google-analytics.com
1	tag.simpli.fi	www.googletagmanager.com
1	d1eoo1tco6rr5e.cloudfront.net	www.googletagmanager.com
1	lb.eu-1-id5-sync.com	cdn.id5-sync.com
1	discovery.evvnt.com	heraldcourier.com
1	production-evvnt-plugin-herokuapp-com.global.ssl.fastly.net	1 redirects
1	tags.crwdcntrl.net	heraldcourier.com
1	www.tri-citiescalendar.com	1 redirects
305	105

This site contains links to these domains. Also see Links.

Domain
adclick.g.doubleclick.net
subscriberservicesdsi.lee.net
www.stringr.com
swvatoday.com
us59.dayforcehcm.com
bloxcms.com
townnews.com

Subject Issuer	Validity	Valid
heraldcourier.com GTS CA 1P5	`2023-01-16` - `2023-04-16`	3 months	crt.sh
bloximages.chicago2.vip.townnews.com GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1	`2022-03-11` - `2023-04-11`	a year	crt.sh
*.crwdcntrl.net Go Daddy Secure Certificate Authority - G2	`2022-05-01` - `2023-06-02`	a year	crt.sh
c.amazon-adsystem.com Amazon	`2022-05-09` - `2023-04-18`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
*.adlightning.com Amazon	`2022-06-09` - `2023-07-07`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-07` - `2023-06-06`	a year	crt.sh
prod.us-east-1.cxm-bcn.publisher-services.amazon.dev Amazon RSA 2048 M02	`2022-12-27` - `2024-01-25`	a year	crt.sh
*.eu-1-id5-sync.com R3	`2023-01-25` - `2023-04-25`	3 months	crt.sh
*.id5-sync.com R3	`2023-01-25` - `2023-04-25`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-11-27` - `2023-02-25`	3 months	crt.sh
*.liadm.com Amazon	`2023-01-01` - `2024-01-30`	a year	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2022-12-08` - `2023-12-07`	a year	crt.sh
*.simpli.fi DigiCert TLS RSA SHA256 2020 CA1	`2022-11-07` - `2023-12-08`	a year	crt.sh
discoverevvnt.com Amazon	`2023-01-08` - `2024-02-07`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com Amazon	`2022-06-15` - `2023-06-15`	a year	crt.sh
*.segment.com Amazon	`2022-12-13` - `2024-01-12`	a year	crt.sh
*.google.de GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
bidder.newspassid.com Amazon	`2022-03-14` - `2023-04-11`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2022-03-31` - `2023-05-02`	a year	crt.sh
cdn.prod.uidapi.com R3	`2022-11-29` - `2023-02-27`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
www.i.matheranalytics.com Amazon	`2022-12-14` - `2024-01-13`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
cdn.prod.mktg.evvnt.com Amazon	`2022-07-07` - `2023-08-05`	a year	crt.sh
sli.leetemplates.com R3	`2022-12-30` - `2023-03-30`	3 months	crt.sh
*.survicate.com Sectigo RSA Domain Validation Secure Server CA	`2022-09-13` - `2023-10-14`	a year	crt.sh
*.segment.io Amazon RSA 2048 M01	`2023-02-10` - `2024-02-10`	a year	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2022-12-08` - `2023-12-31`	a year	crt.sh
*.avct.cloud R3	`2022-12-31` - `2023-03-31`	3 months	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2022-06-27` - `2023-06-05`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-08` - `2023-04-04`	a year	crt.sh
*.sharethrough.com Amazon RSA 2048 M02	`2023-02-10` - `2023-08-12`	6 months	crt.sh
*.pubmatic.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-25` - `2024-01-24`	a year	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2022-09-20` - `2023-09-20`	a year	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-04` - `2023-03-31`	3 months	crt.sh
aax-eu.amazon-adsystem.com Amazon RSA 2048 M01	`2023-01-27` - `2024-01-27`	a year	crt.sh

This page contains 26 frames:

Primary Page: https://heraldcourier.com/events/
Frame ID: 548681AFD67CBE8FF251F079897BBF71
Requests: 156 HTTP requests in this frame

Frame: https://d1eoo1tco6rr5e.cloudfront.net/nebsjkp/21usqg2/iframe
Frame ID: 9160F1C01F649211140BDEE7A78156FB
Requests: 2 HTTP requests in this frame

Frame: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
Frame ID: FCA95589647A3FA4B9E4F8DCCFD22F8F
Requests: 41 HTTP requests in this frame

Frame: https://41c489be1c6100234d9199d69a77f8e1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 271DD6DF86B337E37FD14145026D71F7
Requests: 1 HTTP requests in this frame

Frame: https://tagan.adlightning.com/leeenterprises/b-f140f48-7586382c.js
Frame ID: 3A2FC4FBE5B1EF98A1BE96D7BE55E366
Requests: 4 HTTP requests in this frame

Frame: https://tagan.adlightning.com/leeenterprises/b-f140f48-7586382c.js
Frame ID: 432262E923964CDD40C25F470047D113
Requests: 8 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 55100F91337B57485ED505DA3D0B0927
Requests: 1 HTTP requests in this frame

Frame: https://tagan.adlightning.com/leeenterprises/b-f140f48-7586382c.js
Frame ID: 798BAFA434B900E27BD6B1FDBECF074C
Requests: 8 HTTP requests in this frame

Frame: https://tagan.adlightning.com/leeenterprises/b-f140f48-7586382c.js
Frame ID: 078484E60E7D312B2D27024EB86218B9
Requests: 8 HTTP requests in this frame

Frame: https://tagan.adlightning.com/leeenterprises/b-f140f48-7586382c.js
Frame ID: 3B6D56C921EFB74585829688277A5E7E
Requests: 8 HTTP requests in this frame

Frame: https://i.liadm.com/s/c/a-058n?s=&cim=&ps=true&ls=true&duid=3f389ea64a07--01gsja5fdt993w5k50eer4kd83&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&
Frame ID: 3AC06E8BFDCA1C2817CE293358197864
Requests: 8 HTTP requests in this frame

Frame: https://bcp.crwdcntrl.net/5/c=6894/rand=339609168/pv=y/int=%23OpR%2363948%23Lee%20Enterprises%20%3A%20Total%20Site%20Traffic/int=%23OpR%2363949%23Lee%20Enterprises%20%3A%20heraldcourier%20%3A%20Total%20Site%20Traffic/int=%23OpR%2372332%23Site%20Section%20%3A%20events/med=%23OpR%2372333%23Keyword%20%3A%20bristol%20herald%20courier%20-%20tricities/rb=%7B%22meta_tag%22%3A%22bristol%20herald%20courier%20-%20tricities%22%7D/rt=ifr
Frame ID: C1952E4E31626BF0E1616B28D16E50F3
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 3FDF6810EC262F8DF5E878EC8A442D75
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: CF383373957E56E9B5137666403C4820
Requests: 2 HTTP requests in this frame

Frame: https://bidder.newspassid.com/static/load-cookie.html?usp_consent=&pubcid=71138659-8444-4afa-9b28-7a7c5429ae3f&publisherId=NPID10000001&siteId=3500000313&cb=1676725632889&bidder=newspassid
Frame ID: C4D9726E06EEB8D4F398916F4090EA32
Requests: 13 HTTP requests in this frame

Frame: https://bidder.newspassid.com/static/load-cookie.html?usp_consent=&pubcid=71138659-8444-4afa-9b28-7a7c5429ae3f&publisherId=NPID10000001&siteId=3500000313&cb=1676725633183&bidder=newspassid
Frame ID: 79FB81B74E6A42310C0E9708C7D8EDAB
Requests: 13 HTTP requests in this frame

Frame: https://bidder.newspassid.com/static/load-cookie.html?usp_consent=&pubcid=71138659-8444-4afa-9b28-7a7c5429ae3f&publisherId=NPID10000001&siteId=3500000313&cb=1676725632873&bidder=newspassid
Frame ID: 2F42089540498DB9D388FB1582A084A2
Requests: 13 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&predirect=&us_privacy=pbs-newspassidhttps%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-newspassid%26uid%3D
Frame ID: 5E554AEE7B11216FBF81A01F48622BC5
Requests: 11 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?party=14&cid=0CCCFF70-EB92-47BE-8C99-D026CB973460&gdpr=0&gdpr_consent=
Frame ID: 37AD661E548B13F6F9B2223843E15BAA
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:eaa363f0-cd82-4c00-a687-516adce24ea4&gdpr=0&gdpr_consent=
Frame ID: B7E281C214292018D5ABAA94941B160B
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=5964359322975259939
Frame ID: F42FA5FAFB2D240AFA6E0141C018CE56
Requests: 1 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Frame ID: 45A9394EF30E2740D02545AEEF779006
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=Kit7on98JaYxfi2gJC0wq356LfcxeX-nKXuIiGfC
Frame ID: E65075FE669127F1319EAC8B7CFF6C86
Requests: 1 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=0CCCFF70-EB92-47BE-8C99-D026CB973460&redir=true&gdpr=0&gdpr_consent=&dcc=t
Frame ID: 17D1407ED5605A4761B0A643AE30FEB2
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&predirect=&us_privacy=pbs-newspassidhttps%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-newspassid%26uid%3D
Frame ID: 83D36000D2D53A97FF67240AE4F2CA53
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&predirect=&us_privacy=pbs-newspassidhttps%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-newspassid%26uid%3D
Frame ID: DAD06330892E3D87467ACDC446AFE72F
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Events | heraldcourier.comHelp Circle

Page URL History Show full URLs

https://www.tri-citiescalendar.com/ HTTP 301
https://heraldcourier.com/events/ Page URL

Detected technologies

Firebase (Databases) Expand

Overall confidence: 100%
Detected patterns

/firebasejs/([\d.]+)/firebase

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Segment (Analytics) Expand

Overall confidence: 100%
Detected patterns

cdn\.segment\.com/analytics\.js

TrackJs (Analytics) Expand

Overall confidence: 100%
Detected patterns

tracker\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

305
Requests

81 %
HTTPS

34 %
IPv6

68
Domains

105
Subdomains

80
IPs

11
Countries

5254 kB
Transfer

10901 kB
Size

88
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://adclick.g.doubleclick.net/pcs/click%253Fxai%253DAKAOjsv45Zlcu-eaij21DM3GJC2NYkXFWhC35eZu5nNjYADPSMy28TOqvGnh0cgKIKL6aVebx-elXVVDR2iUJoV8iX612sORp6ceRL0o2luZpDLD4pMvCyUPOrYCRaKAAu_twZudlTysJ86kuQiEC_prj6m2qO5PgEdILBFlQbA4O6ZFPR9X-4CVbN673ezf00taqQKRyfn3CRiyNrNdhDx6EzusBBoSbaiuD0vntBDjg62U0gfbyr9NCXIYRVWDswZDpbplwnr5iyozDvfaj5_jnk3vq28sNgy5_DW-sC-gsZVccv6fWvW6gZWiQHIrNKdVZ1YX8MqKhtub%2526sai%253DAMfl-YSr9sPF6UhCsfUMiR6Ip5U9q3MFKwwuhge4cdUl_Zo8YETtCpFbP0V36AuapI8JWPYbQNNXNSYWm92wxzhl8-rG4wdetkjtnQkviaj30qG67x0Tqpn3gZ94a1__xyWt3y_5eSVE5qImQNEBlR0%2526sig%253DCg0ArKJSzEOiF08mBZXHEAE%2526fbs_aeid%253D%255Bgw_fbsaeid%255D%2526urlfix%253D1%2526adurl%253Dhttps://subscriberservicesdsi.lee.net/subscriberservices/Content/PaymentPageSinglePT.aspx?Domain=heraldcourier.com&SubscriberLevel=DOP&Price=1.00&utm_source=heraldcourier.com&utm_medium=display&utm_campaign=sept2022_DFP

Search URL Search Domain Scan URL

URL: https://adclick.g.doubleclick.net/pcs/click%253Fxai%253DAKAOjstSpqbQfnwROKiInQWU73TdhGhP84yS_8zLp5iLfw6h0C5G4WYVdmyo1Rk_-K-8BSCVCt2bxhYAl73UusrrOOG69xZFdiA8vPoLjP0jyEdRmaEbrGTsZrvJ1BgPLIUd_bMFAnNRe31N_ab6tpT5I7I-RGoHfswOB8dbZNsNuX0qnVlisvTW4y2YU3aLfYILdunyVOJCydXJ9LUGPXf8dHblcVcnnSu3g6U7sAlTe_R3UPflxqKSFTLE3ocUyKzWcwuFF4X7HEJFDbdcHNR5jYcfCzhEcqONHa4pN_DCkB338hpZEyix25Yhns6UNsGPv9yBO9LDvbpy8f7dig%2526sai%253DAMfl-YSw2uo0WYrlmF2EyeqqzlF1jeWIiHxXaLSSUr6jBINfF24DChih0X5ehKNzsuubGy1nzlBSb8OvqPcSkTK9HUdd6GbRc8bAw9QNz-qWDxyYg_kMiEZ0YGNEpYBBOHD8YDBipON9tNPW28_6jSQJ%2526sig%253DCg0ArKJSzJ3h6kNFAT-PEAE%2526fbs_aeid%253D%255Bgw_fbsaeid%255D%2526urlfix%253D1%2526adurl%253Dhttps://urldefense.com/v3/__http://heraldcourier.com/contests/bristol-readers-choice-2023/?enhanced-listing=15293f68-4e3f-3f47-3f3f-7d3f3b3f3f59__;!!LvYzicI!mCLvFZMVmtTsM4Yp4TaZ7EsEtQkzEvL0YkYB4rsgeRo90DiztppLykIN_3VQToCaEwG7CjsLbZukRSe5CG2kXQ$

Search URL Search Domain Scan URL

URL: https://subscriberservicesdsi.lee.net/subscriberservices/Content/paymentpagesingle.aspx?Domain=heraldcourier.com&SubscriberLevel=DOP&Return=https%3A%2F%2Fheraldcourier.com%2Fevents%2F#tracking-source=header&ir=true
Title: Subscribe $1 for 6 months

Search URL Search Domain Scan URL

URL: https://www.stringr.com/xlFFejdUIVF
Title: Share video

Search URL Search Domain Scan URL

URL: https://subscriberservicesdsi.lee.net/subscriberservices/Content/AccountStatus.aspx?Domain=heraldcourier.com
Title: My Subscription

Search URL Search Domain Scan URL

URL: https://swvatoday.com/
Title: SWVA Today

Search URL Search Domain Scan URL

URL: https://us59.dayforcehcm.com/CandidatePortal/en-US/leeenterprises/SITE/CANDIDATEPORTAL
Title: Join Our Team

Search URL Search Domain Scan URL

URL: https://bloxcms.com/
Title: BLOX Content Management System

Search URL Search Domain Scan URL

URL: https://townnews.com/
Title: TownNews.com

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.tri-citiescalendar.com/ HTTP 301
https://heraldcourier.com/events/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 29

https://production-evvnt-plugin-herokuapp-com.global.ssl.fastly.net/evvnt_discovery_plugin_s.js HTTP 301
https://discovery.evvnt.com/prd/current/evvnt_discovery_plugin_s.js

Request Chain 54

https://js.matheranalytics.com/s/ma1527/725149306/lee/ml.js?cb=1617 HTTP 301
https://js.matheranalytics.com/static/ltm/ma1527/lee/5/ml.br.js

Request Chain 56

https://insight.adsrvr.org/tags/nebsjkp/21usqg2/iframe HTTP 303
https://d1eoo1tco6rr5e.cloudfront.net/nebsjkp/21usqg2/iframe

Request Chain 59

https://trkn.us/pixel/c?ppt=19160&g=sitewide&gid=44455&cv1=heraldcourier.com&ord=1120453751 HTTP 302
https://trkn.us/pixel/c?ppt=19160&g=sitewide&gid=44455&cv1=heraldcourier.com&ord=1120453751&ip=37.58.58.246&cuidchk=1

Request Chain 135

https://tpc.googlesyndication.com/pagead/imgad?id=CICAgODK-Mn6tgEQARgBMgiJu-IRSTllrQ HTTP 301
https://tpc.googlesyndication.com/simgad/15433771506072637393

Request Chain 136

https://tpc.googlesyndication.com/pagead/imgad?id=CICAgODK-Kmg_AEQARgBMghAKMIQhwyblQ HTTP 301
https://tpc.googlesyndication.com/simgad/9772595301602404356

Request Chain 144

https://rp.liadm.com/j?dtstmp=1676725632852&aid=a-058n&se=e30&duid=3f389ea64a07--01gsja5fdt993w5k50eer4kd83&tna=v2.6.0&pu=https%3A%2F%2Fheraldcourier.com%2Fevents%2F&ext__pubcid=71138659-8444-4afa-9b28-7a7c5429ae3f&wpn=lc-bundle&c=PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IiI-PHRpdGxlPkV2ZW50cyB8IGhlcmFsZGNvdXJpZXIuY29tPC90aXRsZT48bGluayByZWw9ImNhbm9uaWNhbCIgaHJlZj0iaHR0cHM6Ly9oZXJhbGRjb3VyaWVyLmNvbS9ldmVudHMvIj48aDE-CiAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICA8YSBocmVmPSIvZXZlbnRzIj4KICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgRXZlbnRzCiAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICA8L2E-CiAgICAgICAgICAgICAgICAKICAgICAgICAgICAgPC9oMT48dGl0bGU-SGVscCBDaXJjbGU8L3RpdGxlPg HTTP 302
https://rp4.liadm.com/j?dtstmp=1676725632852&aid=a-058n&se=e30&duid=3f389ea64a07--01gsja5fdt993w5k50eer4kd83&tna=v2.6.0&pu=https%3A%2F%2Fheraldcourier.com%2Fevents%2F&ext__pubcid=71138659-8444-4afa-9b28-7a7c5429ae3f&wpn=lc-bundle&c=PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IiI-PHRpdGxlPkV2ZW50cyB8IGhlcmFsZGNvdXJpZXIuY29tPC90aXRsZT48bGluayByZWw9ImNhbm9uaWNhbCIgaHJlZj0iaHR0cHM6Ly9oZXJhbGRjb3VyaWVyLmNvbS9ldmVudHMvIj48aDE-CiAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICA8YSBocmVmPSIvZXZlbnRzIj4KICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgRXZlbnRzCiAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICA8L2E-CiAgICAgICAgICAgICAgICAKICAgICAgICAgICAgPC9oMT48dGl0bGU-SGVscCBDaXJjbGU8L3RpdGxlPg&i6=MmEwMDpjOTg6MjAzMDphMDA0OjE6OjEx&n3pc=true

Request Chain 208

https://sync.mathtag.com/sync/img?mt_exid=36&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2Fa-058n%2F0%2F45450df3345745ce8b0818faf71a7885%3Fmpid%3D7156%26muid%3D%5BMM_UUID%5D&36f844d1-e430-4acd-a7a8-d2d4bec96f22 HTTP 302
https://i.liadm.com/s/e/a-058n/0/45450df3345745ce8b0818faf71a7885?mpid=7156&muid=eaa363f0-cd82-4c00-a687-516adce24ea4

Request Chain 210

https://x.bidswitch.net/syncd?dsp_id=256&user_group=2&user_id=36f844d1-e430-4acd-a7a8-d2d4bec96f22&redir=%2F%2Fi.liadm.com%2Fs%2F52176%3Fbidder_id%3D5298%26bidder_uuid%3D%24%7BBSW_UID%7D HTTP 302
https://x.bidswitch.net/ul_cb/syncd?dsp_id=256&user_group=2&user_id=36f844d1-e430-4acd-a7a8-d2d4bec96f22&redir=%2F%2Fi.liadm.com%2Fs%2F52176%3Fbidder_id%3D5298%26bidder_uuid%3D%24%7BBSW_UID%7D HTTP 302
https://i.liadm.com/s/52176?bidder_id=5298&bidder_uuid=0a8ca80a-7430-4046-b6e1-16459865cdab HTTP 303
https://x.bidswitch.net/sync?ssp=liveintent&user_id=36f844d1-e430-4acd-a7a8-d2d4bec96f22 HTTP 302
https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=liveintent HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=24&bidswitch_ssp_id=liveintent HTTP 302
https://x.bidswitch.net/sync?dsp_id=70&user_id=6894776439776788942&ssp=liveintent HTTP 302
https://i.liadm.com/s/52164?bidder_id=5298&licd=&bidder_uuid=0a8ca80a-7430-4046-b6e1-16459865cdab HTTP 303
https://i6.liadm.com/s/52164?bidder_id=5298&licd=&bidder_uuid=0a8ca80a-7430-4046-b6e1-16459865cdab

Request Chain 211

https://dpm.demdex.net/ibs:dpid=127444&dpuuid=36f844d1-e430-4acd-a7a8-d2d4bec96f22&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2Fa-058n%2F0%2F45450df3345745ce8b0818faf71a7885%3Fmpid%3D82775%26muid%3D%24%7BDD_UUID%7D HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=127444&dpuuid=36f844d1-e430-4acd-a7a8-d2d4bec96f22&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2Fa-058n%2F0%2F45450df3345745ce8b0818faf71a7885%3Fmpid%3D82775%26muid%3D%24%7BDD_UUID%7D HTTP 302
https://i.liadm.com/s/e/a-058n/0/45450df3345745ce8b0818faf71a7885?mpid=82775&muid=31804616445325673084592582544692123633

Request Chain 212

https://x.dlx.addthis.com/e/live_intent_sync?na_exid=36f844d1-e430-4acd-a7a8-d2d4bec96f22 HTTP 302
https://x.dlx.addthis.com/e/live_intent_sync?na_exid=36f844d1-e430-4acd-a7a8-d2d4bec96f22&rd=Y

Request Chain 214

https://b1sync.zemanta.com/usersync/liveintent/?cb=%2F%2Fi.liadm.com%2Fs%2F35004%3Fbidder_id%3D98254%26bidder_uuid%3D__ZUID__ HTTP 302
https://i.liadm.com/s/35004?bidder_id=98254&bidder_uuid= HTTP 303
https://i6.liadm.com/s/35004?bidder_id=98254&bidder_uuid=

Request Chain 221

https://um.simpli.fi/triplelift HTTP 302
https://eb2.3lift.com/xuid?mid=7969&xuid=5F4F7001FF7D4100A6E5BCA85232FACC&dongle=yf3

Request Chain 222

https://um.simpli.fi/telaria_p HTTP 302
https://simplifi.partners.tremorhub.com/sync?UISF=5F4F7001FF7D4100A6E5BCA85232FACC

Request Chain 223

https://um.simpli.fi/tapad HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=2305&partner_device_id=5F4F7001FF7D4100A6E5BCA85232FACC HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=5F4F7001FF7D4100A6E5BCA85232FACC

Request Chain 224

https://um.simpli.fi/ad_advisor HTTP 302
https://aa.agkn.com/adscores/g.pixel?sid=9201915418&sifi_uid=5F4F7001FF7D4100A6E5BCA85232FACC HTTP 302
https://d.agkn.com/pixel/10751/?che=1676725635653&ip=37.58.58.246&l1=https%3A%2F%2Fum.simpli.fi%2Faa_px%3Fsk%3D216423104431001569929 HTTP 302
https://um.simpli.fi/aa_px?sk=216423104431001569929 HTTP 302
https://um.simpli.fi/empty.gif

Request Chain 225

https://um.simpli.fi/intentiq HTTP 302
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=5F4F7001FF7D4100A6E5BCA85232FACC

Request Chain 228

https://um.simpli.fi/dtnx HTTP 302
https://fei.pro-market.net/engine?du=24;csync=5F4F7001FF7D4100A6E5BCA85232FACC;mimetype=img; HTTP 302
https://fei.pro-market.net/engine?du=24;csync=5F4F7001FF7D4100A6E5BCA85232FACC;mimetype=img;sr HTTP 302
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=3&pcid=9068273886718807786

Request Chain 229

https://um.simpli.fi/exelatem HTTP 302
https://loadm.exelator.com/load/?p=204&g=2191&simid=5F4F7001FF7D4100A6E5BCA85232FACC&j=0 HTTP 302
https://loadm.exelator.com/load/?p=204&g=2191&simid=5F4F7001FF7D4100A6E5BCA85232FACC&j=0&xl8blockcheck=1

Request Chain 231

https://um.simpli.fi/beachfront HTTP 302
https://sync.bfmio.com/sync?pid=141&uid=5F4F7001FF7D4100A6E5BCA85232FACC

Request Chain 232

https://um.simpli.fi/bluekai HTTP 302
https://stags.bluekai.com/site/29931?id=5F4F7001FF7D4100A6E5BCA85232FACC

Request Chain 233

https://um.simpli.fi/crwdcntrl HTTP 302
https://bcp.crwdcntrl.net/map/c=7625/tp=SIMP/tpid=5F4F7001FF7D4100A6E5BCA85232FACC

Request Chain 234

https://um.simpli.fi/lj_match HTTP 302
https://ce.lijit.com/merge?pid=2&3pid=5F4F7001FF7D4100A6E5BCA85232FACC

Request Chain 235

https://um.simpli.fi/liveramp_match HTTP 302
https://idsync.rlcdn.com/419566.gif?partner_uid=5F4F7001FF7D4100A6E5BCA85232FACC

Request Chain 236

https://www.googleadservices.com/pagead/conversion/1026675585/?random=1676725635492&cv=7&fst=1676725635492&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON HTTP 302
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1026675585/?random=557356734&cv=7&fst=1676725635492&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=g83wY8XjJpzImLAPgL2AmAs&sscte=1&crd= HTTP 302
https://www.google.com/pagead/1p-conversion/1026675585/?random=557356734&cv=7&fst=1676725635492&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=g83wY8XjJpzImLAPgL2AmAs&cid=CAQSKQDUE5ymCxef-RR4YOZ2wq-uxptiSHm6AvhEO_wYHaf15KSKn7K-W7iG&random=644869694 HTTP 302
https://www.google.de/pagead/1p-conversion/1026675585/?random=557356734&cv=7&fst=1676725635492&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=g83wY8XjJpzImLAPgL2AmAs&cid=CAQSKQDUE5ymCxef-RR4YOZ2wq-uxptiSHm6AvhEO_wYHaf15KSKn7K-W7iG&random=644869694&ipr=y&prhg=0

Request Chain 237

https://um.simpli.fi/spotx_match HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7797&uid=5F4F7001FF7D4100A6E5BCA85232FACC HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7797&uid=5F4F7001FF7D4100A6E5BCA85232FACC&__user_check__=1&sync_id=2a87fd40-af8d-11ed-84f9-11482f420306

Request Chain 238

https://um.simpli.fi/an HTTP 302
https://ib.adnxs.com/setuid?entity=66&code=5F4F7001FF7D4100A6E5BCA85232FACC HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D66%26code%3D5F4F7001FF7D4100A6E5BCA85232FACC

Request Chain 239

https://um.simpli.fi/rb_match HTTP 302
https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=5F4F7001FF7D4100A6E5BCA85232FACC&expires=365

Request Chain 240

https://um.simpli.fi/ox_match HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072966&val=5F4F7001FF7D4100A6E5BCA85232FACC

Request Chain 241

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_cm&google_sc HTTP 302
https://um.simpli.fi/g_match?id=&google_gid=CAESEOn9veSZPLRp3L8oBP4Tjpw&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=5F4F7001FF7D4100A6E5BCA85232FACC HTTP 302
https://um.simpli.fi/g_match?id=

Request Chain 251

https://ads.avct.cloud/getuid?&gdpr=0&gdpr_consent=&us_privacy=pbs-newspassid&url=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Davocet%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%7B%7BUUID%7D%7D HTTP 307
https://ads.avct.cloud/getuid?bounce=true&&gdpr=0&gdpr_consent=&us_privacy=pbs-newspassid&url=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Davocet%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%7B%7BUUID%7D%7D

Request Chain 256

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dgrid%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24%7BBSW_UUID%7D?gdpr=0&gdpr_consent=&us_privacy=pbs-newspassid HTTP 302
https://bidder.newspassid.com/setuid?bidder=grid&gdpr=0&gdpr_consent=&uid=0a8ca80a-7430-4046-b6e1-16459865cdab

Request Chain 261

https://rtb.openx.net/sync/prebid?gdpr=0&gdpr_consent=&us_privacy=pbs-newspassid&r=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dopenx%26uid%3D%24%7BUID%7D HTTP 302
https://rtb.openx.net/sync/prebid?gdpr=0&gdpr_consent=&us_privacy=pbs-newspassid&r=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dopenx%26uid%3D%24%7BUID%7D&ox_sc=1 HTTP 302
https://bidder.newspassid.com/setuid?bidder=openx&uid=a3f740be-b601-47cf-84e3-1c9304a5bba2

Request Chain 262

https://rtb.openx.net/sync/prebid?gdpr=0&gdpr_consent=&us_privacy=pbs-newspassid&r=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dopenx%26uid%3D%24%7BUID%7D HTTP 302
https://rtb.openx.net/sync/prebid?gdpr=0&gdpr_consent=&us_privacy=pbs-newspassid&r=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dopenx%26uid%3D%24%7BUID%7D&ox_sc=1 HTTP 302
https://bidder.newspassid.com/setuid?bidder=openx&uid=a3f740be-b601-47cf-84e3-1c9304a5bba2

Request Chain 264

https://ad2.360yield.com/server_match?r=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dimprovedigital%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%7BPUB_USER_ID%7D HTTP 302
https://ad2.360yield.com/ul_cb/server_match?r=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dimprovedigital%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%7BPUB_USER_ID%7D HTTP 302
https://bidder.newspassid.com/setuid?bidder=improvedigital&gdpr=0&gdpr_consent=&uid=96978c3b-9178-459d-925c-9491cf718481

Request Chain 265

https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dadform%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID HTTP 303
https://bidder.newspassid.com/setuid?bidder=adform&gdpr=0&gdpr_consent=&uid=6894776439776788942

Request Chain 266

https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dadform%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID HTTP 303
https://bidder.newspassid.com/setuid?bidder=adform&gdpr=0&gdpr_consent=&uid=6894776439776788942

Request Chain 269

https://eb2.3lift.com/getuid?gdpr=0&cmp_cs=&us_privacy=pbs-newspassid&redir=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID HTTP 302
https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=pbs-newspassid&redir=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID HTTP 302
https://bidder.newspassid.com/setuid?bidder=triplelift&gdpr=0&gdpr_consent=&uid=1679821601418444763683

Request Chain 270

https://eb2.3lift.com/getuid?gdpr=0&cmp_cs=&us_privacy=pbs-newspassid&redir=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID HTTP 302
https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=pbs-newspassid&redir=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID HTTP 302
https://bidder.newspassid.com/setuid?bidder=triplelift&gdpr=0&gdpr_consent=&uid=1679821601418444763683

Request Chain 273

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:eaa363f0-cd82-4c00-a687-516adce24ea4&gdpr=0&gdpr_consent=

Request Chain 274

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=5964359322975259939

Request Chain 276

https://cms.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=Kit7on98JaYxfi2gJC0wq356LfcxeX-nKXuIiGfC

Request Chain 277

https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=0CCCFF70-EB92-47BE-8C99-D026CB973460&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=0CCCFF70-EB92-47BE-8C99-D026CB973460&redir=true&gdpr=0&gdpr_consent=&dcc=t

Request Chain 278

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=DMz_cOuSR76MmdAmy5c0YA%3D%3D&gdpr=0&gdpr_consent= HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=

Request Chain 279

https://pixel.onaudience.com/?partner=214&mapped=0CCCFF70-EB92-47BE-8C99-D026CB973460&gdpr=0&gdpr_consent= HTTP 302
https://loada.exelator.com/load/?p=1164&g=1&j=r&ru=https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D161%26icm%26cver%26mapped%3D%25%25UID%25%25%26gdpr%3D0 HTTP 302
https://pixel.onaudience.com/?partner=161&icm&cver&mapped=38e897655bc06b2241b0b4be451cf216&gdpr=0 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1&gdpr=0

Request Chain 280

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=0CCCFF70-EB92-47BE-8C99-D026CB973460&gdpr= HTTP 302
https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=0CCCFF70-EB92-47BE-8C99-D026CB973460&gdpr=&fbounce=1 HTTP 302
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=0CCCFF70-EB92-47BE-8C99-D026CB973460&addseg=19,36,42

Request Chain 281

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=MENDQ0ZGNzAtRUI5Mi00N0JFLThDOTktRDAyNkNCOTczNDYw&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

Request Chain 282

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEA9OBXj92O3kqLzMNQ5okwY&google_cver=1

Request Chain 285

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=6894776439776788942

Request Chain 286

https://ib.adnxs.com/getuid?https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dadnxs%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID HTTP 302
https://bidder.newspassid.com/setuid?bidder=adnxs&gdpr=0&gdpr_consent=&uid=8162609038107023435

Request Chain 287

https://ib.adnxs.com/getuid?https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dadnxs%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID HTTP 302
https://bidder.newspassid.com/setuid?bidder=adnxs&gdpr=0&gdpr_consent=&uid=8162609038107023435

Request Chain 288

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dgrid%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24%7BBSW_UUID%7D?gdpr=0&gdpr_consent=&us_privacy=pbs-newspassid HTTP 302
https://bidder.newspassid.com/setuid?bidder=grid&gdpr=0&gdpr_consent=&uid=0a8ca80a-7430-4046-b6e1-16459865cdab

Request Chain 289

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dgrid%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24%7BBSW_UUID%7D?gdpr=0&gdpr_consent=&us_privacy=pbs-newspassid HTTP 302
https://bidder.newspassid.com/setuid?bidder=grid&gdpr=0&gdpr_consent=&uid=0a8ca80a-7430-4046-b6e1-16459865cdab

Request Chain 294

https://ssum.casalemedia.com/usermatchredir?us_privacy=pbs-newspassid&gdpr=0&gdpr_consent=&s=189937&cb=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dix%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-newspassid%26uid%3D HTTP 302
https://ssum.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dix%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-newspassid%26uid%3D&gdpr=0&gdpr_consent=&s=189937&us_privacy=pbs-newspassid&C=1 HTTP 302
https://bidder.newspassid.com/setuid?bidder=ix&gdpr=0&gdpr_consent=&us_privacy=pbs-newspassid&uid=Y-DNhXXYvo2xopjxFhCH.QAA%261125

Request Chain 295

https://ssum.casalemedia.com/usermatchredir?us_privacy=pbs-newspassid&gdpr=0&gdpr_consent=&s=189937&cb=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dix%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-newspassid%26uid%3D HTTP 302
https://ssum.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dix%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-newspassid%26uid%3D&gdpr=0&gdpr_consent=&s=189937&us_privacy=pbs-newspassid&C=1 HTTP 302
https://bidder.newspassid.com/setuid?bidder=ix&gdpr=0&gdpr_consent=&us_privacy=pbs-newspassid&uid=Y-DNhdJsadRn0B353BBHQgAA%261137

Request Chain 299

https://rtb.openx.net/sync/prebid?gdpr=0&gdpr_consent=&us_privacy=pbs-newspassid&r=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dopenx%26uid%3D%24%7BUID%7D HTTP 302
https://bidder.newspassid.com/setuid?bidder=openx&uid=a3f740be-b601-47cf-84e3-1c9304a5bba2

Request Chain 301

https://ad2.360yield.com/server_match?r=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dimprovedigital%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%7BPUB_USER_ID%7D HTTP 302
https://bidder.newspassid.com/setuid?bidder=improvedigital&gdpr=0&gdpr_consent=&uid=96978c3b-9178-459d-925c-9491cf718481

Request Chain 302

https://ad2.360yield.com/server_match?r=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dimprovedigital%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%7BPUB_USER_ID%7D HTTP 302
https://bidder.newspassid.com/setuid?bidder=improvedigital&gdpr=0&gdpr_consent=&uid=96978c3b-9178-459d-925c-9491cf718481

Request Chain 303

https://ssum.casalemedia.com/usermatchredir?us_privacy=pbs-newspassid&gdpr=0&gdpr_consent=&s=189937&cb=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dix%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-newspassid%26uid%3D HTTP 302
https://bidder.newspassid.com/setuid?bidder=ix&gdpr=0&gdpr_consent=&us_privacy=pbs-newspassid&uid=Y-DNhXXYvo2xopjxFhCH.QAA%261125

Request Chain 304

https://ib.adnxs.com/getuid?https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dadnxs%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID HTTP 302
https://bidder.newspassid.com/setuid?bidder=adnxs&gdpr=0&gdpr_consent=&uid=8162609038107023435

Request Chain 305

https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dadform%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID HTTP 303
https://bidder.newspassid.com/setuid?bidder=adform&gdpr=0&gdpr_consent=&uid=6894776439776788942

Request Chain 306

https://eb2.3lift.com/getuid?gdpr=0&cmp_cs=&us_privacy=pbs-newspassid&redir=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID HTTP 302
https://bidder.newspassid.com/setuid?bidder=triplelift&gdpr=0&gdpr_consent=&uid=1679821601418444763683

305 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
heraldcourier.com/events/
Redirect Chain

https://www.tri-citiescalendar.com/
https://heraldcourier.com/events/

98 KB
24 KB

368ms
180ms

Document
text/html

192.104.183.109
LEE-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://heraldcourier.com/events/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.104.183.109 , United States, ASN10668 (LEE-ASN, US),

Reverse DNS

cms.newyork1.vip.townnews.com

Software

Resource Hash

0ffadf86f49024420c002f286c067e25ea10477424cb2eed051515fb84e21862

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
cache-control: public, max-age=60, s-maxage=30, must-revalidate, proxy-revalidate
content-encoding: gzip
content-length: 22288
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Sat, 18 Feb 2023 13:07:09 GMT
etag: W/aff9d326f40bd12253394553df793a13
last-modified: Sat, 18 Feb 2023 13:07:09 GMT
link: <https://bloximages.newyork1.vip.townnews.com>; rel=preconnect dns-prefetch; crossorigin <https://bloximages.newyork1.vip.townnews.com/heraldcourier.com/shared-content/art/tncms/templates/libraries/flex/components/jquery/resources/scripts/jquery.min.d6d18fcf88750a16d256e72626e676a6.js>; rel=preload; as=script </shared-content/art/tncms/user/user.js>; rel=preload; as=script <https://bloximages.newyork1.vip.townnews.com/heraldcourier.com/shared-content/art/tncms/templates/libraries/flex/components/bootstrap/resources/scripts/bootstrap.min.d457560d3dfbf1d56a225eb99d7b0702.js>; rel=preload; as=script <https://bloximages.newyork1.vip.townnews.com/heraldcourier.com/shared-content/art/tncms/templates/libraries/flex/components/plugins/resources/scripts/common.08a61544f369cc43bf02e71b2d10d49f.js>; rel=preload; as=script <https://bloximages.newyork1.vip.townnews.com/heraldcourier.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/tnt.7b592b309c8e5e5c3477385b84e8c66d.js>; rel=preload; as=script <https://bloximages.newyork1.vip.townnews.com/heraldcourier.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/application.ef1ae2cf9d9803199a19b009dc464018.js>; rel=preload; as=script <https://bloximages.newyork1.vip.townnews.com/heraldcourier.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/tnt.navigation.accessibility.7a9170240d21440159b9bd59db72933b.js>; rel=preload; as=script
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: X-IPCountry, X-Townnews-Now-API-Version, Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-loop: 1
x-robots-tag: noarchive
x-tncms: 1.67.2; app11; 0.18s; 3M
x-ua-compatible: IE=edge
x-vcache: HIT
x-xss-protection: 1; mode=block

Redirect headers

cache-control: public, max-age=86400
content-length: 0
date: Sat, 18 Feb 2023 13:07:10 GMT
location: https://heraldcourier.com/events/

GET
H2 200 jquery.min.d6d18fcf88750a16d256e72626e676a6.js Show response
bloximages.newyork1.vip.townnews.com/heraldcourier.com/shared-content/art/tncms/templates/libraries/flex/components/jquery/resources/scripts/ 98 KB
34 KB 200ms
23ms Script
application/x-javascript 104.16.133.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.newyork1.vip.townnews.com/heraldcourier.com/shared-content/art/tncms/templates/libraries/flex/components/jquery/resources/scripts/jquery.min.d6d18fcf88750a16d256e72626e676a6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.133.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bad3f4a20b737202b4cb52ce0124a2ae5d54be0002feb42790867ee446425332

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:11 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 420074
cross-origin-resource-policy: cross-origin
last-modified: Wed, 07 Jul 2021 20:09:22 GMT
x-vcache: MISS
server: cloudflare
etag: W/"60e609f2-1882c"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 79b6fbfb5a798fd6-FRA
expires: Sat, 04 Nov 2023 11:38:46 GMT

GET
H2 200 user.js Show response
heraldcourier.com/shared-content/art/tncms/user/ 12 KB
4 KB 92ms
91ms Script
application/x-javascript 192.104.183.109
LEE-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://heraldcourier.com/shared-content/art/tncms/user/user.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.104.183.109 , United States, ASN10668 (LEE-ASN, US),
Reverse DNS: cms.newyork1.vip.townnews.com
Software: /
Resource Hash: 514338ec6bbb3440a50029e6cbc2ba9034d6971c4776d2759a4b829c94dedfb9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/events/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:05:24 GMT
content-encoding: gzip
last-modified: Mon, 13 Feb 2023 15:29:22 GMT
x-vcache: HIT
age: 106
etag: W/"63ea5752-2f01"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=600
accept-ranges: bytes
content-length: 4332
service-worker-allowed: /

GET
H2 200 bootstrap.min.d457560d3dfbf1d56a225eb99d7b0702.js Show response
bloximages.newyork1.vip.townnews.com/heraldcourier.com/shared-content/art/tncms/templates/libraries/flex/components/bootstrap/resources/scripts/ 39 KB
11 KB 192ms
15ms Script
application/x-javascript 104.16.133.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.newyork1.vip.townnews.com/heraldcourier.com/shared-content/art/tncms/templates/libraries/flex/components/bootstrap/resources/scripts/bootstrap.min.d457560d3dfbf1d56a225eb99d7b0702.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.133.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

93eac8b1fb14d0863561633dfdf563013c023393aabfb122e3be7256629d9235

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:11 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 420074
last-modified: Fri, 06 Sep 2019 14:16:03 GMT
x-vcache: MISS
server: cloudflare
etag: W/"5d726a23-9bd8"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 79b6fbfb5a7d8fd6-FRA
expires: Sun, 23 Apr 2023 10:52:51 GMT

GET
H2 200 common.08a61544f369cc43bf02e71b2d10d49f.js Show response
bloximages.newyork1.vip.townnews.com/heraldcourier.com/shared-content/art/tncms/templates/libraries/flex/components/plugins/resources/scripts/ 32 KB
12 KB 201ms
25ms Script
application/x-javascript 104.16.133.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.newyork1.vip.townnews.com/heraldcourier.com/shared-content/art/tncms/templates/libraries/flex/components/plugins/resources/scripts/common.08a61544f369cc43bf02e71b2d10d49f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.133.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ddd1991e3d8ce67431989f8cca95743706d110f064ed2b3609041a3f20e50d2c

