mustsharenews.com Open in urlscan Pro
2606:4700:20::681a:d92 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
Submission: On March 29 via api (March 29th 2022, 5:00:04 am UTC) from SG — Scanned from DE

Summary HTTP 595 Redirects Links 16 Behaviour Indicators

Summary

This website contacted 74 IPs in 11 countries across 59 domains to perform 595 HTTP transactions. The main IP is 2606:4700:20::681a:d92, located in United States and belongs to CLOUDFLARENET, US. The main domain is mustsharenews.com. The Cisco Umbrella rank of the primary domain is 379254.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 16th 2021. Valid for: a year.

This is the only time mustsharenews.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
37	2606:4700:20:... 2606:4700:20::681a:d92	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:830::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82f::2008	15169 (GOOGLE) (GOOGLE)
44	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
2	2a04:4e42:200... 2a04:4e42:200::645	54113 (FASTLY) (FASTLY)
44	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
14	2a00:1450:400... 2a00:1450:4001:82f::2004	15169 (GOOGLE) (GOOGLE)
2	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
3	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
5	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2.18.233.180 2.18.233.180	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2.16.186.26 2.16.186.26	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
10	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
1	141.95.99.211 141.95.99.211	16276 (OVH) (OVH)
1 5	47.74.174.177 47.74.174.177	45102 (ALIBABA-C...) (ALIBABA-CN-NET Alibaba US Technology Co.)
29	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c06::9d	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
5	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
2	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
2 9	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1 2	2a02:2638:1::13 2a02:2638:1::13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	2606:4700::68... 2606:4700::6810:5814	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	178.250.0.157 178.250.0.157	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
22	185.86.138.32 185.86.138.32	201081 (SMARTADSE...) (SMARTADSERVER)
1	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
8	54.76.152.190 54.76.152.190	16509 (AMAZON-02) (AMAZON-02)
1	34.107.148.139 34.107.148.139	15169 (GOOGLE) (GOOGLE)
2	18.185.154.32 18.185.154.32	16509 (AMAZON-02) (AMAZON-02)
1	23.32.59.34 23.32.59.34	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2602:803:c003... 2602:803:c003:200::31	26667 (RUBICONPR...) (RUBICONPROJECT)
2	37.252.173.215 37.252.173.215	29990 (ASN-APPNEX) (ASN-APPNEX)
6 12	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
8	2a00:1450:400... 2a00:1450:4001:80f::2001	15169 (GOOGLE) (GOOGLE)
23	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
5	13.248.151.244 13.248.151.244	16509 (AMAZON-02) (AMAZON-02)
5	34.98.67.61 34.98.67.61	15169 (GOOGLE) (GOOGLE)
2 7	104.21.58.221 104.21.58.221	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 3	37.252.173.62 37.252.173.62	29990 (ASN-APPNEX) (ASN-APPNEX)
5	18.64.115.76 18.64.115.76	16509 (AMAZON-02) (AMAZON-02)
1	2.21.143.57 2.21.143.57	16625 (AKAMAI-AS) (AKAMAI-AS)
13	18.203.209.222 18.203.209.222	16509 (AMAZON-02) (AMAZON-02)
5	142.250.185.230 142.250.185.230	15169 (GOOGLE) (GOOGLE)
101	2a00:1450:400... 2a00:1450:4001:828::2006	15169 (GOOGLE) (GOOGLE)
2	52.56.234.21 52.56.234.21	16509 (AMAZON-02) (AMAZON-02)
11	23.205.235.133 23.205.235.133	16625 (AKAMAI-AS) (AKAMAI-AS)
4	108.157.4.12 108.157.4.12	16509 (AMAZON-02) (AMAZON-02)
3 10	13.248.245.213 13.248.245.213	16509 (AMAZON-02) (AMAZON-02)
8	172.217.16.130 172.217.16.130	15169 (GOOGLE) (GOOGLE)
1 1	169.50.137.184 169.50.137.184	36351 (SOFTLAYER) (SOFTLAYER)
34	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
2 2	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
1 1	85.114.159.118 85.114.159.118	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
3 3	213.155.156.183 213.155.156.183	1299 (TWELVE99 ...) (TWELVE99 Arelion)
3	35.186.253.211 35.186.253.211	15169 (GOOGLE) (GOOGLE)
5 5	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
12	34.240.117.131 34.240.117.131	16509 (AMAZON-02) (AMAZON-02)
6	37.157.2.235 37.157.2.235	198622 (ADFORM) (ADFORM)
4 4	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
2 4	209.54.180.3 209.54.180.3	16509 (AMAZON-02) (AMAZON-02)
1 2	52.95.125.22 52.95.125.22	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1288:80:... 2a00:1288:80:807::2	203220 (YAHOO-DEB) (YAHOO-DEB)
1	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
2 3	2a05:d018:d29... 2a05:d018:d29:3602:d715:9c64:5860:e3e3	16509 (AMAZON-02) (AMAZON-02)
1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
1 3	2606:4700::68... 2606:4700::6812:d05	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 4	18.157.193.122 18.157.193.122	16509 (AMAZON-02) (AMAZON-02)
2 2	35.210.53.219 35.210.53.219	19527 (GOOGLE-2) (GOOGLE-2)
4 4	37.157.4.39 37.157.4.39	198622 (ADFORM) (ADFORM)
7 7	213.19.147.45 213.19.147.45	3356 (LEVEL3) (LEVEL3)
6	37.157.5.71 37.157.5.71	198622 (ADFORM) (ADFORM)
1	2620:116:800d... 2620:116:800d:21:8c6e:cf2c:8d6:9fb5	16509 (AMAZON-02) (AMAZON-02)
3 3	151.101.130.49 151.101.130.49	54113 (FASTLY) (FASTLY)
3 3	3.120.46.78 3.120.46.78	16509 (AMAZON-02) (AMAZON-02)
1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	64.202.112.223 64.202.112.223	23352 (SERVERCEN...) (SERVERCENTRAL)
3 3	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2	96.16.141.156 96.16.141.156	16625 (AKAMAI-AS) (AKAMAI-AS)
1	139.99.121.206 139.99.121.206	() ()
18	108.157.4.14 108.157.4.14	16509 (AMAZON-02) (AMAZON-02)
1	2602:803:c003... 2602:803:c003:200::41	26667 (RUBICONPR...) (RUBICONPROJECT)
1	185.86.137.122 185.86.137.122	() ()
1	35.241.31.249 35.241.31.249	() ()
595	74