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:11 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 420074
last-modified: Tue, 10 May 2022 15:14:36 GMT
x-vcache: MISS
server: cloudflare
etag: W/"627a815c-8154"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 79b6fbfb5a8a8fd6-FRA
expires: Thu, 11 May 2023 19:01:42 GMT

GET
H2 200 tnt.7b592b309c8e5e5c3477385b84e8c66d.js Show response
bloximages.newyork1.vip.townnews.com/heraldcourier.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/ 22 KB
6 KB 200ms
24ms Script
application/x-javascript 104.16.133.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.newyork1.vip.townnews.com/heraldcourier.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/tnt.7b592b309c8e5e5c3477385b84e8c66d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.133.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

50846800868a535c1d2befa0b84738e08ac7013dd5628b4a2be94308d2caa1f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:11 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 420074
cross-origin-resource-policy: cross-origin
last-modified: Thu, 19 Jan 2023 22:27:45 GMT
x-vcache: MISS
server: cloudflare
etag: W/"63c9c3e1-5804"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 79b6fbfb5a858fd6-FRA
expires: Wed, 31 Jan 2024 20:01:29 GMT

GET
H2 200 application.ef1ae2cf9d9803199a19b009dc464018.js Show response
bloximages.newyork1.vip.townnews.com/heraldcourier.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/ 4 KB
2 KB 194ms
18ms Script
application/x-javascript 104.16.133.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.newyork1.vip.townnews.com/heraldcourier.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/application.ef1ae2cf9d9803199a19b009dc464018.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.133.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ae6c4eb375a9a08f2c21183d6857943c7762e78c45c185670d4a5cc17fabfb57

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:11 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 405816
cross-origin-resource-policy: cross-origin
last-modified: Thu, 27 Oct 2022 20:59:04 GMT
x-vcache: HIT
server: cloudflare
etag: W/"635af118-114a"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 79b6fbfb5a808fd6-FRA
expires: Wed, 01 Nov 2023 19:02:06 GMT

GET
H2 200 tnt.navigation.accessibility.7a9170240d21440159b9bd59db72933b.js Show response
bloximages.newyork1.vip.townnews.com/heraldcourier.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/ 2 KB
970 B 201ms
25ms Script
application/x-javascript 104.16.133.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.newyork1.vip.townnews.com/heraldcourier.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/tnt.navigation.accessibility.7a9170240d21440159b9bd59db72933b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.133.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

75845ddd51e5f375f7b7aa868937566eb92118d0ee118cd3154db1a95d7b8dd0

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:11 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 420073
last-modified: Thu, 23 Jun 2022 13:40:11 GMT
x-vcache: MISS
server: cloudflare
etag: W/"62b46d3b-9ae"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 79b6fbfb5a868fd6-FRA
expires: Thu, 06 Jul 2023 19:05:38 GMT

GET
H2 200 bootstrap.min.d655407c2beee1a5e5788ed5c20be9d9.css
bloximages.newyork1.vip.townnews.com/heraldcourier.com/shared-content/art/tncms/templates/libraries/flex/components/bootstrap/resources/styles/ 107 KB
18 KB 198ms
24ms Stylesheet
text/css 104.16.133.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.newyork1.vip.townnews.com/heraldcourier.com/shared-content/art/tncms/templates/libraries/flex/components/bootstrap/resources/styles/bootstrap.min.d655407c2beee1a5e5788ed5c20be9d9.css

Requested by

Host: heraldcourier.com
URL: https://heraldcourier.com/events/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.133.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6065cc42cf9789426f27a40563bc5c313b5ed33a7bc384c3ffaa0d047eb93ff2

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:11 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 420074
cross-origin-resource-policy: cross-origin
last-modified: Mon, 21 Nov 2022 16:28:46 GMT
x-vcache: MISS
server: cloudflare
etag: W/"637ba73e-1ac24"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 79b6fbfb5a728fd6-FRA
expires: Wed, 29 Nov 2023 20:01:10 GMT

GET
H2 200 layout.983cb3d9b6baee5a78517d6ad3246133.css
bloximages.newyork1.vip.townnews.com/heraldcourier.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/styles/ 156 KB
28 KB 193ms
18ms Stylesheet
text/css 104.16.133.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.newyork1.vip.townnews.com/heraldcourier.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/styles/layout.983cb3d9b6baee5a78517d6ad3246133.css

Requested by

Host: heraldcourier.com
URL: https://heraldcourier.com/events/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.133.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a0530d918b171d54a81e618816b7da2fb38a0230cc6174531e975df821da9527

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:11 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 420074
cross-origin-resource-policy: cross-origin
last-modified: Thu, 19 Jan 2023 22:32:11 GMT
x-vcache: MISS
server: cloudflare
etag: W/"63c9c4eb-26f89"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 79b6fbfb5a748fd6-FRA
expires: Wed, 24 Jan 2024 20:01:13 GMT

GET
H2 200 lee.ds.css
bloximages.newyork1.vip.townnews.com/heraldcourier.com/content/tncms/live/libraries/flex/components/lee_ds_v3/resources/styles/ 96 KB
17 KB 191ms
17ms Stylesheet
text/css 104.16.133.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.newyork1.vip.townnews.com/heraldcourier.com/content/tncms/live/libraries/flex/components/lee_ds_v3/resources/styles/lee.ds.css?_dc=1676617205

Requested by

Host: heraldcourier.com
URL: https://heraldcourier.com/events/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.133.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

04da122e70371bba47c7c58135bfed4f21d1545c72ba51d8cbc0d43276f834f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:11 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 103643
cross-origin-resource-policy: cross-origin
last-modified: Fri, 17 Feb 2023 07:00:05 GMT
x-vcache: MISS
server: cloudflare
etag: W/"63ef25f5-17f3c"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 79b6fbfb5a778fd6-FRA
expires: Sat, 17 Feb 2024 07:05:24 GMT

GET
H2 200 flex-notification-controls.e115619c5ab5d4eb38fbd29cc0d2ea9b.css
bloximages.newyork1.vip.townnews.com/heraldcourier.com/shared-content/art/tncms/templates/libraries/flex/components/block/resources/styles/ 6 KB
2 KB 188ms
14ms Stylesheet
text/css 104.16.133.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.newyork1.vip.townnews.com/heraldcourier.com/shared-content/art/tncms/templates/libraries/flex/components/block/resources/styles/flex-notification-controls.e115619c5ab5d4eb38fbd29cc0d2ea9b.css

Requested by

Host: heraldcourier.com
URL: https://heraldcourier.com/events/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.133.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4ef0cb2e94b5b79911d8647651823f8c4a39b0f1192bf85b2caa9ce9db3fd7e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:11 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 420074
last-modified: Thu, 21 Jul 2022 21:07:55 GMT
x-vcache: MISS
server: cloudflare
etag: W/"62d9c02b-189c"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 79b6fbfb5a788fd6-FRA
expires: Wed, 26 Jul 2023 08:38:32 GMT

GET
H2 200 cc.js Show response
tags.crwdcntrl.net/c/6894/ 38 KB
12 KB 76ms
23ms Script
application/json 18.64.79.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/c/6894/cc.js?ns=_cc6894
Requested by: Host: heraldcourier.com
URL: https://heraldcourier.com/events/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.64.79.126 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-64-79-126.txl50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5a2f10e09cd6e81eb686dbca9e6056ed485e87d3869bac347455547c294cb036

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 20:45:10 GMT
content-encoding: gzip
via: 1.1 1414bd7a19d3e0731eb4c47589439132.cloudfront.net (CloudFront)
last-modified: Tue, 14 Feb 2023 19:10:09 GMT
server: AmazonS3
x-amz-cf-pop: TXL50-P2
age: 58922
etag: W/"8cd042d9f203fe2e01747c7444f95498"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/json
cache-control: max-age: 86400
x-amz-cf-id: Pz0xIHW4GlYyksE9p9WAhwM7uC8zDPvf4sg8u8pd_wOoXnY_WerYXg==

GET
H2 200 access.js Show response
heraldcourier.com/shared-content/art/tncms/api/ 87 KB
35 KB 91ms
90ms Script
application/x-javascript 192.104.183.109
LEE-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://heraldcourier.com/shared-content/art/tncms/api/access.js
Requested by: Host: heraldcourier.com
URL: https://heraldcourier.com/events/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.104.183.109 , United States, ASN10668 (LEE-ASN, US),
Reverse DNS: cms.newyork1.vip.townnews.com
Software: /
Resource Hash: 955becd6590ca9099279669e95771cf8d4d519ff8643dc8c398b6daaba6061a8

Request headers

Referer: https://heraldcourier.com/events/
Origin: https://heraldcourier.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:06:01 GMT
content-encoding: gzip
last-modified: Fri, 10 Feb 2023 13:56:06 GMT
x-vcache: HIT
age: 69
etag: W/"63e64cf6-15cd7"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=600
accept-ranges: bytes
content-length: 35387
service-worker-allowed: /

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 219 KB
54 KB 78ms
25ms Script
application/javascript 18.64.83.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: heraldcourier.com
URL: https://heraldcourier.com/events/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.64.83.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-64-83-82.txl50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0ea92c04c03d7da0e4608664dfb06b8bcf85ac91e2f58a8b984620247f447cca

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 12:55:09 GMT
content-encoding: gzip
via: 1.1 6ea9fcffa719a56ee2be748a73d37974.cloudfront.net (CloudFront), 1.1 2a449514cebabcf6ab64b86d6a229cfe.cloudfront.net (CloudFront)
last-modified: Wed, 15 Feb 2023 21:28:34 GMT
server: AmazonS3
x-amz-cf-pop: FRA50-C1, TXL50-P2
age: 722
x-amz-server-side-encryption: AES256
etag: W/"0b8b1ce84f37b3852d15570cccfe1752"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-id: _h1Ha94nkhxYAwZOr0fRQgBiFktKYSREDUvbR3CbBU_vpuP79USpDA==

GET
H2 200 heraldcourier.com.js Show response
bloximages.chicago2.vip.townnews.com/leetemplates.com/content/tncms/live/global/resources/scripts/falcon/ 5 KB
1 KB 306ms
133ms Script
application/x-javascript 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.chicago2.vip.townnews.com/leetemplates.com/content/tncms/live/global/resources/scripts/falcon/heraldcourier.com.js?_dc=1676725629

Requested by

Host: heraldcourier.com
URL: https://heraldcourier.com/events/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a99a274df0247ac5794b3cf44042760012a58825a1083a4233d61ff4ec9c8cbf

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:11 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: MISS
cross-origin-resource-policy: cross-origin
last-modified: Sat, 18 Feb 2023 06:01:35 GMT
x-vcache: MISS
server: cloudflare
etag: W/"63f069bf-1589"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 79b6fbfb599a90ae-FRA
expires: Sun, 18 Feb 2024 13:07:11 GMT

GET
H2 200 tnt.notify.a814fe612f2dcba9061edc229aeaf90b.js Show response
bloximages.newyork1.vip.townnews.com/heraldcourier.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/ 3 KB
1 KB 19ms
16ms Script
application/x-javascript 104.16.133.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.newyork1.vip.townnews.com/heraldcourier.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/tnt.notify.a814fe612f2dcba9061edc229aeaf90b.js

Requested by

Host: heraldcourier.com
URL: https://heraldcourier.com/events/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.133.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

15c5217bab15791da899bebeec1b32e57bcd02d20f8847c6440f47ededcdf625

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:11 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 292090
last-modified: Thu, 23 Jun 2022 13:40:09 GMT
x-vcache: MISS
server: cloudflare
etag: W/"62b46d39-db8"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 79b6fbfc4bb28fd6-FRA
expires: Thu, 06 Jul 2023 19:05:38 GMT

GET
H2 200 tnt.notify.panel.bacbeac9a1ca6ee75b79b21a0e2e99f2.js Show response
bloximages.newyork1.vip.townnews.com/heraldcourier.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/ 7 KB
2 KB 19ms
17ms Script
application/x-javascript 104.16.133.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: heraldcourier.com
URL: https://heraldcourier.com/events/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.133.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3b6854831be14d28fdfdb1758ebebe2893bf8e5be5f176b8d3e1b1b0f874d90e

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:11 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 377657
last-modified: Mon, 23 May 2022 19:54:05 GMT
x-vcache: MISS
server: cloudflare
etag: W/"628be65d-1ba0"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 79b6fbfc4bb38fd6-FRA
expires: Wed, 31 May 2023 19:01:23 GMT

GET
H2 200 firebase-app.js Show response
www.gstatic.com/firebasejs/6.6.2/ 11 KB
4 KB 54ms
14ms Script
text/javascript 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/6.6.2/firebase-app.js

Requested by

Host: heraldcourier.com
URL: https://heraldcourier.com/events/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b10a075758097bb0578287af03c76a9fcd82fa4607587109ae41fe2d24756600

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 08:59:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 187688
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3945
x-xss-protection: 0
last-modified: Thu, 19 Sep 2019 21:11:52 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
vary: Accept-Encoding
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 16 Feb 2024 08:59:03 GMT

GET
H2 200 firebase-messaging.js Show response
www.gstatic.com/firebasejs/6.6.2/ 31 KB
9 KB 56ms
16ms Script
text/javascript 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/6.6.2/firebase-messaging.js

Requested by

Host: heraldcourier.com
URL: https://heraldcourier.com/events/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5e55a21dfa3a20ceb298737c8f4c517a83d7960468c7f53b3f33c567bacff3c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 07:55:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 105073
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8653
x-xss-protection: 0
last-modified: Thu, 19 Sep 2019 21:11:54 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
vary: Accept-Encoding
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 17 Feb 2024 07:55:58 GMT

GET
H2 200 messaging.js Show response
heraldcourier.com/shared-content/art/tncms/api/ 4 KB
1 KB 96ms
93ms Script
application/x-javascript 192.104.183.109
LEE-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://heraldcourier.com/shared-content/art/tncms/api/messaging.js
Requested by: Host: heraldcourier.com
URL: https://heraldcourier.com/events/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.104.183.109 , United States, ASN10668 (LEE-ASN, US),
Reverse DNS: cms.newyork1.vip.townnews.com
Software: /
Resource Hash: fe5d23d415187d71dfa026db8852418f98513ef7f7a1c3e1321bc95d6d6a0f5f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/events/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:04:22 GMT
content-encoding: gzip
last-modified: Mon, 13 Feb 2023 15:29:22 GMT
x-vcache: HIT
age: 168
etag: W/"63ea5752-11aa"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=600
accept-ranges: bytes
content-length: 1259
service-worker-allowed: /

GET
H2 200 tnt.ads.adverts.66a3812a7b5c12fde8cd998fd691ad7d.js Show response
bloximages.newyork1.vip.townnews.com/heraldcourier.com/shared-content/art/tncms/templates/libraries/flex/components/ads/resources/scripts/ 200 B
275 B 197ms
24ms Script
application/x-javascript 104.16.133.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.newyork1.vip.townnews.com/heraldcourier.com/shared-content/art/tncms/templates/libraries/flex/components/ads/resources/scripts/tnt.ads.adverts.66a3812a7b5c12fde8cd998fd691ad7d.js

Requested by

Host: heraldcourier.com
URL: https://heraldcourier.com/events/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.133.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0ac4a1580edb443420c38896152a03c80c8fa8e5f1f09853896b810d87309a80

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:11 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 403070
last-modified: Tue, 10 May 2022 15:15:16 GMT
x-vcache: MISS
server: cloudflare
etag: W/"627a8184-c8"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 79b6fbfb5a8c8fd6-FRA
expires: Thu, 25 May 2023 16:23:50 GMT

GET
H2 200 tracking.js Show response
heraldcourier.com/shared-content/art/tncms/ 3 KB
1 KB 91ms
90ms Script
application/x-javascript 192.104.183.109
LEE-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://heraldcourier.com/shared-content/art/tncms/tracking.js
Requested by: Host: heraldcourier.com
URL: https://heraldcourier.com/events/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.104.183.109 , United States, ASN10668 (LEE-ASN, US),
Reverse DNS: cms.newyork1.vip.townnews.com
Software: /
Resource Hash: 18eadbed616a1c6d3afcf2750befa4c653869688479efbfdb0020c7c836d718b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/events/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:05:29 GMT
content-encoding: gzip
last-modified: Mon, 13 Feb 2023 15:29:22 GMT
x-vcache: HIT
age: 101
etag: W/"63ea5752-a4b"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=600
accept-ranges: bytes
content-length: 1149
service-worker-allowed: /

GET
H2 200 prebid7.9.0.js Show response
bloximages.newyork1.vip.townnews.com/heraldcourier.com/content/tncms/live/libraries/flex/components/ads_dfp/resources/scripts/ 197 KB
61 KB 198ms
24ms Script
application/x-javascript 104.16.133.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.newyork1.vip.townnews.com/heraldcourier.com/content/tncms/live/libraries/flex/components/ads_dfp/resources/scripts/prebid7.9.0.js?_dc=1676358004

Requested by

Host: heraldcourier.com
URL: https://heraldcourier.com/events/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.133.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

77b109dd53ec2921d47af5eedcf39cbea8bc92bf8b59a970aa104c5ed2d5b3c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:11 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 317774
cross-origin-resource-policy: cross-origin
last-modified: Tue, 14 Feb 2023 07:00:04 GMT
x-vcache: MISS
server: cloudflare
etag: W/"63eb3174-313f5"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 79b6fbfb5a7e8fd6-FRA
expires: Wed, 14 Feb 2024 07:05:21 GMT

GET
H2 200 lee.common.js Show response
bloximages.newyork1.vip.townnews.com/heraldcourier.com/content/tncms/live/libraries/flex/components/lee_ds_v3/resources/scripts/ 9 KB
3 KB 197ms
24ms Script
application/x-javascript 104.16.133.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.newyork1.vip.townnews.com/heraldcourier.com/content/tncms/live/libraries/flex/components/lee_ds_v3/resources/scripts/lee.common.js?_dc=1676617205

Requested by

Host: heraldcourier.com
URL: https://heraldcourier.com/events/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.133.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

efdffa93d62eb8cdc6420060cefbd4a1b68c8fb1ff6f853c86d6e1d1e0345291

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:11 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 103643
cross-origin-resource-policy: cross-origin
last-modified: Fri, 17 Feb 2023 07:00:05 GMT
x-vcache: MISS
server: cloudflare
etag: W/"63ef25f5-2426"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 79b6fbfb5a898fd6-FRA
expires: Sat, 17 Feb 2024 07:05:14 GMT

GET
H2 200 fontawesome.a7c71fa5a63ad1158170fb2c085be042.js Show response
bloximages.newyork1.vip.townnews.com/heraldcourier.com/shared-content/art/tncms/templates/libraries/flex/components/plugins/resources/scripts/ 264 KB
95 KB 23ms
21ms Script
application/x-javascript 104.16.133.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.newyork1.vip.townnews.com/heraldcourier.com/shared-content/art/tncms/templates/libraries/flex/components/plugins/resources/scripts/fontawesome.a7c71fa5a63ad1158170fb2c085be042.js

Requested by

Host: heraldcourier.com
URL: https://heraldcourier.com/events/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.133.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1ec681300bf92d8a2d7a67a0e7b2dd7651ec4b35e5dcc67f180a4bacd0ed6937

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:11 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 377657
cross-origin-resource-policy: cross-origin
last-modified: Thu, 27 Oct 2022 20:59:18 GMT
x-vcache: MISS
server: cloudflare
etag: W/"635af126-41e71"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 79b6fbfc4bb48fd6-FRA
expires: Sat, 04 Nov 2023 07:50:13 GMT

GET
H2 200 tracker.js Show response
heraldcourier.com/shared-content/art/stats/common/ 9 KB
3 KB 92ms
91ms Script
application/x-javascript 192.104.183.109
LEE-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://heraldcourier.com/shared-content/art/stats/common/tracker.js
Requested by: Host: heraldcourier.com
URL: https://heraldcourier.com/events/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.104.183.109 , United States, ASN10668 (LEE-ASN, US),
Reverse DNS: cms.newyork1.vip.townnews.com
Software: /
Resource Hash: d50881e8cf2ac03741c7c31b98dcabdf91d458ed76766efc511b26a2b796dd0f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/events/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:06:01 GMT
content-encoding: gzip
last-modified: Fri, 27 Jan 2023 15:03:16 GMT
x-vcache: HIT
age: 69
etag: W/"63d3e7b4-2200"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=600
accept-ranges: bytes
content-length: 3224
service-worker-allowed: /

GET
H2 200 e0d66240-6be2-11ec-a380-ff649233b50f.png
bloximages.newyork1.vip.townnews.com/heraldcourier.com/content/tncms/custom/image/ 4 KB
4 KB 17ms
14ms Image
image/webp 104.16.133.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.newyork1.vip.townnews.com/heraldcourier.com/content/tncms/custom/image/e0d66240-6be2-11ec-a380-ff649233b50f.png

Requested by

Host: heraldcourier.com
URL: https://heraldcourier.com/events/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.133.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e88bc41dfc3e11b318a5a3eeeb403b70f98705db64962f4647a3ad2cb9083aa6

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:11 GMT
strict-transport-security: max-age=604800
cf-cache-status: HIT
age: 238283
cf-polished: origFmt=png, origSize=5857
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="e0d66240-6be2-11ec-a380-ff649233b50f.webp"
content-length: 4166
cf-bgj: imgq:85,h2pri
last-modified: Sun, 02 Jan 2022 15:44:32 GMT
server: cloudflare
x-vcache: MISS
etag: "61d1c860-16e1"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 79b6fbfc4bb68fd6-FRA
expires: Fri, 09 Feb 2024 16:48:07 GMT

GET
H2 200 user_no_avatar.82c8fc38eb25dca10493a994ca1bfb90.png
bloximages.newyork1.vip.townnews.com/heraldcourier.com/shared-content/art/tncms/templates/libraries/flex/components/themes/resources/images/ 978 B
1 KB 17ms
15ms Image
image/webp 104.16.133.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.newyork1.vip.townnews.com/heraldcourier.com/shared-content/art/tncms/templates/libraries/flex/components/themes/resources/images/user_no_avatar.82c8fc38eb25dca10493a994ca1bfb90.png

Requested by

Host: heraldcourier.com
URL: https://heraldcourier.com/events/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.133.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6b96eb73da5fe3c20e4507bf752917f6d7978be8881c1dea934db282b028407d

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:11 GMT
strict-transport-security: max-age=604800
cf-cache-status: HIT
age: 420072
cf-polished: origFmt=png, origSize=3610
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="user_no_avatar.webp"
content-length: 978
cf-bgj: imgq:85,h2pri
last-modified: Thu, 02 Apr 2015 21:53:54 GMT
server: cloudflare
x-vcache: MISS
etag: "551dba72-e1a"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 79b6fbfc4bb78fd6-FRA
expires: Thu, 21 Dec 2023 20:45:43 GMT

GET
H2 200 logo-tagline.png
bloximages.newyork1.vip.townnews.com/heraldcourier.com/content/tncms/live/libraries/flex/components/lee_ds_v3/resources/images/ 5 KB
5 KB 15ms
14ms Image
image/webp 104.16.133.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.newyork1.vip.townnews.com/heraldcourier.com/content/tncms/live/libraries/flex/components/lee_ds_v3/resources/images/logo-tagline.png?_dc=1676617205

Requested by

Host: heraldcourier.com
URL: https://heraldcourier.com/events/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.133.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3c01c1e199879f8b72679cc4d402684ba9e88c21b633547adbae6ba03a617fdc

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:11 GMT
strict-transport-security: max-age=604800
cf-cache-status: HIT
age: 103642
cf-polished: origFmt=png, origSize=10949
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="logo-tagline.webp"
content-length: 5302
cf-bgj: imgq:85,h2pri
last-modified: Fri, 17 Feb 2023 07:00:05 GMT
server: cloudflare
x-vcache: MISS
etag: "63ef25f5-2ac5"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 79b6fbfc4bb98fd6-FRA
expires: Sat, 17 Feb 2024 07:06:20 GMT

GET
H2

200

evvnt_discovery_plugin_s.js Show response
discovery.evvnt.com/prd/current/
Redirect Chain

https://production-evvnt-plugin-herokuapp-com.global.ssl.fastly.net/evvnt_discovery_plugin_s.js
https://discovery.evvnt.com/prd/current/evvnt_discovery_plugin_s.js

9 KB
9 KB

308ms
22ms

Script
application/javascript

2600:9000:225a:1600:18:a82e:7180:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://discovery.evvnt.com/prd/current/evvnt_discovery_plugin_s.js
Requested by: Host: heraldcourier.com
URL: https://heraldcourier.com/events/
Protocol: H2
Server: 2600:9000:225a:1600:18:a82e:7180:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e57156482b6fe5729d7cffc6972caaa36c8a6a9c58e2c0a15de912e2e2acc6a4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 05:59:51 GMT
via: 1.1 2f927b8fefe61ec7dd1d6dda3df37d18.cloudfront.net (CloudFront)
last-modified: Wed, 01 Feb 2023 20:19:42 GMT
server: AmazonS3
x-amz-cf-pop: TXL50-P1
age: 30010
x-amz-server-side-encryption: AES256
etag: "59b2b15820751c9b49459d56014060ec"
x-cache: Hit from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 9198
x-amz-cf-id: K_wBD1UnjVeuFNp-caPcnvzGd6bGK-Trq4pk3inYStj88Ln36oNp6Q==

Redirect headers

X-Served-By: cache-fra-eddf8230050-FRA
Date: Sat, 18 Feb 2023 13:07:11 GMT
Via: 1.1 varnish
Server: Varnish
X-Timer: S1676725631.442313,VS0,VE1
X-Cache: HIT
Location: https://discovery.evvnt.com/prd/current/evvnt_discovery_plugin_s.js
Connection: close
Accept-Ranges: bytes
Content-Length: 0
Retry-After: 0
X-Cache-Hits: 0

GET
H2 200 op.js Show response
tagan.adlightning.com/leeenterprises/ 46 KB
18 KB 64ms
8ms Script
application/javascript 18.66.147.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/leeenterprises/op.js
Requested by: Host: heraldcourier.com
URL: https://heraldcourier.com/events/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-43.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 08f083955dcbcd8927a2e4053e5cd8dcde76d2dcbb7dbb72316281de67e4146e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-amz-version-id: 7QZuF1D6K3RaNrMAt8OhDQ.edjzolbWC
content-encoding: gzip
via: 1.1 ed7f977b6d983a16331e3fe3f4764e9a.cloudfront.net (CloudFront)
date: Sat, 18 Feb 2023 12:34:18 GMT
x-amz-cf-pop: FRA60-P4
age: 1978
x-cache: Hit from cloudfront
content-length: 18144
x-amz-meta-git_commit: f140f48
last-modified: Fri, 17 Feb 2023 16:32:52 GMT
server: AmazonS3
etag: "7e180abe4617a95944636ce3051bdf24"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600
accept-ranges: bytes
x-amz-cf-id: 5Pa5pkRFE3C-L-Uy5bnJaTPB_RdgM3u78TDka6jUaCUEpLWq3h-5VQ==

GET
H2 200 sticky-kit.cd42d35abf643b0a78798fe03bf6bc83.js Show response
bloximages.newyork1.vip.townnews.com/heraldcourier.com/shared-content/art/tncms/templates/libraries/flex/components/plugins/resources/scripts/ 4 KB
2 KB 107ms
103ms Script
application/x-javascript 104.16.133.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.newyork1.vip.townnews.com/heraldcourier.com/shared-content/art/tncms/templates/libraries/flex/components/plugins/resources/scripts/sticky-kit.cd42d35abf643b0a78798fe03bf6bc83.js

Requested by

Host: heraldcourier.com
URL: https://heraldcourier.com/events/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.133.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c66013cda2311853afac3fb10ca1e7bec5f583d26cfd6eaf8a2a87a610072d05

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:11 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
cross-origin-resource-policy: cross-origin
last-modified: Fri, 13 Jan 2023 15:38:32 GMT
x-vcache: MISS
server: cloudflare
etag: W/"63c17af8-1008"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 79b6fbfc4bac8fd6-FRA
expires: Sun, 14 Jan 2024 06:20:26 GMT

GET
H2 200 tnt.regions.b44801b45845a81b995eeaad12f4f276.js Show response
bloximages.newyork1.vip.townnews.com/heraldcourier.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/ 4 KB
2 KB 105ms
101ms Script
application/x-javascript 104.16.133.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.newyork1.vip.townnews.com/heraldcourier.com/shared-content/art/tncms/templates/libraries/flex/components/template/resources/scripts/tnt.regions.b44801b45845a81b995eeaad12f4f276.js

Requested by

Host: heraldcourier.com
URL: https://heraldcourier.com/events/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.133.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

39d6835ee4b7c5b33295b8e6ca78c56ce6fbcf44d80e79d218d528a2453fb185

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:11 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 20 Jun 2022 13:22:52 GMT
x-vcache: MISS
server: cloudflare
etag: W/"62b074ac-1015"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 79b6fbfc4bad8fd6-FRA
expires: Wed, 21 Jun 2023 19:01:52 GMT

GET
H2 200 heraldcourier.com.js Show response
bloximages.newyork1.vip.townnews.com/heraldcourier.com/content/tncms/live/libraries/flex/components/ads_dfp/resources/scripts/pb-config/ 1 KB
529 B 16ms
12ms Script
application/x-javascript 104.16.133.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.newyork1.vip.townnews.com/heraldcourier.com/content/tncms/live/libraries/flex/components/ads_dfp/resources/scripts/pb-config/heraldcourier.com.js?_dc=1676358004

Requested by

Host: heraldcourier.com
URL: https://heraldcourier.com/events/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.133.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

76460f1cd530a92dcb3d35468233b10d40dcb0ea7595aceb225104e63c3b78bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:11 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 292090
cross-origin-resource-policy: cross-origin
last-modified: Tue, 14 Feb 2023 07:00:04 GMT
x-vcache: MISS
server: cloudflare
etag: W/"63eb3174-5b9"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 79b6fbfc4baf8fd6-FRA
expires: Wed, 14 Feb 2024 07:05:22 GMT

GET
H2 200 dfp.lazy.pbjs.js Show response
bloximages.newyork1.vip.townnews.com/heraldcourier.com/content/tncms/live/libraries/flex/components/ads_dfp/resources/scripts/ 17 KB
4 KB 20ms
17ms Script
application/x-javascript 104.16.133.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://bloximages.newyork1.vip.townnews.com/heraldcourier.com/content/tncms/live/libraries/flex/components/ads_dfp/resources/scripts/dfp.lazy.pbjs.js?_dc=1676358004

Requested by

Host: heraldcourier.com
URL: https://heraldcourier.com/events/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.133.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1e9c3fe0bb7e27e1fef2af1cae6a8924b40d3240418da5d484c65c00dae8f10a

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:11 GMT
strict-transport-security: max-age=604800
content-encoding: br
cf-cache-status: HIT
age: 292090
cross-origin-resource-policy: cross-origin
last-modified: Tue, 14 Feb 2023 07:00:04 GMT
x-vcache: MISS
server: cloudflare
etag: W/"63eb3174-447d"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-robots-tag: noarchive
cf-ray: 79b6fbfc4bb08fd6-FRA
expires: Wed, 14 Feb 2024 07:05:22 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 204 KB
69 KB 89ms
37ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PDQV3N

Requested by

Host: heraldcourier.com
URL: https://heraldcourier.com/events/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1d6ba21eb3d5b2c887d33147cc23bb28a33d792df797c6344025f4cc2305d6cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:11 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 70166
x-xss-protection: 0
last-modified: Sat, 18 Feb 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 18 Feb 2023 13:07:11 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 76 KB
26 KB 155ms
73ms Script
text/javascript 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: heraldcourier.com
URL: https://heraldcourier.com/events/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7819f79f10384f92390fe76fc0c7a399613211a2ac6935f144c66e79fffcac16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26547
x-xss-protection: 0
server: sffe
etag: "1486 / 139 of 1000 / last-modified: 1676675218"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 18 Feb 2023 13:07:11 GMT

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 74ms
34ms XHR
application/javascript 18.64.83.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.64.83.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-64-83-82.txl50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-amz-version-id: pfXD8LfbTWwWYbVa8nASYbe6_QUldhGN
content-encoding: gzip
via: 1.1 086613b3103277577d231678b44747c2.cloudfront.net (CloudFront)
date: Sat, 18 Feb 2023 13:07:11 GMT
x-amz-cf-pop: TXL50-P2
age: 45856
x-cache: Hit from cloudfront
last-modified: Wed, 15 Feb 2023 23:43:01 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: F5QZW1JLvNi2-QVDM-40o5sB0QnfNRibqo7AMw5WcT9c-xuLiQAXHA==

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ 604 B
963 B 37ms
36ms XHR
application/json 18.64.83.82
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=3266&u=https%3A%2F%2Fheraldcourier.com
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.64.83.82 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-64-83-82.txl50.r.cloudfront.net
Software: Server /
Resource Hash: cf978cd2cd49124c75e624c0483aff4dbaa0ee91b1861362b1c7504a4963db9c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 07:23:56 GMT
via: 1.1 2a449514cebabcf6ab64b86d6a229cfe.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: TXL50-P2
age: 20595
x-cache: Hit from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://heraldcourier.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
content-length: 604
x-amz-cf-id: rlEF_Y-1PovfjDIwgWvDdQM8F92-fFzhbnag3C9IpfN7O9G7sHbQKA==

GET
H2 200 id5-api.js Show response
cdn.id5-sync.com/api/1.0/ 58 KB
17 KB 54ms
15ms Script
text/javascript 2606:4700:10::6816:3556
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/id5-api.js

Requested by

Host: heraldcourier.com
URL: https://heraldcourier.com/events/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3556 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

05e77dab19940dd457e00282837faecc886434cc8cc5f631575a5e6c386de774

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:11 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 13 Feb 2023 11:21:55 GMT
server: cloudflare
x-amz-request-id: 096K3226QDY3KGD8
age: 3191
etag: W/"7586740695219e27c1483ac351f18884"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 79b6fbfc88dcbb83-FRA
x-amz-id-2: era4u+9xJ3DV9FOuPQL4pVQhoUtc57Bv4W0UTfUT0Mb/QzJFBhIdV3+z6hzoUFB2ECdEsEMBN1o=

POST
H2 200 recordVendorsLoaded Show response
prod.us-east-1.cxm-bcn.publisher-services.amazon.dev/v1/ 0
456 B 110ms
110ms XHR
text/plain 107.21.165.221
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://prod.us-east-1.cxm-bcn.publisher-services.amazon.dev/v1/recordVendorsLoaded
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 107.21.165.221 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-107-21-165-221.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://heraldcourier.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: *
date: Sat, 18 Feb 2023 13:07:11 GMT
content-length: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers

OPTIONS
H2 200 recordVendorsLoaded
prod.us-east-1.cxm-bcn.publisher-services.amazon.dev/v1/ Frame 0
0 349ms
109ms Preflight 107.21.165.221
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://prod.us-east-1.cxm-bcn.publisher-services.amazon.dev/v1/recordVendorsLoaded
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 107.21.165.221 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-107-21-165-221.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://heraldcourier.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 1800
allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
content-length: 0
date: Sat, 18 Feb 2023 13:07:11 GMT
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

GET
H2 200 tracker.gif
heraldcourier.com/shared-content/art/stats/common/ 0
145 B 90ms
90ms Image
image/gif 192.104.183.109
LEE-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://heraldcourier.com/shared-content/art/stats/common/tracker.gif?tnms_rs=1600x1200x24&tnms_vtum=1&tnms_vt=1&tnms_vid=1676725631402160012001215594330395&tnms_dt=Events%20%7C%20heraldcourier.com&tnms_upage=1&tnms_do=heraldcourier.com&tnms_uri=/events/&tnms_ref=&rt=1676725631413
Requested by: Host: heraldcourier.com
URL: https://heraldcourier.com/events/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.104.183.109 , United States, ASN10668 (LEE-ASN, US),
Reverse DNS: cms.newyork1.vip.townnews.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/events/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:11 GMT
last-modified: Thu, 16 Oct 2008 20:11:25 GMT
x-vcache: MISS
age: 0
etag: "48f79fed-0"
content-type: image/gif
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 0

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 487 KB
117 KB 103ms
63ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TDWDC2

Requested by

Host: heraldcourier.com
URL: https://heraldcourier.com/events/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

24d150212652bfb57b7e6097d2f565bc5661ecaea2395d02bff94418c88c0fca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:11 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 119348
x-xss-protection: 0
last-modified: Sat, 18 Feb 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 18 Feb 2023 13:07:11 GMT

GET
H2 200 b-f140f48-7586382c.js Show response
tagan.adlightning.com/leeenterprises/ 80 KB
30 KB 13ms
11ms Script
application/javascript 18.66.147.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/leeenterprises/b-f140f48-7586382c.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-43.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b5aa611eb8a0c13f6d491ae88a0e08a706124319137c61e79974dd3488136bd1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 08 Feb 2023 22:17:14 GMT
content-encoding: gzip
via: 1.1 ed7f977b6d983a16331e3fe3f4764e9a.cloudfront.net (CloudFront)
x-amz-version-id: UtkghUTWgSLZyDEEFWZrJ8z1CoE_I..N
x-amz-cf-pop: FRA60-P4
age: 830998
x-cache: Hit from cloudfront
content-length: 29866
x-amz-meta-git_commit: f140f48
last-modified: Tue, 24 Jan 2023 18:42:08 GMT
server: AmazonS3
etag: "79fd9040c7076a5f94fad513504e92b9"
content-type: application/javascript
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: 7ay3VdUp_Ft6jl0z4TdP9k-qLarJBknIayPsbvnOpc4_nt0pywwT_g==

GET
H2 200 bl-89d2da9-0d55cb90.js Show response
tagan.adlightning.com/leeenterprises/ 49 KB
21 KB 14ms
12ms Script
application/javascript 18.66.147.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/leeenterprises/bl-89d2da9-0d55cb90.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-43.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e64b65e1b953db51b5245c3584a96a7f86b14aef7f398c608d15f8158366dc0a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 16:33:28 GMT
content-encoding: gzip
via: 1.1 ed7f977b6d983a16331e3fe3f4764e9a.cloudfront.net (CloudFront)
x-amz-version-id: ui_mgCTGLDNSyNVJf0wHEgrlg5sHThFH
x-amz-cf-pop: FRA60-P4
age: 74024
x-cache: Hit from cloudfront
content-length: 20932
x-amz-meta-git_commit: 89d2da9
last-modified: Fri, 17 Feb 2023 16:32:29 GMT
server: AmazonS3
etag: "262fa62b5069c3ac58e88e223efb8bfd"
content-type: application/javascript
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: NDqW6Qn1mf8X3WnnEjFsrFhGEyQoM1U3FdiIM_YGGPWATjrNbjRu8A==

GET
H/1.1 200 v1 Show response
lb.eu-1-id5-sync.com/lb/ 33 B
404 B 65ms
17ms XHR
application/json 162.19.138.82
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://lb.eu-1-id5-sync.com/lb/v1

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.82 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31532337.ip-162-19-138.eu

Software

Resource Hash

3f42cacce3a454d68e0637b3133c0a5cf83033992e397d9a62f028c055a47fc0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://heraldcourier.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://heraldcourier.com
date: Sat, 18 Feb 2023 13:07:10 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding: chunked
content-type: application/json;charset=UTF-8

POST
H/1.1 200 914.json Show response
id5-sync.com/g/v2/ 216 B
627 B 63ms
16ms XHR
application/json 162.19.138.119
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/914.json

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.119 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31533570.ip-162-19-138.eu

Software

Resource Hash

f0a6793243270c269d68f1ee038ab75f0442d135221c816813072528181d5970

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://heraldcourier.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://heraldcourier.com
date: Sat, 18 Feb 2023 13:07:11 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding: chunked
content-type: application/json;charset=UTF-8

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 54ms
14ms Script
text/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PDQV3N

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 18 Feb 2023 12:14:50 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 3141
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20085
expires: Sat, 18 Feb 2023 14:14:50 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 119 KB
44 KB 24ms
23ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5MTD44X&l=dataLayer

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PDQV3N

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

014471ef4f0edf6797f805ec44876170e35262af4c803cf01d0547bb9eb65592

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:11 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44834
x-xss-protection: 0
last-modified: Sat, 18 Feb 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 18 Feb 2023 13:07:11 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 168 KB
59 KB 24ms
23ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WXMV2VZ&l=dataLayer

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PDQV3N

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

896c1dc476a4fc98cf092728d8b469404903c0dd408137e52688795efb4a827d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:11 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 59879
x-xss-protection: 0
last-modified: Sat, 18 Feb 2023 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 18 Feb 2023 13:07:11 GMT

GET
H2 200 pubads_impl_2023021501.js Show response
securepubads.g.doubleclick.net/gpt/ 383 KB
129 KB 30ms
29ms Script
text/javascript 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023021501.js?cb=31072498

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

21383a108fc0f4840b90610def8622f8af1fde2c2833693d61a1f91c075d25d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 08:15:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 190305
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 132205
x-xss-protection: 0
last-modified: Wed, 15 Feb 2023 09:35:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 16 Feb 2024 08:15:26 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 726 B
372 B 126ms
65ms XHR
application/json 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=heraldcourier.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b0d4e0e17cfac7816e2db61a4950921f77f7175c91976df687b9a398568364b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:11 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 347
x-xss-protection: 0
expires: Sat, 18 Feb 2023 13:07:11 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 106 KB
28 KB 49ms
17ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: heraldcourier.com
URL: https://heraldcourier.com/events/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

dca9b6afcb6c37d6a32456973fe5f2986a348a70d11774e102de6fc420992a19

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sat, 18 Feb 2023 13:07:11 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27843
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: eSgRLriwUibfQhW/BamRFd3k1FFPs/lTPUJRGuN1RuY/zEjY7ESVc1FTgIoIbS07c0YxLG+A5nG2sn7qZFs2Hg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 686109401
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2

200

ml.br.js Show response
js.matheranalytics.com/static/ltm/ma1527/lee/5/
Redirect Chain

https://js.matheranalytics.com/s/ma1527/725149306/lee/ml.js?cb=1617
https://js.matheranalytics.com/static/ltm/ma1527/lee/5/ml.br.js

145 KB
42 KB

16ms
16ms

Script
application/x-javascript

107.178.250.234
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://js.matheranalytics.com/static/ltm/ma1527/lee/5/ml.br.js
Requested by: Host: heraldcourier.com
URL: https://heraldcourier.com/events/
Protocol: H2
Server: 107.178.250.234 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 234.250.178.107.bc.googleusercontent.com
Software: nginx /
Resource Hash: 8e69c64655718315422d63e22bc7dddaacd2fe1e1ceb20a6758287a76b9c6f66

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 07:14:12 GMT
content-encoding: br
via: 1.1 google
last-modified: Wed, 04 Aug 2021 03:52:13 GMT
server: nginx
age: 21179
etag: "96d23de5d1ede166c2abc188adf1ebd7"
vary: Accept-Encoding
x-cache: HIT Sun, 18 Dec 2022 05:52:27 GMT
content-type: application/x-javascript
cache-control: public,max-age=3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43093

Redirect headers

date: Sat, 18 Feb 2023 13:07:11 GMT
via: 1.1 google
server: nginx
vary: Accept-Encoding
location: https://js.matheranalytics.com/static/ltm/ma1527/lee/5/ml.br.js
cache-control: public, max-age=269200
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-served-by: 8-gc-euwest1-xgfw0968

GET
H2 200 a-058n.min.js Show response
b-code.liadm.com/ 34 KB
12 KB 226ms
27ms Script
application/javascript 2600:9000:20e8:9c00:8:8845:1500:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://b-code.liadm.com/a-058n.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TDWDC2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20e8:9c00:8:8845:1500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: a3e134243a1a63046eac3d8a5eb137cca6252efcf0148618e987ededfb643e54

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 16:47:33 GMT
content-encoding: gzip
via: 1.1 3a415eca835d78c74f508f31b6bbdaf0.cloudfront.net (CloudFront)
x-amz-cf-pop: TXL52-C1
age: 73179
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: "public, max-age=86400"
x-amz-cf-id: v01Gbkj9XZXXQ4-lKGcgEWG42xGUiIvs0hydr2Ks0n_6cR0uLqvsPw==

GET
H/1.1

200
OK

iframe Show response
d1eoo1tco6rr5e.cloudfront.net/nebsjkp/21usqg2/ Frame 9160
Redirect Chain

https://insight.adsrvr.org/tags/nebsjkp/21usqg2/iframe
https://d1eoo1tco6rr5e.cloudfront.net/nebsjkp/21usqg2/iframe

138 B
668 B

109ms
22ms

Document
text/html

18.66.22.149
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1eoo1tco6rr5e.cloudfront.net/nebsjkp/21usqg2/iframe
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TDWDC2
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.22.149 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-22-149.vie50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3f7d4fce911e0a58ed4224b9f65d90a98d8bb7b76d25ad2610485b9baaa1d447

Request headers

Referer: https://heraldcourier.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Age: 63267
Cache-Control: max-age=86400
Connection: keep-alive
Content-Length: 138
Content-Type: text/html
Date: Fri, 17 Feb 2023 19:32:46 GMT
ETag: "50351b1f6590b5c4886c111874e016a0"
Last-Modified: Fri, 01 Oct 2021 23:50:10 GMT
Server: AmazonS3
Via: 1.1 19d23243200e63f987eb95cd84ad557c.cloudfront.net (CloudFront)
X-Amz-Cf-Id: Tqt5bTkNfW9XW1zNOLFJVPmGaUAujMaKxLhhh1XdyY0f6mvcd6IZgA==
X-Amz-Cf-Pop: VIE50-P1
X-Cache: Hit from cloudfront
x-amz-server-side-encryption: AES256

Redirect headers

content-length: 183
content-type: text/html; charset=UTF-8
date: Sat, 18 Feb 2023 13:07:11 GMT
location: https://d1eoo1tco6rr5e.cloudfront.net/nebsjkp/21usqg2/iframe
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET

GET
H2 200 5b5dc540-ca6c-013a-51e3-0cc47a8ffaac Show response
tag.simpli.fi/sifitag/ 3 KB
4 KB 86ms
17ms Script
application/javascript 34.90.79.92
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.simpli.fi/sifitag/5b5dc540-ca6c-013a-51e3-0cc47a8ffaac

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TDWDC2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

34.90.79.92 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

92.79.90.34.bc.googleusercontent.com

Software

Resource Hash

57f295553fdda2a7f1ee0e5dab92d82f2bace1df0a781117dee1cb06eacbf891

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache, no-cache
date: Sat, 18 Feb 2023 13:07:11 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=0, private, must-revalidate, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 3099
x-request-id: F0TtFBnZSjDckszWZDuB
expires: Thu, 01 Jan 1970 00:00:00 GMT, Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 219 KB
76 KB 30ms
30ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-F8FFLLVDEZ&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TDWDC2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

24750b4aeeabac169847e57565841c9ff8926d4163e7ef88f7683aeea1c9e39c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:11 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 78059
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 18 Feb 2023 13:07:11 GMT

GET
H/1.1

200
OK

c
trkn.us/pixel/
Redirect Chain

https://trkn.us/pixel/c?ppt=19160&g=sitewide&gid=44455&cv1=heraldcourier.com&ord=1120453751
https://trkn.us/pixel/c?ppt=19160&g=sitewide&gid=44455&cv1=heraldcourier.com&ord=1120453751&ip=37.58.58.246&cuidchk=1

42 B
780 B

152ms
152ms

Image
image/gif

18.235.197.156
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trkn.us/pixel/c?ppt=19160&g=sitewide&gid=44455&cv1=heraldcourier.com&ord=1120453751&ip=37.58.58.246&cuidchk=1

Requested by

Host: heraldcourier.com
URL: https://heraldcourier.com/events/

Protocol

HTTP/1.1

Server

18.235.197.156 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-235-197-156.compute-1.amazonaws.com

Software

Apache /

Resource Hash

b2c78c910f5ea29e3a9d223dabc203c055c8708b1fe7d83788b490638126db4d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 18 Feb 2023 13:07:12 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sun, 9 Nov 1980 12:59:00 GMT
Server: Apache
Content-Type: image/gif
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Connection: keep-alive
Content-Length: 42
Expires: Sun, 9 Nov 1980 12:58:00 GMT

Redirect headers

Date: Sat, 18 Feb 2023 13:07:12 GMT
X-Content-Type-Options: nosniff
Server: Apache
Content-Type: text/html; charset=UTF-8
Location: /pixel/c?ppt=19160&g=sitewide&gid=44455&cv1=heraldcourier.com&ord=1120453751&ip=37.58.58.246&cuidchk=1
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Connection: keep-alive
Content-Length: 0

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 222 KB
77 KB 34ms
33ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-S5LKEZJN96&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PDQV3N

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3d1882a2a2f10224d4b3adcab4dc1cb38892e41de42999500b39489d12d013f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:11 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 79021
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 18 Feb 2023 13:07:11 GMT

GET
H2 200 eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9 Show response
discoverevvnt.com/framed/ Frame FCA9 279 KB
21 KB 143ms
112ms Document
text/html 2600:9000:2156:dc00:3:1a27:3000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
Requested by: Host: production-evvnt-plugin-herokuapp-com.global.ssl.fastly.net
URL: https://production-evvnt-plugin-herokuapp-com.global.ssl.fastly.net/evvnt_discovery_plugin_s.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:dc00:3:1a27:3000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx / Next.js
Resource Hash: 41136d12a8234a8f0b26348376eb19994f908380ef4d86ed9c5e40cfaf8d1225

Request headers

Referer: https://heraldcourier.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 40
cache-control: public, s-maxage=120, max-age=120
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Sat, 18 Feb 2023 13:06:31 GMT
etag: "jesylkwa4j6489"
server: nginx
vary: Accept-Encoding
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
x-amz-cf-id: nGVf0Y5VPHgJVBSj1_GSwse8s8YUcH-bVW5dx-otZepsmlBaz9f6jA==
x-amz-cf-pop: FRA50-C1
x-cache: Hit from cloudfront
x-powered-by: Next.js

GET
H2 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
1 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 12:07:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3594
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 859
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sat, 18 Feb 2023 13:07:17 GMT

POST
H2 200 publisher:getClientId Show response
ampcid.google.com/v1/ 74 B
440 B 168ms
52ms XHR
application/json 2a00:1450:400d:805::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ampcid.google.com/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:805::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://heraldcourier.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 18 Feb 2023 13:07:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://heraldcourier.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 94
x-xss-protection: 0

GET
H2 200 bid Show response
aax-dtb-cf.amazon-adsystem.com/e/dtb/ 64 B
501 B 126ms
54ms XHR
text/javascript 99.86.3.236
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax-dtb-cf.amazon-adsystem.com/e/dtb/bid?src=3266&u=https%3A%2F%2Fheraldcourier.com%2Fevents%2F&pid=AcIgPRPkTH7bg&cb=0&ws=1600x1200&v=23.210.317&t=2000&slots=%5B%7B%22sd%22%3A%22fixed-big-ad-top%22%2C%22s%22%3A%5B%22300x600%22%2C%22300x250%22%5D%2C%22sn%22%3A%22%2F8438%2Fheraldcourier.com%2Fevents%22%7D%5D&pj=%7B%22sections%22%3A%22events%22%7D&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.3.236 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-3-236.fra6.r.cloudfront.net

Software

Server /

Resource Hash

d278491b1de51ad826d16be5ab27b1746999c02d45200f107218427e34eed798

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:11 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 25c6baf0a31a5ef699c1e219b25ce7b8.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA6-C1
x-amz-rid: 8QETVEMXQ241BPGNQNV9
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://heraldcourier.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 64
x-amz-cf-id: j18KIQ6f-Icp4nHk8I82z4pwQZIkELeDczskb4P5-NUeb3tsqRWe4g==

GET
H2 200 bid Show response
aax-dtb-cf.amazon-adsystem.com/e/dtb/ 64 B
502 B 125ms
54ms XHR
text/javascript 99.86.3.236
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax-dtb-cf.amazon-adsystem.com/e/dtb/bid?src=3266&u=https%3A%2F%2Fheraldcourier.com%2Fevents%2F&pid=AcIgPRPkTH7bg&cb=1&ws=1600x1200&v=23.210.317&t=2000&slots=%5B%7B%22sd%22%3A%22fixed-big-ad-middle%22%2C%22s%22%3A%5B%22300x600%22%2C%22300x250%22%5D%2C%22sn%22%3A%22%2F8438%2Fheraldcourier.com%2Fevents%22%7D%5D&pj=%7B%22sections%22%3A%22events%22%7D&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.3.236 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-3-236.fra6.r.cloudfront.net

Software

Server /

Resource Hash

8db22950b3f47f686f4bad6b6d21386f03a4b0b24320c6715436424e41dcda09

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:11 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 25c6baf0a31a5ef699c1e219b25ce7b8.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA6-C1
x-amz-rid: 1NGKS842N9MNBJ7YFRP7
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://heraldcourier.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 64
x-amz-cf-id: PHLO1hdfoPViNbpnZYcIBF-0JoNQJHOKAn0hgC-FrxdHDeQ8RmQUyg==

GET
H2 200 bid Show response
aax-dtb-cf.amazon-adsystem.com/e/dtb/ 64 B
503 B 122ms
53ms XHR
text/javascript 99.86.3.236
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax-dtb-cf.amazon-adsystem.com/e/dtb/bid?src=3266&u=https%3A%2F%2Fheraldcourier.com%2Fevents%2F&pid=AcIgPRPkTH7bg&cb=2&ws=1600x1200&v=23.210.317&t=2000&slots=%5B%7B%22sd%22%3A%22fixed-big-ad-bottom%22%2C%22s%22%3A%5B%22300x600%22%2C%22300x250%22%5D%2C%22sn%22%3A%22%2F8438%2Fheraldcourier.com%2Fevents%22%7D%5D&pj=%7B%22sections%22%3A%22events%22%7D&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.3.236 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-3-236.fra6.r.cloudfront.net

Software

Server /

Resource Hash

f0fe7e69e970311a87c3b57b217e6fc19f0a65b25813ad64426169712f61e402

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:11 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 25c6baf0a31a5ef699c1e219b25ce7b8.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA6-C1
x-amz-rid: DW8PY9K8E9NZ734N1R1F
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://heraldcourier.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 64
x-amz-cf-id: po6Ox4IlDambqYo49n_MCEepJv7Ytb9zU7ogbB8qZmV3iSkvTqCThg==

GET
H2 200 analytics.min.js Show response
cdn.segment.com/analytics.js/v1/YNwPRuYDOjrAr7O9PCSVIw1QoK0Oimn6/ 103 KB
28 KB 86ms
23ms Script
text/javascript 99.84.144.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/analytics.js/v1/YNwPRuYDOjrAr7O9PCSVIw1QoK0Oimn6/analytics.min.js
Requested by: Host: heraldcourier.com
URL: https://heraldcourier.com/events/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.144.128 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-144-128.txl52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0141bdce01833d9d5834faec8e6c165c1b517b7fd38135b03256746e077f42f1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-amz-version-id: DhwMCicOTjFmrSMDfb1W_9z6WrnbX6aP
content-encoding: br
via: 1.1 df792ea3bbbe656e2f5c7b61aa85cc46.cloudfront.net (CloudFront)
date: Sat, 18 Feb 2023 13:06:18 GMT
x-amz-cf-pop: TXL52-C1
age: 59
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Fri, 27 Jan 2023 01:45:28 GMT
server: AmazonS3
etag: W/"6fa54b9dfee01312ed24b273144b9b38"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=120
vary: Accept-Encoding
x-amz-cf-id: wR3Ips0UQX0AWl7izasDjJbXt4xMN-kYSu9L5CLKU4gIx-AHFY2PnA==

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 217 KB
76 KB 23ms
23ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-4T2EB147B8&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WXMV2VZ&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c56091b08349df8b8fdf88559812eb8ad0d9096a87b9df4c807edcad281fb65e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:11 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 77777
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 18 Feb 2023 13:07:11 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
531 B 92ms
34ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=heraldcourier.com

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 144ms
54ms Script
application/javascript 2a00:1450:400d:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=heraldcourier.com

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:808::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 38 KB
14 KB 97ms
97ms XHR
text/plain 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=229723355828661&correlator=2499856305098052&eid=31072498%2C31072519%2C31068366&output=ldjh&gdfp_req=1&vrg=2023021501&ptt=17&impl=fif&iu_parts=8438%2Cheraldcourier.com%2Cevents&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=2x1&ifi=1&adks=871191745&didk=2287489771&sfv=1-0-40&prev_scp=pos%3Dfixed-impact-top%2Catf%26inview%3Dtrue%26density%3Dstandard%26lee_group%3D9%26lee_hours%3D13%26lee_day%3D6&eri=1&cust_params=amznbid%3D0%26amznp%3D0%26k%3Dbristol%2520herald%2520courier%2520-%2520tricities%26sub%3Dno%26page%3Dindex%252Capp-editorial%252Cmd_screen%26browser%3DChrome&sc=1&cookie_enabled=1&abxe=1&dt=1676725631930&lmt=1676725629&dlt=1676725631074&idt=781&adxs=799&adys=0&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fheraldcourier.com%2Fevents%2F&frm=20&vis=1&psz=1600x1&msz=1600x1&fws=4&ohw=1600&ga_vid=953626299.1676725632&ga_sid=1676725632&ga_hid=933029470&ga_fc=false&a3p=EjQKCnB1YmNpZC5vcmcSJDcxMTM4NjU5LTg0NDQtNGFmYS05YjI4LTdhN2M1NDI5YWUzZlgB

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023021501.js?cb=31072498

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

12d0922275e45cf947a923693c22b104c17fadc0c10b4c8babfdd265e35534c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:12 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13820
x-xss-protection: 0
google-lineitem-id: 6213406515
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138423189785
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://heraldcourier.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 28 KB
12 KB 100ms
100ms XHR
text/plain 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=229723355828661&correlator=294675643767644&eid=31072498%2C31072519%2C31068366&output=ldjh&gdfp_req=1&vrg=2023021501&ptt=17&impl=fif&iu_parts=8438%2Cheraldcourier.com%2Cevents&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=5x1&ifi=2&adks=2808368745&didk=2851316612&sfv=1-0-40&prev_scp=pos%3Dmembers-impact%2Catf%26inview%3Dtrue%26density%3Dstandard%26lee_group%3D8%26lee_hours%3D13%26lee_day%3D6&eri=1&cust_params=k%3Dbristol%2520herald%2520courier%2520-%2520tricities%26sub%3Dno%26page%3Dindex%252Capp-editorial%252Cmd_screen%26browser%3DChrome&sc=1&cookie_enabled=1&abxe=1&dt=1676725631942&lmt=1676725629&dlt=1676725631074&idt=781&adxs=798&adys=2486&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fheraldcourier.com%2Fevents%2F&frm=20&vis=1&psz=1600x1&msz=1600x1&fws=4&ohw=1600&ga_vid=953626299.1676725632&ga_sid=1676725632&ga_hid=933029470&ga_fc=false&a3p=EjQKCnB1YmNpZC5vcmcSJDcxMTM4NjU5LTg0NDQtNGFmYS05YjI4LTdhN2M1NDI5YWUzZlgB

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023021501.js?cb=31072498

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

294ede7ed934e23552a8d251025ef006c63f456a52740b8fd0e9f4041ff5d3d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:12 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11875
x-xss-protection: 0
google-lineitem-id: 6200392009
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138419515133
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://heraldcourier.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
41c489be1c6100234d9199d69a77f8e1.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 271D 6 KB
3 KB 114ms
24ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://41c489be1c6100234d9199d69a77f8e1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023021501.js?cb=31072498

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://heraldcourier.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 18 Feb 2023 13:07:12 GMT
expires: Sun, 18 Feb 2024 13:07:12 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 204 collect
region1.analytics.google.com/g/ 0
246 B 58ms
19ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-F8FFLLVDEZ&gtm=45je32f0&_p=933029470&_gaz=1&cid=953626299.1676725632&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&uid=0&sid=1676725631&sct=1&seg=0&dl=https%3A%2F%2Fheraldcourier.com%2Fevents%2F&dt=Events%20%7C%20heraldcourier.com&en=page_view&_fv=1&_ss=1&ep.asset_flag_array=false&ep.asset_tag_array=false&ep.domain=heraldcourier.com&ep.page_type=index&ep.platform=desktop&ep.application=editorial&ep.byline=Undefined&ep.syndication_domain=null&ep.blox_sections=events&ep.url_fragment=&ep.author=Undefined&ep.eedition_view_type=Page%20View&ep.asset_app=editorial&ep.asset_has_paywall=notset&ep.ad_breaks=undefined&ep.asset_has_video=no&up.user_status=anonymous&up.user_subscription=No&up.user_ppid=&up.user_uuid=false&up.user_subscription_date=false&up.user_id=false
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-F8FFLLVDEZ&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:12 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://heraldcourier.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
246 B 64ms
24ms Ping
text/plain 2a00:1450:4025:402::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-F8FFLLVDEZ&cid=953626299.1676725632&gtm=45je32f0&aip=1&uid=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-F8FFLLVDEZ&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4025:402::9d Den Helder, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:12 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://heraldcourier.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 161ms
65ms Image
image/gif 2a00:1450:400d:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-F8FFLLVDEZ&cid=953626299.1676725632&gtm=45je32f0&aip=1&uid=0&z=725867400

Requested by

Host: heraldcourier.com
URL: https://heraldcourier.com/events/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:12 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 29ms
20ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-S5LKEZJN96&gtm=45je32f0&_p=933029470&_gaz=1&cid=953626299.1676725632&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&uid=0&sid=1676725632&sct=1&seg=0&dl=https%3A%2F%2Fheraldcourier.com%2Fevents%2F&dt=Events%20%7C%20heraldcourier.com&en=page_view&_fv=1&_ss=1&ep.domain=heraldcourier.com&ep.asset_flag_array=false&ep.asset_tag_array=false&ep.author=Undefined&ep.blox_sections=events&ep.byline=Undefined&ep.asset_has_paywall=notset&ep.page_type=index&ep.url_fragment=&ep.url_fragment_tncms=&ep.blox_skin=flex-editorial&ep.blox_platform=desktop&ep.eedtion_view_type=Page%20View&ep.syndication_domain=null&ep.ad_breaks=undefined&ep.asset_has_video=no&up.user_status=anonymous&up.user_subscription=No&up.user_ppid=&up.user_uuid=false&up.user_subscription_date=false&up.user_id=false
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-S5LKEZJN96&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:12 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://heraldcourier.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
45 B 34ms
25ms Ping
text/plain 2a00:1450:4025:402::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-S5LKEZJN96&cid=953626299.1676725632&gtm=45je32f0&aip=1&uid=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-S5LKEZJN96&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4025:402::9d Den Helder, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:12 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://heraldcourier.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 130ms
65ms Image
image/gif 2a00:1450:400d:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-S5LKEZJN96&cid=953626299.1676725632&gtm=45je32f0&aip=1&uid=0&z=1151943546

Requested by

Host: heraldcourier.com
URL: https://heraldcourier.com/events/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:12 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 identity.js Show response
connect.facebook.net/signals/plugins/ 64 KB
20 KB 19ms
17ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/plugins/identity.js?v=2.9.96

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

7e86f52cb0d423805ec541a4bccae5156a01fbe36355e6d798a450593212651f

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sat, 18 Feb 2023 13:07:12 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 20722
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: DmCuvUuNooeQ3kmH1X+qvrhORDYH6Dhi2ensp1V50jnbSxn7Lmi7BfzfVZG+rIbnTohnntVtn57DVUdWNsq3MQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 686109401
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 961211893969940 Show response
connect.facebook.net/signals/config/ 383 KB
109 KB 24ms
22ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/961211893969940?v=2.9.96&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c8ded6ccd9339f592300c049f31675ce57c198758282e3d9f44a0f833d7eef6f

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sat, 18 Feb 2023 13:07:12 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 111298
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: Yv7AaFAXLEL7Tz7ycDpKvolyFbxNYfBD+ipwC71fsrmGuxpL+SnpCyGFe91qOFxDAPbLyGy9MlFodjp27SUxvg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 686109401
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 df4a2b07043d23d9.css
discoverevvnt.com/_next/static/css/ Frame FCA9 22 KB
6 KB 14ms
9ms Stylesheet
text/css 2600:9000:2156:dc00:3:1a27:3000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://discoverevvnt.com/_next/static/css/df4a2b07043d23d9.css
Requested by: Host: discoverevvnt.com
URL: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:dc00:3:1a27:3000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 7c6dab5e24a365754f98da70e1f6a2331dc97298ac80b972a42202ec3ac6cf63

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 20:13:17 GMT
content-encoding: gzip
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
last-modified: Wed, 01 Feb 2023 20:09:38 GMT
server: nginx
x-amz-cf-pop: FRA50-C1
age: 1443235
etag: W/"59aa-1860e995fd0"
x-cache-status: MISS
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-amz-cf-id: UmVfIPgHjM0Myxl4zT1M9Rs6DrL4RQvs8RuKaedp0f8a3kBdu-fmQA==

GET
H2 200 a5d5a951a09a4668.css
discoverevvnt.com/_next/static/css/ Frame FCA9 11 KB
5 KB 29ms
25ms Stylesheet
text/css 2600:9000:2156:dc00:3:1a27:3000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://discoverevvnt.com/_next/static/css/a5d5a951a09a4668.css
Requested by: Host: discoverevvnt.com
URL: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:dc00:3:1a27:3000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b114f9424fdb8c527389a985891aa1fb2a00fa2d7bc5965bbd15da2898669748

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 20:13:19 GMT
content-encoding: gzip
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
last-modified: Wed, 01 Feb 2023 20:09:38 GMT
server: nginx
x-amz-cf-pop: FRA50-C1
age: 1443233
etag: W/"2a33-1860e995fd0"
x-cache-status: MISS
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-amz-cf-id: iDF--_WQIKKXQgwLOQjkvA47mLTcM_duwvMNLJLXMBW2kNAf5KRA1g==

GET
H2 200 webpack-0989aefc3f0f8de4.js Show response
discoverevvnt.com/_next/static/chunks/ Frame FCA9 5 KB
2 KB 33ms
23ms Script
application/javascript 2600:9000:2156:dc00:3:1a27:3000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://discoverevvnt.com/_next/static/chunks/webpack-0989aefc3f0f8de4.js
Requested by: Host: discoverevvnt.com
URL: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:dc00:3:1a27:3000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: d1aa273c0ee242971b93ab49be5a7031a50c6a5f0a7feaf85d48b2a88c88bc0f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 20:13:17 GMT
content-encoding: gzip
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
last-modified: Wed, 01 Feb 2023 20:09:38 GMT
server: nginx
x-amz-cf-pop: FRA50-C1
age: 1443235
etag: W/"1247-1860e995fd0"
x-cache-status: MISS
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-amz-cf-id: KzJV5-NIuAkAAIvdVfIgTYPWt91WZKcJ8T_owpL-1dt1qWhDejTnmQ==

GET
H2 200 framework-82797a600c079ab5.js Show response
discoverevvnt.com/_next/static/chunks/ Frame FCA9 146 KB
46 KB 19ms
11ms Script
application/javascript 2600:9000:2156:dc00:3:1a27:3000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://discoverevvnt.com/_next/static/chunks/framework-82797a600c079ab5.js
Requested by: Host: discoverevvnt.com
URL: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:dc00:3:1a27:3000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 4312f8be523f008e4cf5bab4a8cf5c27226c3fa96a3445721414a5f01877c341

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 20:13:17 GMT
content-encoding: gzip
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
last-modified: Wed, 01 Feb 2023 20:09:38 GMT
server: nginx
x-amz-cf-pop: FRA50-C1
age: 1443235
etag: W/"2476b-1860e995fd0"
x-cache-status: MISS
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-amz-cf-id: fhbvRJxffXPr6UDwvEOe7VVdkJaN8FKw3DuGGdEEmaTg_uziYC3anQ==

GET
H2 200 main-9c8e3d471c1e00ef.js Show response
discoverevvnt.com/_next/static/chunks/ Frame FCA9 102 KB
30 KB 46ms
39ms Script
application/javascript 2600:9000:2156:dc00:3:1a27:3000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://discoverevvnt.com/_next/static/chunks/main-9c8e3d471c1e00ef.js
Requested by: Host: discoverevvnt.com
URL: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:dc00:3:1a27:3000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 43613d11a1a3d9cbf63eefcd0a580b7cbda021341e3e5c8e6cb18d7295fce5fa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 20:13:17 GMT
content-encoding: gzip
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
last-modified: Wed, 01 Feb 2023 20:09:38 GMT
server: nginx
x-amz-cf-pop: FRA50-C1
age: 1443235
etag: W/"19831-1860e995fd0"
x-cache-status: MISS
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-amz-cf-id: WCkfhfVxmSyZcdEsjbJV7okx-Z-3d-M2boNQOM8FUmCShP7mymnaQw==

GET
H2 200 _app-c5703692ca286a78.js Show response
discoverevvnt.com/_next/static/chunks/pages/ Frame FCA9 191 KB
54 KB 25ms
19ms Script
application/javascript 2600:9000:2156:dc00:3:1a27:3000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://discoverevvnt.com/_next/static/chunks/pages/_app-c5703692ca286a78.js
Requested by: Host: discoverevvnt.com
URL: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:dc00:3:1a27:3000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 8f10b18a828c92cb984a7657902bfbcde5164f711e6f2259b643d5270f707a9b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 20:13:17 GMT
content-encoding: gzip
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
last-modified: Wed, 01 Feb 2023 20:09:38 GMT
server: nginx
x-amz-cf-pop: FRA50-C1
age: 1443235
etag: W/"2fae2-1860e995fd0"
x-cache-status: MISS
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-amz-cf-id: hHJ0mcjhs4gErCA3C7zDRI_Tz_yZnLDgia2ig0U49cSj2HenMZD8eA==

GET
H2 200 1bfc9850-f950538c123c6591.js Show response
discoverevvnt.com/_next/static/chunks/ Frame FCA9 9 KB
4 KB 22ms
17ms Script
application/javascript 2600:9000:2156:dc00:3:1a27:3000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://discoverevvnt.com/_next/static/chunks/1bfc9850-f950538c123c6591.js
Requested by: Host: discoverevvnt.com
URL: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:dc00:3:1a27:3000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e944a914e383f02545bf944ec9101376e4d994314f24fee3c7a1de3514b4e607

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 20:13:18 GMT
content-encoding: gzip
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
last-modified: Wed, 01 Feb 2023 20:09:38 GMT
server: nginx
x-amz-cf-pop: FRA50-C1
age: 1443234
etag: W/"22de-1860e995fd0"
x-cache-status: MISS
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-amz-cf-id: 9fRtdj6_5rI7DCx9MWvVamUTFeu5gdAbHod3y6NE5F0E895ehoXQvQ==

GET
H2 200 31664189-5f2edb0504eba589.js Show response
discoverevvnt.com/_next/static/chunks/ Frame FCA9 751 B
822 B 29ms
24ms Script
application/javascript 2600:9000:2156:dc00:3:1a27:3000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://discoverevvnt.com/_next/static/chunks/31664189-5f2edb0504eba589.js
Requested by: Host: discoverevvnt.com
URL: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:dc00:3:1a27:3000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: f952a1fe704128514be74b5b604c76cd16a7e3ca6ad98e085b706615095d5df6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 20:13:17 GMT
content-encoding: gzip
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
last-modified: Wed, 01 Feb 2023 20:09:38 GMT
server: nginx
x-amz-cf-pop: FRA50-C1
age: 1443235
etag: W/"2ef-1860e995fd0"
x-cache-status: MISS
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-amz-cf-id: Ll0TnsV5fNOWpK9vTwlnJU63yvAXd6wIzKf5ACIyVnVWUMZEorgQbQ==

GET
H2 200 1a48c3c1-cadff9d467a49434.js Show response
discoverevvnt.com/_next/static/chunks/ Frame FCA9 1 KB
870 B 14ms
10ms Script
application/javascript 2600:9000:2156:dc00:3:1a27:3000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://discoverevvnt.com/_next/static/chunks/1a48c3c1-cadff9d467a49434.js
Requested by: Host: discoverevvnt.com
URL: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:dc00:3:1a27:3000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 5d92118fd0963536b7b24ae9e32fa37c641f39fbf8eb5d6914b3847bab1c6886

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 20:13:19 GMT
content-encoding: gzip
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
last-modified: Wed, 01 Feb 2023 20:09:38 GMT
server: nginx
x-amz-cf-pop: FRA50-C1
age: 1443233
etag: W/"4b0-1860e995fd0"
x-cache-status: MISS
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-amz-cf-id: -nMHzAZjIRJ88WIL-RYvH97b5COymJqUmwnLm-BbTUhqPjhc4l5tMg==

GET
H2 200 732-8f03002267b58af2.js Show response
discoverevvnt.com/_next/static/chunks/ Frame FCA9 14 KB
6 KB 34ms
31ms Script
application/javascript 2600:9000:2156:dc00:3:1a27:3000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://discoverevvnt.com/_next/static/chunks/732-8f03002267b58af2.js
Requested by: Host: discoverevvnt.com
URL: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:dc00:3:1a27:3000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: c3b88d51fd2ba23c4f8f4cb478d890f29e69bf4650d80cbf5dd965598d1a2672

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 20:13:18 GMT
content-encoding: gzip
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
last-modified: Wed, 01 Feb 2023 20:09:38 GMT
server: nginx
x-amz-cf-pop: FRA50-C1
age: 1443234
etag: W/"3702-1860e995fd0"
x-cache-status: MISS
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-amz-cf-id: FA1XS98l3wREcZ_eIZ0kcMhitgr9AO3gwv-mWy8pRnNdwzuSuQA_bA==

GET
H2 200 69-9f06103b3238adf1.js Show response
discoverevvnt.com/_next/static/chunks/ Frame FCA9 23 KB
8 KB 35ms
31ms Script
application/javascript 2600:9000:2156:dc00:3:1a27:3000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://discoverevvnt.com/_next/static/chunks/69-9f06103b3238adf1.js
Requested by: Host: discoverevvnt.com
URL: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:dc00:3:1a27:3000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b0497f7b6ae4836433dccd92ba8024973d29274d2b85a1bb8bfe4e54588554bd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 20:13:18 GMT
content-encoding: gzip
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
last-modified: Wed, 01 Feb 2023 20:09:38 GMT
server: nginx
x-amz-cf-pop: FRA50-C1
age: 1443234
etag: W/"5d09-1860e995fd0"
x-cache-status: MISS
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-amz-cf-id: acZMyioHX-QdEBjSINDIyCvuBU3WdyieOeJGes9UegNEPYCJjmHbag==

GET
H2 200 466-ad5c81de637e87da.js Show response
discoverevvnt.com/_next/static/chunks/ Frame FCA9 11 KB
4 KB 21ms
17ms Script
application/javascript 2600:9000:2156:dc00:3:1a27:3000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://discoverevvnt.com/_next/static/chunks/466-ad5c81de637e87da.js
Requested by: Host: discoverevvnt.com
URL: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:dc00:3:1a27:3000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 54c8f488622b0f1842523649772d086030574152f9e35e560c3843da1394fa98

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 20:13:19 GMT
content-encoding: gzip
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
last-modified: Wed, 01 Feb 2023 20:09:38 GMT
server: nginx
x-amz-cf-pop: FRA50-C1
age: 1443233
etag: W/"2d1c-1860e995fd0"
x-cache-status: MISS
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-amz-cf-id: gals8BTFTMzJD7XxdyFiyAwKiqH2gdyk4Emu8lh7L_Di0Qtv_y0ZIA==

GET
H2 200 315-4b8b4cb94f5a6212.js Show response
discoverevvnt.com/_next/static/chunks/ Frame FCA9 41 KB
10 KB 27ms
24ms Script
application/javascript 2600:9000:2156:dc00:3:1a27:3000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://discoverevvnt.com/_next/static/chunks/315-4b8b4cb94f5a6212.js
Requested by: Host: discoverevvnt.com
URL: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:dc00:3:1a27:3000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: c7170236eabd1a63431385ef4ab9506414a486b2681298d32aaa21a95b6662d8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 20:13:19 GMT
content-encoding: gzip
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
last-modified: Wed, 01 Feb 2023 20:09:38 GMT
server: nginx
x-amz-cf-pop: FRA50-C1
age: 1443233
etag: W/"a34c-1860e995fd0"
x-cache-status: MISS
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-amz-cf-id: rpJkLvVakRFj-e4VfvhHvJIqu2s8ZbdwwnbRZBtA08bYZG-e0r7sYQ==

GET
H2 200 231-1a107564d2b5e154.js Show response
discoverevvnt.com/_next/static/chunks/ Frame FCA9 89 KB
26 KB 27ms
24ms Script
application/javascript 2600:9000:2156:dc00:3:1a27:3000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://discoverevvnt.com/_next/static/chunks/231-1a107564d2b5e154.js
Requested by: Host: discoverevvnt.com
URL: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:dc00:3:1a27:3000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 7f77cb3abcc9e7e1d7c4afdaa2a570d93e3da667b5a756fc11965e67e4afce39

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 20:13:19 GMT
content-encoding: gzip
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
last-modified: Wed, 01 Feb 2023 20:09:38 GMT
server: nginx
x-amz-cf-pop: FRA50-C1
age: 1443233
etag: W/"1630b-1860e995fd0"
x-cache-status: MISS
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-amz-cf-id: 1AyuQL3MaRViqWSvApKOOEm818Ot56FRJOgdHSLLUYvNJCK2v9wDXw==

GET
H2 200 135-4164ef6fa7b8fca1.js Show response
discoverevvnt.com/_next/static/chunks/ Frame FCA9 17 KB
5 KB 29ms
27ms Script
application/javascript 2600:9000:2156:dc00:3:1a27:3000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://discoverevvnt.com/_next/static/chunks/135-4164ef6fa7b8fca1.js
Requested by: Host: discoverevvnt.com
URL: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:dc00:3:1a27:3000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: dd64fa064fff6110955db412db38ccc11d8932c72dcd539f896abe5a8baa545b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 20:13:17 GMT
content-encoding: gzip
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
last-modified: Wed, 01 Feb 2023 20:09:38 GMT
server: nginx
x-amz-cf-pop: FRA50-C1
age: 1443235
etag: W/"4460-1860e995fd0"
x-cache-status: HIT
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-amz-cf-id: w8CyNaTg0RoQ3wRVAxKlutZv7ITSWAtk5g6gjMyqqaRHgupqihrCVA==

GET
H2 200 426-6f8f4400bc1f8b5b.js Show response
discoverevvnt.com/_next/static/chunks/ Frame FCA9 19 KB
5 KB 29ms
26ms Script
application/javascript 2600:9000:2156:dc00:3:1a27:3000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://discoverevvnt.com/_next/static/chunks/426-6f8f4400bc1f8b5b.js
Requested by: Host: discoverevvnt.com
URL: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:dc00:3:1a27:3000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 97595f68d03773d26ec486217153a57a1586997f3037dd0cee81c81daeb2f9b0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 20:13:17 GMT
content-encoding: gzip
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
last-modified: Wed, 01 Feb 2023 20:09:38 GMT
server: nginx
x-amz-cf-pop: FRA50-C1
age: 1443235
etag: W/"4cc6-1860e995fd0"
x-cache-status: HIT
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-amz-cf-id: J07-R8MAHO9TY7RSuFHjbaF9__sZj7gebcrG1iKY6ijEyCqw8QQFiA==

GET
H2 200 622-f215f215b1c22be8.js Show response
discoverevvnt.com/_next/static/chunks/ Frame FCA9 11 KB
4 KB 30ms
27ms Script
application/javascript 2600:9000:2156:dc00:3:1a27:3000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://discoverevvnt.com/_next/static/chunks/622-f215f215b1c22be8.js
Requested by: Host: discoverevvnt.com
URL: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:dc00:3:1a27:3000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 5bd36d9675e56608f9a362a1877871e38db0b6c19ccc23bf945ff3664b5711d3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 20:13:18 GMT
content-encoding: gzip
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
last-modified: Wed, 01 Feb 2023 20:09:38 GMT
server: nginx
x-amz-cf-pop: FRA50-C1
age: 1443234
etag: W/"2b69-1860e995fd0"
x-cache-status: MISS
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-amz-cf-id: nIzxD0YVf8SwPCprqQysVqqFqvEr6ncExDes5mVCWOzTi9kTw_a6Nw==

GET
H2 200 777-7e71c05e4e1c4306.js Show response
discoverevvnt.com/_next/static/chunks/ Frame FCA9 24 KB
7 KB 27ms
25ms Script
application/javascript 2600:9000:2156:dc00:3:1a27:3000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://discoverevvnt.com/_next/static/chunks/777-7e71c05e4e1c4306.js
Requested by: Host: discoverevvnt.com
URL: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:dc00:3:1a27:3000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 464a67cf67eb3fac71c631b9e21cce7d09235133353211c4bf70f74ca354c633

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 20:13:19 GMT
content-encoding: gzip
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
last-modified: Wed, 01 Feb 2023 20:09:38 GMT
server: nginx
x-amz-cf-pop: FRA50-C1
age: 1443233
etag: W/"6182-1860e995fd0"
x-cache-status: MISS
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-amz-cf-id: PjxALwb_AY1prnVZNifjId1YmKd3GHFY5iCpX5ETHfdC0wETFHcS_w==

GET
H2 200 689-6564fcc3e61d743e.js Show response
discoverevvnt.com/_next/static/chunks/ Frame FCA9 14 KB
5 KB 27ms
25ms Script
application/javascript 2600:9000:2156:dc00:3:1a27:3000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://discoverevvnt.com/_next/static/chunks/689-6564fcc3e61d743e.js
Requested by: Host: discoverevvnt.com
URL: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:dc00:3:1a27:3000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 7e9b3347c55ad7ba6474224616b723a62208017f4919f8d407b788b44b863291

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 20:13:19 GMT
content-encoding: gzip
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
last-modified: Wed, 01 Feb 2023 20:09:38 GMT
server: nginx
x-amz-cf-pop: FRA50-C1
age: 1443233
etag: W/"380a-1860e995fd0"
x-cache-status: HIT
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-amz-cf-id: dPXfhU9Nb3TTyKBfu14Z4rNx6x-0CG9b1BZ_pI0xtIbLTvVxEmF0DA==

GET
H2 200 %5BframeConfig%5D-e2921fce0645c277.js Show response
discoverevvnt.com/_next/static/chunks/pages/framed/ Frame FCA9 959 B
988 B 27ms
25ms Script
application/javascript 2600:9000:2156:dc00:3:1a27:3000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://discoverevvnt.com/_next/static/chunks/pages/framed/%5BframeConfig%5D-e2921fce0645c277.js
Requested by: Host: discoverevvnt.com
URL: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:dc00:3:1a27:3000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: ee561806ee0911d1a435191c5d32ac742b7cf1c7df3eda243deaae86413a8115

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 20:13:19 GMT
content-encoding: gzip
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
last-modified: Wed, 01 Feb 2023 20:09:38 GMT
server: nginx
x-amz-cf-pop: FRA50-C1
age: 1443233
etag: W/"3bf-1860e995fd0"
x-cache-status: MISS
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-amz-cf-id: 9adS5XGgSPAvn7O3TzDyuGPFCppsJMlA_YPS7YI2zme-qrE5bmKUQw==

GET
H2 200 _buildManifest.js Show response
discoverevvnt.com/_next/static/MzbaZObQXhib9hrwwO70f/ Frame FCA9 2 KB
1 KB 27ms
25ms Script
application/javascript 2600:9000:2156:dc00:3:1a27:3000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://discoverevvnt.com/_next/static/MzbaZObQXhib9hrwwO70f/_buildManifest.js
Requested by: Host: discoverevvnt.com
URL: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:dc00:3:1a27:3000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 4c3f6d2e5b1499f932aeb8c814690f92f46adb5b243233aed726e864f4c4c4d8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 20:13:17 GMT
content-encoding: gzip
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
last-modified: Wed, 01 Feb 2023 20:09:38 GMT
server: nginx
x-amz-cf-pop: FRA50-C1
age: 1443235
etag: W/"9c5-1860e995fd0"
x-cache-status: HIT
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-amz-cf-id: Zw8QPHnchBKcrixuI--hoypqXhRoTUgbB2Kei7C0eS2KkxLqx3OqXg==

GET
H2 200 _ssgManifest.js Show response
discoverevvnt.com/_next/static/MzbaZObQXhib9hrwwO70f/ Frame FCA9 77 B
454 B 30ms
28ms Script
application/javascript 2600:9000:2156:dc00:3:1a27:3000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://discoverevvnt.com/_next/static/MzbaZObQXhib9hrwwO70f/_ssgManifest.js
Requested by: Host: discoverevvnt.com
URL: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:dc00:3:1a27:3000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 20:13:17 GMT
content-encoding: gzip
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
last-modified: Wed, 01 Feb 2023 20:09:38 GMT
server: nginx
x-amz-cf-pop: FRA50-C1
age: 1443235
etag: W/"4d-1860e995fd0"
x-cache-status: HIT
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-amz-cf-id: enob_UIqzbKt-HIO5QQDjxe2tOfyUkFIdLAS5Y2uK2pd0tJ4SJUwZQ==

POST
H2 200 publisher:getClientId Show response
ampcid.google.de/v1/ 3 B
94 B 94ms
57ms XHR
application/json 2a00:1450:400d:805::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ampcid.google.de/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:805::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://heraldcourier.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 18 Feb 2023 13:07:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://heraldcourier.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23
x-xss-protection: 0

POST
H2 200 auction Show response
bidder.newspassid.com/openrtb2/ 120 B
330 B 817ms
496ms XHR
application/json 3.211.193.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.newspassid.com/openrtb2/auction
Requested by: Host: bloximages.newyork1.vip.townnews.com
URL: https://bloximages.newyork1.vip.townnews.com/heraldcourier.com/content/tncms/live/libraries/flex/components/ads_dfp/resources/scripts/prebid7.9.0.js?_dc=1676358004
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.211.193.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-193-175.compute-1.amazonaws.com
Software: /
Resource Hash: bef73709f366984ed2c4d084d8fb00122475d339bcd5684f2d08c7a6641940b4