37 2606:4700:20::681a:d92 (United States)

ASN13335 (CLOUDFLARENET, US)

mustsharenews.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

44 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:200::645 (United States)

ASN54113 (FASTLY, US)

anymind360.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

44 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:82f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.233.180 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-180.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.16.186.26 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-26.deploy.static.akamaitechnologies.com

ced.sascdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.95.99.211 (France)

ASN16276 (OVH, FR)
PTR: ns3213278.ip-141-95-99.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 47.74.174.177 (Singapore, Singapore) 1 redirects

ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN)

adnetwork.adasiaholdings.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c06::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i0.wp.com

i0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a03:2880:f12d:83:face:b00c:0:25de (Frankfurt am Main, Germany) 2 redirects

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:2638:1::13 (France) 1 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5814 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.250.0.157 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 185.86.138.32 (France)

ASN201081 (SMARTADSERVER, FR)

prg.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.64.218 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com

adasia-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 54.76.152.190 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-152-190.eu-west-1.compute.amazonaws.com

prebid.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.107.148.139 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 139.148.107.34.bc.googleusercontent.com

prebid.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.185.154.32 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-185-154-32.eu-central-1.compute.amazonaws.com

tlx.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.32.59.34 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-32-59-34.deploy.static.akamaitechnologies.com

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2602:803:c003:200::31 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.252.173.215 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 15.197.193.217 (United States) 6 redirects

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:80f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 13.248.151.244 (United States)

ASN16509 (AMAZON-02, US)
PTR: ad9411418cf2cdacd.awsglobalaccelerator.com

de1-bid.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.98.67.61 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 61.67.98.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 104.21.58.221 (None, ) 2 redirects

ASN13335 (CLOUDFLARENET, US)

metrics.getrockerbox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.252.173.62 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 535.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 18.64.115.76 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-64-115-76.txl50.r.cloudfront.net

choices.truste.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.21.143.57 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-21-143-57.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 18.203.209.222 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-203-209-222.eu-west-1.compute.amazonaws.com

s.update.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.185.230 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

101 2a00:1450:4001:828::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.56.234.21 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-56-234-21.eu-west-2.compute.amazonaws.com

geo.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mb.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 23.205.235.133 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-205-235-133.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 108.157.4.12 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-157-4-12.dus51.r.cloudfront.net

ib.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 13.248.245.213 (United States) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 172.217.16.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s46-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 169.50.137.184 (United States) 1 redirects

ASN36351 (SOFTLAYER, US)
PTR: b8.89.32a9.ip4.static.sl-reverse.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

34 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.186.193.173 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.118 (Rheinfelden, Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 213.155.156.183 (Sweden) 3 redirects

ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE)
PTR: 213-155-156-183.teliacarrier-cust.com

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.186.253.211 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 3.126.56.137 (Frankfurt am Main, Germany) 5 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 34.240.117.131 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-240-117-131.eu-west-1.compute.amazonaws.com

s.update.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 37.157.2.235 (Denmark)

ASN198622 (ADFORM, DK)

track.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 69.173.144.165 (Frankfurt am Main, Germany) 4 redirects

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 209.54.180.3 (Ashburn, United States) 2 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.95.125.22 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

aax-eu.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:80:807::2 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a05:d018:d29:3602:d715:9c64:5860:e3e3 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6812:d05 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.157.193.122 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-157-193-122.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.210.53.219 (Brussels, Belgium) 2 redirects

ASN19527 (GOOGLE-2, US)
PTR: 219.53.210.35.bc.googleusercontent.com

pool.admedo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.157.4.39 (Denmark) 4 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 213.19.147.45 (Utrecht, Netherlands) 7 redirects

ASN3356 (LEVEL3, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 37.157.5.71 (Denmark)

ASN198622 (ADFORM, DK)

s1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:8c6e:cf2c:8d6:9fb5 (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.130.49 (United States) 3 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.120.46.78 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-120-46-78.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.202.112.223 (Leesburg, United States) 1 redirects

ASN23352 (SERVERCENTRAL, US)
PTR: ny.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.64.190.78 (United Kingdom) 3 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 96.16.141.156 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a96-16-141-156.deploy.static.akamaitechnologies.com

ads.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure-assets.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.99.121.206 (None, )

ASN- ()

as.adlooxtracking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 108.157.4.14 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-157-4-14.dus51.r.cloudfront.net

choices.trustarc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2602:803:c003:200::41 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)

smarttag.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.137.122 (None, )

ASN- ()

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.31.249 (None, )

ASN- ()