Request headers

Referer: https://heraldcourier.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:12 GMT
vary: Origin
content-type: application/json
access-control-allow-origin: https://heraldcourier.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 120
expires: 0

POST
H2 200 auction Show response
bidder.newspassid.com/openrtb2/ 120 B
330 B 695ms
378ms XHR
application/json 3.211.193.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.newspassid.com/openrtb2/auction
Requested by: Host: bloximages.newyork1.vip.townnews.com
URL: https://bloximages.newyork1.vip.townnews.com/heraldcourier.com/content/tncms/live/libraries/flex/components/ads_dfp/resources/scripts/prebid7.9.0.js?_dc=1676358004
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.211.193.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-193-175.compute-1.amazonaws.com
Software: /
Resource Hash: 75dc2b698501c1060b0b0323fe32dbbb6f1bec20a6a297d28f2061da1b97715c

Request headers

Referer: https://heraldcourier.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:12 GMT
vary: Origin
content-type: application/json
access-control-allow-origin: https://heraldcourier.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 120
expires: 0

POST
H2 200 auction Show response
bidder.newspassid.com/openrtb2/ 120 B
331 B 685ms
373ms XHR
application/json 3.211.193.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.newspassid.com/openrtb2/auction
Requested by: Host: bloximages.newyork1.vip.townnews.com
URL: https://bloximages.newyork1.vip.townnews.com/heraldcourier.com/content/tncms/live/libraries/flex/components/ads_dfp/resources/scripts/prebid7.9.0.js?_dc=1676358004
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.211.193.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-193-175.compute-1.amazonaws.com
Software: /
Resource Hash: 88add35a1f61abc2862a550be60a0c490327159be61a67e09f2db059f80678f3

Request headers

Referer: https://heraldcourier.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:12 GMT
vary: Origin
content-type: application/json
access-control-allow-origin: https://heraldcourier.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 120
expires: 0

GET
H2 200 /
insight.adsrvr.org/track/pxl/ Frame 9160 70 B
260 B 35ms
34ms Image
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://insight.adsrvr.org/track/pxl/?adv=nebsjkp&ct=0:21usqg2&fmt=3
Requested by: Host: d1eoo1tco6rr5e.cloudfront.net
URL: https://d1eoo1tco6rr5e.cloudfront.net/nebsjkp/21usqg2/iframe
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d1eoo1tco6rr5e.cloudfront.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Sat, 18 Feb 2023 13:07:12 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1 200
OK uid2SecureSignal.js Show response
cdn.prod.uidapi.com/ 2 KB
2 KB 120ms
38ms Script
text/javascript 2600:9000:2050:3600:a:e047:752:5701
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.prod.uidapi.com/uid2SecureSignal.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2050:3600:a:e047:752:5701 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 71fc1599035adc6bc34df2117b8631285905f97737ba730af28644ee6a0d8dde

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Fri, 17 Feb 2023 17:26:10 GMT
Via: 1.1 a3c3236fb9c392e8c5978c750d2f8308.cloudfront.net (CloudFront)
Last-Modified: Mon, 23 Jan 2023 04:07:36 GMT
Server: AmazonS3
X-Amz-Cf-Pop: BUD50-C1
Age: 70863
ETag: "aded621b17723f487b3c9d0e43cf2f94"
x-amz-server-side-encryption: AES256
X-Cache: Hit from cloudfront
Content-Type: text/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1859
X-Amz-Cf-Id: cyfPGp00e6913MEjlQjKiGna_9NyZlYdTbxUXiPU7BC4ZCtTsBXGJg==

GET
H2 200 esp.js Show response
cdn.id5-sync.com/api/1.0/ 58 KB
17 KB 16ms
15ms Script
text/javascript 2606:4700:10::6816:3556
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/esp.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3556 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5b1546ae8f493de03b1ca99f9f955a20785679be18625354b363f2f8311f421b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:12 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 13 Feb 2023 11:21:55 GMT
server: cloudflare
x-amz-request-id: 6MMRD07QTTVY5WE3
age: 1990
etag: W/"b988c8d91b8a22dcd50f129d3a9d67f1"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 79b6fc00a812bb83-FRA
x-amz-id-2: 2raq5Jnx6oAX0Ycps1Kzff9dKV6lHrZYj85JjHi2+p+G7SpeSO3d8BOABFEkDiqsZaTPahc5GGY=

GET
H2 200 pubcid.min.js Show response
cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/ 732 B
1 KB 34ms
14ms Script
application/javascript 2606:4700::6810:5614
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 26312
x-jsd-version: master
content-encoding: br
x-cache: MISS, MISS
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra-eddf8230064-FRA, cache-yyz4527-YYZ
x-jsd-version-type: branch
server: cloudflare
etag: W/"2dc-IrZxm/sP4aqtIfs1EfEw6Dg5q1Y"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uMzFchgPXxe%2B3EScZSnG6PFOiUUm3uCzkDstsh3%2BRNunessB48W0qqYYIZ0ToVCSh0pL87RI2UqXqDrBD10Tbyjt%2FiRR06bEc%2FmwW8DYJb4dCS%2Bk0Xc09Ir3QODDgBueAZb8AGs7mZ4rieQTkZk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 79b6fc00ce91362b-FRA

GET
H2 200 b-f140f48-7586382c.js Show response
tagan.adlightning.com/leeenterprises/ Frame 3A2F 80 KB
30 KB 10ms
9ms Script
application/javascript 18.66.147.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/leeenterprises/b-f140f48-7586382c.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-43.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b5aa611eb8a0c13f6d491ae88a0e08a706124319137c61e79974dd3488136bd1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 08 Feb 2023 22:17:14 GMT
content-encoding: gzip
via: 1.1 ed7f977b6d983a16331e3fe3f4764e9a.cloudfront.net (CloudFront)
x-amz-version-id: UtkghUTWgSLZyDEEFWZrJ8z1CoE_I..N
x-amz-cf-pop: FRA60-P4
age: 830999
x-cache: Hit from cloudfront
content-length: 29866
x-amz-meta-git_commit: f140f48
last-modified: Tue, 24 Jan 2023 18:42:08 GMT
server: AmazonS3
etag: "79fd9040c7076a5f94fad513504e92b9"
content-type: application/javascript
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: rGnC2thyP923TmHkZ5Ha_gjswIE7ssq1yzbTLYTxFXQXwu_xOjGHZw==

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3A2F 156 KB
48 KB 93ms
32ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a85af52452417453ae5ced98aa54a149925de2155e823234dce588c331d11aa0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48814
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1676465787912926"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 18 Feb 2023 13:07:12 GMT

GET
H2 200 b-f140f48-7586382c.js Show response
tagan.adlightning.com/leeenterprises/ Frame 4322 80 KB
30 KB 11ms
9ms Script
application/javascript 18.66.147.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/leeenterprises/b-f140f48-7586382c.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-43.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b5aa611eb8a0c13f6d491ae88a0e08a706124319137c61e79974dd3488136bd1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 08 Feb 2023 22:17:14 GMT
content-encoding: gzip
via: 1.1 ed7f977b6d983a16331e3fe3f4764e9a.cloudfront.net (CloudFront)
x-amz-version-id: UtkghUTWgSLZyDEEFWZrJ8z1CoE_I..N
x-amz-cf-pop: FRA60-P4
age: 830999
x-cache: Hit from cloudfront
content-length: 29866
x-amz-meta-git_commit: f140f48
last-modified: Tue, 24 Jan 2023 18:42:08 GMT
server: AmazonS3
etag: "79fd9040c7076a5f94fad513504e92b9"
content-type: application/javascript
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: fJpuQEhy7MfsHK754nyl22eAEB_cX4_q_mMKUF9WNcY4HbyaKYxlGw==

GET
H2 200 1302754139587063337
tpc.googlesyndication.com/simgad/ Frame 4322 295 KB
295 KB 77ms
19ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/1302754139587063337?

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

50d67ba51cc253aefceb5616c7038c80fa237ce0775a87fdfd7a13a87bd558cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 14:10:25 GMT
x-content-type-options: nosniff
age: 169007
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 301681
x-xss-protection: 0
last-modified: Thu, 12 Jan 2023 16:56:03 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 16 Feb 2024 14:10:25 GMT

GET
H2 200 4308967748772604718
tpc.googlesyndication.com/simgad/ Frame 4322 738 KB
739 KB 136ms
78ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4308967748772604718?

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2766d700795b8f6c3f3b514a86b45dc2c7b9d3589278572667bb218823d2340e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 17:40:51 GMT
x-content-type-options: nosniff
age: 242781
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 755747
x-xss-protection: 0
last-modified: Thu, 12 Jan 2023 21:02:09 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 15 Feb 2024 17:40:51 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4322 156 KB
48 KB 55ms
53ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a85af52452417453ae5ced98aa54a149925de2155e823234dce588c331d11aa0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48814
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1676465787912926"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 18 Feb 2023 13:07:12 GMT

GET
DATA 200
OK truncated
/ Frame FCA9 79 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4b733869818b22702bf423eb2e8c0d54569ac57fcdbe38192a32c92c02512657

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame FCA9 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: image/gif

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
148 B 22ms
22ms XHR
text/plain 2a00:1450:4025:402::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-54716522-7&cid=953626299.1676725632&jid=618240036&gjid=202553821&_gid=1318753643.1676725632&_u=aCDAgUAjAAQCAEAAI~&z=431876963

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4025:402::9d Den Helder, Netherlands, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://heraldcourier.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sat, 18 Feb 2023 13:07:12 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://heraldcourier.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
72 B 21ms
20ms XHR
text/plain 2a00:1450:4025:402::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-54716522-2&cid=953626299.1676725632&jid=2024860995&gjid=1895709072&_gid=1318753643.1676725632&_u=aCDAiUAjBAQCAEAEKAB~&z=1647701972

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4025:402::9d Den Helder, Netherlands, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://heraldcourier.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sat, 18 Feb 2023 13:07:12 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://heraldcourier.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
70 B 24ms
23ms XHR
text/plain 2a00:1450:4025:402::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-38596040-1&cid=953626299.1676725632&jid=1888932483&gjid=752971806&_gid=1318753643.1676725632&_u=aCDAiUAjBAQCAEAEKAB~&z=1745993576

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4025:402::9d Den Helder, Netherlands, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://heraldcourier.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sat, 18 Feb 2023 13:07:12 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://heraldcourier.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 17ms
16ms Image
image/gif 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j99&aip=1&a=933029470&t=pageview&_s=1&dl=https%3A%2F%2Fheraldcourier.com%2Fevents%2F&dp=%2Fevents%2F&ul=en-us&de=UTF-8&dt=Events%20%7C%20heraldcourier.com&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aCDAgUAjAAQCAAAAI~&jid=618240036&gjid=202553821&cid=953626299.1676725632&tid=UA-54716522-7&_gid=1318753643.1676725632&gtm=45He32f0n71PDQV3N&cd2=editorial&cd3=flex&cd4=flex-editorial&cd5=no&cd6=Large%3A%20Desktop%20computers.&cd8=200&cd9=No&cd10=No&cd12=No&cd13=https%3A%2F%2Fheraldcourier.com%2Fevents%2F&cd16=No&cd17=Page%20View&cm1=175&z=1120825910

Requested by

Host: heraldcourier.com
URL: https://heraldcourier.com/events/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Feb 2023 15:38:20 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 77332
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 17ms
17ms Image
image/gif 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j99&a=933029470&t=pageview&_s=1&dl=https%3A%2F%2Fheraldcourier.com%2Fevents%2F&ul=en-us&de=UTF-8&dt=Events%20%7C%20heraldcourier.com&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aCDAiUAjBAQCAEAEKAB~&jid=2024860995&gjid=1895709072&cid=953626299.1676725632&tid=UA-54716522-2&_gid=1318753643.1676725632&gtm=45He32f0n71TDWDC2&cd1=desktop&cd2=heraldcourier.com&cd3=editorial&cd4=index&cd6=events&cd14=Undefined&cd17=null&cd20=anonymous&cd23=events&cg1=events&cd21=Bristol&cd22=flex-editorial&cd30=23&cd31=Sunny&cd75=0&cd76=%20%20%20%20%20%20%20%20%20&cd79=&cd80=&cd81=No&cd82=&cd85=yes&cd86=no&cd102=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64)%20applewebkit%2F537.36%20(khtml%2C%20like%20gecko)%20chrome%2F110.0.5481.100%20safari%2F537.36&cd103=Undefined&cd104=Undefined%2C%20Undefined&cd105=3&cd106=Page%20View&cd107=0&cd111=undefined&cd115=notset&cd116=No&cd117=No&cd124=dsv3&cd129=0&cd130=no&cd89=953626299.1676725632&z=2017497712

Requested by

Host: heraldcourier.com
URL: https://heraldcourier.com/events/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Feb 2023 15:38:20 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 77332
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 17ms
17ms Image
image/gif 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: heraldcourier.com
URL: https://heraldcourier.com/events/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Feb 2023 15:38:20 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 77332
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 settings Show response
cdn.segment.com/v1/projects/YNwPRuYDOjrAr7O9PCSVIw1QoK0Oimn6/ 2 KB
1 KB 73ms
29ms Fetch
application/json 99.84.144.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/v1/projects/YNwPRuYDOjrAr7O9PCSVIw1QoK0Oimn6/settings
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/YNwPRuYDOjrAr7O9PCSVIw1QoK0Oimn6/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.144.128 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-144-128.txl52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f6d92433ae2e54a44ee20781d4f44431a38f22118790a1835d44d953cd9add54

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-amz-version-id: PZixMdqysa6qB_CIaVzEdqAkZbBPQWIK
content-encoding: br
via: 1.1 ffa01f5c992a803f4470401daea2d540.cloudfront.net (CloudFront)
date: Sat, 18 Feb 2023 10:37:41 GMT
x-amz-cf-pop: TXL52-C1
age: 8985
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Mon, 06 Feb 2023 18:18:03 GMT
server: AmazonS3
etag: W/"ea52eb10975b544f9d19b355e0b1a648"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=10800
vary: Accept-Encoding
x-amz-cf-id: x-iR0iXiubADqQ-j80181Noow15ZnO6of0quRHLNLIW3gntqDtI5aA==

GET
H/1.1 200
OK i
www.i.matheranalytics.com/ 43 B
245 B 485ms
105ms Image
image/gif 52.87.57.81
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.i.matheranalytics.com/i?e=pv&page=Events%20%7C%20heraldcourier.com&sec=events&pubname=Bristol%20Herald%20Courier%20-%20Tricities&ptype=index&metered=0%7C3&hier=events&cms=townnews%2Fblox&arttype=editorial&tv=js-3.0.136&tna=Mather&aid=v1&p=web&tz=Etc%2FUnknown&tzoff=0&lang=en-US&cs=UTF-8&navt=link&f_pdf=1&res=1600x1200&cd=24&cookie=1&f_jquery=1&f_es6=1&f_gears=2&tvltm=5&tvcfg=lee&tid=5f15de81-6f77-41f0-a040-98d2e652d9e5&pid=052657e2-4b01-4eab-a029-796c862f0c6e&dtm=1676725632401&qnm=_matherq&visible=1&tabid=8857b266-d766-48b6-bd8e-935251cbc5c7&url=https%3A%2F%2Fheraldcourier.com%2Fevents%2F&vp=1600x1200&ds=1600x2507&tofa=1676725632&vid=1&lvidt=1676725632&duid=90af7054e12796bc&fp=3469908396&cid=ma1527&mrk=725149306&cx=eyJwZXJmIjp7InN0YXJ0IjoiMTY3NjcyNTYzMDI2MCIsInJlZGlyQ250IjoiMCIsIm5hdlR5cGUiOiJsaW5rIiwiaGVhcFUiOiIzNS4xbWIiLCJoZWFwVCI6IjUzLjVtYiIsImZzdFBhaW50IjoiMTE2MyIsImZldGNoUyI6IjQ0MSIsImRvbWFpblMiOiI0NDIiLCJkb21haW5FIjoiNDQ4IiwiY29ublMiOiI0NDgiLCJjb25uRSI6IjYzMCIsInNzbFMiOiI1MzciLCJyZXF1UyI6IjYzMCIsInJlc3BTIjoiODEwIiwicmVzcEUiOiI4MTEiLCJkb21Mb2FkIjoiODE0IiwiZG9tSW50ZXIiOiIxNDE3IiwiZG9tTG9hZFMiOiIxNDIwIiwiZG9tTG9hZEUiOiIxNDIzIn0sImtleXdvcmRzIjpbImJyaXN0b2wiLCJoZXJhbGQiLCJjb3VyaWVyIiwiLSIsInRyaWNpdGllcyJdLCJpZGVudGl0aWVzIjpbeyJ0eXBlIjoiZ2EiLCJpZCI6Ijk1MzYyNjI5OSIsInJlZlRpbWUiOiIxNjc2NzI1NjMyNDAwIn1dfQ
Requested by: Host: heraldcourier.com
URL: https://heraldcourier.com/events/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.87.57.81 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-87-57-81.compute-1.amazonaws.com
Software: /
Resource Hash: d6fbd6d46b0a1be6a3cdc49f712f83d661805a42fc37993340e2cc4493819adc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Date: Sat, 18 Feb 2023 13:07:12 GMT
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 28ms
27ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-4T2EB147B8&gtm=45je32f0&_p=933029470&_gaz=1&cid=953626299.1676725632&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&dt=Events&dl=https%3A%2F%2Fheraldcourier.com%2Fevents%2F&sid=1676725632&sct=1&seg=0&en=page_view&_fv=1&_ss=1&ep.content_group=%2Fevents&ep.canonical_url=https%3A%2F%2Fheraldcourier.com%2Fevents%2F&ep.townnews_crm_group_id=272&ep.generator=BLOX&ep.generator_version=1.67.2
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4T2EB147B8&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:12 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://heraldcourier.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
stats.g.doubleclick.net/g/ 0
17 B 28ms
28ms Ping
text/plain 2a00:1450:4025:402::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-4T2EB147B8&cid=953626299.1676725632&gtm=45je32f0&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4T2EB147B8&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4025:402::9d Den Helder, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:12 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://heraldcourier.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 66ms
65ms Image
image/gif 2a00:1450:400d:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-4T2EB147B8&cid=953626299.1676725632&gtm=45je32f0&aip=1&z=1943121521

Requested by

Host: heraldcourier.com
URL: https://heraldcourier.com/events/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:12 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sync-container.js Show response
b-code.liadm.com/ 6 KB
3 KB 22ms
21ms Script
application/javascript 2600:9000:20e8:9c00:8:8845:1500:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://b-code.liadm.com/sync-container.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20e8:9c00:8:8845:1500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 58a07739b05fec4d319e4d5c6b1fa4ac79e2a625e08ab3f303929b77fde5bdf4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-amz-version-id: WIo1DFPCLgnYZuB8yv1dFIDWe1bYBj2G
content-encoding: gzip
via: 1.1 3a415eca835d78c74f508f31b6bbdaf0.cloudfront.net (CloudFront)
date: Wed, 08 Feb 2023 01:07:23 GMT
last-modified: Tue, 10 May 2022 11:48:07 GMT
server: AmazonS3
x-amz-cf-pop: TXL52-C1
age: 907194
x-amz-server-side-encryption: AES256
etag: W/"ae5e94de938b0387eda6df8f20da811a"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=2592000
x-amz-cf-id: B4RpnIFclvvignIcdKnWMt8bQ_AxSDKlhB7gy2VgGvx1n-ETlCZTYQ==

GET
H2 200 mapbutton.png
discoverevvnt.com/images/ Frame FCA9 20 KB
21 KB 117ms
117ms Image
image/png 2600:9000:2156:dc00:3:1a27:3000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://discoverevvnt.com/images/mapbutton.png
Requested by: Host: discoverevvnt.com
URL: https://discoverevvnt.com/_next/static/css/df4a2b07043d23d9.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:dc00:3:1a27:3000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 8ec2d0ce178f35eca07375ece621599939262d6521f053f7b8633b819047e8df

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://discoverevvnt.com/_next/static/css/df4a2b07043d23d9.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:12 GMT
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
last-modified: Wed, 25 Jan 2023 01:57:14 GMT
server: nginx
x-amz-cf-pop: FRA50-C1
etag: W/"51c2-185e6a4bc90"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: public, max-age=0
accept-ranges: bytes
content-length: 20930
x-amz-cf-id: 9MQh4YPBbnoWHx_vPAIH6lqXSC80yPmYQ7yTEm49KUzR3_9Gg_cLjw==

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 3A2F 0
0 65ms
64ms Fetch
image/gif 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstr4Kl8X4tF1_PrmXdPw8chK_Wlqnsxbq3REbAEImSUsqEXgGYILvuA4ubDFYxPBv2v3T7H_UG3WQAtxzILa0SrbdQXxQFVkFU4m0zSDLXLmwlfExIljesodN8rh2MgNi1RViqMHXesPMSuNLsI2D96L85j0Xp8qV7d2R3I9DJHQNxfI9gZ3xqFV5jXhFZc_nb3or_ET2NYMdKkZ7Tz-iFMdnNbNltuaylHkL_OB82rww0BljZUz75UlXaNo2zJoDaPwu_SjLh9G5TYYH1Grw4UclK4xt6rwxwb1DXVxraFVKc0iKHbwBmlswRq0O3__Y5ojjA_eZcAZMYHNmfBMqEy-w&sai=AMfl-YRVhIezOTjgXT18lv1_IDk5AB5vBPQ7bilsf_8o4viId8JHnDzTWGAB_EJZ8ApKQojqB3nBE5gEjWVkMm0tTXeqkZEpEBSGm1UV2xpfntnhN-3xEH-mS91w9n5zW-JL5M0lXn76xi3OBNpe088H&sig=Cg0ArKJSzE7jB-vU6zwcEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/b-f140f48-7586382c.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:12 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 18 Feb 2023 13:07:12 GMT

GET
H2 200 animate.min.css
cdnjs.cloudflare.com/ajax/libs/animate.css/3.5.2/ 52 KB
4 KB 46ms
13ms Stylesheet
text/css 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/animate.css/3.5.2/animate.min.css

Requested by

Host: bloximages.newyork1.vip.townnews.com
URL: https://bloximages.newyork1.vip.townnews.com/heraldcourier.com/shared-content/art/tncms/templates/libraries/flex/components/jquery/resources/scripts/jquery.min.d6d18fcf88750a16d256e72626e676a6.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8fe3fa119255adb5e0c12479331f9e092e85bcff56ab6ecc0510bfa2056b898d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:12 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1947974
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3279
last-modified: Mon, 04 May 2020 16:04:58 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03d2a-ce35"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IZ0wDjBmUUaKrKbJz%2B1Z2P8poR2vItYZCzx4rToEyXh0Qtl%2B%2BvP%2B7fvXQuUgYwNXbJ%2FHIi%2BxsQ4FjJR%2Bswpiq768cadMJZSL3r2ytoLPnV3kPSpuaiOwboLSTOAXBiDJZ3lRmbfCYbMJU8CLYxQy%2B6fl"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 79b6fc045909bb55-FRA
expires: Thu, 08 Feb 2024 13:07:12 GMT

GET
H3

200

15433771506072637393
tpc.googlesyndication.com/simgad/
Redirect Chain

https://tpc.googlesyndication.com/pagead/imgad?id=CICAgODK-Mn6tgEQARgBMgiJu-IRSTllrQ
https://tpc.googlesyndication.com/simgad/15433771506072637393

114 KB
114 KB

21ms
20ms

Image
image/jpeg

2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/15433771506072637393

Requested by

Host: heraldcourier.com
URL: https://heraldcourier.com/events/

Protocol

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e6811b2a13cd279c1a618a00e66228ce42661f10d69a040645115a2ca13ed37d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 17:45:07 GMT
x-content-type-options: nosniff
age: 69725
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 117104
x-xss-protection: 0
last-modified: Fri, 17 Feb 2023 17:21:35 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 17 Feb 2024 17:45:07 GMT

Redirect headers

date: Fri, 17 Feb 2023 17:45:07 GMT
x-content-type-options: nosniff
server: cafe
age: 69725
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://tpc.googlesyndication.com/simgad/15433771506072637393
content-type: text/html; charset=UTF-8
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sun, 19 Mar 2023 17:45:07 GMT

GET
H3

200

9772595301602404356
tpc.googlesyndication.com/simgad/
Redirect Chain

https://tpc.googlesyndication.com/pagead/imgad?id=CICAgODK-Kmg_AEQARgBMghAKMIQhwyblQ
https://tpc.googlesyndication.com/simgad/9772595301602404356

38 KB
38 KB

24ms
24ms

Image
image/jpeg

2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/9772595301602404356

Requested by

Host: heraldcourier.com
URL: https://heraldcourier.com/events/

Protocol

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4da8d6b51bf0b49bd3ad3923e1099355d07554aaa347bfd672e03441d9f6dec0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 17:45:07 GMT
x-content-type-options: nosniff
age: 69725
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39197
x-xss-protection: 0
last-modified: Fri, 17 Feb 2023 17:21:41 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 17 Feb 2024 17:45:07 GMT

Redirect headers

date: Fri, 17 Feb 2023 17:45:07 GMT
x-content-type-options: nosniff
server: cafe
age: 69725
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://tpc.googlesyndication.com/simgad/9772595301602404356
content-type: text/html; charset=UTF-8
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sun, 19 Mar 2023 17:45:07 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 4322 0
0 67ms
66ms Fetch
image/gif 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstkK8JLHAck5rDkfbgjuJrf2zGxH-T7a7gaUJWVjMlGrqXP_BjHgNq5KYebyKZef4jyydkgkZv01WTXThkeeJ8mNDtlsdvuzPw-JExP5nnR6673fd68EHUx5NsmfgfHxMT2bgY23gz_DZqPtybwSwaInoUPLXwp0_TpPuJ89-GajEbjuEVcDIEnw9FwmfmW5RRV1T74JZ1fKiVwp8PE17IYh6GJjA7crVlT-QSE-dQPwiGFa75dkcdPHYnA9inxlQlH9EPOna7T05n-LjkLuv4BqE5V11fMERO0M3L-6ObQsZaILYyFUtPdZ253WlxM1-d2ti3rowTI4M5dn2bte-Ck0DdVxDKDKVLIrZY&sai=AMfl-YR9KyBmoHXUE6hpcQnENkS4Fslqsn0sDlPAXesSiYlkdPB9AgP6Hqv2mwOkXmnBcRq0RZvDgz3mHNqCxiCz1eg1ZWcPVMihqtd8bFAD_oyQ1USFZWQYfIaWfllbDgQsB58T020PJn1R32niOVc&sig=Cg0ArKJSzAAgQstzoKKhEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/b-f140f48-7586382c.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:12 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 1302754139587063337
tpc.googlesyndication.com/simgad/ 295 KB
295 KB 16ms
15ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/1302754139587063337?

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

50d67ba51cc253aefceb5616c7038c80fa237ce0775a87fdfd7a13a87bd558cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Thu, 16 Feb 2023 14:10:25 GMT
x-content-type-options: nosniff
age: 169007
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 301681
x-xss-protection: 0
last-modified: Thu, 12 Jan 2023 16:56:03 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 16 Feb 2024 14:10:25 GMT

GET
H3 200 4308967748772604718
tpc.googlesyndication.com/simgad/ 738 KB
738 KB 19ms
17ms Image
image/png 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4308967748772604718?

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2766d700795b8f6c3f3b514a86b45dc2c7b9d3589278572667bb218823d2340e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 17:40:51 GMT
x-content-type-options: nosniff
age: 242781
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 755747
x-xss-protection: 0
last-modified: Thu, 12 Jan 2023 21:02:09 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 15 Feb 2024 17:40:51 GMT

GET
H2 404 heraldcourier.com.png
bloximages.chicago2.vip.townnews.com/central.leetemplates.com/content/tncms/live/global/resources/images/logos/ds/800/ Frame 4322 0
0 108ms
106ms Image
text/html 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bloximages.chicago2.vip.townnews.com/central.leetemplates.com/content/tncms/live/global/resources/images/logos/ds/800/heraldcourier.com.png?_dc=1.6.2023
Requested by: Host: heraldcourier.com
URL: https://heraldcourier.com/events/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

GET
H2 200 tagline.png
bloximages.chicago2.vip.townnews.com/central.leetemplates.com/content/tncms/live/global/resources/images/logos/ds/800/ Frame 4322 5 KB
5 KB 19ms
18ms Image
image/webp 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/central.leetemplates.com/content/tncms/live/global/resources/images/logos/ds/800/tagline.png?_dc=1.6.2023

Requested by

Host: heraldcourier.com
URL: https://heraldcourier.com/events/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

376ff5dc51db8297acbc54be1eb40dcd202ca6e61c59d2656f0f5c13003f3596

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:12 GMT
strict-transport-security: max-age=604800
cf-cache-status: HIT
age: 423898
cf-polished: origFmt=png, origSize=10208
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="tagline.webp"
content-length: 5264
cf-bgj: imgq:85,h2pri
last-modified: Fri, 06 Jan 2023 18:53:20 GMT
server: cloudflare
x-vcache: MISS
etag: "63b86e20-27e0"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 79b6fc053a6590ae-FRA
expires: Fri, 09 Feb 2024 18:23:41 GMT

GET
H2 404 heraldcourier.com.png
bloximages.chicago2.vip.townnews.com/central.leetemplates.com/content/tncms/live/global/resources/images/logos/ds/800/ 0
0 198ms
197ms Image
text/html 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bloximages.chicago2.vip.townnews.com/central.leetemplates.com/content/tncms/live/global/resources/images/logos/ds/800/heraldcourier.com.png?_dc=1.6.2023
Requested by: Host: heraldcourier.com
URL: https://heraldcourier.com/events/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

GET
H2 200 tagline.png
bloximages.chicago2.vip.townnews.com/central.leetemplates.com/content/tncms/live/global/resources/images/logos/ds/800/ 5 KB
5 KB 18ms
17ms Image
image/webp 104.16.132.24
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bloximages.chicago2.vip.townnews.com/central.leetemplates.com/content/tncms/live/global/resources/images/logos/ds/800/tagline.png?_dc=1.6.2023

Requested by

Host: heraldcourier.com
URL: https://heraldcourier.com/events/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.132.24 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

376ff5dc51db8297acbc54be1eb40dcd202ca6e61c59d2656f0f5c13003f3596

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:12 GMT
strict-transport-security: max-age=604800
cf-cache-status: HIT
age: 423898
cf-polished: origFmt=png, origSize=10208
cross-origin-resource-policy: cross-origin
content-disposition: inline; filename="tagline.webp"
content-length: 5264
cf-bgj: imgq:85,h2pri
last-modified: Fri, 06 Jan 2023 18:53:20 GMT
server: cloudflare
x-vcache: MISS
etag: "63b86e20-27e0"
vary: Accept
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
x-robots-tag: noarchive
cf-ray: 79b6fc053a6990ae-FRA
expires: Fri, 09 Feb 2024 18:23:41 GMT

GET
H2

200

j Show response
rp4.liadm.com/
Redirect Chain

https://rp.liadm.com/j?dtstmp=1676725632852&aid=a-058n&se=e30&duid=3f389ea64a07--01gsja5fdt993w5k50eer4kd83&tna=v2.6.0&pu=https%3A%2F%2Fheraldcourier.com%2Fevents%2F&ext__pubcid=71138659-8444-4afa-...
https://rp4.liadm.com/j?dtstmp=1676725632852&aid=a-058n&se=e30&duid=3f389ea64a07--01gsja5fdt993w5k50eer4kd83&tna=v2.6.0&pu=https%3A%2F%2Fheraldcourier.com%2Fevents%2F&ext__pubcid=71138659-8444-4afa...

50 B
589 B

397ms
109ms

XHR
application/json

34.232.54.150
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://rp4.liadm.com/j?dtstmp=1676725632852&aid=a-058n&se=e30&duid=3f389ea64a07--01gsja5fdt993w5k50eer4kd83&tna=v2.6.0&pu=https%3A%2F%2Fheraldcourier.com%2Fevents%2F&ext__pubcid=71138659-8444-4afa-9b28-7a7c5429ae3f&wpn=lc-bundle&c=PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IiI-PHRpdGxlPkV2ZW50cyB8IGhlcmFsZGNvdXJpZXIuY29tPC90aXRsZT48bGluayByZWw9ImNhbm9uaWNhbCIgaHJlZj0iaHR0cHM6Ly9oZXJhbGRjb3VyaWVyLmNvbS9ldmVudHMvIj48aDE-CiAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICA8YSBocmVmPSIvZXZlbnRzIj4KICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgRXZlbnRzCiAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICA8L2E-CiAgICAgICAgICAgICAgICAKICAgICAgICAgICAgPC9oMT48dGl0bGU-SGVscCBDaXJjbGU8L3RpdGxlPg&i6=MmEwMDpjOTg6MjAzMDphMDA0OjE6OjEx&n3pc=true

Requested by

Host: heraldcourier.com
URL: https://heraldcourier.com/events/

Protocol

Server

34.232.54.150 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-232-54-150.compute-1.amazonaws.com

Software

Resource Hash

bf8a676a7f02c526c2946d58540257c34ef4a32ccd46787e08a031073b4ff642

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:13 GMT
x-pixel-event-id: 526f8682-9799-4be9-8f09-b67672e09ba8
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
strict-transport-security: max-age=31536000; includeSubDomains
x-frame-options: DENY
vary: Origin
content-type: application/json
request-time: 0
access-control-allow-origin: null
access-control-allow-credentials: true
trace-id: d604798c98c236dc
content-length: 50
x-xss-protection: 1; mode=block

Redirect headers

date: Sat, 18 Feb 2023 13:07:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
x-frame-options: DENY
vary: Origin
location: https://rp4.liadm.com/j?dtstmp=1676725632852&aid=a-058n&se=e30&duid=3f389ea64a07--01gsja5fdt993w5k50eer4kd83&tna=v2.6.0&pu=https%3A%2F%2Fheraldcourier.com%2Fevents%2F&ext__pubcid=71138659-8444-4afa-9b28-7a7c5429ae3f&wpn=lc-bundle&c=PG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IiI-PHRpdGxlPkV2ZW50cyB8IGhlcmFsZGNvdXJpZXIuY29tPC90aXRsZT48bGluayByZWw9ImNhbm9uaWNhbCIgaHJlZj0iaHR0cHM6Ly9oZXJhbGRjb3VyaWVyLmNvbS9ldmVudHMvIj48aDE-CiAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICA8YSBocmVmPSIvZXZlbnRzIj4KICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgRXZlbnRzCiAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICA8L2E-CiAgICAgICAgICAgICAgICAKICAgICAgICAgICAgPC9oMT48dGl0bGU-SGVscCBDaXJjbGU8L3RpdGxlPg&i6=MmEwMDpjOTg6MjAzMDphMDA0OjE6OjEx&n3pc=true
access-control-allow-origin: https://heraldcourier.com
request-time: 0
access-control-allow-credentials: true
trace-id: f1e164d447d7287e
content-length: 0
x-xss-protection: 1; mode=block

GET
H2 204 36378 Show response
idx.liadm.com/idex/unknown/ 0
314 B 341ms
113ms XHR
text/plain 44.210.156.48
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://idx.liadm.com/idex/unknown/36378?duid=3f389ea64a07--01gsja5fdt993w5k50eer4kd83&_pubcid=71138659-8444-4afa-9b28-7a7c5429ae3f

Requested by

Host: b-code.liadm.com
URL: https://b-code.liadm.com/a-058n.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.210.156.48 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-210-156-48.compute-1.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

access-control-allow-origin: https://heraldcourier.com
date: Sat, 18 Feb 2023 13:07:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-credentials: true
trace-id: 26be1683e2593b84
vary: Origin
request-time: 3

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
107 B 148ms
66ms Image
image/gif 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-54716522-2&cid=953626299.1676725632&jid=2024860995&_u=aCDAiUAjBAQCAEAEKAB~&z=1400170627

Requested by

Host: heraldcourier.com
URL: https://heraldcourier.com/events/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:12 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 65ms
65ms Image
image/gif 2a00:1450:400d:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-54716522-2&cid=953626299.1676725632&jid=2024860995&_u=aCDAiUAjBAQCAEAEKAB~&z=1400170627

Requested by

Host: heraldcourier.com
URL: https://heraldcourier.com/events/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:12 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
408 B 146ms
65ms Image
image/gif 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-38596040-1&cid=953626299.1676725632&jid=1888932483&_u=aCDAiUAjBAQCAEAEKAB~&z=874035169

Requested by

Host: heraldcourier.com
URL: https://heraldcourier.com/events/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:12 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.de/ads/ 42 B
63 B 64ms
63ms Image
image/gif 2a00:1450:400d:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-38596040-1&cid=953626299.1676725632&jid=1888932483&_u=aCDAiUAjBAQCAEAEKAB~&z=874035169

Requested by

Host: heraldcourier.com
URL: https://heraldcourier.com/events/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:12 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
165 B 27ms
24ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=heraldcourier.com

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 56ms
54ms Script
application/javascript 2a00:1450:400d:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=heraldcourier.com

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:808::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 30 KB
12 KB 102ms
102ms XHR
text/plain 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=229723355828661&correlator=3422111961923350&eid=31072498%2C31072519%2C31068366&output=ldjh&gdfp_req=1&vrg=2023021501&ptt=17&impl=fif&iu_parts=8438%2Cheraldcourier.com%2Cevents&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x600%7C300x250&ifi=3&adks=1134156465&didk=4023325363&sfv=1-0-40&prev_scp=pos%3Dfixed-big-ad-middle%2Cstf%2C50%26density%3Dstandard%26lee_group%3D9%26lee_hours%3D13%26lee_day%3D6%26amznbid%3D2%26amznp%3D2&eri=1&cust_params=k%3Dbristol%2520herald%2520courier%2520-%2520tricities%26sub%3Dno%26page%3Dindex%252Capp-editorial%252Cmd_screen%26browser%3DChrome&ppid=7113865984444afa9b287a7c5429ae3f&sc=1&cookie=ID%3D4d656cd3cdb3548d%3AT%3D1676725631%3AS%3DALNI_MbBICWaDyqLSvRw0PEbfKL4WQQ35g&gpic=UID%3D00000bb8d339ad3e%3AT%3D1676725631%3ART%3D1676725631%3AS%3DALNI_Mb6NhsF_XYg5UDrUMNx24DPElwsvA&abxe=1&dt=1676725632882&lmt=1676725629&dlt=1676725631074&idt=781&adxs=1180&adys=908&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fheraldcourier.com%2Fevents%2F&frm=20&vis=1&psz=300x600&msz=300x600&fws=4&ohw=1600&psts=AD37Y7vuWtvHUjiRRtrQRrs1ZgOeNLzLJarBgZKaK1G_f8CpNzgS_un_IdoEsQV4GTGe_hg1rfIASwNfl69c7u5DemQpnqznwg%2CAD37Y7su4JyLicBUrGjt4ii_ltLRHpHVWFsOyPV9s5Ls9EERb7mGVbwRlxpknULP4uQZXuBvmm5RP46PS9Z3lnJM&ga_vid=953626299.1676725632&ga_sid=1676725632&ga_hid=933029470&ga_fc=true&a3p=EhkKCnB1YmNpZC5vcmcY6PiKpeYwSABSAghkEhkKCnVpZGFwaS5jb20Y6PiKpeYwSABSAghkEhsKDGlkNS1zeW5jLmNvbRjo-Iql5jBIAFICCGQSNAoKcHViY2lkLm9yZxIkNzExMzg2NTktODQ0NC00YWZhLTliMjgtN2E3YzU0MjlhZTNmWAE.&cbidsp=CkgIARIRCgpuZXdzcGFzc2lkEJgGIAIYAiIkODIzY2Q4MDktNjA3My00ZTJmLWI4MzYtNjQyYWE1YzA1ZjRjKgQIAyAASgBA6Ac.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023021501.js?cb=31072498

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6b905e15a9ab2535e0616c9cf9a79aa936c4e9221f0ad536329363b3067cf9b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:12 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12760
x-xss-protection: 0
google-lineitem-id: 6214245802
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138423210971
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://heraldcourier.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 30 KB
12 KB 104ms
103ms XHR
text/plain 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=229723355828661&correlator=2987304155644879&eid=31072498%2C31072519%2C31068366&output=ldjh&gdfp_req=1&vrg=2023021501&ptt=17&impl=fif&iu_parts=8438%2Cheraldcourier.com%2Cevents&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x600%7C300x250&ifi=4&adks=3665664822&didk=3948962987&sfv=1-0-40&prev_scp=pos%3Dfixed-big-ad-top%2Catf%2C50%26density%3Dstandard%26lee_group%3D1%26lee_hours%3D13%26lee_day%3D6%26amznbid%3D2%26amznp%3D2&eri=1&cust_params=k%3Dbristol%2520herald%2520courier%2520-%2520tricities%26sub%3Dno%26page%3Dindex%252Capp-editorial%252Cmd_screen%26browser%3DChrome&ppid=7113865984444afa9b287a7c5429ae3f&sc=1&cookie=ID%3D4d656cd3cdb3548d%3AT%3D1676725631%3AS%3DALNI_MbBICWaDyqLSvRw0PEbfKL4WQQ35g&gpic=UID%3D00000bb8d339ad3e%3AT%3D1676725631%3ART%3D1676725631%3AS%3DALNI_Mb6NhsF_XYg5UDrUMNx24DPElwsvA&abxe=1&dt=1676725632894&lmt=1676725629&dlt=1676725631074&idt=781&adxs=1180&adys=288&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fheraldcourier.com%2Fevents%2F&frm=20&vis=1&psz=300x600&msz=300x600&fws=4&ohw=1600&psts=AD37Y7vuWtvHUjiRRtrQRrs1ZgOeNLzLJarBgZKaK1G_f8CpNzgS_un_IdoEsQV4GTGe_hg1rfIASwNfl69c7u5DemQpnqznwg%2CAD37Y7su4JyLicBUrGjt4ii_ltLRHpHVWFsOyPV9s5Ls9EERb7mGVbwRlxpknULP4uQZXuBvmm5RP46PS9Z3lnJM&ga_vid=953626299.1676725632&ga_sid=1676725632&ga_hid=933029470&ga_fc=true&a3p=EhkKCnB1YmNpZC5vcmcY6PiKpeYwSABSAghkEhkKCnVpZGFwaS5jb20Y6PiKpeYwSABSAghkEhsKDGlkNS1zeW5jLmNvbRjo-Iql5jBIAFICCGQSNAoKcHViY2lkLm9yZxIkNzExMzg2NTktODQ0NC00YWZhLTliMjgtN2E3YzU0MjlhZTNmWAE.&cbidsp=CkgIARIRCgpuZXdzcGFzc2lkEK4GIAIYAiIkOTc0M2EzY2YtOThjYi00ZjcyLTg3MzYtN2Q0YjllOWQ1MTU4KgQIAyAASgBA6Ac.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023021501.js?cb=31072498

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

afb933c645d1794ea24c67e62a057a2c1554c91b7423ccdd28934b6164dcc818

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:12 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12769
x-xss-protection: 0
google-lineitem-id: 6214245802
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138423210971
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://heraldcourier.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 56ms
16ms Image
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=961211893969940&ev=Domain&dl=https%3A%2F%2Fheraldcourier.com%2Fevents%2F&rl=&if=false&ts=1676725632955&cd[custom_param]=heraldcourier.com&sw=1600&sh=1200&v=2.9.96&r=stable&ec=1&o=30&fbp=fb.1.1676725632932.634805497&it=1676725632031&coo=false&rqm=GET

Requested by

Host: heraldcourier.com
URL: https://heraldcourier.com/events/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Sat, 18 Feb 2023 13:07:13 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 3A2F 0
0 64ms
64ms Fetch
image/gif 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvN9W70BxKZNChumAvYUPNNxH4VcWeXPuLzzf2Sv-6PqhR9ZA9xzIy_L2VHGCi_jkMbb2Gs9A9evN70rhbXBi_zNkgLhGGCg19p1UfD1RL5Il4Qj5-e39Ce9UaH_mPI-_DuyUghbXDj9AEnpC3mDhZwF-1IB50RG9EP8KdoUPWNllbsTFZ3MB4drnMP17_eB5c6axwMyYG-kstfMIB9wSsnT5PMLQkp7-W06vao3T6hYRcrgeu22cCcKmUCAYPw0yhtsDcX-aQr6XRPMeOTgWR7mrOrguqSLi-YW2rmZf7RTvMBnw79EAFmGkiFZ6bA0Y1wKvNIJ5ZE_LuxTikPPPVP5avw&sai=AMfl-YRoS4e3qWcTi3PZX5byOtFw_9AWCz8sTQgqlQn6vVNyDOckdReeLGQ20mCGblRAcNtXrmyICZvV--EaGdOg75NebJ0dXhiQ9q7DsUqjTIfCp9Lm4CapMQ8OFcVmcJDH7qXCn3m8LnBWnTxyzlgc&sig=Cg0ArKJSzNPUzy6FjmLIEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/b-f140f48-7586382c.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:13 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 18 Feb 2023 13:07:13 GMT

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ Frame FCA9 97 KB
38 KB 31ms
31ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PLGJB35&gtm_auth=crXwMCzm9bfw_0aqgGSH_g&gtm_preview=env-1&gtm_cookies_win=x

Requested by

Host: heraldcourier.com
URL: https://heraldcourier.com/events/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7f07c09e0e18f8acf7cb7809644a144e4c00178a5bd55d99b545aca6c004117f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://discoverevvnt.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:13 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39096
x-xss-protection: 0
pragma: no-cache
server: Google Tag Manager
vary: *
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 204 increment Show response
id5-sync.com/api/esp/ 0
326 B 48ms
16ms XHR
text/plain 162.19.138.119
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/esp/increment?counter=no-config

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/esp.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.119 , France, ASN16276 (OVH, FR),

Reverse DNS

ns31533570.ip-162-19-138.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://heraldcourier.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://heraldcourier.com
date: Sat, 18 Feb 2023 13:07:13 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 30 KB
13 KB 104ms
103ms XHR
text/plain 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=229723355828661&correlator=3091779631554740&eid=31072498%2C31072519%2C31068366&output=ldjh&gdfp_req=1&vrg=2023021501&ptt=17&impl=fif&iu_parts=8438%2Cheraldcourier.com%2Cevents&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x600%7C300x250&ifi=5&adks=2456939557&didk=3620922661&sfv=1-0-40&prev_scp=pos%3Dfixed-big-ad-bottom%2Cbtf%2C50%26density%3Dstandard%26lee_group%3D1%26lee_hours%3D13%26lee_day%3D6%26amznbid%3D2%26amznp%3D2&eri=1&cust_params=k%3Dbristol%2520herald%2520courier%2520-%2520tricities%26sub%3Dno%26page%3Dindex%252Capp-editorial%252Cmd_screen%26browser%3DChrome&ppid=7113865984444afa9b287a7c5429ae3f&sc=1&cookie=ID%3D4d656cd3cdb3548d%3AT%3D1676725631%3AS%3DALNI_MbBICWaDyqLSvRw0PEbfKL4WQQ35g&gpic=UID%3D00000bb8d339ad3e%3AT%3D1676725631%3ART%3D1676725631%3AS%3DALNI_Mb6NhsF_XYg5UDrUMNx24DPElwsvA&abxe=1&dt=1676725633187&lmt=1676725629&dlt=1676725631074&idt=781&adxs=1180&adys=1528&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=2&ucis=5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fheraldcourier.com%2Fevents%2F&frm=20&vis=1&psz=300x600&msz=300x600&fws=4&ohw=1600&psts=AD37Y7vuWtvHUjiRRtrQRrs1ZgOeNLzLJarBgZKaK1G_f8CpNzgS_un_IdoEsQV4GTGe_hg1rfIASwNfl69c7u5DemQpnqznwg%2CAD37Y7su4JyLicBUrGjt4ii_ltLRHpHVWFsOyPV9s5Ls9EERb7mGVbwRlxpknULP4uQZXuBvmm5RP46PS9Z3lnJM&ga_vid=953626299.1676725632&ga_sid=1676725632&ga_hid=933029470&ga_fc=true&a3p=EjsKCnB1YmNpZC5vcmcSJDcxMTM4NjU5LTg0NDQtNGFmYS05YjI4LTdhN2M1NDI5YWUzZhiagYul5jBIABIZCgp1aWRhcGkuY29tGOj4iqXmMEgAUgIIZBIbCgxpZDUtc3luYy5jb20Y6PiKpeYwSABSAghk&cbidsp=CkgIARIRCgpuZXdzcGFzc2lkEN0IIAIYAiIkNTc1N2E2ZDYtNjE4Yy00MDY5LWI4N2MtZDcxODgwOWJjMDZiKgQIAyAASgBA6Ac.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023021501.js?cb=31072498

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d93eb8b1203fc1b4e6368e4c5f8278bc4217a3e7d551f5cb5ca61b981af65748

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:13 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12897
x-xss-protection: 0
google-lineitem-id: 6214245802
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138423210971
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://heraldcourier.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 / Show response
www.facebook.com/tr/ Frame 5510 0
50 B 18ms
15ms Document
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: heraldcourier.com
URL: https://heraldcourier.com/events/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://heraldcourier.com
Referer: https://heraldcourier.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://heraldcourier.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Sat, 18 Feb 2023 13:07:13 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2 200 ajs-destination.bundle.2cd9e450202b69d545a3.js Show response
cdn.segment.com/analytics-next/bundles/ 9 KB
3 KB 20ms
19ms Script
application/javascript 99.84.144.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/analytics-next/bundles/ajs-destination.bundle.2cd9e450202b69d545a3.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.144.128 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-144-128.txl52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 27cf59f2f5b8446bbf81f4ed9bbea4fcbbece316e3655ade51da075cdc9962d4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 27 Jan 2023 02:13:11 GMT
x-amz-version-id: jZ2L92raJDMf08tukXqdJ6aGBdPFzdTy
content-encoding: br
via: 1.1 df792ea3bbbe656e2f5c7b61aa85cc46.cloudfront.net (CloudFront)
x-amz-cf-pop: TXL52-C1
age: 1940043
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 26 Jan 2023 20:14:52 GMT
server: AmazonS3
etag: W/"cc39e85781964199cd0d9501c897e385"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
vary: Accept-Encoding
x-amz-cf-id: l2uQxmCUUmo-ELEJzho_2EGQAtD5LsHtpf3hIFvNdmQOz5UIkMESWQ==

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 4322 0
0 66ms
66ms Fetch
image/gif 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsumvBnggeRu_ggtmoAiujURFqy6bOYcPxCiBI4G4ffZmiUeN8fsxbub9LFHgRl9OV8ineshSPnsJbShCEQNKF-aSo2SW1jCYKS_JHtxxytKV5dh1CcrdEwNfHPcf9YQJYTjkmuRWglzMCKSp8pU-QIyJxg1Tc2frCIWAqN1Scf1unqASvUlTW5ncMaqJKf4OBqOgC6GdlqkeU8SNQmicXn0ipxMWq5umV9W1FcGPueEicIffYbEqjKMrVZH6LRGXFyTqCxunxYgf42d7yxVfkZrwdr67JYbyTE5atKE6AKdM74SFz-qasgQKg6_ouZlwr6rFqkixTxorik-Sb_oUig&sai=AMfl-YTIPV5_UdicfTdevrYhT4s4omAEEBSFeb2ntgPevJ-mHrFphDQeIK1sHHdtKzAB1F8l4jN10uqqmqGogLSR32_3VJwM3-kFi9WupugSRCVWHMMSYaCOCCpTQHko44KcGXNiDBAq6ILw6tIPpbs&sig=Cg0ArKJSzB2xvh53hA_TEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/b-f140f48-7586382c.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:13 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 18 Feb 2023 13:07:13 GMT

GET
H2 200 image
discoverevvnt.com/_next/ Frame FCA9 10 KB
11 KB 119ms
118ms Image
image/png 2600:9000:2156:dc00:3:1a27:3000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://discoverevvnt.com/_next/image?url=%2Fimages%2Fpowered_by_evvnt.png&w=256&q=75

Requested by

Host: discoverevvnt.com
URL: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:2156:dc00:3:1a27:3000:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

nginx /

Resource Hash

b86a10a09a116119be04280e007edaf73812d8d4feae46fa1f20b69dbeb2d40a

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; frame-src 'none'; sandbox;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-security-policy: script-src 'none'; frame-src 'none'; sandbox;
date: Sat, 18 Feb 2023 13:07:13 GMT
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: FRA50-C1
age: 57
etag: uGoQoJoRYRm+BCgOAH7a9zgS2NT+rkb6HyC2nb6y1Ao=
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
x-nextjs-cache: STALE
cache-control: public, max-age=60, must-revalidate
content-disposition: inline; filename="powered_by_evvnt.png"
content-length: 10712
x-amz-cf-id: fyOf5KWQwCHPbbhWTCyrZMvqo1V5ENaKdXsx5dv0PyRh7H563Ph2KA==

GET
H2 200 featured_Winnie-the-Pooh.png
cdn.prod.mktg.evvnt.com/uploads/event_image/1530205/event_image/ Frame FCA9 118 KB
118 KB 133ms
27ms Image
image/png 2600:9000:2260:4e00:8:4487:bd00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.prod.mktg.evvnt.com/uploads/event_image/1530205/event_image/featured_Winnie-the-Pooh.png
Requested by: Host: discoverevvnt.com
URL: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2260:4e00:8:4487:bd00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9fe27cf87e95f9b9e62b461ff327fbc6f8c6b48fc43236d18d8e101f080d6e72

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://discoverevvnt.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:00:03 GMT
x-amz-version-id: ...YZxNSNQhDRl9MCMRkpjyhgh8fz0h_
via: 1.1 683ff74407fd21e24c53718828996608.cloudfront.net (CloudFront)
last-modified: Sun, 12 Feb 2023 21:53:40 GMT
server: AmazonS3
x-amz-cf-pop: TXL50-P3
age: 238031
etag: "744fb513cf6d6120c9f06c7c60ff20d8"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=315576000
accept-ranges: bytes
content-length: 120644
x-amz-cf-id: 1bqQB-7pHcNnDYYVYZ_AiLF_fky8Me_A0FjDasxlkx6pos-WG-BLOA==

GET
H2 200 featured_The_Diary_of_Anne_Frankimage.png
cdn.prod.mktg.evvnt.com/uploads/event_image/1505343/event_image/ Frame FCA9 138 KB
139 KB 591ms
485ms Image
image/png 2600:9000:2260:4e00:8:4487:bd00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.prod.mktg.evvnt.com/uploads/event_image/1505343/event_image/featured_The_Diary_of_Anne_Frankimage.png
Requested by: Host: discoverevvnt.com
URL: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2260:4e00:8:4487:bd00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f381f72e7fd3c1429978a2cc12303755b1649d360a08142edba7210bf80caa01

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://discoverevvnt.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:14 GMT
x-amz-version-id: tk7fL9dHllahTDhvRdJxbMgeO7whIeuh
via: 1.1 683ff74407fd21e24c53718828996608.cloudfront.net (CloudFront)
last-modified: Thu, 26 Jan 2023 18:55:26 GMT
server: AmazonS3
x-amz-cf-pop: TXL50-P3
etag: "51acfc30d3a44d08249f1696b990f2a3"
x-cache: Miss from cloudfront
content-type: image/png
cache-control: max-age=315576000
accept-ranges: bytes
content-length: 141244
x-amz-cf-id: moeSXdCPpiyWzG8IDuomcA3A6CoQ3hU6fY3uEk4D7Ek4xRWR31ipPg==

GET
H2 200 %5Bcategory%5D-520b2ad5ea10590d.js
discoverevvnt.com/_next/static/chunks/pages/framed/%5BframeConfig%5D/ Frame FCA9 0
1007 B 12ms
10ms Other
application/javascript 2600:9000:2156:dc00:3:1a27:3000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://discoverevvnt.com/_next/static/chunks/pages/framed/%5BframeConfig%5D/%5Bcategory%5D-520b2ad5ea10590d.js
Requested by: Host: discoverevvnt.com
URL: https://discoverevvnt.com/_next/static/chunks/main-9c8e3d471c1e00ef.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:dc00:3:1a27:3000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 20:13:39 GMT
content-encoding: gzip
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
last-modified: Wed, 01 Feb 2023 20:09:38 GMT
server: nginx
x-amz-cf-pop: FRA50-C1
age: 1443214
etag: W/"3ec-1860e995fd0"
x-cache-status: HIT
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-amz-cf-id: -pW3NPfOlOY9uZ1vi4E5CKSz_BtdxdRO-4AHY4x2j5ZkwZUrqTEpfw==

GET
H2 200 0c428ae2-f2b1a8d37f7fab1e.js
discoverevvnt.com/_next/static/chunks/ Frame FCA9 0
2 KB 13ms
12ms Other
application/javascript 2600:9000:2156:dc00:3:1a27:3000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://discoverevvnt.com/_next/static/chunks/0c428ae2-f2b1a8d37f7fab1e.js
Requested by: Host: discoverevvnt.com
URL: https://discoverevvnt.com/_next/static/chunks/main-9c8e3d471c1e00ef.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:dc00:3:1a27:3000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 20:13:20 GMT
content-encoding: gzip
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
last-modified: Wed, 01 Feb 2023 20:09:38 GMT
server: nginx
x-amz-cf-pop: FRA50-C1
age: 1443232
etag: W/"b14-1860e995fd0"
x-cache-status: MISS
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-amz-cf-id: N5XOQdhZ3DEEr6GXur6iFldX5bNavme9Ng8EIVeE3n-337u4w2tIiA==

GET
H2 200 791-294d9e762c84f020.js
discoverevvnt.com/_next/static/chunks/ Frame FCA9 0
5 KB 12ms
11ms Other
application/javascript 2600:9000:2156:dc00:3:1a27:3000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://discoverevvnt.com/_next/static/chunks/791-294d9e762c84f020.js
Requested by: Host: discoverevvnt.com
URL: https://discoverevvnt.com/_next/static/chunks/main-9c8e3d471c1e00ef.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:dc00:3:1a27:3000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 20:13:20 GMT
content-encoding: gzip
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
last-modified: Wed, 01 Feb 2023 20:09:38 GMT
server: nginx
x-amz-cf-pop: FRA50-C1
age: 1443232
etag: W/"362a-1860e995fd0"
x-cache-status: MISS
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-amz-cf-id: ZWkRIFTcrSg1PTx-Vpf9JDAYopXjHngkIv1lBVUFBJBDvpqREpEmdw==

GET
H2 200 %5Bevent%5D-f4b3d36d93320145.js
discoverevvnt.com/_next/static/chunks/pages/framed/%5BframeConfig%5D/event/ Frame FCA9 0
2 KB 12ms
12ms Other
application/javascript 2600:9000:2156:dc00:3:1a27:3000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://discoverevvnt.com/_next/static/chunks/pages/framed/%5BframeConfig%5D/event/%5Bevent%5D-f4b3d36d93320145.js
Requested by: Host: discoverevvnt.com
URL: https://discoverevvnt.com/_next/static/chunks/main-9c8e3d471c1e00ef.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:dc00:3:1a27:3000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 20:13:20 GMT
content-encoding: gzip
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
last-modified: Wed, 01 Feb 2023 20:09:38 GMT
server: nginx
x-amz-cf-pop: FRA50-C1
age: 1443232
etag: W/"188c-1860e995fd0"
x-cache-status: MISS
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-amz-cf-id: HH-X-oc4tUMKMP0UatgrTZk-B_Ezg1jByOTP1q1qa1oa8ILnp4tHtg==

GET
H2 200 b-f140f48-7586382c.js Show response
tagan.adlightning.com/leeenterprises/ Frame 798B 80 KB
30 KB 9ms
8ms Script
application/javascript 18.66.147.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/leeenterprises/b-f140f48-7586382c.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-43.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b5aa611eb8a0c13f6d491ae88a0e08a706124319137c61e79974dd3488136bd1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 08 Feb 2023 22:17:14 GMT
content-encoding: gzip
via: 1.1 ed7f977b6d983a16331e3fe3f4764e9a.cloudfront.net (CloudFront)
x-amz-version-id: UtkghUTWgSLZyDEEFWZrJ8z1CoE_I..N
x-amz-cf-pop: FRA60-P4
age: 831000
x-cache: Hit from cloudfront
content-length: 29866
x-amz-meta-git_commit: f140f48
last-modified: Tue, 24 Jan 2023 18:42:08 GMT
server: AmazonS3
etag: "79fd9040c7076a5f94fad513504e92b9"
content-type: application/javascript
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: m482RuRPgVcKoxx3CLMQAGhZr5cGtp2smtg8ri9zqDV0Opi7mls4Bg==

GET
H3 200 5600854974875863283
tpc.googlesyndication.com/simgad/ Frame 798B 20 KB
20 KB 19ms
18ms Image
image/jpeg 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/5600854974875863283

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

56e0ce5f0122d26436a62105e81987988704b11942032c63e74f26abcfe87b7c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 06:57:10 GMT
x-content-type-options: nosniff
age: 22203
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20250
x-xss-protection: 0
last-modified: Fri, 17 Feb 2023 19:54:12 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 18 Feb 2024 06:57:10 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230215/r20110914/client/ Frame 798B 3 KB
1 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230215/r20110914/client/window_focus_fy2021.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 20:27:24 GMT
content-encoding: br
x-content-type-options: nosniff
age: 59989
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 03 Mar 2023 20:27:24 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 798B 156 KB
48 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a85af52452417453ae5ced98aa54a149925de2155e823234dce588c331d11aa0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48814
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1676465787912926"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 18 Feb 2023 13:07:13 GMT

GET
H2 200 b-f140f48-7586382c.js Show response
tagan.adlightning.com/leeenterprises/ Frame 0784 80 KB
30 KB 9ms
8ms Script
application/javascript 18.66.147.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/leeenterprises/b-f140f48-7586382c.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-43.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b5aa611eb8a0c13f6d491ae88a0e08a706124319137c61e79974dd3488136bd1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 08 Feb 2023 22:17:14 GMT
content-encoding: gzip
via: 1.1 ed7f977b6d983a16331e3fe3f4764e9a.cloudfront.net (CloudFront)
x-amz-version-id: UtkghUTWgSLZyDEEFWZrJ8z1CoE_I..N
x-amz-cf-pop: FRA60-P4
age: 831000
x-cache: Hit from cloudfront
content-length: 29866
x-amz-meta-git_commit: f140f48
last-modified: Tue, 24 Jan 2023 18:42:08 GMT
server: AmazonS3
etag: "79fd9040c7076a5f94fad513504e92b9"
content-type: application/javascript
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: aLepf6zH7qaUOsnE6IT38H6d7QoEeH8Ne7ZkBVw_KCqU5yx9PtSJpQ==

GET
H3 200 5600854974875863283
tpc.googlesyndication.com/simgad/ Frame 0784 20 KB
20 KB 16ms
15ms Image
image/jpeg 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/5600854974875863283

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

56e0ce5f0122d26436a62105e81987988704b11942032c63e74f26abcfe87b7c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 06:57:10 GMT
x-content-type-options: nosniff
age: 22203
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20250
x-xss-protection: 0
last-modified: Fri, 17 Feb 2023 19:54:12 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 18 Feb 2024 06:57:10 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230215/r20110914/client/ Frame 0784 3 KB
1 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230215/r20110914/client/window_focus_fy2021.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 20:27:24 GMT
content-encoding: br
x-content-type-options: nosniff
age: 59989
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 03 Mar 2023 20:27:24 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0784 156 KB
48 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a85af52452417453ae5ced98aa54a149925de2155e823234dce588c331d11aa0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48814
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1676465787912926"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 18 Feb 2023 13:07:13 GMT

GET
H2 200 b-f140f48-7586382c.js Show response
tagan.adlightning.com/leeenterprises/ Frame 3B6D 80 KB
30 KB 9ms
8ms Script
application/javascript 18.66.147.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/leeenterprises/b-f140f48-7586382c.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-43.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b5aa611eb8a0c13f6d491ae88a0e08a706124319137c61e79974dd3488136bd1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 08 Feb 2023 22:17:14 GMT
content-encoding: gzip
via: 1.1 ed7f977b6d983a16331e3fe3f4764e9a.cloudfront.net (CloudFront)
x-amz-version-id: UtkghUTWgSLZyDEEFWZrJ8z1CoE_I..N
x-amz-cf-pop: FRA60-P4
age: 831000
x-cache: Hit from cloudfront
content-length: 29866
x-amz-meta-git_commit: f140f48
last-modified: Tue, 24 Jan 2023 18:42:08 GMT
server: AmazonS3
etag: "79fd9040c7076a5f94fad513504e92b9"
content-type: application/javascript
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: Cqf4deR9rMx0SfJy9p4F9MiXzzNOx2N1mjR_3RzN6L2UeZ_1x0hbeg==

GET
H3 200 5600854974875863283
tpc.googlesyndication.com/simgad/ Frame 3B6D 20 KB
20 KB 15ms
14ms Image
image/jpeg 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/5600854974875863283

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

56e0ce5f0122d26436a62105e81987988704b11942032c63e74f26abcfe87b7c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 06:57:10 GMT
x-content-type-options: nosniff
age: 22203
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20250
x-xss-protection: 0
last-modified: Fri, 17 Feb 2023 19:54:12 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 18 Feb 2024 06:57:10 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230215/r20110914/client/ Frame 3B6D 3 KB
1 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230215/r20110914/client/window_focus_fy2021.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 20:27:24 GMT
content-encoding: br
x-content-type-options: nosniff
age: 59989
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 03 Mar 2023 20:27:24 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 3B6D 0
0 52ms
51ms Image
text/html 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQyhUpryveT-qMDDzTGMsrECLLA9L0xHHd8yQ26Oy4TPpsj0_6DtB_gt45gtlmzxboI6DbU-3QJtpgFO_x-L2MgXZvJow
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3B6D 156 KB
48 KB 27ms
26ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a85af52452417453ae5ced98aa54a149925de2155e823234dce588c331d11aa0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48814
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1676465787912926"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 18 Feb 2023 13:07:13 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ Frame FCA9 218 KB
76 KB 34ms
32ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-ZDX2VRPT2D&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PLGJB35&gtm_auth=crXwMCzm9bfw_0aqgGSH_g&gtm_preview=env-1&gtm_cookies_win=x

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7e80cd25d0902a5fd7cd2d9191feb0eb23751c90b9a9b9ba42b70fd07c4b5500

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://discoverevvnt.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:13 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 78007
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sat, 18 Feb 2023 13:07:13 GMT

GET
H3 200 /
www.facebook.com/tr/ 0
18 B 16ms
16ms Image
text/plain 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=961211893969940&ev=Microdata&dl=https%3A%2F%2Fheraldcourier.com%2Fevents%2F&rl=&if=false&ts=1676725633509&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Events%20%7C%20heraldcourier.com%22%2C%22meta%3Akeywords%22%3A%22bristol%20herald%20courier%20-%20tricities%22%2C%22meta%3Adescription%22%3A%22%22%7D&cd[OpenGraph]=%7B%22og%3Atype%22%3A%22website%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fheraldcourier.com%2Fevents%2F%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fbloximages.newyork1.vip.townnews.com%2Fheraldcourier.com%2Fcontent%2Ftncms%2Fcustom%2Fimage%2F1535352e-c546-11ea-b9dc-173835b2f051.jpg%3Fresize%3D600%252C315%22%2C%22og%3Aimage%3Awidth%22%3A%22600%22%2C%22og%3Aimage%3Aheight%22%3A%22315%22%2C%22og%3Atitle%22%3A%22Events%22%2C%22og%3Asite_name%22%3A%22Bristol%20Herald%20Courier%20-%20Tricities%22%2C%22og%3Asection%22%3A%22Bristol%20Herald%20Courier%20%7C%20Breaking%20News%20%7C%22%2C%22article%3Apublisher%22%3A%22https%3A%2F%2Fwww.facebook.com%2Fheraldcourierdotcom%2F%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%7B%22%40context%22%3A%22https%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Organization%22%2C%22url%22%3A%22http%3A%2F%2Fheraldcourier.com%22%2C%22sameAs%22%3A%5B%22%2Ffacebook%22%2C%22%2Ftwitter%22%5D%7D%2C%7B%22%40context%22%3A%22https%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22Organization%22%2C%22url%22%3A%22http%3A%2F%2Fheraldcourier.com%22%2C%22sameAs%22%3A%5B%22%2Ffacebook%22%2C%22%2Ftwitter%22%5D%7D%5D&sw=1600&sh=1200&v=2.9.96&r=stable&ec=2&o=30&fbp=fb.1.1676725632932.634805497&it=1676725632031&coo=false&es=automatic&tm=3&rqm=GET

Requested by

Host: heraldcourier.com
URL: https://heraldcourier.com/events/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Sat, 18 Feb 2023 13:07:13 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 798B 0
0 65ms
65ms Fetch
image/gif 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstPUhbPF7SIBTMwLTKRZJx-Hy7kmzaml98tRtgwnfRPJLDp4zGtZ8rNK1pGNux_4ux8L6R07c8u0iyGXMZH67pVUucxi6a4qNSNzFqtNtAv0jkiBUaKsz6vRLDJ07mQlTT76LZUhE9ySAexkUmUX1GBr0lrd7aqwHFOGTBchWDYnFKq1TWzJNB_Ggeyk1q79E02eWDA7XNQv7pSDBJnQzwyc0OK43mZB2u3rf6_MrQ0IAELKW5y4XN7nA0a0JOPlBWY6k-mjsIUc_omlYzMxgiZZgqH7WLHKGj0NaZUbsflGd5WSny23pazeiAJ_YIn6n50H5bV0nepyf1BCmJDkw&sai=AMfl-YTgM1orwRmWJKE83Fd8DFBChcmy_hbv9lgDi_WWNmM5Bh9Yh7MHEOtOpHOn92bjQsCi9xcF98n_m_U1GrVOp6uv1WrZmmozSwec0ZzumVc-hMJ8CB5HE1NNP8OPIEXkGaYBUaEQtrCZZlPPxZLBUg&sig=Cg0ArKJSzKLhtdN0CSPoEAE&uach_m=[UACH]&adurl=

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/b-f140f48-7586382c.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:13 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 798B 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7618224184b33562016e91c74160cad2364998d743760349169147e10ebc07a2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 0784 0
0 66ms
65ms Fetch
image/gif 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvf9PYnKYyjEK52iy8HdVl9_UDV7FVzXi_346ttbFvEOvFMHQYTWJpi9VQt2wJoNhIgb4tFe7ryJRH1z34efszmG4WfempgGV-dywlGB4TBNTKmCXwjFQkxXhxVd5fGooD7ett8kXNaarkwkt8uemNsoPVBvHiCZ0mn1yZNROz3DR7pYq6ZhUzwm0XzTZkFDStA8X2kDfCQkTpldw4hQ_zxB5JarDTRjmJB0Dmn8qlhsIVYtdzFrzDKWfJewhFnGk0LSEhJ9n-XzW1zDlL4eirqmXQMZ-utUlPuw0jXGbp-UoM4s5x9uAe5uv66d5HUsjyqU3N5gNzYh9vZVvJL-Q&sai=AMfl-YQw-o_FW2-oZ1o5EsvBRCl8WwVrBuqZDIdsClhifAKd91fzCwdOluA5Knt_wAyJUbPGy0EAQm7hZnz2cLlA0IkGVvqOf90Y0BWeoHLEht_wsCaqm9Ta-naETccP4AgjFXyzSiOhLT-KA2ig_BZpfw&sig=Cg0ArKJSzPomhtDYdeW_EAE&uach_m=[UACH]&adurl=

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/b-f140f48-7586382c.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:13 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 0784 208 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 679a641787151d53a4534a8e9cf9da987177bcda7414cc0f1fe918e19a7fb45b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 schemaFilter.bundle.d0fc84c62e956d168cce.js Show response
cdn.segment.com/analytics-next/bundles/ 2 KB
1 KB 19ms
19ms Script
application/javascript 99.84.144.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/analytics-next/bundles/schemaFilter.bundle.d0fc84c62e956d168cce.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.144.128 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-144-128.txl52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6ac404a65bffee85a15718f669a44f5a034c94116661e6e0e48b1609f4a8617a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 16 Jan 2023 02:25:35 GMT
x-amz-version-id: VLQuST3Rg1zoSyN.SWag4b2R93Pv7oyc
content-encoding: br
via: 1.1 df792ea3bbbe656e2f5c7b61aa85cc46.cloudfront.net (CloudFront)
x-amz-cf-pop: TXL52-C1
age: 2889699
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Mon, 16 Jan 2023 00:06:36 GMT
server: AmazonS3
etag: W/"d6985af1d6ad9e8c2f97f24f7b27306e"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
vary: Accept-Encoding
x-amz-cf-id: EBNXNwCymNWEqRzvJlyJe0FwfBBev4uoJzVoMKMtZUtybTanHIBofw==

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 3B6D 0
0 66ms
65ms Fetch
image/gif 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvooo2qnQzLnxjKuUNL-K2U5wRQGBxJev_rtXsdeoBonyUlFgQV2mptZEuGrKPbMWxrwlQ4bf2ThyIp-JtofuIweRBoFLS63_b-1refABtbSiJtKlEzHrGZXDIXr0Q3Y3XfOC35ysRRd4DGtS_zngPgVVvxRLCljSkebeQKdX1gc6uSfm0ybbZmRKkyqELBcvVuxMIyuJQCS6JXRAX7AAnobqV5A1FYb60C3KREW9EoWTNTe5f5e93KgxReLf_DNXz47nHAdvTzSbQgRqggxO68RTcN9vW3pwwqbCUpMjl5xX5HN_kdj7SjUwShg1INYA4T7gv9z9g7h1gqItKAKQ&sai=AMfl-YThSPBfftAdjpzO-bvUAUpr0Nfk4Zlsi7_eJjuCpXeLSfprviThyaZs7ptHwST3aaBzhUVjkDzP_ROXaCdIj23T4gVaWKCbPy1TvoSwgimjLIOvYh3sy96PQW1UiJyOTmB6gyAqxorIW24nlLm_Rw&sig=Cg0ArKJSzA1fP1LFrKWcEAE&uach_m=[UACH]&adurl=

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/b-f140f48-7586382c.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:14 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 3B6D 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 68cfc7d2dca949b93b55e576a6658166acf12a6578b6ba11363cb017982c7a84

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 0784 0
0 63ms
63ms Fetch
image/gif 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssNCWUIr_U6Kp8GILmu2YEtWpXOS9v2NKSXQwzZmd6CcQAfxov391gFlCIRidl58IH4KzQJ35mIZv3y_bErEl-wlnMkFjWIBOj1Qkc6iZ1EfoCuLYvVrokVHrrY43Ui1J3Dr1g2x7OxG9MYdALYZzlJF3zP3TSwrncYKXb5RAkpPD22aYWPPCks_WnSyKJYjh6YoxKN9zoY-yH_MFrqBA3G6VuYRA7tOocIQnuTMWU3pDP-_lc3tpvHJVOCrtromKa1GOnJOBxh3CKw8S7x6t0KBm_BgsoeFnLfaayc0qxJZAJiaNv9tMwPtBPpql0BLNFHlY55IiY_WY_uk_DODI9n&sai=AMfl-YQL_6hwMSBJH2z2BPsoJQ14uVskcXOhS_wwToAJGIzPV61Mev2eI8gfLNCaNUg-DQjz2t_yBGALPY_-qlOFUOJev2M9b2fHv2TMWB1W4SZjW0ga1BQu4k4n1Wha7rG33DNcmwmBmIgKJJed4xsmvg&sig=Cg0ArKJSzGG3_x-mgDkmEAE&uach_m=[UACH]&adurl=

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/b-f140f48-7586382c.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:14 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 18 Feb 2023 13:07:14 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 798B 0
0 64ms
64ms Fetch
image/gif 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsthetgI6WLN1ApzPJARK_vdYJj8etmN6QIAXv_hxHbYGlD5ksdoGUbNHrWrP2gGM3dFARZ2OTnxsrZo_e3HTkjGAkoMa75LdBImoafZ2ttnhcO3wpOuQNLhnYWtxgfiT2UkuSFnjzqaEIFIKqCDBs9n5hiO4Fvi0D7xqIF7qDZNNn9UdUNYG1IhGbnUn0EFZw92eog6YsOswxyYOacKJ72AQk6VK0kaBEQ2fDwyBeA1YLdNO6RnegBtjNAtdvYx-e9_6DPRTVT5BNAQ3FRBf6VCxtwN_SsZ1Wj6sUorRMz7KHs8hJYl_TBnZeX4MmPvhkn42qtjqbsq7epttNgwCQMn&sai=AMfl-YTwt9ZdGY-oxwLMihYdCvfp63UtaZQVlULOC8r-2dUWoE1gzb-gapmEDMZKQQhfwJKuJN4zXAx1jgnyj7hCsUCiVZ79JFcNwQjketHv63REzYa92oesFItlQssz-FSjuvRadO9tXz5NyDk_Pu3aKA&sig=Cg0ArKJSzKUdmC6z0a5uEAE&uach_m=[UACH]&adurl=

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/b-f140f48-7586382c.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:14 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 18 Feb 2023 13:07:14 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 3B6D 0
0 66ms
66ms Fetch
image/gif 2a00:1450:400d:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstpgHRzmUIUnk4Gh7XeET9vnRTvOJdyJzmkIAdKlheNSpAnlSCy-sOkQKF7BAAi0zq3oG8ZwjdE9FsGypa0mx9AHY79dXjJ-UDrVFSrGJpwr7cgdnViJGrjnI1dz7xTpK5ZWnF_ghu_bIKYd3ZpTmAfs9z7T408dya3_4VOR2bHziwkGUhvqgVtHkguhfMutzrw473uZdDR48BIrU-JqMiY9I8qLMcfUcjA5mzz8pps-xyJ0_St-MjhCH72bGilWIltb-86JvnhVM3yEdN_9UOVHu1SSkPRiGrC94UwuWJ5kuT8ieLQvMdBQYJlhgvVxn0HFmGEyP96xVxxT9hNIrK-&sai=AMfl-YQwYPT3WQk5zl6DoP6evahPwwdzZfmLxjBbzImRsx2T_KbheybUO3XCa3J0uvlk7-BuhU1mtW6aXR2WC-ZV20gczWaLlfk_nLxAqrIpEi-fde14zG2_8typUAlTy87OGbXqCxU_wWB3sJf7ObQj_A&sig=Cg0ArKJSzAaecGzODzLOEAE&uach_m=[UACH]&adurl=

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/b-f140f48-7586382c.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:14 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sat, 18 Feb 2023 13:07:14 GMT

GET
H/1.1 200
OK a-058n Show response
i.liadm.com/s/c/ Frame 3AC0 1 KB
1 KB 402ms
118ms Document
text/html 35.153.253.201
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://i.liadm.com/s/c/a-058n?s=&cim=&ps=true&ls=true&duid=3f389ea64a07--01gsja5fdt993w5k50eer4kd83&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.153.253.201 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-153-253-201.compute-1.amazonaws.com

Software

Resource Hash

d64f62b42e42317c5ce1f78f530eac21057da4cea4a120a438601d368f6d1614

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://heraldcourier.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: private, no-cache, max-age=0
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 676
Content-Type: text/html; charset=UTF-8
Date: Sat, 18 Feb 2023 13:07:14 GMT
ETag: 1.61803398874
Request-Time: 8
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding

GET
H/1.1 200
OK baker
sli.heraldcourier.com/ 19 B
370 B 432ms
26ms Image
image/gif 2a02:26f0:dc::6853:4c1
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sli.heraldcourier.com/baker?dtstmp=1676725634066
Requested by: Host: heraldcourier.com
URL: https://heraldcourier.com/events/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:dc::6853:4c1 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 2d199b9d8dc7886837cbfd12c9e8ddae7e28f5c375d564b31bf732a320921435

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Expires: Sat, 18 Feb 2023 13:07:14 GMT
Pragma: no-cache
Date: Sat, 18 Feb 2023 13:07:14 GMT
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 19
Content-Type: image/gif

GET
H2 200 survicate.dynamic.js.gz Show response
cdn.segment.com/next-integrations/integrations/survicate/1.0.3/ 31 KB
8 KB 20ms
20ms Script
application/javascript 99.84.144.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/next-integrations/integrations/survicate/1.0.3/survicate.dynamic.js.gz
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/YNwPRuYDOjrAr7O9PCSVIw1QoK0Oimn6/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.144.128 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-144-128.txl52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6b4834d2f44f07a9da65dd002108da7f574827f3bfadfc55d5885ae5d48169ef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Mon, 30 Jan 2023 23:22:27 GMT
content-encoding: gzip
via: 1.1 df792ea3bbbe656e2f5c7b61aa85cc46.cloudfront.net (CloudFront)
x-amz-version-id: .JEktNPokcm_.ITg.wfksPSMCwXW6.2q
x-amz-cf-pop: TXL52-C1
age: 1604688
x-cache: Hit from cloudfront
content-length: 7696
last-modified: Tue, 10 Jan 2023 21:20:19 GMT
server: AmazonS3
etag: "6e9c384e02a329217f6eacce8a8af979"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
x-amz-cf-id: igat0JKeq9noy8BbbzaYE5wTErM92rRMbJoK_TpCbVaxTLYzIv0Wlw==

GET
H2 200 a5d5a951a09a4668.css Show response
discoverevvnt.com/_next/static/css/ Frame FCA9 11 KB
5 KB 8ms
8ms Fetch
text/css 2600:9000:2156:dc00:3:1a27:3000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://discoverevvnt.com/_next/static/css/a5d5a951a09a4668.css
Requested by: Host: discoverevvnt.com
URL: https://discoverevvnt.com/_next/static/chunks/main-9c8e3d471c1e00ef.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:dc00:3:1a27:3000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b114f9424fdb8c527389a985891aa1fb2a00fa2d7bc5965bbd15da2898669748

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 20:13:19 GMT
content-encoding: gzip
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
last-modified: Wed, 01 Feb 2023 20:09:38 GMT
server: nginx
x-amz-cf-pop: FRA50-C1
age: 1443235
etag: W/"2a33-1860e995fd0"
x-cache-status: MISS
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-amz-cf-id: 4c6RBuiMx6QrEaJU_hKQ0H5laJ-5QGKmXWEfB-s2JK8VkP9m9tQM0g==

GET
H2 200 %5Bcategory%5D-520b2ad5ea10590d.js Show response
discoverevvnt.com/_next/static/chunks/pages/framed/%5BframeConfig%5D/ Frame FCA9 1004 B
1007 B 11ms
11ms Script
application/javascript 2600:9000:2156:dc00:3:1a27:3000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://discoverevvnt.com/_next/static/chunks/pages/framed/%5BframeConfig%5D/%5Bcategory%5D-520b2ad5ea10590d.js
Requested by: Host: discoverevvnt.com
URL: https://discoverevvnt.com/_next/static/chunks/main-9c8e3d471c1e00ef.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:dc00:3:1a27:3000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 8cdd3d52b83633fe4e9d487e02c245e7862a0253b6ae950833eb5ad18120f3ff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 20:13:39 GMT
content-encoding: gzip
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
last-modified: Wed, 01 Feb 2023 20:09:38 GMT
server: nginx
x-amz-cf-pop: FRA50-C1
age: 1443215
etag: W/"3ec-1860e995fd0"
x-cache-status: HIT
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-amz-cf-id: cEKoAuSQXmARzC-XcT7862XkxOPdyCjKz8CzTqPKHarr5ZlF5nLwnw==

GET
H2 200 0c428ae2-f2b1a8d37f7fab1e.js Show response
discoverevvnt.com/_next/static/chunks/ Frame FCA9 3 KB
2 KB 11ms
11ms Script
application/javascript 2600:9000:2156:dc00:3:1a27:3000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://discoverevvnt.com/_next/static/chunks/0c428ae2-f2b1a8d37f7fab1e.js
Requested by: Host: discoverevvnt.com
URL: https://discoverevvnt.com/_next/static/chunks/main-9c8e3d471c1e00ef.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:dc00:3:1a27:3000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 1fb031e8fac65b546237289cb03067164111de4001dae738c54adc9cc0f8b483

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 20:13:20 GMT
content-encoding: gzip
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
last-modified: Wed, 01 Feb 2023 20:09:38 GMT
server: nginx
x-amz-cf-pop: FRA50-C1
age: 1443233
etag: W/"b14-1860e995fd0"
x-cache-status: MISS
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-amz-cf-id: tjfD1KVXiVD9AacErTPxzqlQ7rGh31EqZFqLiRd5spHRoklCSVNhbQ==

GET
H2 200 791-294d9e762c84f020.js Show response
discoverevvnt.com/_next/static/chunks/ Frame FCA9 14 KB
5 KB 12ms
11ms Script
application/javascript 2600:9000:2156:dc00:3:1a27:3000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://discoverevvnt.com/_next/static/chunks/791-294d9e762c84f020.js
Requested by: Host: discoverevvnt.com
URL: https://discoverevvnt.com/_next/static/chunks/main-9c8e3d471c1e00ef.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:dc00:3:1a27:3000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: d4f92427f4595f814bd510fe44f93ed2d9931b7e25f4aa1c5e8d6a0e696ede8a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 20:13:20 GMT
content-encoding: gzip
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
last-modified: Wed, 01 Feb 2023 20:09:38 GMT
server: nginx
x-amz-cf-pop: FRA50-C1
age: 1443233
etag: W/"362a-1860e995fd0"
x-cache-status: MISS
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-amz-cf-id: l197ynbGyGh6Yz_yyT-iHRw2q_pTM9-ukgi4XDtFxLantIEL3bwIuw==