data00.adlooxtracking.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
101	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 316	939 KB
95	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 118 tpc.googlesyndication.com — Cisco Umbrella Rank: 160 d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com	992 KB
79	doubleclick.net securepubads.g.doubleclick.net — Cisco Umbrella Rank: 246 googleads.g.doubleclick.net — Cisco Umbrella Rank: 61 stats.g.doubleclick.net — Cisco Umbrella Rank: 163 ad.doubleclick.net — Cisco Umbrella Rank: 223 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 332 cm.g.doubleclick.net — Cisco Umbrella Rank: 276	416 KB
37	mustsharenews.com mustsharenews.com — Cisco Umbrella Rank: 379254	819 KB
32	rubiconproject.com 4 redirects fastlane.rubiconproject.com — Cisco Umbrella Rank: 646 eus.rubiconproject.com — Cisco Umbrella Rank: 804 s.update.rubiconproject.com — Cisco Umbrella Rank: 6515 token.rubiconproject.com — Cisco Umbrella Rank: 1003 pixel.rubiconproject.com — Cisco Umbrella Rank: 508 ads.rubiconproject.com — Cisco Umbrella Rank: 3382 smarttag.rubiconproject.com — Cisco Umbrella Rank: 14809 secure-assets.rubiconproject.com — Cisco Umbrella Rank: 1428	124 KB
30	adsrvr.org 6 redirects match.adsrvr.org — Cisco Umbrella Rank: 410 de1-bid.adsrvr.org — Cisco Umbrella Rank: 12962 s.update.adsrvr.org — Cisco Umbrella Rank: 4376 insight.adsrvr.org — Cisco Umbrella Rank: 778	67 KB
23	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 211	579 KB
23	smartadserver.com prg.smartadserver.com — Cisco Umbrella Rank: 1836 ssbsync.smartadserver.com	12 KB
18	trustarc.com choices.trustarc.com — Cisco Umbrella Rank: 975	51 KB
18	google.com www.google.com — Cisco Umbrella Rank: 20 adservice.google.com — Cisco Umbrella Rank: 124	43 KB
16	adform.net 4 redirects track.adform.net — Cisco Umbrella Rank: 3728 c1.adform.net — Cisco Umbrella Rank: 907 s1.adform.net — Cisco Umbrella Rank: 7818	372 KB
16	3lift.com 3 redirects tlx.3lift.com — Cisco Umbrella Rank: 875 ib.3lift.com — Cisco Umbrella Rank: 1631 eb2.3lift.com — Cisco Umbrella Rank: 504	95 KB
14	gstatic.com fonts.gstatic.com www.gstatic.com	524 KB
9	yahoo.com 7 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 405 ads.yahoo.com — Cisco Umbrella Rank: 1269 pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 634	5 KB
9	facebook.com 2 redirects www.facebook.com — Cisco Umbrella Rank: 94	653 B
8	smaato.net prebid.ad.smaato.net — Cisco Umbrella Rank: 4743	4 KB
7	getrockerbox.com 2 redirects metrics.getrockerbox.com — Cisco Umbrella Rank: 6468	4 KB
7	wp.com stats.wp.com — Cisco Umbrella Rank: 3196 pixel.wp.com — Cisco Umbrella Rank: 2686 i0.wp.com — Cisco Umbrella Rank: 3431	124 KB
6	amazon-adsystem.com 3 redirects s.amazon-adsystem.com — Cisco Umbrella Rank: 371 aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 1408	4 KB
6	google.de adservice.google.de — Cisco Umbrella Rank: 5680 www.google.de — Cisco Umbrella Rank: 3714	2 KB
5	truste.com choices.truste.com — Cisco Umbrella Rank: 967	48 KB