GET
H2 200 %5Bevent%5D-f4b3d36d93320145.js Show response
discoverevvnt.com/_next/static/chunks/pages/framed/%5BframeConfig%5D/event/ Frame FCA9 6 KB
2 KB 12ms
11ms Script
application/javascript 2600:9000:2156:dc00:3:1a27:3000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://discoverevvnt.com/_next/static/chunks/pages/framed/%5BframeConfig%5D/event/%5Bevent%5D-f4b3d36d93320145.js
Requested by: Host: discoverevvnt.com
URL: https://discoverevvnt.com/_next/static/chunks/main-9c8e3d471c1e00ef.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:dc00:3:1a27:3000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 2037829362aa634439692b17368cab34ce3bb8d196ad5cda806874de2d3a8132

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 20:13:20 GMT
content-encoding: gzip
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
last-modified: Wed, 01 Feb 2023 20:09:38 GMT
server: nginx
x-amz-cf-pop: FRA50-C1
age: 1443233
etag: W/"188c-1860e995fd0"
x-cache-status: MISS
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-amz-cf-id: OZwHwwqm-g5LECEBeiipiMnvHVHwShyoBQKf39Nk01HQfHF5ou0NtA==

GET
H2 200 2ead4924aca04952.css Show response
discoverevvnt.com/_next/static/css/ Frame FCA9 4 KB
2 KB 11ms
10ms Fetch
text/css 2600:9000:2156:dc00:3:1a27:3000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://discoverevvnt.com/_next/static/css/2ead4924aca04952.css
Requested by: Host: discoverevvnt.com
URL: https://discoverevvnt.com/_next/static/chunks/main-9c8e3d471c1e00ef.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:dc00:3:1a27:3000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 4be2d9b5ed0447bf7d2b372d988938d87dab3d063e2252aa32dafc5cbb47f2d9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://discoverevvnt.com/framed/eyJwX2lkIjo4MDA3LCJsYW5kc2NhcGUiOmZhbHNlLCJjX2lkIjpudWxsLCJkX2JhY2tmaWxsX2ltYWdlcyI6ZmFsc2V9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 20:13:20 GMT
content-encoding: gzip
via: 1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
last-modified: Wed, 01 Feb 2023 20:09:38 GMT
server: nginx
x-amz-cf-pop: FRA50-C1
age: 1443233
etag: W/"f81-1860e995fd0"
x-cache-status: MISS
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-amz-cf-id: gPPHJMwWGGGg5Qq5i4A41xa3JTgNQNbPmevE8CYLRkpYMmfsTny0Pg==

GET
H2 200 commons.c42222c4cb2f8913500f.js.gz Show response
cdn.segment.com/next-integrations/integrations/vendor/ 73 KB
22 KB 22ms
21ms Script
application/javascript 99.84.144.128
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.c42222c4cb2f8913500f.js.gz
Requested by: Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/YNwPRuYDOjrAr7O9PCSVIw1QoK0Oimn6/analytics.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.84.144.128 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-144-128.txl52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b17b4a5cc840a366a4c006794502f887a316402f781f85e913ac4af19a93fc13

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Wed, 01 Feb 2023 04:18:24 GMT
content-encoding: gzip
via: 1.1 df792ea3bbbe656e2f5c7b61aa85cc46.cloudfront.net (CloudFront)
x-amz-version-id: XSryTsiM6vN7xj.wuhafUdfSpr8DWfV5
x-amz-cf-pop: TXL52-C1
age: 1500530
x-cache: Hit from cloudfront
content-length: 22177
last-modified: Tue, 10 Jan 2023 21:20:17 GMT
server: AmazonS3
etag: "befb217271e2e926c7d898f1c85f6cb7"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
x-amz-cf-id: NVs2ZSTcpby8kQkTttfslcygpXR7ZKneBBunpnOsqkHkLS1KOSFggQ==

GET
H2 200 web_surveys.js Show response
survey.survicate.com/workspaces/02044958792d6a6ac6f173c470836c89/ 9 KB
4 KB 104ms
23ms Script
application/javascript 2400:52e0:1e00::1078:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL

https://survey.survicate.com/workspaces/02044958792d6a6ac6f173c470836c89/web_surveys.js

Requested by

Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.c42222c4cb2f8913500f.js.gz

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2400:52e0:1e00::1078:1 , Slovenia, ASN200325 (BUNNYCDN, SI),

Reverse DNS

Software

BunnyCDN-DE1-1078 /

Resource Hash

454db4c5eda6da6644c986c6311c8b310db518c4f3e11db578acb5096e8d27a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:14 GMT
x-amz-version-id: 40iQ.BHbcnN90rk7U2l.11yukZb4lNRM
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cdn-edgestorageid: 723
x-amz-request-id: EXDM1AGCT4CM3EGX
cdn-cachedat: 02/18/2023 12:32:36
cdn-pullzone: 1158558
x-amz-id-2: 2I4c/0zWlAtuPauaydxuqeOl76Ma1Ce7rtFDigzavQlI33A1wqKxG+YjPbvgPbW3jMdPZkZ1VwE=
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 18 Feb 2023 12:32:00 GMT
server: BunnyCDN-DE1-1078
cdn-proxyver: 1.03
cdn-requestpullcode: 200
etag: W/"99b339fac8f70e4fd964f2906bd2eeff"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 039640c0-4b09-428d-a0ae-513ccdd44502
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: max-age=300
cdn-requestid: 793bdc55bffe6b6a8e3fb33dc51b53de
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

POST
H2 200 p Show response
api.segment.io/v1/ 21 B
175 B 580ms
185ms Fetch
application/json 44.240.82.169
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.segment.io/v1/p

Requested by

Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/YNwPRuYDOjrAr7O9PCSVIw1QoK0Oimn6/analytics.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.240.82.169 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-240-82-169.us-west-2.compute.amazonaws.com

Software

Resource Hash

12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://heraldcourier.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://heraldcourier.com
date: Sat, 18 Feb 2023 13:07:14 GMT
strict-transport-security: max-age=31536000
content-length: 21
vary: Origin
content-type: application/json

GET
H2 200 fonts.css
surveys-static.survicate.com/fonts/ 10 KB
2 KB 131ms
26ms Stylesheet
text/css 138.199.37.231
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL

https://surveys-static.survicate.com/fonts/fonts.css

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

138.199.37.231 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

138-199-37-231.bunnyinfra.net

Software

BunnyCDN-DE1-863 /

Resource Hash

bacc23ae416ef150be09288d366d689a7678849b04094552e67d8e2a032ad5a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: br
cdn-edgestorageid: 1078
x-amz-request-id: 8CPJXTKVE7VJQ2B4
cdn-cachedat: 01/24/2023 13:37:14
cdn-pullzone: 1133799
x-amz-id-2: rygMf0uKHUTDCp40XETvI5YhfgpM07l9py3qK0kUWWMMEBSS/WT96eIZTQi0fOlvyJRzahcGiDs=
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 13 Apr 2022 12:02:06 GMT
server: BunnyCDN-DE1-863
cdn-proxyver: 1.03
cdn-requestpullcode: 200
etag: W/"175a0d0343589473e72c6e512936d749"
vary: Accept-Encoding, Accept-Encoding
x-frame-options: DENY
content-type: text/css
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 039640c0-4b09-428d-a0ae-513ccdd44502
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=604800
cdn-requestid: d285227bf77f5e4e0834225dfbc48de0
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 widget_core-18.0.22.js Show response
surveys-static.survicate.com/ 316 KB
90 KB 130ms
25ms Script
application/x-javascript 138.199.37.231
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL

https://surveys-static.survicate.com/widget_core-18.0.22.js

Requested by

Host: survey.survicate.com
URL: https://survey.survicate.com/workspaces/02044958792d6a6ac6f173c470836c89/web_surveys.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

138.199.37.231 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),

Reverse DNS

138-199-37-231.bunnyinfra.net

Software

BunnyCDN-DE1-863 /

Resource Hash

9add224ee0aa976f730d18d23b6cded2d85f4f1c79fae0df66381280333ca9c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://heraldcourier.com/
Origin: https://heraldcourier.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-encoding: br
x-amz-request-id: Q0ZZG0V2Y0E9QMN3
cdn-pullzone: 1133799
x-amz-meta-codebuild-content-md5: 0583e08a1c041da9f846cdb548dffe48
referrer-policy: strict-origin-when-cross-origin
cdn-proxyver: 1.03
etag: W/"1abaa813dcb66832f29b590810256ca0"
x-frame-options: DENY
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET
content-type: application/x-javascript
access-control-allow-origin: *
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=604800
x-amz-meta-codebuild-content-sha256: 3c055d7b51a810e101ba9398b85536c25ef804782bc9bad4a9be3c888f8477ac
cdn-cache: HIT
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
date: Sat, 18 Feb 2023 13:07:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cdn-edgestorageid: 723
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:121050345386:build/ServiceSurveysStaticBuildAs-HG6JoJVHsH3E:4e18df9b-0053-4e9e-a3ca-c4adf75da186
cdn-cachedat: 02/16/2023 08:06:31
x-amz-id-2: YIlyrL1h78OdEOhYO32EzTKViv6KNjqE2jH50g2CPer0GCm8XMhvXNQfCyAzR4mWUl7M87KNMx0=
x-xss-protection: 1; mode=block
last-modified: Thu, 16 Feb 2023 08:04:22 GMT
server: BunnyCDN-DE1-863
cdn-requestpullcode: 200
access-control-max-age: 3600
cdn-uid: 039640c0-4b09-428d-a0ae-513ccdd44502
cdn-requestid: e657368420efd328af50ac991f36dcda
cdn-status: 200
cdn-requestpullsuccess: True

GET
H/1.1

200
OK

45450df3345745ce8b0818faf71a7885
i.liadm.com/s/e/a-058n/0/ Frame 3AC0
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=36&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2Fa-058n%2F0%2F45450df3345745ce8b0818faf71a7885%3Fmpid%3D7156%26muid%3D%5BMM_UUID%5D&36f844d1-e430-4acd-a7a8-d2d...
https://i.liadm.com/s/e/a-058n/0/45450df3345745ce8b0818faf71a7885?mpid=7156&muid=eaa363f0-cd82-4c00-a687-516adce24ea4

43 B
274 B

109ms
109ms

Image
image/gif

35.153.253.201
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.liadm.com/s/e/a-058n/0/45450df3345745ce8b0818faf71a7885?mpid=7156&muid=eaa363f0-cd82-4c00-a687-516adce24ea4

Requested by

Host: i.liadm.com
URL: https://i.liadm.com/s/c/a-058n?s=&cim=&ps=true&ls=true&duid=3f389ea64a07--01gsja5fdt993w5k50eer4kd83&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&

Protocol

HTTP/1.1

Server

35.153.253.201 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-153-253-201.compute-1.amazonaws.com

Software

Resource Hash

caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.liadm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Sat, 18 Feb 2023 13:07:14 GMT
Cache-Control: no-store
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: keep-alive
Content-Length: 43
Request-Time: 0
Content-Type: image/gif

Redirect headers

Date: Sat, 18 Feb 2023 13:07:14 GMT
Server: MT3 475 4bd2ccd master zrh-pixel-x27 config:1.0.0
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://i.liadm.com/s/e/a-058n/0/45450df3345745ce8b0818faf71a7885?mpid=7156&muid=eaa363f0-cd82-4c00-a687-516adce24ea4
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Sat, 18 Feb 2023 13:07:13 GMT

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame 3AC0 70 B
264 B 43ms
37ms Image
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=liveintent&ttd_tpi=1&gdpr=0
Requested by: Host: i.liadm.com
URL: https://i.liadm.com/s/c/a-058n?s=&cim=&ps=true&ls=true&duid=3f389ea64a07--01gsja5fdt993w5k50eer4kd83&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.liadm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Sat, 18 Feb 2023 13:07:14 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

52164
i6.liadm.com/s/ Frame 3AC0
Redirect Chain

https://x.bidswitch.net/syncd?dsp_id=256&user_group=2&user_id=36f844d1-e430-4acd-a7a8-d2d4bec96f22&redir=%2F%2Fi.liadm.com%2Fs%2F52176%3Fbidder_id%3D5298%26bidder_uuid%3D%24%7BBSW_UID%7D
https://x.bidswitch.net/ul_cb/syncd?dsp_id=256&user_group=2&user_id=36f844d1-e430-4acd-a7a8-d2d4bec96f22&redir=%2F%2Fi.liadm.com%2Fs%2F52176%3Fbidder_id%3D5298%26bidder_uuid%3D%24%7BBSW_UID%7D
https://i.liadm.com/s/52176?bidder_id=5298&bidder_uuid=0a8ca80a-7430-4046-b6e1-16459865cdab
https://x.bidswitch.net/sync?ssp=liveintent&user_id=36f844d1-e430-4acd-a7a8-d2d4bec96f22
https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=liveintent
https://c1.adform.net/serving/cookie/match/?CC=1&party=24&bidswitch_ssp_id=liveintent
https://x.bidswitch.net/sync?dsp_id=70&user_id=6894776439776788942&ssp=liveintent
https://i.liadm.com/s/52164?bidder_id=5298&licd=&bidder_uuid=0a8ca80a-7430-4046-b6e1-16459865cdab
https://i6.liadm.com/s/52164?bidder_id=5298&licd=&bidder_uuid=0a8ca80a-7430-4046-b6e1-16459865cdab

43 B
436 B

341ms
105ms

Image
image/gif

2600:1f18:ed:550a:9dcf:c5fe:8372:efac
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i6.liadm.com/s/52164?bidder_id=5298&licd=&bidder_uuid=0a8ca80a-7430-4046-b6e1-16459865cdab

Requested by

Protocol

HTTP/1.1

Server

2600:1f18:ed:550a:9dcf:c5fe:8372:efac Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.liadm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Sat, 18 Feb 2023 13:07:15 GMT
Cache-Control: no-store
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: keep-alive
Content-Length: 43
Request-Time: 0
Content-Type: image/gif

Redirect headers

Location: https://i6.liadm.com/s/52164?bidder_id=5298&licd=&bidder_uuid=0a8ca80a-7430-4046-b6e1-16459865cdab
Date: Sat, 18 Feb 2023 13:07:15 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: keep-alive
Content-Length: 0
Request-Time: 0

GET
H/1.1

200
OK

45450df3345745ce8b0818faf71a7885
i.liadm.com/s/e/a-058n/0/ Frame 3AC0
Redirect Chain

https://dpm.demdex.net/ibs:dpid=127444&dpuuid=36f844d1-e430-4acd-a7a8-d2d4bec96f22&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2Fa-058n%2F0%2F45450df3345745ce8b0818faf71a7885%3Fmpid%3D82775%26muid%3D%2...
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=127444&dpuuid=36f844d1-e430-4acd-a7a8-d2d4bec96f22&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2Fa-058n%2F0%2F45450df3345745ce8b0818faf71a7885%3Fmp...
https://i.liadm.com/s/e/a-058n/0/45450df3345745ce8b0818faf71a7885?mpid=82775&muid=31804616445325673084592582544692123633

43 B
274 B

142ms
109ms

Image
image/gif

35.153.253.201
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.liadm.com/s/e/a-058n/0/45450df3345745ce8b0818faf71a7885?mpid=82775&muid=31804616445325673084592582544692123633

Requested by

Protocol

HTTP/1.1

Server

35.153.253.201 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-153-253-201.compute-1.amazonaws.com

Software

Resource Hash

caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.liadm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Sat, 18 Feb 2023 13:07:14 GMT
Cache-Control: no-store
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: keep-alive
Content-Length: 43
Request-Time: 0
Content-Type: image/gif

Redirect headers

DCS: dcs-prod-irl1-2-v046-04caab9e7.edge-irl1.demdex.com 1 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: qiFqhFzfTkc=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://i.liadm.com/s/e/a-058n/0/45450df3345745ce8b0818faf71a7885?mpid=82775&muid=31804616445325673084592582544692123633
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2

200

live_intent_sync
x.dlx.addthis.com/e/ Frame 3AC0
Redirect Chain

https://x.dlx.addthis.com/e/live_intent_sync?na_exid=36f844d1-e430-4acd-a7a8-d2d4bec96f22
https://x.dlx.addthis.com/e/live_intent_sync?na_exid=36f844d1-e430-4acd-a7a8-d2d4bec96f22&rd=Y

43 B
603 B

200ms
200ms

Image
image/gif

23.35.209.176
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://x.dlx.addthis.com/e/live_intent_sync?na_exid=36f844d1-e430-4acd-a7a8-d2d4bec96f22&rd=Y

Requested by

Protocol

Server

23.35.209.176 Vienna, Austria, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-35-209-176.deploy.static.akamaitechnologies.com

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=2628000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.liadm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

expires: Sat, 18 Feb 2023 13:07:14 GMT
pragma: no-cache
date: Sat, 18 Feb 2023 13:07:14 GMT
cache-control: max-age=0, no-cache, no-store
strict-transport-security: max-age=2628000
content-length: 43
content-type: image/gif

Redirect headers

location: https://x.dlx.addthis.com/e/live_intent_sync?na_exid=36f844d1-e430-4acd-a7a8-d2d4bec96f22&rd=Y
pragma: no-cache
date: Sat, 18 Feb 2023 13:07:14 GMT
cache-control: max-age=0, no-cache, no-store
strict-transport-security: max-age=2628000
content-length: 0
expires: Sat, 18 Feb 2023 13:07:14 GMT

GET
H2 200 /
trc.taboola.com/sg/liveintent/1/cm/ Frame 3AC0 43 B
372 B 53ms
15ms Image
image/gif 2a04:4e42::300
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/liveintent/1/cm/
Requested by: Host: i.liadm.com
URL: https://i.liadm.com/s/c/a-058n?s=&cim=&ps=true&ls=true&duid=3f389ea64a07--01gsja5fdt993w5k50eer4kd83&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42::300 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 0d9762a1a60deef8aa093c473ad27c38eed77184d6940e7df06d89d77cbd3e94

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.liadm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

x-vcl-time-ms: 8
pragma: no-cache
date: Sat, 18 Feb 2023 13:07:14 GMT
via: 1.1 varnish
x-served-by: cache-hhn-etou8220087-HHN
server: nginx
x-timer: S1676725635.524223,VS0,VE8
x-cache: MISS
p3p: policyref="http://trc.taboola.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
access-control-allow-origin: *
cache-control: no-cache, no-store
access-control-allow-credentials: true
accept-ranges: bytes
x-cache-hits: 0

GET
H/1.1

200
OK

35004
i6.liadm.com/s/ Frame 3AC0
Redirect Chain

https://b1sync.zemanta.com/usersync/liveintent/?cb=%2F%2Fi.liadm.com%2Fs%2F35004%3Fbidder_id%3D98254%26bidder_uuid%3D__ZUID__
https://i.liadm.com/s/35004?bidder_id=98254&bidder_uuid=
https://i6.liadm.com/s/35004?bidder_id=98254&bidder_uuid=

43 B
436 B

341ms
102ms

Image
image/gif

2600:1f18:ed:550a:9dcf:c5fe:8372:efac
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i6.liadm.com/s/35004?bidder_id=98254&bidder_uuid=

Requested by

Protocol

HTTP/1.1

Server

2600:1f18:ed:550a:9dcf:c5fe:8372:efac Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.liadm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Sat, 18 Feb 2023 13:07:15 GMT
Cache-Control: no-store
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: keep-alive
Content-Length: 43
Request-Time: 1
Content-Type: image/gif

Redirect headers

Location: https://i6.liadm.com/s/35004?bidder_id=98254&bidder_uuid=
Date: Sat, 18 Feb 2023 13:07:15 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Connection: keep-alive
Content-Length: 0
Request-Time: 2

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 0784 42 B
108 B 147ms
63ms Fetch
image/gif 2a00:1450:400d:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvDV2OXiT0aa2IA4T7dLt3tvxrH4rOIgGUJ73UHP2Qyc5wxm8Sgz7a_HubA-S34T7N0sHIwCSmtXst1ttTbQgKS6u4KmLvUBu_rG0EChQjlcJXXqZl7&sig=Cg0ArKJSzLKpYdiyQnQzEAE&id=lidar2&mcvt=1000&p=580,1180,830,1480&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230215&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=3&adk=3665664822&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1676725633319&rpt=696&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/b-f140f48-7586382c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:15 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 798B 42 B
404 B 143ms
63ms Fetch
image/gif 2a00:1450:400d:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuskjVcvW2vl8qrvCgvxJd-04ysskNirlBirwWvgDBsbIYxoULBvUM0ie04B7oG0arAIaABSNJqeIBhKxRcjaj2XJGbJ8ThW5CGC74c3LS84_bjMLcc&sig=Cg0ArKJSzLyic0yXeJ4TEAE&id=lidar2&mcvt=1004&p=850,1180,1100,1480&mtos=1004,1004,1004,1004,1004&tos=1004,0,0,0,0&v=20230215&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=3&adk=1134156465&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1676725633267&rpt=773&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/b-f140f48-7586382c.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:15 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 404 rt=ifr Show response
bcp.crwdcntrl.net/5/c=6894/rand=339609168/pv=y/int=%23OpR%2363948%23Lee%20Enterprises%20%3A%20Total%20Site%20Traffic/int=%23OpR%2363949%23Lee%20Enterprises%20%3A%20heraldcourier%20%3A%20Total%20Sit... Frame C195 181 B
408 B 110ms
30ms Document
text/html 108.128.57.95
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/5/c=6894/rand=339609168/pv=y/int=%23OpR%2363948%23Lee%20Enterprises%20%3A%20Total%20Site%20Traffic/int=%23OpR%2363949%23Lee%20Enterprises%20%3A%20heraldcourier%20%3A%20Total%20Site%20Traffic/int=%23OpR%2372332%23Site%20Section%20%3A%20events/med=%23OpR%2372333%23Keyword%20%3A%20bristol%20herald%20courier%20-%20tricities/rb=%7B%22meta_tag%22%3A%22bristol%20herald%20courier%20-%20tricities%22%7D/rt=ifr
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 108.128.57.95 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-108-128-57-95.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: eb922d8aa175b8fe481c695f4fb7e741c8eb665ef7469c305d2d4414a5e2d678

Request headers

Referer: https://heraldcourier.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
cache-control: no-cache
content-length: 181
content-type: text/html;charset=utf-8
date: Sat, 18 Feb 2023 13:07:15 GMT
expires: 0
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
pragma: no-cache
server: Jetty(9.4.38.v20210224)
x-server: 10.45.1.213

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
11 KB 78ms
77ms XHR
application/json 2a00:1450:400d:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2023021501&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023021501.js?cb=31072498

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cf2623b02899ff993d483b84b6fa3c5a9368a08ef12873349a761f9fb76ea638

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:15 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11293
x-xss-protection: 0

GET
H2 200 p Show response
i.simpli.fi/ 761 B
1 KB 87ms
19ms Script
application/javascript 34.90.223.176
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://i.simpli.fi/p?cid=7855&cb=sifi_att_1768153694538195._hp

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

34.90.223.176 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

176.223.90.34.bc.googleusercontent.com

Software

Resource Hash

727baf1d9d11ae3a15ce4615130e9ea66944915778578c0261a0ab478595d9ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache, no-cache
date: Sat, 18 Feb 2023 13:07:15 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Thu, 01 Jan 1970 00:00:00 GMT, Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 28ms
28ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sat, 18 Feb 2023 13:07:15 GMT

GET
H2

200

xuid
eb2.3lift.com/
Redirect Chain

https://um.simpli.fi/triplelift
https://eb2.3lift.com/xuid?mid=7969&xuid=5F4F7001FF7D4100A6E5BCA85232FACC&dongle=yf3

37 B
140 B

38ms
9ms

Image
image/gif

76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=7969&xuid=5F4F7001FF7D4100A6E5BCA85232FACC&dongle=yf3
Protocol: H2
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:15 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

Redirect headers

date: Sat, 18 Feb 2023 13:07:15 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://eb2.3lift.com/xuid?mid=7969&xuid=5F4F7001FF7D4100A6E5BCA85232FACC&dongle=yf3
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Fri, 17 Feb 2023 13:07:15 GMT

GET
H2

200

sync
simplifi.partners.tremorhub.com/
Redirect Chain

https://um.simpli.fi/telaria_p
https://simplifi.partners.tremorhub.com/sync?UISF=5F4F7001FF7D4100A6E5BCA85232FACC

43 B
183 B

409ms
104ms

Image
image/gif

2600:1f18:612b:4264:b002:6706:c84b:49fb
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simplifi.partners.tremorhub.com/sync?UISF=5F4F7001FF7D4100A6E5BCA85232FACC
Protocol: H2
Server: 2600:1f18:612b:4264:b002:6706:c84b:49fb Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
date: Sat, 18 Feb 2023 13:07:15 GMT
server: Apache-Coyote/1.1
content-type: image/gif

Redirect headers

date: Sat, 18 Feb 2023 13:07:15 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://simplifi.partners.tremorhub.com/sync?UISF=5F4F7001FF7D4100A6E5BCA85232FACC
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Fri, 17 Feb 2023 13:07:15 GMT

GET
H2

200

check
pixel.tapad.com/idsync/ex/receive/
Redirect Chain

https://um.simpli.fi/tapad
https://pixel.tapad.com/idsync/ex/receive?partner_id=2305&partner_device_id=5F4F7001FF7D4100A6E5BCA85232FACC
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=5F4F7001FF7D4100A6E5BCA85232FACC

95 B
435 B

23ms
22ms

Image
image/png

34.111.113.62
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=5F4F7001FF7D4100A6E5BCA85232FACC

Protocol

Server

34.111.113.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

62.113.111.34.bc.googleusercontent.com

Software

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:15 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
content-type: image/png
access-control-allow-origin: *
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95

Redirect headers

date: Sat, 18 Feb 2023 13:07:15 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
access-control-allow-origin: *
location: https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=5F4F7001FF7D4100A6E5BCA85232FACC
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2

200

empty.gif
um.simpli.fi/
Redirect Chain

https://um.simpli.fi/ad_advisor
https://aa.agkn.com/adscores/g.pixel?sid=9201915418&sifi_uid=5F4F7001FF7D4100A6E5BCA85232FACC
https://d.agkn.com/pixel/10751/?che=1676725635653&ip=37.58.58.246&l1=https%3A%2F%2Fum.simpli.fi%2Faa_px%3Fsk%3D216423104431001569929
https://um.simpli.fi/aa_px?sk=216423104431001569929
https://um.simpli.fi/empty.gif

43 B
361 B

22ms
22ms

Image
image/gif

35.204.74.118
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/empty.gif

Protocol

Server

35.204.74.118 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

118.74.204.35.bc.googleusercontent.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:15 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43

Redirect headers

date: Sat, 18 Feb 2023 13:07:15 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: /empty.gif
access-control-allow-origin: *
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142

GET
H2

403

ProfilesEngineServlet
sync.intentiq.com/profiles_engine/
Redirect Chain

https://um.simpli.fi/intentiq
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=5F4F7001FF7D4100A6E5BCA85232FACC

0
0

82ms
18ms

Image
text/html

99.84.146.70
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=5F4F7001FF7D4100A6E5BCA85232FACC
Protocol: H2
Server: 99.84.146.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-146-70.txl52.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Redirect headers

date: Sat, 18 Feb 2023 13:07:15 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=5F4F7001FF7D4100A6E5BCA85232FACC
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Fri, 17 Feb 2023 13:07:15 GMT

GET
H2 200 pubmatic
um.simpli.fi/ 43 B
409 B 76ms
17ms Image
image/gif 35.204.74.118
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/pubmatic

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.204.74.118 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

118.74.204.35.bc.googleusercontent.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:15 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Fri, 17 Feb 2023 13:07:15 GMT

GET
H2 200 freewheel
um.simpli.fi/ 43 B
409 B 18ms
16ms Image
image/gif 35.204.74.118
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/freewheel

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.204.74.118 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

118.74.204.35.bc.googleusercontent.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:15 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Fri, 17 Feb 2023 13:07:15 GMT

GET
H2

403

ProfilesEngineServlet
sync.intentiq.com/profiles_engine/
Redirect Chain

https://um.simpli.fi/dtnx
https://fei.pro-market.net/engine?du=24;csync=5F4F7001FF7D4100A6E5BCA85232FACC;mimetype=img;
https://fei.pro-market.net/engine?du=24;csync=5F4F7001FF7D4100A6E5BCA85232FACC;mimetype=img;sr
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=3&pcid=9068273886718807786

0
0

19ms
18ms

Image
text/html

99.84.146.70
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=3&pcid=9068273886718807786
Protocol: H2
Server: 99.84.146.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-84-146-70.txl52.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Redirect headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:15 GMT
via: 1.1 google
server: Apache-Coyote/1.1
anserver: gapp-eu-5.c.datonics-gcp-01.internal
p3p: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
access-control-allow-origin: *
location: https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=3&pcid=9068273886718807786
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
alt-svc: clear
content-length: 0
expires: Mon, 1 Jan 1990 0:0:0 GMT

GET
H2

204

/
loadm.exelator.com/load/
Redirect Chain

https://um.simpli.fi/exelatem
https://loadm.exelator.com/load/?p=204&g=2191&simid=5F4F7001FF7D4100A6E5BCA85232FACC&j=0
https://loadm.exelator.com/load/?p=204&g=2191&simid=5F4F7001FF7D4100A6E5BCA85232FACC&j=0&xl8blockcheck=1

0
767 B

35ms
34ms

Image
text/plain

34.254.143.3
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://loadm.exelator.com/load/?p=204&g=2191&simid=5F4F7001FF7D4100A6E5BCA85232FACC&j=0&xl8blockcheck=1
Protocol: H2
Server: 34.254.143.3 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-254-143-3.eu-west-1.compute.amazonaws.com
Software: nginx / Undertow/1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:15 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
x-powered-by: Undertow/1
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA

Redirect headers

date: Sat, 18 Feb 2023 13:07:15 GMT
server: nginx
x-powered-by: Undertow/1
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
location: https://loadm.exelator.com/load/?p=204&g=2191&simid=5F4F7001FF7D4100A6E5BCA85232FACC&j=0&xl8blockcheck=1
content-type: image/gif
cache-control: no-cache
access-control-allow-credentials: true
content-length: 0

GET
H2 200 yahoo
um.simpli.fi/ 43 B
409 B 19ms
17ms Image
image/gif 35.204.74.118
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/yahoo

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.204.74.118 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

118.74.204.35.bc.googleusercontent.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:15 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Fri, 17 Feb 2023 13:07:15 GMT

GET
H/1.1

204

sync
sync.bfmio.com/
Redirect Chain

https://um.simpli.fi/beachfront
https://sync.bfmio.com/sync?pid=141&uid=5F4F7001FF7D4100A6E5BCA85232FACC

0
421 B

566ms
198ms

Image
text/plain

52.72.248.126
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.bfmio.com/sync?pid=141&uid=5F4F7001FF7D4100A6E5BCA85232FACC
Protocol: HTTP/1.1
Server: 52.72.248.126 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-72-248-126.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Connection: keep-alive
Date: Sat, 18 Feb 2023 13:07:15 GMT

Redirect headers

date: Sat, 18 Feb 2023 13:07:15 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://sync.bfmio.com/sync?pid=141&uid=5F4F7001FF7D4100A6E5BCA85232FACC
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Fri, 17 Feb 2023 13:07:15 GMT

GET
H2

200

29931
stags.bluekai.com/site/
Redirect Chain

https://um.simpli.fi/bluekai
https://stags.bluekai.com/site/29931?id=5F4F7001FF7D4100A6E5BCA85232FACC

62 B
453 B

208ms
191ms

Image
image/gif

23.35.209.176
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://stags.bluekai.com/site/29931?id=5F4F7001FF7D4100A6E5BCA85232FACC
Protocol: H2
Server: 23.35.209.176 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-209-176.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
date: Sat, 18 Feb 2023 13:07:15 GMT
content-length: 62
content-type: image/gif

Redirect headers

date: Sat, 18 Feb 2023 13:07:15 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://stags.bluekai.com/site/29931?id=5F4F7001FF7D4100A6E5BCA85232FACC
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Fri, 17 Feb 2023 13:07:15 GMT

GET
H2

404

tpid=5F4F7001FF7D4100A6E5BCA85232FACC
bcp.crwdcntrl.net/map/c=7625/tp=SIMP/
Redirect Chain

https://um.simpli.fi/crwdcntrl
https://bcp.crwdcntrl.net/map/c=7625/tp=SIMP/tpid=5F4F7001FF7D4100A6E5BCA85232FACC

49 B
264 B

32ms
29ms

Image
image/gif

108.128.57.95
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bcp.crwdcntrl.net/map/c=7625/tp=SIMP/tpid=5F4F7001FF7D4100A6E5BCA85232FACC
Protocol: H2
Server: 108.128.57.95 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-108-128-57-95.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:15 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.45.4.116
content-length: 49
expires: 0

Redirect headers

date: Sat, 18 Feb 2023 13:07:15 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://bcp.crwdcntrl.net/map/c=7625/tp=SIMP/tpid=5F4F7001FF7D4100A6E5BCA85232FACC
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Fri, 17 Feb 2023 13:07:15 GMT

GET
H/1.1

204
No Content

merge
ce.lijit.com/
Redirect Chain

https://um.simpli.fi/lj_match
https://ce.lijit.com/merge?pid=2&3pid=5F4F7001FF7D4100A6E5BCA85232FACC

0
311 B

53ms
14ms

Image
text/plain

216.52.2.48
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=2&3pid=5F4F7001FF7D4100A6E5BCA85232FACC
Protocol: HTTP/1.1
Server: 216.52.2.48 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Expires: Fri, 20 Mar 2009 00:00:00 GMT
Pragma: no-cache
Date: Sat, 18 Feb 2023 13:07:15 GMT
X-MERGE: GDPR Optout true
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap5ams1
P3P: CP="CUR ADM OUR NOR STA NID"

Redirect headers

date: Sat, 18 Feb 2023 13:07:15 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://ce.lijit.com/merge?pid=2&3pid=5F4F7001FF7D4100A6E5BCA85232FACC
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Fri, 17 Feb 2023 13:07:15 GMT

GET
H2

451

419566.gif
idsync.rlcdn.com/
Redirect Chain

https://um.simpli.fi/liveramp_match
https://idsync.rlcdn.com/419566.gif?partner_uid=5F4F7001FF7D4100A6E5BCA85232FACC

0
98 B

59ms
20ms

Image
text/plain

35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/419566.gif?partner_uid=5F4F7001FF7D4100A6E5BCA85232FACC
Protocol: H2
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:15 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

Redirect headers

date: Sat, 18 Feb 2023 13:07:15 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://idsync.rlcdn.com/419566.gif?partner_uid=5F4F7001FF7D4100A6E5BCA85232FACC
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Fri, 17 Feb 2023 13:07:15 GMT

GET
H3

200

/
www.google.de/pagead/1p-conversion/1026675585/
Redirect Chain

https://www.googleadservices.com/pagead/conversion/1026675585/?random=1676725635492&cv=7&fst=1676725635492&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1026675585/?random=557356734&cv=7&fst=1676725635492&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ctc_id=CAIVAgAAAB0CAAAA&ct_cooki...
https://www.google.com/pagead/1p-conversion/1026675585/?random=557356734&cv=7&fst=1676725635492&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte...
https://www.google.de/pagead/1p-conversion/1026675585/?random=557356734&cv=7&fst=1676725635492&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=...

42 B
64 B

58ms
57ms

Image
image/gif

2a00:1450:400d:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/1026675585/?random=557356734&cv=7&fst=1676725635492&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=g83wY8XjJpzImLAPgL2AmAs&cid=CAQSKQDUE5ymCxef-RR4YOZ2wq-uxptiSHm6AvhEO_wYHaf15KSKn7K-W7iG&random=644869694&ipr=y&prhg=0

Protocol

Server

2a00:1450:400d:806::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:15 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:15 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.de/pagead/1p-conversion/1026675585/?random=557356734&cv=7&fst=1676725635492&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=g83wY8XjJpzImLAPgL2AmAs&cid=CAQSKQDUE5ymCxef-RR4YOZ2wq-uxptiSHm6AvhEO_wYHaf15KSKn7K-W7iG&random=644869694&ipr=y&prhg=0
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200

partner
sync.search.spotxchange.com/
Redirect Chain

https://um.simpli.fi/spotx_match
https://sync.search.spotxchange.com/partner?adv_id=7797&uid=5F4F7001FF7D4100A6E5BCA85232FACC
https://sync.search.spotxchange.com/partner?adv_id=7797&uid=5F4F7001FF7D4100A6E5BCA85232FACC&__user_check__=1&sync_id=2a87fd40-af8d-11ed-84f9-11482f420306

43 B
548 B

18ms
18ms

Image
image/gif

185.94.180.125
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7797&uid=5F4F7001FF7D4100A6E5BCA85232FACC&__user_check__=1&sync_id=2a87fd40-af8d-11ed-84f9-11482f420306
Protocol: HTTP/1.1
Server: 185.94.180.125 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Date: Sat, 18 Feb 2023 13:07:15 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 23
Connection: keep-alive
Content-Length: 43

Redirect headers

Date: Sat, 18 Feb 2023 13:07:15 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Location: /partner?adv_id=7797&uid=5F4F7001FF7D4100A6E5BCA85232FACC&__user_check__=1&sync_id=2a87fd40-af8d-11ed-84f9-11482f420306
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 102
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

bounce
ib.adnxs.com/
Redirect Chain

https://um.simpli.fi/an
https://ib.adnxs.com/setuid?entity=66&code=5F4F7001FF7D4100A6E5BCA85232FACC
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D66%26code%3D5F4F7001FF7D4100A6E5BCA85232FACC

43 B
1 KB

8ms
8ms

Image
image/gif

37.252.171.53
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D66%26code%3D5F4F7001FF7D4100A6E5BCA85232FACC

Protocol

HTTP/1.1

Server

37.252.171.53 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 18 Feb 2023 13:07:15 GMT
AN-X-Request-Uuid: 8e8ca73c-ce4f-42d8-a665-972082d13a30
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 37.58.58.246; 37.58.58.246; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 18 Feb 2023 13:07:15 GMT
AN-X-Request-Uuid: 9dab2b43-839f-471e-9cab-4e698f4c1190
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D66%26code%3D5F4F7001FF7D4100A6E5BCA85232FACC
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 37.58.58.246; 37.58.58.246; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/
Redirect Chain

https://um.simpli.fi/rb_match
https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=5F4F7001FF7D4100A6E5BCA85232FACC&expires=365

0
239 B

79ms
9ms

Image
image/gif

69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=5F4F7001FF7D4100A6E5BCA85232FACC&expires=365
Protocol: HTTP/1.1
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

date: Sat, 18 Feb 2023 13:07:15 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=5F4F7001FF7D4100A6E5BCA85232FACC&expires=365
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Fri, 17 Feb 2023 13:07:15 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/
Redirect Chain

https://um.simpli.fi/ox_match
https://us-u.openx.net/w/1.0/sd?id=537072966&val=5F4F7001FF7D4100A6E5BCA85232FACC

43 B
273 B

59ms
21ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072966&val=5F4F7001FF7D4100A6E5BCA85232FACC
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:15 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

date: Sat, 18 Feb 2023 13:07:15 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://us-u.openx.net/w/1.0/sd?id=537072966&val=5F4F7001FF7D4100A6E5BCA85232FACC
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Fri, 17 Feb 2023 13:07:15 GMT

GET
H2

204

g_match
um.simpli.fi/
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_cm&google_sc
https://um.simpli.fi/g_match?id=&google_gid=CAESEOn9veSZPLRp3L8oBP4Tjpw&google_cver=1
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=5F4F7001FF7D4100A6E5BCA85232FACC
https://um.simpli.fi/g_match?id=

0
320 B

33ms
33ms

Image
text/plain

35.204.74.118
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/g_match?id=

Protocol

Server

35.204.74.118 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

118.74.204.35.bc.googleusercontent.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:15 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Fri, 17 Feb 2023 13:07:15 GMT

Redirect headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:15 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://um.simpli.fi/g_match?id=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 229
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 3FDF 13 KB
5 KB 23ms
22ms Document
text/html 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://heraldcourier.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 16373
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 18 Feb 2023 08:34:22 GMT
expires: Sun, 18 Feb 2024 08:34:22 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame CF38 783 B
534 B 54ms
53ms Document
text/html 2a00:1450:400d:80a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/leeenterprises/op.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80a::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

a7f0c148843ed0b4b852ab76866ae7fcfbd69bba58e5f2bada7a2b1bcb7fe440

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-sOhZLX-bpaYbOpkYjD6baQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://heraldcourier.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-sOhZLX-bpaYbOpkYjD6baQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sat, 18 Feb 2023 13:07:15 GMT
expires: Sat, 18 Feb 2023 13:07:15 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 ENhUjQ5Efr1LKcBlRSMtCxEMsPeXm4hb-JW7itjXrRA.js Show response
pagead2.googlesyndication.com/bg/ Frame 3FDF 36 KB
14 KB 88ms
29ms Script
text/javascript 2a00:1450:400d:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/ENhUjQ5Efr1LKcBlRSMtCxEMsPeXm4hb-JW7itjXrRA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

10d8548d0e447ebd4b29c06545232d0b110cb0f7979b885bf895bb8ad8d7ad10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 10:56:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 94257
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14306
x-xss-protection: 0
last-modified: Mon, 13 Feb 2023 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 17 Feb 2024 10:56:18 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame CF38 0
0 84ms
60ms Image
text/html 2a00:1450:400d:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2023021501&jk=229723355828661&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 3FDF 0
10 B 14ms
14ms Image
text/plain 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?D-4aFg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:15 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 load-cookie.html Show response
bidder.newspassid.com/static/ Frame C4D9 12 KB
12 KB 109ms
109ms Document
text/html 3.211.193.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.newspassid.com/static/load-cookie.html?usp_consent=&pubcid=71138659-8444-4afa-9b28-7a7c5429ae3f&publisherId=NPID10000001&siteId=3500000313&cb=1676725632889&bidder=newspassid
Requested by: Host: bloximages.newyork1.vip.townnews.com
URL: https://bloximages.newyork1.vip.townnews.com/heraldcourier.com/content/tncms/live/libraries/flex/components/ads_dfp/resources/scripts/prebid7.9.0.js?_dc=1676358004
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.211.193.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-193-175.compute-1.amazonaws.com
Software: /
Resource Hash: 040ae90345fee63a0728d0b737dc6e94ac84313a98213b45c4135915a8cd0188

Request headers

Referer: https://heraldcourier.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: no-cache, no-store, must-revalidate
content-length: 11885
content-type: text/html; charset=utf-8
date: Sat, 18 Feb 2023 13:07:15 GMT
expires: 0
last-modified: Wed, 15 Feb 2023 10:44:37 GMT
pragma: no-cache
vary: Origin

GET
H2 200 load-cookie.html Show response
bidder.newspassid.com/static/ Frame 79FB 12 KB
12 KB 294ms
293ms Document
text/html 3.211.193.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.newspassid.com/static/load-cookie.html?usp_consent=&pubcid=71138659-8444-4afa-9b28-7a7c5429ae3f&publisherId=NPID10000001&siteId=3500000313&cb=1676725633183&bidder=newspassid
Requested by: Host: bloximages.newyork1.vip.townnews.com
URL: https://bloximages.newyork1.vip.townnews.com/heraldcourier.com/content/tncms/live/libraries/flex/components/ads_dfp/resources/scripts/prebid7.9.0.js?_dc=1676358004
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.211.193.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-193-175.compute-1.amazonaws.com
Software: /
Resource Hash: 040ae90345fee63a0728d0b737dc6e94ac84313a98213b45c4135915a8cd0188

Request headers

Referer: https://heraldcourier.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: no-cache, no-store, must-revalidate
content-length: 11885
content-type: text/html; charset=utf-8
date: Sat, 18 Feb 2023 13:07:15 GMT
expires: 0
last-modified: Wed, 15 Feb 2023 10:44:37 GMT
pragma: no-cache
vary: Origin

GET
H2 200 load-cookie.html Show response
bidder.newspassid.com/static/ Frame 2F42 12 KB
12 KB 293ms
293ms Document
text/html 3.211.193.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.newspassid.com/static/load-cookie.html?usp_consent=&pubcid=71138659-8444-4afa-9b28-7a7c5429ae3f&publisherId=NPID10000001&siteId=3500000313&cb=1676725632873&bidder=newspassid
Requested by: Host: bloximages.newyork1.vip.townnews.com
URL: https://bloximages.newyork1.vip.townnews.com/heraldcourier.com/content/tncms/live/libraries/flex/components/ads_dfp/resources/scripts/prebid7.9.0.js?_dc=1676358004
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.211.193.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-193-175.compute-1.amazonaws.com
Software: /
Resource Hash: 040ae90345fee63a0728d0b737dc6e94ac84313a98213b45c4135915a8cd0188

Request headers

Referer: https://heraldcourier.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: no-cache, no-store, must-revalidate
content-length: 11885
content-type: text/html; charset=utf-8
date: Sat, 18 Feb 2023 13:07:15 GMT
expires: 0
last-modified: Wed, 15 Feb 2023 10:44:37 GMT
pragma: no-cache
vary: Origin

POST
H2 200 cookie_sync Show response
bidder.newspassid.com/ Frame C4D9 3 KB
3 KB 175ms
175ms XHR
text/plain 3.211.193.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.newspassid.com/cookie_sync
Requested by: Host: bidder.newspassid.com
URL: https://bidder.newspassid.com/static/load-cookie.html?usp_consent=&pubcid=71138659-8444-4afa-9b28-7a7c5429ae3f&publisherId=NPID10000001&siteId=3500000313&cb=1676725632889&bidder=newspassid
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.211.193.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-193-175.compute-1.amazonaws.com
Software: /
Resource Hash: a6d86bbfe45f990127f1ff1a3874ee64130176169ff51ad6ce39f0b39f023bd3

Request headers

Referer: https://bidder.newspassid.com/static/load-cookie.html?usp_consent=&pubcid=71138659-8444-4afa-9b28-7a7c5429ae3f&publisherId=NPID10000001&siteId=3500000313&cb=1676725632889&bidder=newspassid
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:16 GMT
vary: Origin
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://bidder.newspassid.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
expires: 0

GET
H2

204

getuid
ads.avct.cloud/ Frame C4D9
Redirect Chain

https://ads.avct.cloud/getuid?&gdpr=0&gdpr_consent=&us_privacy=pbs-newspassid&url=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Davocet%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%7B%7BUUID%7D%7D
https://ads.avct.cloud/getuid?bounce=true&&gdpr=0&gdpr_consent=&us_privacy=pbs-newspassid&url=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Davocet%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%7B...

0
0

31ms
31ms

Image
text/plain

34.243.37.252
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.avct.cloud/getuid?bounce=true&&gdpr=0&gdpr_consent=&us_privacy=pbs-newspassid&url=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Davocet%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%7B%7BUUID%7D%7D
Protocol: H2
Server: 34.243.37.252 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-243-37-252.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bidder.newspassid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Redirect headers

location: /getuid?bounce=true&&gdpr=0&gdpr_consent=&us_privacy=pbs-newspassid&url=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Davocet%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%7B%7BUUID%7D%7D
date: Sat, 18 Feb 2023 13:07:16 GMT
p3p: policyref="http://cdn.avocet.io/w3c/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-length: 244
content-type: text/html; charset=utf-8

POST
H2 200 cookie_sync Show response
bidder.newspassid.com/ Frame 79FB 3 KB
3 KB 119ms
119ms XHR
text/plain 3.211.193.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.newspassid.com/cookie_sync
Requested by: Host: bidder.newspassid.com
URL: https://bidder.newspassid.com/static/load-cookie.html?usp_consent=&pubcid=71138659-8444-4afa-9b28-7a7c5429ae3f&publisherId=NPID10000001&siteId=3500000313&cb=1676725633183&bidder=newspassid
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.211.193.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-193-175.compute-1.amazonaws.com
Software: /
Resource Hash: a9ee30a9c35b49de4d050a13864501d6bd288a5dd8dc8ce06b03aa5844a1719d

Request headers

Referer: https://bidder.newspassid.com/static/load-cookie.html?usp_consent=&pubcid=71138659-8444-4afa-9b28-7a7c5429ae3f&publisherId=NPID10000001&siteId=3500000313&cb=1676725633183&bidder=newspassid
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:16 GMT
vary: Origin
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://bidder.newspassid.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
expires: 0

POST
H2 200 cookie_sync Show response
bidder.newspassid.com/ Frame 2F42 3 KB
3 KB 109ms
109ms XHR
text/plain 3.211.193.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://bidder.newspassid.com/cookie_sync
Requested by: Host: bidder.newspassid.com
URL: https://bidder.newspassid.com/static/load-cookie.html?usp_consent=&pubcid=71138659-8444-4afa-9b28-7a7c5429ae3f&publisherId=NPID10000001&siteId=3500000313&cb=1676725632873&bidder=newspassid
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.211.193.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-193-175.compute-1.amazonaws.com
Software: /
Resource Hash: a6d86bbfe45f990127f1ff1a3874ee64130176169ff51ad6ce39f0b39f023bd3

Request headers

Referer: https://bidder.newspassid.com/static/load-cookie.html?usp_consent=&pubcid=71138659-8444-4afa-9b28-7a7c5429ae3f&publisherId=NPID10000001&siteId=3500000313&cb=1676725632873&bidder=newspassid
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:16 GMT
vary: Origin
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://bidder.newspassid.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
expires: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 63ms
63ms Image
text/html 2a00:1450:400d:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2023021501&jk=229723355828661&bg=!V1SlVADNAAZYlHKzeJQ7ADkAdvg8WrpHYdvByI2Oy625_RH8n84Vail2NG_hfvkIZE4rL3UHishQIWwCBrzmLirJgGhKNgknj-cCAAAATVIAAAAFaAEHCgBiO86vWyMNykbde8Q7xU9vuDNsgz6zhl2CvzkhrCU8I0PIoeRv7EjHDzglnlV0405W_TDeQXAIuitUdoNnpSg4JbM-ZeATi6O_-cs-jIYxRGnValPsgZqTOqlHvM2UGLxr5tSZArAuJ31y9y2WFo8j6rARVe6uVZQTztXwbn0jcDZyl0a7qHABwdhfj8RDeS60b81i_mHZfnPEsVZ6Auok7FHk-RuJhE31NI_GuajeGGO9AO81gXZDLj2lZ5lk_7VML5tLi0y9ue6SUbkmbYvzY8Fa_xUeO8saYyvTN9-vKNV8Pa2rbnyR_40VlZRT-U71seLrgzmNXwxEW07cCqQgmHlhGwQu9YhnYrfqGP_hqxm_WFqE-Xdj4oRzfHQBtL0svJ852RxMdpHieiuNcR5ReDt1VMND0CNjHvPhq2s2Hx-w-zN9DMsCWT3mtiNwzANPzEnH5AXtsjXOd7iRdekY--rmJI69hivagD1KePI6as0IxcXPqdVWKNqJvd2PPvmP8aGoJAG1s3YXtiCz712lw0KyP1mRZgv3aqEzOIYAvcWnB_Y7AV5K-TqGKuRAYH0RwqGvPXzdRT1HgwATDeJRC4DxkEvBT-wqrmqlLIaWOcsPz6anhej-1VEG5P4a4k9no1dvadPx_SFnS7Tk-tEpCrfT6qJSYiLSN4ivgcL2-ZywjemFHscZA5CCs7eUWzDCTGijojgSrQnCD2X-ugs5oN6r8-qU3gDuazpQTo4UGI2tRRkMrNqQs1z8cnNRbV5MBOzC_7Hhld5xGrNuH8I0KopY7o4JoCfDUfiWLs4-CCG-7EL5oRlj-eoikUQrl59aCEUR2nK4_dlHpGJxwTrYBdLbV1yzBdnKYa2PhNk-FSbZAYOuYndyvdMtTlkoq646yOOBqetrIDxnU6QnH3YQ5Uvt11JSAbgDxXV9a2OgmSGOcIvNvrvbotG9ZBRNIOQX7XbEg1LV6-NgOlJIR3zmydqjpv9mfTFIxj9xs1585GtSICbosOokYgOAReFHXTK31lbSFEsGofWQNUtq4ikwDo_-i7QK
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:806::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://heraldcourier.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

GET
H2 204 getuid
ads.avct.cloud/ Frame 2F42 0
0 32ms
30ms Image
text/plain 34.243.37.252
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.avct.cloud/getuid?&gdpr=0&gdpr_consent=&us_privacy=pbs-newspassid&url=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Davocet%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%7B%7BUUID%7D%7D
Requested by: Host: bidder.newspassid.com
URL: https://bidder.newspassid.com/static/load-cookie.html?usp_consent=&pubcid=71138659-8444-4afa-9b28-7a7c5429ae3f&publisherId=NPID10000001&siteId=3500000313&cb=1676725632873&bidder=newspassid
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 34.243.37.252 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-243-37-252.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bidder.newspassid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

GET
H2

200

setuid
bidder.newspassid.com/ Frame 79FB
Redirect Chain

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dgrid%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24%7BBSW_UUID%7D?gdpr=0&gdpr_consent=&us_privacy=pbs-newspassid
https://bidder.newspassid.com/setuid?bidder=grid&gdpr=0&gdpr_consent=&uid=0a8ca80a-7430-4046-b6e1-16459865cdab

0
374 B

109ms
109ms

Image
text/plain

3.211.193.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bidder.newspassid.com/setuid?bidder=grid&gdpr=0&gdpr_consent=&uid=0a8ca80a-7430-4046-b6e1-16459865cdab
Protocol: H2
Server: 3.211.193.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-193-175.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bidder.newspassid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:16 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
vary: Origin
expires: 0

Redirect headers

location: https://bidder.newspassid.com/setuid?bidder=grid&gdpr=0&gdpr_consent=&uid=0a8ca80a-7430-4046-b6e1-16459865cdab
date: Sat, 18 Feb 2023 13:07:16 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H/1.1 204
No Content pixel
ap.lijit.com/ Frame 2F42 0
277 B 51ms
19ms Image
text/plain 216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ap.lijit.com/pixel?redir=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dsovrn%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bidder.newspassid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Sat, 18 Feb 2023 13:07:16 GMT
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap7ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Access-Control-Allow-Methods: GET, POST, DELETE, PUT

GET
H/1.1 204
No Content pixel
ap.lijit.com/ Frame C4D9 0
277 B 53ms
21ms Image
text/plain 216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ap.lijit.com/pixel?redir=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dsovrn%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID
Requested by: Host: bidder.newspassid.com
URL: https://bidder.newspassid.com/static/load-cookie.html?usp_consent=&pubcid=71138659-8444-4afa-9b28-7a7c5429ae3f&publisherId=NPID10000001&siteId=3500000313&cb=1676725632889&bidder=newspassid
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bidder.newspassid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Sat, 18 Feb 2023 13:07:16 GMT
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap7ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Access-Control-Allow-Methods: GET, POST, DELETE, PUT

GET
H/1.1 204
No Content sync.php
pixel.rubiconproject.com/exchange/ Frame 2F42 0
239 B 10ms
9ms Image
image/gif 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-newspassid&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bidder.newspassid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1 204
No Content sync.php
pixel.rubiconproject.com/exchange/ Frame C4D9 0
239 B 18ms
9ms Image
image/gif 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-newspassid&gdpr=0&gdpr_consent=
Requested by: Host: bidder.newspassid.com
URL: https://bidder.newspassid.com/static/load-cookie.html?usp_consent=&pubcid=71138659-8444-4afa-9b28-7a7c5429ae3f&publisherId=NPID10000001&siteId=3500000313&cb=1676725632889&bidder=newspassid
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bidder.newspassid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2

200

setuid
bidder.newspassid.com/ Frame 2F42
Redirect Chain

https://rtb.openx.net/sync/prebid?gdpr=0&gdpr_consent=&us_privacy=pbs-newspassid&r=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dopenx%26uid%3D%24%7BUID%7D
https://rtb.openx.net/sync/prebid?gdpr=0&gdpr_consent=&us_privacy=pbs-newspassid&r=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dopenx%26uid%3D%24%7BUID%7D&ox_sc=1
https://bidder.newspassid.com/setuid?bidder=openx&uid=a3f740be-b601-47cf-84e3-1c9304a5bba2

0
499 B

109ms
108ms

Image
text/plain

3.211.193.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bidder.newspassid.com/setuid?bidder=openx&uid=a3f740be-b601-47cf-84e3-1c9304a5bba2
Protocol: H2
Server: 3.211.193.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-193-175.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bidder.newspassid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:16 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
vary: Origin
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:15 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
location: https://bidder.newspassid.com/setuid?bidder=openx&uid=a3f740be-b601-47cf-84e3-1c9304a5bba2
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-request-id: h9vi8ubmksl2hdm3a38lb0k2v7g0iohe

GET
H2

200

setuid
bidder.newspassid.com/ Frame C4D9
Redirect Chain

https://rtb.openx.net/sync/prebid?gdpr=0&gdpr_consent=&us_privacy=pbs-newspassid&r=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dopenx%26uid%3D%24%7BUID%7D
https://rtb.openx.net/sync/prebid?gdpr=0&gdpr_consent=&us_privacy=pbs-newspassid&r=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dopenx%26uid%3D%24%7BUID%7D&ox_sc=1
https://bidder.newspassid.com/setuid?bidder=openx&uid=a3f740be-b601-47cf-84e3-1c9304a5bba2

0
499 B

109ms
108ms

Image
text/plain

3.211.193.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bidder.newspassid.com/setuid?bidder=openx&uid=a3f740be-b601-47cf-84e3-1c9304a5bba2
Protocol: H2
Server: 3.211.193.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-193-175.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bidder.newspassid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:16 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
vary: Origin
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:15 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
location: https://bidder.newspassid.com/setuid?bidder=openx&uid=a3f740be-b601-47cf-84e3-1c9304a5bba2
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-request-id: rj5av99v1g0c0muhg9fdf80slgtq6f35

GET
H2 204 v1
match.sharethrough.com/FGMrCMMc/ Frame 79FB 0
35 B 71ms
7ms Image
text/plain 35.157.139.91
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/FGMrCMMc/v1?redirectUri=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dsharethrough%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.139.91 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-139-91.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bidder.newspassid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:16 GMT

GET
H2

200

setuid
bidder.newspassid.com/ Frame 79FB
Redirect Chain

https://ad2.360yield.com/server_match?r=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dimprovedigital%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%7BPUB_USER_ID%7D
https://ad2.360yield.com/ul_cb/server_match?r=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dimprovedigital%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%7BPUB_USER_ID%7D
https://bidder.newspassid.com/setuid?bidder=improvedigital&gdpr=0&gdpr_consent=&uid=96978c3b-9178-459d-925c-9491cf718481

0
508 B

109ms
109ms

Image
text/plain

3.211.193.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bidder.newspassid.com/setuid?bidder=improvedigital&gdpr=0&gdpr_consent=&uid=96978c3b-9178-459d-925c-9491cf718481
Protocol: H2
Server: 3.211.193.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-193-175.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bidder.newspassid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:16 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
vary: Origin
expires: 0

Redirect headers

location: https://bidder.newspassid.com/setuid?bidder=improvedigital&gdpr=0&gdpr_consent=&uid=96978c3b-9178-459d-925c-9491cf718481
access-control-allow-origin: *
date: Sat, 18 Feb 2023 13:07:16 GMT
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2

200

setuid
bidder.newspassid.com/ Frame 2F42
Redirect Chain

https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dadform%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID
https://bidder.newspassid.com/setuid?bidder=adform&gdpr=0&gdpr_consent=&uid=6894776439776788942

0
617 B

108ms
108ms

Image
text/plain

3.211.193.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bidder.newspassid.com/setuid?bidder=adform&gdpr=0&gdpr_consent=&uid=6894776439776788942
Protocol: H2
Server: 3.211.193.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-193-175.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bidder.newspassid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:16 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
vary: Origin
expires: 0

Redirect headers

location: https://bidder.newspassid.com/setuid?bidder=adform&gdpr=0&gdpr_consent=&uid=6894776439776788942
date: Sat, 18 Feb 2023 13:07:16 GMT
server: nginx
content-length: 0
content-type: text/plain

GET
H2

200

setuid
bidder.newspassid.com/ Frame C4D9
Redirect Chain

https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dadform%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID
https://bidder.newspassid.com/setuid?bidder=adform&gdpr=0&gdpr_consent=&uid=6894776439776788942

0
615 B

110ms
109ms

Image
text/plain

3.211.193.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bidder.newspassid.com/setuid?bidder=adform&gdpr=0&gdpr_consent=&uid=6894776439776788942
Protocol: H2
Server: 3.211.193.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-193-175.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bidder.newspassid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:16 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
vary: Origin
expires: 0

Redirect headers

location: https://bidder.newspassid.com/setuid?bidder=adform&gdpr=0&gdpr_consent=&uid=6894776439776788942
date: Sat, 18 Feb 2023 13:07:16 GMT
server: nginx
content-length: 0
content-type: text/plain

GET
H2 204 getuid
ads.avct.cloud/ Frame 79FB 0
0 30ms
29ms Image
text/plain 34.243.37.252
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.avct.cloud/getuid?&gdpr=0&gdpr_consent=&us_privacy=pbs-newspassid&url=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Davocet%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%7B%7BUUID%7D%7D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 34.243.37.252 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-243-37-252.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bidder.newspassid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 5E55 16 KB
6 KB 93ms
23ms Document
text/html 2.18.36.193
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&predirect=&us_privacy=pbs-newspassidhttps%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-newspassid%26uid%3D
Requested by: Host: bidder.newspassid.com
URL: https://bidder.newspassid.com/static/load-cookie.html?usp_consent=&pubcid=71138659-8444-4afa-9b28-7a7c5429ae3f&publisherId=NPID10000001&siteId=3500000313&cb=1676725633183&bidder=newspassid
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.36.193 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-36-193.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer: https://bidder.newspassid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=68451
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Sat, 18 Feb 2023 13:07:16 GMT
expires: Sun, 19 Feb 2023 08:08:07 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2

200

setuid
bidder.newspassid.com/ Frame 2F42
Redirect Chain

https://eb2.3lift.com/getuid?gdpr=0&cmp_cs=&us_privacy=pbs-newspassid&redir=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID
https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=pbs-newspassid&redir=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID
https://bidder.newspassid.com/setuid?bidder=triplelift&gdpr=0&gdpr_consent=&uid=1679821601418444763683

0
726 B

110ms
109ms

Image
text/plain

3.211.193.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bidder.newspassid.com/setuid?bidder=triplelift&gdpr=0&gdpr_consent=&uid=1679821601418444763683
Protocol: H2
Server: 3.211.193.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-193-175.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bidder.newspassid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:16 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
vary: Origin
expires: 0

Redirect headers

location: https://bidder.newspassid.com/setuid?bidder=triplelift&gdpr=0&gdpr_consent=&uid=1679821601418444763683
date: Sat, 18 Feb 2023 13:07:16 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2

200

setuid
bidder.newspassid.com/ Frame C4D9
Redirect Chain

https://eb2.3lift.com/getuid?gdpr=0&cmp_cs=&us_privacy=pbs-newspassid&redir=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID
https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=pbs-newspassid&redir=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID
https://bidder.newspassid.com/setuid?bidder=triplelift&gdpr=0&gdpr_consent=&uid=1679821601418444763683

0
729 B

108ms
108ms

Image
text/plain

3.211.193.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bidder.newspassid.com/setuid?bidder=triplelift&gdpr=0&gdpr_consent=&uid=1679821601418444763683
Protocol: H2
Server: 3.211.193.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-193-175.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bidder.newspassid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:16 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
vary: Origin
expires: 0

Redirect headers

location: https://bidder.newspassid.com/setuid?bidder=triplelift&gdpr=0&gdpr_consent=&uid=1679821601418444763683
date: Sat, 18 Feb 2023 13:07:16 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 5E55 2 KB
3 KB 104ms
13ms Script
text/html 185.64.189.115
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=88246283&p=0&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=pbs-newspassidhttps%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-newspassid%26uid%3D
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&predirect=&us_privacy=pbs-newspassidhttps%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-newspassid%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.115 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 3030d053f9d7526418b5317c06e8737b11f7d3d1a86908e17773b4c77b5e0f8a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-type: text/html; charset=UTF-8
date: Sat, 18 Feb 2023 13:07:16 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 match Show response
c1.adform.net/serving/cookie/ Frame 37AD 35 B
477 B 27ms
27ms Document
image/gif 37.157.4.25
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://c1.adform.net/serving/cookie/match?party=14&cid=0CCCFF70-EB92-47BE-8C99-D026CB973460&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&predirect=&us_privacy=pbs-newspassidhttps%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-newspassid%26uid%3D

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.4.25 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
content-type: image/gif
date: Sat, 18 Feb 2023 13:07:16 GMT
expires: -1
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame B7E2
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:eaa363f0-cd82-4c00-a687-516adce24ea4&gdpr=0&gdpr_consent=

42 B
323 B

138ms
21ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:eaa363f0-cd82-4c00-a687-516adce24ea4&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&predirect=&us_privacy=pbs-newspassidhttps%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-newspassid%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sat, 18 Feb 2023 13:07:17 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0
Content-Type: image/gif
Date: Sat, 18 Feb 2023 13:07:16 GMT
Expires: Sat, 18 Feb 2023 13:07:15 GMT
Keep-Alive: timeout=360
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: MT3 475 4bd2ccd master zrh-pixel-x31 config:1.0.0
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:eaa363f0-cd82-4c00-a687-516adce24ea4&gdpr=0&gdpr_consent=

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame F42F
Redirect Chain

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=5964359322975259939

42 B
195 B

23ms
21ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=5964359322975259939
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&predirect=&us_privacy=pbs-newspassidhttps%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-newspassid%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sat, 18 Feb 2023 13:07:17 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

content-length: 0
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=5964359322975259939
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H2 200 usersync.aspx Show response
dis.criteo.com/dis/ Frame 45A9 43 B
363 B 251ms
18ms Document
image/gif 178.250.0.163
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.163 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache
content-type: image/gif
cross-origin-resource-policy: cross-origin
date: Sat, 18 Feb 2023 13:07:16 GMT
expires: Sat, 18 Feb 2023 00:00:00 GMT
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 452581
strict-transport-security: max-age=31536000; preload;
x-errorlevel: 0

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame E650
Redirect Chain

https://cms.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=Kit7on98JaYxfi2gJC0wq356LfcxeX-nKXuIiGfC

42 B
335 B

95ms
21ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=Kit7on98JaYxfi2gJC0wq356LfcxeX-nKXuIiGfC
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&predirect=&us_privacy=pbs-newspassidhttps%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-newspassid%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Sat, 18 Feb 2023 13:07:17 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
date: Sat, 18 Feb 2023 13:07:16 GMT
expires: Fri, 04 Aug 1978 12:00:00 GMT
location: https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=Kit7on98JaYxfi2gJC0wq356LfcxeX-nKXuIiGfC
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
pragma: no-cache
strict-transport-security: max-age=86400

GET
H/1.1

200
OK

dcm Show response
aax-eu.amazon-adsystem.com/s/ Frame 17D1
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=0CCCFF70-EB92-47BE-8C99-D026CB973460&redir=true&gdpr=0&gdpr_consent=
https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=0CCCFF70-EB92-47BE-8C99-D026CB973460&redir=true&gdpr=0&gdpr_consent=&dcc=t

43 B
855 B

203ms
200ms

Document
image/gif

67.220.228.203
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=0CCCFF70-EB92-47BE-8C99-D026CB973460&redir=true&gdpr=0&gdpr_consent=&dcc=t

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

67.220.228.203 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif
Date: Sat, 18 Feb 2023 13:07:17 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid: 35TSW9M1ZVAWCRY7CG9V

Redirect headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Date: Sat, 18 Feb 2023 13:07:17 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=0CCCFF70-EB92-47BE-8C99-D026CB973460&redir=true&gdpr=0&gdpr_consent=&dcc=t
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid: H15M6SXDW5MH0QPB8Q03

GET
H2

200

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 5E55
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=DMz_cOuSR76MmdAmy5c0YA%3D%3D&gdpr=0&gdpr_consent=
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=

16 KB
16 KB

20ms
19ms

Image
text/html

2.18.36.193
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&predirect=&us_privacy=pbs-newspassidhttps%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-newspassid%26uid%3D
Protocol: H2
Server: 2.18.36.193 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-36-193.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:17 GMT
content-encoding: gzip
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
server: Apache
vary: Accept-Encoding
content-type: text/html
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=68450
accept-ranges: bytes
content-length: 5554
expires: Sun, 19 Feb 2023 08:08:07 GMT

Redirect headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:16 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

generic
match.adsrvr.org/track/cmf/ Frame 5E55
Redirect Chain

https://pixel.onaudience.com/?partner=214&mapped=0CCCFF70-EB92-47BE-8C99-D026CB973460&gdpr=0&gdpr_consent=
https://loada.exelator.com/load/?p=1164&g=1&j=r&ru=https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D161%26icm%26cver%26mapped%3D%25%25UID%25%25%26gdpr%3D0
https://pixel.onaudience.com/?partner=161&icm&cver&mapped=38e897655bc06b2241b0b4be451cf216&gdpr=0
https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1&gdpr=0

70 B
264 B

34ms
34ms

Image
image/gif

3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1&gdpr=0
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&predirect=&us_privacy=pbs-newspassidhttps%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-newspassid%26uid%3D
Protocol: H2
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Sat, 18 Feb 2023 13:07:17 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

Redirect headers

location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1&gdpr=0
content-length: 0

GET
H2

200

Artemis
aud.pubmatic.com/AdServer/ Frame 5E55
Redirect Chain

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=0CCCFF70-EB92-47BE-8C99-D026CB973460&gdpr=
https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=0CCCFF70-EB92-47BE-8C99-D026CB973460&gdpr=&fbounce=1
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=0CCCFF70-EB92-47BE-8C99-D026CB973460&addseg=19,36,42

0
0

93ms
14ms

Image
application/json

185.64.189.229
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=0CCCFF70-EB92-47BE-8C99-D026CB973460&addseg=19,36,42
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&predirect=&us_privacy=pbs-newspassidhttps%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-newspassid%26uid%3D
Protocol: H2
Server: 185.64.189.229 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Redirect headers

date: Sat, 18 Feb 2023 13:07:17 GMT
via: 1.1 google
content-type: text/html; charset=utf-8
location: https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=0CCCFF70-EB92-47BE-8C99-D026CB973460&addseg=19,36,42
p3p: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 141

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 5E55
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=MENDQ0ZGNzAtRUI5Mi00N0JFLThDOTktRDAyNkNCOTczNDYw&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

42 B
113 B

85ms
22ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&predirect=&us_privacy=pbs-newspassidhttps%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-newspassid%26uid%3D
Protocol: H2
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Sat, 18 Feb 2023 13:07:17 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:16 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 5E55
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEA9OBXj92O3kqLzMNQ5okwY&google_cver=1

42 B
530 B

84ms
20ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEA9OBXj92O3kqLzMNQ5okwY&google_cver=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&predirect=&us_privacy=pbs-newspassidhttps%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-newspassid%26uid%3D
Protocol: H2
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Sat, 18 Feb 2023 13:07:17 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:16 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEA9OBXj92O3kqLzMNQ5okwY&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubmatic
um.simpli.fi/ Frame 5E55 43 B
409 B 18ms
16ms Image
image/gif 35.204.74.118
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.204.74.118 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

118.74.204.35.bc.googleusercontent.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:16 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Fri, 17 Feb 2023 13:07:16 GMT

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame 5E55 70 B
264 B 35ms
33ms Image
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&predirect=&us_privacy=pbs-newspassidhttps%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-newspassid%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Sat, 18 Feb 2023 13:07:16 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 5E55
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=6894776439776788942

42 B
449 B

115ms
20ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=6894776439776788942
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&predirect=&us_privacy=pbs-newspassidhttps%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-newspassid%26uid%3D
Protocol: H2
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Sat, 18 Feb 2023 13:07:17 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=6894776439776788942
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

200

setuid
bidder.newspassid.com/ Frame C4D9
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dadnxs%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID
https://bidder.newspassid.com/setuid?bidder=adnxs&gdpr=0&gdpr_consent=&uid=8162609038107023435

0
833 B

110ms
110ms

Image
text/plain

3.211.193.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bidder.newspassid.com/setuid?bidder=adnxs&gdpr=0&gdpr_consent=&uid=8162609038107023435
Protocol: H2
Server: 3.211.193.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-193-175.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bidder.newspassid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:17 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
vary: Origin
expires: 0

Redirect headers

Date: Sat, 18 Feb 2023 13:07:16 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 37.58.58.246; 37.58.58.246; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 03ef4209-cba2-46b1-8c7a-fec53ec3a85c
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://bidder.newspassid.com/setuid?bidder=adnxs&gdpr=0&gdpr_consent=&uid=8162609038107023435
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

setuid
bidder.newspassid.com/ Frame 2F42
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dadnxs%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID
https://bidder.newspassid.com/setuid?bidder=adnxs&gdpr=0&gdpr_consent=&uid=8162609038107023435

0
832 B

109ms
109ms

Image
text/plain

3.211.193.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bidder.newspassid.com/setuid?bidder=adnxs&gdpr=0&gdpr_consent=&uid=8162609038107023435
Protocol: H2
Server: 3.211.193.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-193-175.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bidder.newspassid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:17 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
vary: Origin
expires: 0

Redirect headers

Date: Sat, 18 Feb 2023 13:07:16 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 37.58.58.246; 37.58.58.246; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: cfda282b-e575-41a6-b1c8-bda6eb0345c5
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://bidder.newspassid.com/setuid?bidder=adnxs&gdpr=0&gdpr_consent=&uid=8162609038107023435
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

setuid
bidder.newspassid.com/ Frame C4D9
Redirect Chain

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dgrid%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24%7BBSW_UUID%7D?gdpr=0&gdpr_consent=&us_privacy=pbs-newspassid
https://bidder.newspassid.com/setuid?bidder=grid&gdpr=0&gdpr_consent=&uid=0a8ca80a-7430-4046-b6e1-16459865cdab

0
834 B

115ms
111ms

Image
text/plain

3.211.193.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bidder.newspassid.com/setuid?bidder=grid&gdpr=0&gdpr_consent=&uid=0a8ca80a-7430-4046-b6e1-16459865cdab
Protocol: H2
Server: 3.211.193.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-193-175.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bidder.newspassid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:17 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
vary: Origin
expires: 0

Redirect headers

location: https://bidder.newspassid.com/setuid?bidder=grid&gdpr=0&gdpr_consent=&uid=0a8ca80a-7430-4046-b6e1-16459865cdab
date: Sat, 18 Feb 2023 13:07:17 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2

200

setuid
bidder.newspassid.com/ Frame 2F42
Redirect Chain

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dgrid%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24%7BBSW_UUID%7D?gdpr=0&gdpr_consent=&us_privacy=pbs-newspassid
https://bidder.newspassid.com/setuid?bidder=grid&gdpr=0&gdpr_consent=&uid=0a8ca80a-7430-4046-b6e1-16459865cdab

0
834 B

109ms
109ms

Image
text/plain

3.211.193.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bidder.newspassid.com/setuid?bidder=grid&gdpr=0&gdpr_consent=&uid=0a8ca80a-7430-4046-b6e1-16459865cdab
Protocol: H2
Server: 3.211.193.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-193-175.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bidder.newspassid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:17 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
vary: Origin
expires: 0

Redirect headers

location: https://bidder.newspassid.com/setuid?bidder=grid&gdpr=0&gdpr_consent=&uid=0a8ca80a-7430-4046-b6e1-16459865cdab
date: Sat, 18 Feb 2023 13:07:17 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2 204 v1
match.sharethrough.com/FGMrCMMc/ Frame C4D9 0
34 B 8ms
8ms Image
text/plain 35.157.139.91
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/FGMrCMMc/v1?redirectUri=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dsharethrough%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.139.91 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-139-91.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bidder.newspassid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:17 GMT

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 83D3 16 KB
6 KB 21ms
20ms Document
text/html 2.18.36.193
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&predirect=&us_privacy=pbs-newspassidhttps%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-newspassid%26uid%3D
Requested by: Host: bidder.newspassid.com
URL: https://bidder.newspassid.com/static/load-cookie.html?usp_consent=&pubcid=71138659-8444-4afa-9b28-7a7c5429ae3f&publisherId=NPID10000001&siteId=3500000313&cb=1676725632889&bidder=newspassid
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.36.193 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-36-193.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer: https://bidder.newspassid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=68450
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Sat, 18 Feb 2023 13:07:17 GMT
expires: Sun, 19 Feb 2023 08:08:07 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2 204 v1
match.sharethrough.com/FGMrCMMc/ Frame 2F42 0
34 B 8ms
8ms Image
text/plain 35.157.139.91
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/FGMrCMMc/v1?redirectUri=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dsharethrough%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.157.139.91 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-157-139-91.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bidder.newspassid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:17 GMT

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame DAD0 16 KB
6 KB 19ms
19ms Document
text/html 2.18.36.193
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&predirect=&us_privacy=pbs-newspassidhttps%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-newspassid%26uid%3D
Requested by: Host: bidder.newspassid.com
URL: https://bidder.newspassid.com/static/load-cookie.html?usp_consent=&pubcid=71138659-8444-4afa-9b28-7a7c5429ae3f&publisherId=NPID10000001&siteId=3500000313&cb=1676725632873&bidder=newspassid
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.36.193 Vienna, Austria, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-36-193.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer: https://bidder.newspassid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=68450
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Sat, 18 Feb 2023 13:07:17 GMT
expires: Sun, 19 Feb 2023 08:08:07 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2

200

setuid
bidder.newspassid.com/ Frame C4D9
Redirect Chain

https://ssum.casalemedia.com/usermatchredir?us_privacy=pbs-newspassid&gdpr=0&gdpr_consent=&s=189937&cb=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dix%26gdpr%3D0%26gdpr_consent%3D%26us_p...
https://ssum.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dix%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-newspassid%26uid%3D&gdpr=0&gdpr_consent=&s=...
https://bidder.newspassid.com/setuid?bidder=ix&gdpr=0&gdpr_consent=&us_privacy=pbs-newspassid&uid=Y-DNhXXYvo2xopjxFhCH.QAA%261125

0
951 B

108ms
108ms

Image
text/plain

3.211.193.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bidder.newspassid.com/setuid?bidder=ix&gdpr=0&gdpr_consent=&us_privacy=pbs-newspassid&uid=Y-DNhXXYvo2xopjxFhCH.QAA%261125
Protocol: H2
Server: 3.211.193.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-193-175.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bidder.newspassid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:17 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
vary: Origin
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:17 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NivS5M1VxA5XlFLJILRR%2B0kNFHxZl371RZT5nX62wTQLnC8J5XgnZ6XlFs3wwWq99L%2Bt3gJ5ftpuvrMi5obqA1qtJOkUL52C1PSX1CRCBlT4diuFW160vg1hPc%2FYsuDsWP5wKDxC"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://bidder.newspassid.com/setuid?bidder=ix&gdpr=0&gdpr_consent=&us_privacy=pbs-newspassid&uid=Y-DNhXXYvo2xopjxFhCH.QAA%261125
cache-control: no-cache
cf-ray: 79b6fc214d9c2bb0-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET
H2

200

setuid
bidder.newspassid.com/ Frame 2F42
Redirect Chain

https://ssum.casalemedia.com/usermatchredir?us_privacy=pbs-newspassid&gdpr=0&gdpr_consent=&s=189937&cb=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dix%26gdpr%3D0%26gdpr_consent%3D%26us_p...
https://ssum.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dix%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-newspassid%26uid%3D&gdpr=0&gdpr_consent=&s=...
https://bidder.newspassid.com/setuid?bidder=ix&gdpr=0&gdpr_consent=&us_privacy=pbs-newspassid&uid=Y-DNhdJsadRn0B353BBHQgAA%261137

0
953 B

109ms
109ms

Image
text/plain

3.211.193.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bidder.newspassid.com/setuid?bidder=ix&gdpr=0&gdpr_consent=&us_privacy=pbs-newspassid&uid=Y-DNhdJsadRn0B353BBHQgAA%261137
Protocol: H2
Server: 3.211.193.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-193-175.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bidder.newspassid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:17 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
vary: Origin
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:17 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P722ys9sTYiEXOC8PdHGnI7wCB%2F6CFg8Pf%2FnBw3M0ev%2Flq7nGd04PzmKBwNhcksEmOnDyKlyr3XD5xWDDGFzh%2BM4qX15%2FjO5BBjHScta9OwwcjJkZAnTDwNeM9cx%2By5djD3t%2FUsm"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://bidder.newspassid.com/setuid?bidder=ix&gdpr=0&gdpr_consent=&us_privacy=pbs-newspassid&uid=Y-DNhdJsadRn0B353BBHQgAA%261137
cache-control: no-cache
cf-ray: 79b6fc214d9e2bb0-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET
H/1.1 204
No Content pixel
ap.lijit.com/ Frame 79FB 0
277 B 21ms
21ms Image
text/plain 216.52.2.39
AS-INAPCDN-OCY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ap.lijit.com/pixel?redir=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dsovrn%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN30282 (AS-INAPCDN-OCY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bidder.newspassid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Sat, 18 Feb 2023 13:07:17 GMT
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap7ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Access-Control-Allow-Methods: GET, POST, DELETE, PUT

POST
H3 204 collect
region1.analytics.google.com/g/ 0
17 B 18ms
18ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-F8FFLLVDEZ&gtm=45je32f0&_p=933029470&cid=953626299.1676725632&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AAI&uid=0&sid=1676725631&sct=1&seg=0&dl=https%3A%2F%2Fheraldcourier.com%2Fevents%2F&dt=Events%20%7C%20heraldcourier.com&_s=2
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-F8FFLLVDEZ&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://heraldcourier.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:17 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://heraldcourier.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 204
No Content sync.php
pixel.rubiconproject.com/exchange/ Frame 79FB 0
239 B 11ms
10ms Image
image/gif 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-newspassid&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bidder.newspassid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 3bafef7aa4e37890defcd73f0a080481
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2

200

setuid
bidder.newspassid.com/ Frame 79FB
Redirect Chain

https://rtb.openx.net/sync/prebid?gdpr=0&gdpr_consent=&us_privacy=pbs-newspassid&r=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dopenx%26uid%3D%24%7BUID%7D
https://bidder.newspassid.com/setuid?bidder=openx&uid=a3f740be-b601-47cf-84e3-1c9304a5bba2

0
960 B

110ms
110ms

Image
text/plain

3.211.193.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bidder.newspassid.com/setuid?bidder=openx&uid=a3f740be-b601-47cf-84e3-1c9304a5bba2
Protocol: H2
Server: 3.211.193.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-193-175.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bidder.newspassid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:17 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
vary: Origin
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:16 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
location: https://bidder.newspassid.com/setuid?bidder=openx&uid=a3f740be-b601-47cf-84e3-1c9304a5bba2
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-request-id: hlpnk4ed1p71h8ipgp0t2bobkqtfn9kp

POST
H3 204 collect
region1.analytics.google.com/g/ 0
17 B 18ms
18ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-S5LKEZJN96&gtm=45je32f0&_p=933029470&cid=953626299.1676725632&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AAI&uid=0&sid=1676725632&sct=1&seg=0&dl=https%3A%2F%2Fheraldcourier.com%2Fevents%2F&dt=Events%20%7C%20heraldcourier.com&_s=2
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-S5LKEZJN96&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://heraldcourier.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:17 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://heraldcourier.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
bidder.newspassid.com/ Frame C4D9
Redirect Chain

https://ad2.360yield.com/server_match?r=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dimprovedigital%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%7BPUB_USER_ID%7D
https://bidder.newspassid.com/setuid?bidder=improvedigital&gdpr=0&gdpr_consent=&uid=96978c3b-9178-459d-925c-9491cf718481

0
960 B

111ms
110ms

Image
text/plain

3.211.193.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bidder.newspassid.com/setuid?bidder=improvedigital&gdpr=0&gdpr_consent=&uid=96978c3b-9178-459d-925c-9491cf718481
Protocol: H2
Server: 3.211.193.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-193-175.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bidder.newspassid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:17 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
vary: Origin
expires: 0

Redirect headers

location: https://bidder.newspassid.com/setuid?bidder=improvedigital&gdpr=0&gdpr_consent=&uid=96978c3b-9178-459d-925c-9491cf718481
access-control-allow-origin: *
date: Sat, 18 Feb 2023 13:07:17 GMT
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2

200

setuid
bidder.newspassid.com/ Frame 2F42
Redirect Chain

https://ad2.360yield.com/server_match?r=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dimprovedigital%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%7BPUB_USER_ID%7D
https://bidder.newspassid.com/setuid?bidder=improvedigital&gdpr=0&gdpr_consent=&uid=96978c3b-9178-459d-925c-9491cf718481

0
961 B

109ms
108ms

Image
text/plain

3.211.193.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bidder.newspassid.com/setuid?bidder=improvedigital&gdpr=0&gdpr_consent=&uid=96978c3b-9178-459d-925c-9491cf718481
Protocol: H2
Server: 3.211.193.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-193-175.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bidder.newspassid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:17 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
vary: Origin
expires: 0

Redirect headers

location: https://bidder.newspassid.com/setuid?bidder=improvedigital&gdpr=0&gdpr_consent=&uid=96978c3b-9178-459d-925c-9491cf718481
access-control-allow-origin: *
date: Sat, 18 Feb 2023 13:07:17 GMT
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2

200

setuid
bidder.newspassid.com/ Frame 79FB
Redirect Chain

https://ssum.casalemedia.com/usermatchredir?us_privacy=pbs-newspassid&gdpr=0&gdpr_consent=&s=189937&cb=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dix%26gdpr%3D0%26gdpr_consent%3D%26us_p...
https://bidder.newspassid.com/setuid?bidder=ix&gdpr=0&gdpr_consent=&us_privacy=pbs-newspassid&uid=Y-DNhXXYvo2xopjxFhCH.QAA%261125