5	mookie1.com odr.mookie1.com — Cisco Umbrella Rank: 1211	748 B
5	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 322 secure.adnxs.com — Cisco Umbrella Rank: 607	5 KB
5	adasiaholdings.com 1 redirects adnetwork.adasiaholdings.com — Cisco Umbrella Rank: 59547	1 KB
5	facebook.net connect.facebook.net — Cisco Umbrella Rank: 188	198 KB
4	1rx.io 4 redirects sync.1rx.io — Cisco Umbrella Rank: 772	3 KB
4	bidswitch.net 3 redirects x.bidswitch.net — Cisco Umbrella Rank: 380	2 KB
4	openx.net adasia-d.openx.net — Cisco Umbrella Rank: 39338 rtb.openx.net — Cisco Umbrella Rank: 2105	859 B
4	criteo.com 1 redirects gum.criteo.com — Cisco Umbrella Rank: 441 mug.criteo.com — Cisco Umbrella Rank: 2007	1 KB
4	pubmatic.com 3 redirects ads.pubmatic.com — Cisco Umbrella Rank: 660 hbopenbid.pubmatic.com Failed image6.pubmatic.com — Cisco Umbrella Rank: 842	78 KB
3	advertising.com 3 redirects pixel.advertising.com — Cisco Umbrella Rank: 483	1 KB
3	everesttech.net 3 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 905	1 KB
3	unrulymedia.com 3 redirects sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 1526	2 KB
3	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 1254 s.tribalfusion.com — Cisco Umbrella Rank: 3445	2 KB
3	de17a.com 3 redirects d5p.de17a.com — Cisco Umbrella Rank: 6186	1 KB
3	moatads.com z.moatads.com — Cisco Umbrella Rank: 477 geo.moatads.com — Cisco Umbrella Rank: 761 mb.moatads.com — Cisco Umbrella Rank: 810	112 KB
3	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 908	889 B
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 98	20 KB
2	adlooxtracking.com as.adlooxtracking.com data00.adlooxtracking.com	65 KB
2	admedo.com 2 redirects pool.admedo.com — Cisco Umbrella Rank: 6336	712 B
2	ctnsnet.com 2 redirects gcm.ctnsnet.com — Cisco Umbrella Rank: 45983	532 B
2	anymind360.com anymind360.com — Cisco Umbrella Rank: 18031	118 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 132	76 KB
1	zemanta.com 1 redirects b1sync.zemanta.com — Cisco Umbrella Rank: 836	301 B
1	bing.com c.bing.com — Cisco Umbrella Rank: 366	594 B
1	linkedin.com px.ads.linkedin.com — Cisco Umbrella Rank: 775	921 B
1	quantserve.com cms.quantserve.com — Cisco Umbrella Rank: 1519	463 B
1	rlcdn.com id.rlcdn.com — Cisco Umbrella Rank: 893	417 B
1	adition.com 1 redirects dsp.adfarm1.adition.com — Cisco Umbrella Rank: 2099	584 B
1	simpli.fi 1 redirects um.simpli.fi — Cisco Umbrella Rank: 1226	710 B
1	casalemedia.com htlb.casalemedia.com — Cisco Umbrella Rank: 670	332 B
1	media.net prebid.media.net — Cisco Umbrella Rank: 1753	839 B
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 521	1 KB
1	id5-sync.com id5-sync.com — Cisco Umbrella Rank: 823	535 B
1	sascdn.com ced.sascdn.com — Cisco Umbrella Rank: 7096	30 KB
1	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 306	11 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 107	2 KB
0	360yield.com Failed match.360yield.com Failed
0	netmng.com Failed google2waycm.netmng.com Failed
595	59