0
1 KB

109ms
109ms

Image
text/plain

3.211.193.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bidder.newspassid.com/setuid?bidder=ix&gdpr=0&gdpr_consent=&us_privacy=pbs-newspassid&uid=Y-DNhXXYvo2xopjxFhCH.QAA%261125
Protocol: H2
Server: 3.211.193.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-193-175.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bidder.newspassid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:17 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
vary: Origin
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:17 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UC8jD8E40yBFhOoCHtfpBn5Kj0cpm1G5WLbEnGZj4BVCathAia8%2BAT62wCDFQBRudLEkPx68YqQ74MoOt33KPBnP6Q9GgIKwJR4HOyP2OavwNudB%2FsM4pq8NGzQ2HqjZbizOitKU"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: https://bidder.newspassid.com/setuid?bidder=ix&gdpr=0&gdpr_consent=&us_privacy=pbs-newspassid&uid=Y-DNhXXYvo2xopjxFhCH.QAA%261125
cache-control: no-cache
cf-ray: 79b6fc222800367b-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
expires: 0

GET
H2

200

setuid
bidder.newspassid.com/ Frame 79FB
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dadnxs%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID
https://bidder.newspassid.com/setuid?bidder=adnxs&gdpr=0&gdpr_consent=&uid=8162609038107023435

0
1 KB

111ms
111ms

Image
text/plain

3.211.193.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bidder.newspassid.com/setuid?bidder=adnxs&gdpr=0&gdpr_consent=&uid=8162609038107023435
Protocol: H2
Server: 3.211.193.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-193-175.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bidder.newspassid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:17 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
vary: Origin
expires: 0

Redirect headers

Date: Sat, 18 Feb 2023 13:07:17 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 37.58.58.246; 37.58.58.246; 1003.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 8e9726ae-88e3-4066-9959-b0b0580305c7
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://bidder.newspassid.com/setuid?bidder=adnxs&gdpr=0&gdpr_consent=&uid=8162609038107023435
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

setuid
bidder.newspassid.com/ Frame 79FB
Redirect Chain

https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dadform%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID
https://bidder.newspassid.com/setuid?bidder=adform&gdpr=0&gdpr_consent=&uid=6894776439776788942

0
1 KB

112ms
112ms

Image
text/plain

3.211.193.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bidder.newspassid.com/setuid?bidder=adform&gdpr=0&gdpr_consent=&uid=6894776439776788942
Protocol: H2
Server: 3.211.193.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-193-175.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bidder.newspassid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:17 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
vary: Origin
expires: 0

Redirect headers

location: https://bidder.newspassid.com/setuid?bidder=adform&gdpr=0&gdpr_consent=&uid=6894776439776788942
date: Sat, 18 Feb 2023 13:07:17 GMT
server: nginx
content-length: 0
content-type: text/plain

GET
H2

200

setuid
bidder.newspassid.com/ Frame 79FB
Redirect Chain

https://eb2.3lift.com/getuid?gdpr=0&cmp_cs=&us_privacy=pbs-newspassid&redir=https%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D0%26gdpr_consent%3D%26uid%3D%24UID
https://bidder.newspassid.com/setuid?bidder=triplelift&gdpr=0&gdpr_consent=&uid=1679821601418444763683

0
1 KB

109ms
109ms

Image
text/plain

3.211.193.175
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bidder.newspassid.com/setuid?bidder=triplelift&gdpr=0&gdpr_consent=&uid=1679821601418444763683
Protocol: H2
Server: 3.211.193.175 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-193-175.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://bidder.newspassid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:17 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
vary: Origin
expires: 0

Redirect headers

location: https://bidder.newspassid.com/setuid?bidder=triplelift&gdpr=0&gdpr_consent=&uid=1679821601418444763683
date: Sat, 18 Feb 2023 13:07:17 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

POST
H3 204 collect
region1.analytics.google.com/g/ 0
17 B 18ms
18ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-4T2EB147B8&gtm=45je32f0&_p=933029470&cid=953626299.1676725632&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AAI&dt=Events&dl=https%3A%2F%2Fheraldcourier.com%2Fevents%2F&sid=1676725632&sct=1&seg=0&_s=2
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4T2EB147B8&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://heraldcourier.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sat, 18 Feb 2023 13:07:18 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://heraldcourier.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame 5E55 0
260 B 100ms
15ms Script
text/plain 198.47.127.20

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=0&gdpr=0&gdpr_consent=&us_privacy=pbs-newspassidhttps%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-newspassid%26uid%3D
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&predirect=&us_privacy=pbs-newspassidhttps%3A%2F%2Fbidder.newspassid.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3Dpbs-newspassid%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.47.127.20 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.100 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 13:07:18 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Verdicts & Comments Add Verdict or Comment

142 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

88 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
heraldcourier.com/events	1970-01-20 09:45:25	Name: _liChk Value: 0.44664705422619866
i.liadm.com/s	1970-01-20 10:28:37	Name: _li_ss Value: CkUKBQgKELIUCgUIeRCyFAoFCAYQshQKBgiBARCyFAoFCAwQvBQKCQj_____BxC8FAoFCAsQshQKBgiLARCyFAoFCH4QshQ
heraldcourier.com/	1970-01-20 10:28:37	Name: _pbjs_userid_consent_data Value: 3524755945110770
.heraldcourier.com/	1970-01-20 18:31:01	Name: _pubcid Value: 71138659-8444-4afa-9b28-7a7c5429ae3f
.simpli.fi/	1970-01-20 18:32:28	Name: suid Value: 5F4F7001FF7D4100A6E5BCA85232FACC
.heraldcourier.com/	1970-01-20 19:07:01	Name: __gads Value: ID=4d656cd3cdb3548d:T=1676725631:S=ALNI_MbBICWaDyqLSvRw0PEbfKL4WQQ35g
.heraldcourier.com/	1970-01-20 19:07:01	Name: __gpi Value: UID=00000bb8d339ad3e:T=1676725631:RT=1676725631:S=ALNI_Mb6NhsF_XYg5UDrUMNx24DPElwsvA
.trkn.us/	1970-01-20 18:31:01	Name: barometric[cuid] Value: cuid_f26effc7-b266-4d9b-a746-3b44ccf82b4a
.heraldcourier.com/	1970-01-20 09:45:29	Name: AMP_TOKEN Value: %24NOT_FOUND
.heraldcourier.com/	1970-01-20 09:46:52	Name: _gid Value: GA1.2.1318753643.1676725632
.heraldcourier.com/	1970-01-20 09:45:25	Name: _dc_gtm_UA-54716522-7 Value: 1
.heraldcourier.com/	1970-01-20 09:45:25	Name: _dc_gtm_UA-54716522-2 Value: 1
.heraldcourier.com/	1970-01-20 09:45:25	Name: _dc_gtm_UA-38596040-1 Value: 1
.heraldcourier.com/	1970-01-20 19:21:25	Name: _ml_id Value: 90af7054e12796bc.1676725632.1.1676725632.1676725632
.heraldcourier.com/	1970-01-20 09:45:27	Name: _ml_ses Value: *
.heraldcourier.com/	1970-01-20 19:21:25	Name: _ga Value: GA1.1.953626299.1676725632
.heraldcourier.com/	1969-12-31 23:59:59	Name: _li_dcdm_c Value: .heraldcourier.com
.heraldcourier.com/	1970-01-20 19:21:25	Name: _lc2_fpi Value: 3f389ea64a07--01gsja5fdt993w5k50eer4kd83
.doubleclick.net/	1970-01-20 19:07:01	Name: IDE Value: AHWqTUnsnv1HsP_y7S9Fv6U3_uNiKi4yeGWeAz0sSyDm0DKzo4hYe7g0GmR0P37gFVc
.heraldcourier.com/	1970-01-20 11:55:01	Name: _fbp Value: fb.1.1676725632932.634805497
.heraldcourier.com/	1970-01-20 09:45:29	Name: __li_idex_cache Value: {}
.liadm.com/	1970-01-20 19:21:25	Name: lidid Value: 36f844d1-e430-4acd-a7a8-d2d4bec96f22
.heraldcourier.com/	1970-01-20 19:21:25	Name: _ga_F8FFLLVDEZ Value: GS1.1.1676725631.1.0.1676725633.58.0.0
.heraldcourier.com/	1970-01-20 19:21:25	Name: _ga_S5LKEZJN96 Value: GS1.1.1676725632.1.0.1676725633.59.0.0
.heraldcourier.com/	1970-01-20 19:21:25	Name: _ga_4T2EB147B8 Value: GS1.1.1676725632.1.0.1676725633.59.0.0
.heraldcourier.com/	1970-01-20 18:31:01	Name: ajs_anonymous_id Value: df1a1964-38b7-4f43-9220-e77e13931d09
.mathtag.com/	1970-01-20 19:11:20	Name: uuid Value: eaa363f0-cd82-4c00-a687-516adce24ea4
.bidswitch.net/	1970-01-20 18:31:01	Name: tuuid Value: 0a8ca80a-7430-4046-b6e1-16459865cdab
.bidswitch.net/	1970-01-20 18:31:01	Name: c Value: 1676725634
.bidswitch.net/	1970-01-20 18:31:01	Name: tuuid_lu Value: 1676725634
.demdex.net/	1970-01-20 14:04:37	Name: demdex Value: 31804616445325673084592582544692123633
.dpm.demdex.net/	1970-01-20 14:04:37	Name: dpm Value: 31804616445325673084592582544692123633
.addthis.com/	1970-01-20 19:15:40	Name: na_id Value: 2023021813071400014701383176
.addthis.com/	1970-01-20 19:15:40	Name: na_tc Value: Y
.addthis.com/	1970-01-20 19:15:40	Name: uid Value: 63f0cd82aec032b5
.addthis.com/	1970-01-20 19:15:40	Name: ouid Value: 63f0cd820001f38d04e7603b22688a6ef894249ccc8fed6d7fdd
.adform.net/	1970-01-20 10:25:44	Name: C Value: 1
.adform.net/	1970-01-20 11:11:49	Name: uid Value: 6894776439776788942
.dlx.addthis.com/	1970-01-20 10:28:37	Name: na_sc_x Value: 1
.simpli.fi/	1970-01-20 09:55:30	Name: uid_syncd_secure Value: true
.tapad.com/	1970-01-20 11:11:49	Name: TapAd_TS Value: 1676725635633
.tapad.com/	1970-01-20 11:11:49	Name: TapAd_DID Value: 3d178200-5e5b-4b21-a6fa-e68e781b936e
.agkn.com/	1970-01-20 18:31:01	Name: ab Value: 0001%3A%2Ff1jd1sh0mhP0BxcE%2BMiF%2BzR57y2fswy
.adnxs.com/	1970-01-20 11:55:01	Name: uuid2 Value: 8162609038107023435
.tapad.com/	1970-01-20 11:11:49	Name: TapAd_3WAY_SYNCS Value:
.adnxs.com/	1970-01-20 11:55:01	Name: anj Value: dTM7k!M4.FE:2jUF']wIg2Hb=]dl>e!1yIE`fSBTDCk7#?H@8PIEOS03UdDqK?4l23U<on53Ivd_sSCr5OIpaJw#gdM@`wJ#DI2Z#DIgl#Xse8ZE!<=
.pro-market.net/	1970-01-20 14:04:37	Name: anProfile Value: "1ww9ut4jn08oa+1+1f=1+1g=1+1j=41+rs=s+rt=2A000C982030A0040001000000000011+s2=(rqa1s3)+vm=24-5F4F7001FF7D4100A6E5BCA85232FACC"
.pro-market.net/	1970-01-20 10:28:37	Name: anHistory Value: "1ww9ut4jn08oa+2+!#7')!T#+#A"
.spotxchange.com/	1970-01-20 10:25:44	Name: audience Value: 2a87fcee-af8d-11ed-84f9-11482f420306
.agkn.com/	1970-01-20 18:31:01	Name: u Value: C\|0AAAAAAAAK4OKAwAAAAAA
.bluekai.com/	1970-01-20 14:06:04	Name: bku Value: blx99/wBXs15/Zyv
.bluekai.com/	1970-01-20 14:06:04	Name: bkpa Value: KJy9nyexd02pSUHknp/8mE1hwtkAwEPsBWRl1e9hHARlHexh1eOOBADNxABOmeD01pJsxDBe9y9GQxrt
.bfmio.com/	1970-01-20 18:31:01	Name: __141_cid Value: 5F4F7001FF7D4100A6E5BCA85232FACC
.bfmio.com/	1970-01-20 18:31:01	Name: __io_cid Value: f31da958a7c563f49e525b5d6f463a1d5689d7ad
.bidder.newspassid.com/	1970-01-20 11:55:01	Name: newspassid_uid Value: 2LuewttiRHV91WJv9jPLCx0CKSP
bidder.newspassid.com/	1970-01-20 11:55:01	Name: newspassid_uid Value: 2LuewttiRHV91WJv9jPLCx0CKSP
ads.avct.cloud/	1970-01-20 18:31:01	Name: uuid Value: b0916659-60b7-4ea8-904d-1c04c0689226
.openx.net/	1970-01-20 18:31:01	Name: i Value: 4985f028-a619-4bd1-b5b9-146ee1d94ad2\|1676725636
.360yield.com/	1970-01-20 11:55:01	Name: tuuid Value: 96978c3b-9178-459d-925c-9491cf718481
.360yield.com/	1970-01-20 11:55:01	Name: tuuid_lu Value: 1676725636
.3lift.com/	1970-01-20 11:55:01	Name: tluid Value: 1679821601418444763683
.ads.pubmatic.com/	1970-01-20 09:46:52	Name: KCCH Value: YES
.pubmatic.com/	1970-01-20 18:31:01	Name: KADUSERCOOKIE Value: 0CCCFF70-EB92-47BE-8C99-D026CB973460
.pubmatic.com/	1970-01-20 11:55:01	Name: chkChromeAb67Sec Value: 1
.pubmatic.com/	1970-01-20 09:46:52	Name: pi Value: 0:2
.pubmatic.com/	1970-01-20 11:55:01	Name: DPSync3 Value: 1677888000%3A201_197_219_221
.pubmatic.com/	1970-01-20 11:55:01	Name: SyncRTB3 Value: 1677888000%3A220_21_54_56_13_7_161_8_251%7C1677974400%3A35
.quantserve.com/	1970-01-20 11:55:01	Name: d Value: EMEBCwGpKPijAA
.quantserve.com/	1970-01-20 19:15:40	Name: mc Value: 63f0cd84-f0285-9bb0e-ab55c
.fiftyt.com/	1970-01-20 18:31:01	Name: fifid Value: 3ed73edb-3678-4c8c-486c-b29564162338
.fiftyt.com/	1970-01-20 18:31:01	Name: cs Value: MTY3NjcyNTYzN3xEdi1CQkFFQ180SUFBUkFCRUFBQUJQLUNBQUE9fFm_AhZ3TNju8hTBG8F2FZRPm7SKgA8SyyiBU2rbDnGy
.onaudience.com/	1970-01-20 18:31:01	Name: cookie Value: ebcab92f2e844744
.onaudience.com/	1970-01-20 09:46:52	Name: done_redirects161 Value: 1
.de17a.com/	1970-01-20 18:23:49	Name: guid Value: 1.5964359322975259939
.fiftyt.com/	1970-01-20 09:55:30	Name: fppm Value: 20230218130717
.pubmatic.com/	1970-01-20 11:55:01	Name: KRTBCOOKIE_80 Value: 16514-CAESEA9OBXj92O3kqLzMNQ5okwY&KRTB&22987-CAESEA9OBXj92O3kqLzMNQ5okwY&KRTB&23025-CAESEA9OBXj92O3kqLzMNQ5okwY&KRTB&23386-CAESEA9OBXj92O3kqLzMNQ5okwY
.pubmatic.com/	1970-01-20 10:28:37	Name: PugT Value: 1676725637
.pubmatic.com/	1970-01-20 11:55:01	Name: KRTBCOOKIE_153 Value: 1923-Kit7on98JaYxfi2gJC0wq356LfcxeX-nKXuIiGfC&KRTB&19420-Kit7on98JaYxfi2gJC0wq356LfcxeX-nKXuIiGfC&KRTB&22979-Kit7on98JaYxfi2gJC0wq356LfcxeX-nKXuIiGfC&KRTB&23403-Kit7on98JaYxfi2gJC0wq356LfcxeX-nKXuIiGfC
.pubmatic.com/	1970-01-20 10:28:37	Name: KRTBCOOKIE_391 Value: 22924-6894776439776788942&KRTB&23263-6894776439776788942
.pubmatic.com/	1970-01-20 11:55:01	Name: KRTBCOOKIE_27 Value: 16735-uid:eaa363f0-cd82-4c00-a687-516adce24ea4&KRTB&16736-uid:eaa363f0-cd82-4c00-a687-516adce24ea4&KRTB&23019-uid:eaa363f0-cd82-4c00-a687-516adce24ea4&KRTB&23114-uid:eaa363f0-cd82-4c00-a687-516adce24ea4
.pubmatic.com/	1970-01-20 10:28:37	Name: KRTBCOOKIE_336 Value: 5844-5964359322975259939
.onaudience.com/	1970-01-20 09:46:52	Name: done_redirects147 Value: 1
.amazon-adsystem.com/	1970-01-20 15:09:25	Name: ad-id Value: Azxq0K0a8Uq3keF_5RCy1iw
.amazon-adsystem.com/	1970-01-20 19:21:25	Name: ad-privacy Value: 0
.casalemedia.com/	1970-01-20 11:55:01	Name: CMPS Value: 1137
.casalemedia.com/	1970-01-20 18:31:01	Name: CMID Value: Y-DNhXXYvo2xopjxFhCH.QAA
.casalemedia.com/	1970-01-20 11:55:01	Name: CMPRO Value: 1125
.bidder.newspassid.com/	1970-01-20 11:55:01	Name: uids Value: eyJ0ZW1wVUlEcyI6eyJhZGZvcm0iOnsidWlkIjoiNjg5NDc3NjQzOTc3Njc4ODk0MiIsImV4cGlyZXMiOiIyMDIzLTAzLTA0VDEzOjA3OjE3LjgwMjc1MjE2NFoiLCJzb3VyY2UiOiJjb29raWUifSwiYWRueHMiOnsidWlkIjoiODE2MjYwOTAzODEwNzAyMzQzNSIsImV4cGlyZXMiOiIyMDIzLTAzLTA0VDEzOjA3OjE3LjY2NDgzNjY3M1oiLCJzb3VyY2UiOiJjb29raWUifSwiZ3JpZCI6eyJ1aWQiOiIwYThjYTgwYS03NDMwLTQwNDYtYjZlMS0xNjQ1OTg2NWNkYWIiLCJleHBpcmVzIjoiMjAyMy0wMy0wNFQxMzowNzoxNy4xNjM3NDAwNzNaIiwic291cmNlIjoiY29va2llIn0sImltcHJvdmVkaWdpdGFsIjp7InVpZCI6Ijk2OTc4YzNiLTkxNzgtNDU5ZC05MjVjLTk0OTFjZjcxODQ4MSIsImV4cGlyZXMiOiIyMDIzLTAzLTA0VDEzOjA3OjE2LjYyOTY3NjU2NVoiLCJzb3VyY2UiOiJjb29raWUifSwiaXgiOnsidWlkIjoiWS1ETmhYWFl2bzJ4b3BqeEZoQ0guUUFBXHUwMDI2MTEyNSIsImV4cGlyZXMiOiIyMDIzLTAzLTA0VDEzOjA3OjE3LjU0Mzg2MDA4NFoiLCJzb3VyY2UiOiJjb29raWUifSwib3BlbngiOnsidWlkIjoiYTNmNzQwYmUtYjYwMS00N2NmLTg0ZTMtMWM5MzA0YTViYmEyIiwiZXhwaXJlcyI6IjIwMjMtMDMtMDRUMTM6MDc6MTcuNDA4Nzg3NTE4WiIsInNvdXJjZSI6ImNvb2tpZSJ9LCJ0cmlwbGVsaWZ0Ijp7InVpZCI6IjE2Nzk4MjE2MDE0MTg0NDQ3NjM2ODMiLCJleHBpcmVzIjoiMjAyMy0wMy0wNFQxMzowNzoxNy45MjU4OTQ2MDVaIiwic291cmNlIjoiY29va2llIn19LCJiZGF5IjoiMjAyMy0wMi0xOFQxMzowNzoxNi4zNzgxNjMxMzVaIn0=

12 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://tagan.adlightning.com/leeenterprises/op.js Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can remove its sandboxing.
security	warning	URL: https://tagan.adlightning.com/leeenterprises/op.js Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can remove its sandboxing.
network	error	URL: https://bloximages.chicago2.vip.townnews.com/central.leetemplates.com/content/tncms/live/global/resources/images/logos/ds/800/heraldcourier.com.png?_dc=1.6.2023 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://bloximages.chicago2.vip.townnews.com/central.leetemplates.com/content/tncms/live/global/resources/images/logos/ds/800/heraldcourier.com.png?_dc=1.6.2023 Message: Failed to load resource: the server responded with a status of 404 ()
security	warning	URL: https://tagan.adlightning.com/leeenterprises/op.js Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can remove its sandboxing.
security	warning	URL: https://tagan.adlightning.com/leeenterprises/op.js Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can remove its sandboxing.
security	warning	URL: https://tagan.adlightning.com/leeenterprises/op.js Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can remove its sandboxing.
network	error	URL: https://bcp.crwdcntrl.net/5/c=6894/rand=339609168/pv=y/int=%23OpR%2363948%23Lee%20Enterprises%20%3A%20Total%20Site%20Traffic/int=%23OpR%2363949%23Lee%20Enterprises%20%3A%20heraldcourier%20%3A%20Total%20Site%20Traffic/int=%23OpR%2372332%23Site%20Section%20%3A%20events/med=%23OpR%2372333%23Keyword%20%3A%20bristol%20herald%20courier%20-%20tricities/rb=%7B%22meta_tag%22%3A%22bristol%20herald%20courier%20-%20tricities%22%7D/rt=ifr Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://bcp.crwdcntrl.net/map/c=7625/tp=SIMP/tpid=5F4F7001FF7D4100A6E5BCA85232FACC Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=5F4F7001FF7D4100A6E5BCA85232FACC Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://idsync.rlcdn.com/419566.gif?partner_uid=5F4F7001FF7D4100A6E5BCA85232FACC Message: Failed to load resource: the server responded with a status of 451 ()
network	error	URL: https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=3&pcid=9068273886718807786 Message: Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

41c489be1c6100234d9199d69a77f8e1.safeframe.googlesyndication.com
aa.agkn.com
aax-dtb-cf.amazon-adsystem.com
aax-eu.amazon-adsystem.com
ad2.360yield.com
ads.avct.cloud
ads.pubmatic.com
adservice.google.com
adservice.google.de
ampcid.google.com
ampcid.google.de
ap.lijit.com
api.segment.io
aud.pubmatic.com
b-code.liadm.com
b1sync.zemanta.com
bcp.crwdcntrl.net
bidder.newspassid.com
bloximages.chicago2.vip.townnews.com
bloximages.newyork1.vip.townnews.com
c.amazon-adsystem.com
c1.adform.net
cdn.id5-sync.com
cdn.jsdelivr.net
cdn.prod.mktg.evvnt.com
cdn.prod.uidapi.com
cdn.segment.com
cdnjs.cloudflare.com
ce.lijit.com
cm.adform.net
cm.g.doubleclick.net
cms.quantserve.com
connect.facebook.net
d.agkn.com
d1eoo1tco6rr5e.cloudfront.net
d5p.de17a.com
dis.criteo.com
discoverevvnt.com
discovery.evvnt.com
dpm.demdex.net
eb2.3lift.com
fei.pro-market.net
googleads.g.doubleclick.net
heraldcourier.com
i.liadm.com
i.simpli.fi
i6.liadm.com
ib.adnxs.com
id5-sync.com
idsync.rlcdn.com
idx.liadm.com
image2.pubmatic.com
image6.pubmatic.com
insight.adsrvr.org
js.matheranalytics.com
lb.eu-1-id5-sync.com
loada.exelator.com
loadm.exelator.com
match.adsrvr.org
match.sharethrough.com
pagead2.googlesyndication.com
pixel.onaudience.com
pixel.rubiconproject.com
pixel.tapad.com
prod.us-east-1.cxm-bcn.publisher-services.amazon.dev
production-evvnt-plugin-herokuapp-com.global.ssl.fastly.net
region1.analytics.google.com
rp.liadm.com
rp4.liadm.com
rtb.openx.net
securepubads.g.doubleclick.net
simage2.pubmatic.com
simage4.pubmatic.com
simplifi.partners.tremorhub.com
sli.heraldcourier.com
ssum.casalemedia.com
stags.bluekai.com
stats.g.doubleclick.net
survey.survicate.com
surveys-static.survicate.com
sync.bfmio.com
sync.intentiq.com
sync.mathtag.com
sync.search.spotxchange.com
tag.simpli.fi
tagan.adlightning.com
tags.crwdcntrl.net
tpc.googlesyndication.com
trc.taboola.com
trkn.us
um.simpli.fi
us-u.openx.net
visitor.fiftyt.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.i.matheranalytics.com
www.tri-citiescalendar.com
x.bidswitch.net
x.dlx.addthis.com
104.16.132.24
104.16.133.24
104.18.24.185
107.178.250.234
107.21.165.221
108.128.57.95
138.199.37.231
141.94.170.64
142.250.180.194
142.251.208.98
151.101.193.194
162.19.138.119
162.19.138.82
178.250.0.163
18.235.197.156
18.64.79.126
18.64.83.82
18.66.147.43
18.66.22.149
185.29.132.245
185.64.189.115
185.64.189.229
185.64.190.80
185.94.180.125
192.104.182.209
192.104.183.109
198.47.127.20
2.18.36.193
2001:4860:4802:34::36
213.155.156.167
216.52.2.39
216.52.2.48
23.35.209.176
2400:52e0:1e00::1078:1
2600:1901:0:8eee::
2600:1f18:612b:4264:b002:6706:c84b:49fb
2600:1f18:730:b120:4d89:3f20:fa5:8c17
2600:1f18:ed:550a:9dcf:c5fe:8372:efac
2600:9000:2050:3600:a:e047:752:5701
2600:9000:20e8:9c00:8:8845:1500:93a1
2600:9000:2156:dc00:3:1a27:3000:93a1
2600:9000:225a:1600:18:a82e:7180:93a1
2600:9000:2260:4e00:8:4487:bd00:93a1
2606:4700:10::6816:3556
2606:4700::6810:5614
2606:4700::6811:180e
2620:116:800d:21:e365:4988:e8a7:3270
2a00:1450:4001:800::2002
2a00:1450:4001:808::2002
2a00:1450:4001:809::2002
2a00:1450:4001:811::2001
2a00:1450:4001:813::2003
2a00:1450:4001:829::2001
2a00:1450:4001:829::2008
2a00:1450:4001:82f::200e
2a00:1450:400d:805::200e
2a00:1450:400d:806::2002
2a00:1450:400d:806::2003
2a00:1450:400d:808::2002
2a00:1450:400d:80a::2002
2a00:1450:400d:80a::2004
2a00:1450:4025:402::9d
2a02:26f0:dc::6853:4c1
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a04:4e42::300
3.211.193.175
3.33.220.150
3.73.186.215
34.111.113.62
34.232.54.150
34.243.37.252
34.254.143.3
34.90.223.176
34.90.79.92
34.98.64.218
35.153.253.201
35.157.139.91
35.201.96.126
35.204.74.118
35.227.252.103
35.244.174.68
37.157.3.29
37.157.4.25
37.252.171.53
44.210.156.48
44.240.82.169
52.29.55.65
52.50.166.52
52.59.157.154
52.59.78.86
52.72.248.126
52.87.57.81
64.74.236.191
67.220.228.203
69.173.144.139
76.223.111.18
99.84.144.128
99.84.146.70
99.86.3.236
0141bdce01833d9d5834faec8e6c165c1b517b7fd38135b03256746e077f42f1
014471ef4f0edf6797f805ec44876170e35262af4c803cf01d0547bb9eb65592
040ae90345fee63a0728d0b737dc6e94ac84313a98213b45c4135915a8cd0188
04da122e70371bba47c7c58135bfed4f21d1545c72ba51d8cbc0d43276f834f9
05e77dab19940dd457e00282837faecc886434cc8cc5f631575a5e6c386de774
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
08f083955dcbcd8927a2e4053e5cd8dcde76d2dcbb7dbb72316281de67e4146e
0ac4a1580edb443420c38896152a03c80c8fa8e5f1f09853896b810d87309a80
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80
0d9762a1a60deef8aa093c473ad27c38eed77184d6940e7df06d89d77cbd3e94
0ea92c04c03d7da0e4608664dfb06b8bcf85ac91e2f58a8b984620247f447cca
0ffadf86f49024420c002f286c067e25ea10477424cb2eed051515fb84e21862
10d8548d0e447ebd4b29c06545232d0b110cb0f7979b885bf895bb8ad8d7ad10
12d0922275e45cf947a923693c22b104c17fadc0c10b4c8babfdd265e35534c8
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
15c5217bab15791da899bebeec1b32e57bcd02d20f8847c6440f47ededcdf625
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
18eadbed616a1c6d3afcf2750befa4c653869688479efbfdb0020c7c836d718b
1d6ba21eb3d5b2c887d33147cc23bb28a33d792df797c6344025f4cc2305d6cd
1e9c3fe0bb7e27e1fef2af1cae6a8924b40d3240418da5d484c65c00dae8f10a
1ec681300bf92d8a2d7a67a0e7b2dd7651ec4b35e5dcc67f180a4bacd0ed6937
1fb031e8fac65b546237289cb03067164111de4001dae738c54adc9cc0f8b483
2037829362aa634439692b17368cab34ce3bb8d196ad5cda806874de2d3a8132
21383a108fc0f4840b90610def8622f8af1fde2c2833693d61a1f91c075d25d1
24750b4aeeabac169847e57565841c9ff8926d4163e7ef88f7683aeea1c9e39c
24d150212652bfb57b7e6097d2f565bc5661ecaea2395d02bff94418c88c0fca
2766d700795b8f6c3f3b514a86b45dc2c7b9d3589278572667bb218823d2340e
27cf59f2f5b8446bbf81f4ed9bbea4fcbbece316e3655ade51da075cdc9962d4
294ede7ed934e23552a8d251025ef006c63f456a52740b8fd0e9f4041ff5d3d7
2d199b9d8dc7886837cbfd12c9e8ddae7e28f5c375d564b31bf732a320921435
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
3030d053f9d7526418b5317c06e8737b11f7d3d1a86908e17773b4c77b5e0f8a
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
376ff5dc51db8297acbc54be1eb40dcd202ca6e61c59d2656f0f5c13003f3596
39d6835ee4b7c5b33295b8e6ca78c56ce6fbcf44d80e79d218d528a2453fb185
3b6854831be14d28fdfdb1758ebebe2893bf8e5be5f176b8d3e1b1b0f874d90e
3c01c1e199879f8b72679cc4d402684ba9e88c21b633547adbae6ba03a617fdc
3d1882a2a2f10224d4b3adcab4dc1cb38892e41de42999500b39489d12d013f8
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3f42cacce3a454d68e0637b3133c0a5cf83033992e397d9a62f028c055a47fc0
3f7d4fce911e0a58ed4224b9f65d90a98d8bb7b76d25ad2610485b9baaa1d447
41136d12a8234a8f0b26348376eb19994f908380ef4d86ed9c5e40cfaf8d1225
4312f8be523f008e4cf5bab4a8cf5c27226c3fa96a3445721414a5f01877c341
43613d11a1a3d9cbf63eefcd0a580b7cbda021341e3e5c8e6cb18d7295fce5fa
454db4c5eda6da6644c986c6311c8b310db518c4f3e11db578acb5096e8d27a0
464a67cf67eb3fac71c631b9e21cce7d09235133353211c4bf70f74ca354c633
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b733869818b22702bf423eb2e8c0d54569ac57fcdbe38192a32c92c02512657
4be2d9b5ed0447bf7d2b372d988938d87dab3d063e2252aa32dafc5cbb47f2d9
4c3f6d2e5b1499f932aeb8c814690f92f46adb5b243233aed726e864f4c4c4d8
4da8d6b51bf0b49bd3ad3923e1099355d07554aaa347bfd672e03441d9f6dec0
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4ef0cb2e94b5b79911d8647651823f8c4a39b0f1192bf85b2caa9ce9db3fd7e1
50846800868a535c1d2befa0b84738e08ac7013dd5628b4a2be94308d2caa1f1
50d67ba51cc253aefceb5616c7038c80fa237ce0775a87fdfd7a13a87bd558cc
514338ec6bbb3440a50029e6cbc2ba9034d6971c4776d2759a4b829c94dedfb9
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54c8f488622b0f1842523649772d086030574152f9e35e560c3843da1394fa98
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
56e0ce5f0122d26436a62105e81987988704b11942032c63e74f26abcfe87b7c
57f295553fdda2a7f1ee0e5dab92d82f2bace1df0a781117dee1cb06eacbf891
58a07739b05fec4d319e4d5c6b1fa4ac79e2a625e08ab3f303929b77fde5bdf4
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
5a2f10e09cd6e81eb686dbca9e6056ed485e87d3869bac347455547c294cb036
5b1546ae8f493de03b1ca99f9f955a20785679be18625354b363f2f8311f421b
5bd36d9675e56608f9a362a1877871e38db0b6c19ccc23bf945ff3664b5711d3
5d92118fd0963536b7b24ae9e32fa37c641f39fbf8eb5d6914b3847bab1c6886
6065cc42cf9789426f27a40563bc5c313b5ed33a7bc384c3ffaa0d047eb93ff2
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
679a641787151d53a4534a8e9cf9da987177bcda7414cc0f1fe918e19a7fb45b
68cfc7d2dca949b93b55e576a6658166acf12a6578b6ba11363cb017982c7a84
6ac404a65bffee85a15718f669a44f5a034c94116661e6e0e48b1609f4a8617a
6b4834d2f44f07a9da65dd002108da7f574827f3bfadfc55d5885ae5d48169ef
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6b905e15a9ab2535e0616c9cf9a79aa936c4e9221f0ad536329363b3067cf9b5
6b96eb73da5fe3c20e4507bf752917f6d7978be8881c1dea934db282b028407d
6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e
71fc1599035adc6bc34df2117b8631285905f97737ba730af28644ee6a0d8dde
727baf1d9d11ae3a15ce4615130e9ea66944915778578c0261a0ab478595d9ff
72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48
75845ddd51e5f375f7b7aa868937566eb92118d0ee118cd3154db1a95d7b8dd0
75dc2b698501c1060b0b0323fe32dbbb6f1bec20a6a297d28f2061da1b97715c
7618224184b33562016e91c74160cad2364998d743760349169147e10ebc07a2
76460f1cd530a92dcb3d35468233b10d40dcb0ea7595aceb225104e63c3b78bc
77b109dd53ec2921d47af5eedcf39cbea8bc92bf8b59a970aa104c5ed2d5b3c0
7819f79f10384f92390fe76fc0c7a399613211a2ac6935f144c66e79fffcac16
7c6dab5e24a365754f98da70e1f6a2331dc97298ac80b972a42202ec3ac6cf63
7e80cd25d0902a5fd7cd2d9191feb0eb23751c90b9a9b9ba42b70fd07c4b5500
7e86f52cb0d423805ec541a4bccae5156a01fbe36355e6d798a450593212651f
7e9b3347c55ad7ba6474224616b723a62208017f4919f8d407b788b44b863291
7f07c09e0e18f8acf7cb7809644a144e4c00178a5bd55d99b545aca6c004117f
7f77cb3abcc9e7e1d7c4afdaa2a570d93e3da667b5a756fc11965e67e4afce39
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
88add35a1f61abc2862a550be60a0c490327159be61a67e09f2db059f80678f3
896c1dc476a4fc98cf092728d8b469404903c0dd408137e52688795efb4a827d
8cdd3d52b83633fe4e9d487e02c245e7862a0253b6ae950833eb5ad18120f3ff
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8db22950b3f47f686f4bad6b6d21386f03a4b0b24320c6715436424e41dcda09
8e69c64655718315422d63e22bc7dddaacd2fe1e1ceb20a6758287a76b9c6f66
8ec2d0ce178f35eca07375ece621599939262d6521f053f7b8633b819047e8df
8f10b18a828c92cb984a7657902bfbcde5164f711e6f2259b643d5270f707a9b
8fe3fa119255adb5e0c12479331f9e092e85bcff56ab6ecc0510bfa2056b898d
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
93eac8b1fb14d0863561633dfdf563013c023393aabfb122e3be7256629d9235
955becd6590ca9099279669e95771cf8d4d519ff8643dc8c398b6daaba6061a8
97595f68d03773d26ec486217153a57a1586997f3037dd0cee81c81daeb2f9b0
991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10
9add224ee0aa976f730d18d23b6cded2d85f4f1c79fae0df66381280333ca9c9
9fe27cf87e95f9b9e62b461ff327fbc6f8c6b48fc43236d18d8e101f080d6e72
a0530d918b171d54a81e618816b7da2fb38a0230cc6174531e975df821da9527
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a3e134243a1a63046eac3d8a5eb137cca6252efcf0148618e987ededfb643e54
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
a6d86bbfe45f990127f1ff1a3874ee64130176169ff51ad6ce39f0b39f023bd3
a7f0c148843ed0b4b852ab76866ae7fcfbd69bba58e5f2bada7a2b1bcb7fe440
a85af52452417453ae5ced98aa54a149925de2155e823234dce588c331d11aa0
a99a274df0247ac5794b3cf44042760012a58825a1083a4233d61ff4ec9c8cbf
a9ee30a9c35b49de4d050a13864501d6bd288a5dd8dc8ce06b03aa5844a1719d
ae6c4eb375a9a08f2c21183d6857943c7762e78c45c185670d4a5cc17fabfb57
afb933c645d1794ea24c67e62a057a2c1554c91b7423ccdd28934b6164dcc818
b0497f7b6ae4836433dccd92ba8024973d29274d2b85a1bb8bfe4e54588554bd
b0d4e0e17cfac7816e2db61a4950921f77f7175c91976df687b9a398568364b9
b10a075758097bb0578287af03c76a9fcd82fa4607587109ae41fe2d24756600
b114f9424fdb8c527389a985891aa1fb2a00fa2d7bc5965bbd15da2898669748
b17b4a5cc840a366a4c006794502f887a316402f781f85e913ac4af19a93fc13
b2c78c910f5ea29e3a9d223dabc203c055c8708b1fe7d83788b490638126db4d
b5aa611eb8a0c13f6d491ae88a0e08a706124319137c61e79974dd3488136bd1
b86a10a09a116119be04280e007edaf73812d8d4feae46fa1f20b69dbeb2d40a
bacc23ae416ef150be09288d366d689a7678849b04094552e67d8e2a032ad5a0
bad3f4a20b737202b4cb52ce0124a2ae5d54be0002feb42790867ee446425332
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bef73709f366984ed2c4d084d8fb00122475d339bcd5684f2d08c7a6641940b4
bf8a676a7f02c526c2946d58540257c34ef4a32ccd46787e08a031073b4ff642
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c3b88d51fd2ba23c4f8f4cb478d890f29e69bf4650d80cbf5dd965598d1a2672
c56091b08349df8b8fdf88559812eb8ad0d9096a87b9df4c807edcad281fb65e
c66013cda2311853afac3fb10ca1e7bec5f583d26cfd6eaf8a2a87a610072d05
c7170236eabd1a63431385ef4ab9506414a486b2681298d32aaa21a95b6662d8
c8ded6ccd9339f592300c049f31675ce57c198758282e3d9f44a0f833d7eef6f
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cf2623b02899ff993d483b84b6fa3c5a9368a08ef12873349a761f9fb76ea638
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf978cd2cd49124c75e624c0483aff4dbaa0ee91b1861362b1c7504a4963db9c
d1aa273c0ee242971b93ab49be5a7031a50c6a5f0a7feaf85d48b2a88c88bc0f
d278491b1de51ad826d16be5ab27b1746999c02d45200f107218427e34eed798
d4f92427f4595f814bd510fe44f93ed2d9931b7e25f4aa1c5e8d6a0e696ede8a
d50881e8cf2ac03741c7c31b98dcabdf91d458ed76766efc511b26a2b796dd0f
d64f62b42e42317c5ce1f78f530eac21057da4cea4a120a438601d368f6d1614
d6fbd6d46b0a1be6a3cdc49f712f83d661805a42fc37993340e2cc4493819adc
d93eb8b1203fc1b4e6368e4c5f8278bc4217a3e7d551f5cb5ca61b981af65748
dca9b6afcb6c37d6a32456973fe5f2986a348a70d11774e102de6fc420992a19
dd64fa064fff6110955db412db38ccc11d8932c72dcd539f896abe5a8baa545b
ddd1991e3d8ce67431989f8cca95743706d110f064ed2b3609041a3f20e50d2c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e57156482b6fe5729d7cffc6972caaa36c8a6a9c58e2c0a15de912e2e2acc6a4
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e64b65e1b953db51b5245c3584a96a7f86b14aef7f398c608d15f8158366dc0a
e6811b2a13cd279c1a618a00e66228ce42661f10d69a040645115a2ca13ed37d
e88bc41dfc3e11b318a5a3eeeb403b70f98705db64962f4647a3ad2cb9083aa6
e944a914e383f02545bf944ec9101376e4d994314f24fee3c7a1de3514b4e607
eb922d8aa175b8fe481c695f4fb7e741c8eb665ef7469c305d2d4414a5e2d678
ee561806ee0911d1a435191c5d32ac742b7cf1c7df3eda243deaae86413a8115
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efdffa93d62eb8cdc6420060cefbd4a1b68c8fb1ff6f853c86d6e1d1e0345291
f0a6793243270c269d68f1ee038ab75f0442d135221c816813072528181d5970
f0fe7e69e970311a87c3b57b217e6fc19f0a65b25813ad64426169712f61e402
f381f72e7fd3c1429978a2cc12303755b1649d360a08142edba7210bf80caa01
f5e55a21dfa3a20ceb298737c8f4c517a83d7960468c7f53b3f33c567bacff3c
f6d92433ae2e54a44ee20781d4f44431a38f22118790a1835d44d953cd9add54
f952a1fe704128514be74b5b604c76cd16a7e3ca6ad98e085b706615095d5df6
fe5d23d415187d71dfa026db8852418f98513ef7f7a1c3e1321bc95d6d6a0f5f

heraldcourier.com Open in urlscan Pro 192.104.183.109 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

305 Requests

81 %HTTPS

34 %IPv6

68 Domains

105 Subdomains

80 IPs

11 Countries

5254 kBTransfer

10901 kBSize

88 Cookies

9 Outgoing links

Page URL History

Redirected requests

305 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

heraldcourier.com Open in urlscan Pro
192.104.183.109 Public Scan

Screenshot
Live screenshot

Full Image

305
Requests

81 %
HTTPS

34 %
IPv6

68
Domains

105
Subdomains

80
IPs

11
Countries

5254 kB
Transfer

10901 kB
Size

88
Cookies

305 HTTP transactions
5 data transactions