	Domain	Requested by
101	s0.2mdn.net	mustsharenews.com s0.2mdn.net d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
44	pagead2.googlesyndication.com	mustsharenews.com pagead2.googlesyndication.com tpc.googlesyndication.com ad.doubleclick.net d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com securepubads.g.doubleclick.net s0.2mdn.net
43	tpc.googlesyndication.com	pagead2.googlesyndication.com tpc.googlesyndication.com d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com mustsharenews.com s0.2mdn.net
37	mustsharenews.com	mustsharenews.com
34	cm.g.doubleclick.net	d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com eb2.3lift.com
26	securepubads.g.doubleclick.net	anymind360.com securepubads.g.doubleclick.net mustsharenews.com www.googletagservices.com
23	www.googletagservices.com	d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com www.googletagservices.com s0.2mdn.net securepubads.g.doubleclick.net
22	prg.smartadserver.com	anymind360.com
18	choices.trustarc.com	choices.truste.com choices.trustarc.com
14	www.google.com	mustsharenews.com www.gstatic.com www.google.com tpc.googlesyndication.com d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
13	s.update.adsrvr.org	d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com s.update.adsrvr.org
12	s.update.rubiconproject.com	d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com s.update.rubiconproject.com
11	eus.rubiconproject.com	d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com eus.rubiconproject.com
10	eb2.3lift.com	3 redirects d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com ib.3lift.com eb2.3lift.com
10	match.adsrvr.org	6 redirects ads.pubmatic.com d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com eb2.3lift.com
10	fonts.gstatic.com	fonts.googleapis.com www.google.com
9	www.facebook.com	2 redirects mustsharenews.com connect.facebook.net
8	googleads4.g.doubleclick.net	mustsharenews.com
8	d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
8	prebid.ad.smaato.net	anymind360.com
7	metrics.getrockerbox.com	2 redirects d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
6	s1.adform.net	track.adform.net s1.adform.net
6	track.adform.net	ib.3lift.com s1.adform.net d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
5	ups.analytics.yahoo.com	5 redirects
5	ad.doubleclick.net	www.googletagservices.com
5	choices.truste.com	d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
5	odr.mookie1.com	d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
5	de1-bid.adsrvr.org	d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
5	i0.wp.com	mustsharenews.com
5	adnetwork.adasiaholdings.com	1 redirects
5	connect.facebook.net	mustsharenews.com connect.facebook.net
4	sync.1rx.io	4 redirects
4	c1.adform.net	4 redirects
4	x.bidswitch.net	3 redirects eb2.3lift.com
4	s.amazon-adsystem.com	2 redirects eb2.3lift.com
4	token.rubiconproject.com	4 redirects
4	ib.3lift.com	d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com ib.3lift.com
4	adservice.google.com	pagead2.googlesyndication.com securepubads.g.doubleclick.net
4	adservice.google.de	pagead2.googlesyndication.com securepubads.g.doubleclick.net
4	googleads.g.doubleclick.net	pagead2.googlesyndication.com
4	www.gstatic.com	www.google.com www.gstatic.com
3	image6.pubmatic.com	3 redirects
3	pixel.advertising.com	3 redirects
3	sync-tm.everesttech.net	3 redirects
3	sync.targeting.unrulymedia.com	3 redirects
3	pr-bh.ybp.yahoo.com	2 redirects d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
3	rtb.openx.net	d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
3	d5p.de17a.com	3 redirects
3	secure.adnxs.com	3 redirects
3	partner.googleadservices.com	pagead2.googlesyndication.com
3	www.google-analytics.com	mustsharenews.com www.google-analytics.com
2	pool.admedo.com	2 redirects
2	a.tribalfusion.com	1 redirects d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
2	aax-eu.amazon-adsystem.com	1 redirects
2	gcm.ctnsnet.com	2 redirects
2	insight.adsrvr.org	d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
2	ib.adnxs.com	anymind360.com
2	tlx.3lift.com	anymind360.com d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
2	mug.criteo.com	mustsharenews.com
2	gum.criteo.com	1 redirects
2	www.google.de	mustsharenews.com
2	stats.g.doubleclick.net	www.google-analytics.com
2	anymind360.com	mustsharenews.com anymind360.com
2	www.googletagmanager.com	mustsharenews.com
1	data00.adlooxtracking.com	as.adlooxtracking.com
1	ssbsync.smartadserver.com	d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
1	secure-assets.rubiconproject.com	mustsharenews.com
1	smarttag.rubiconproject.com	ads.rubiconproject.com
1	as.adlooxtracking.com	securepubads.g.doubleclick.net
1	ads.rubiconproject.com	securepubads.g.doubleclick.net
1	b1sync.zemanta.com	1 redirects
1	c.bing.com	eb2.3lift.com
1	px.ads.linkedin.com	eb2.3lift.com
1	cms.quantserve.com	d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
1	s.tribalfusion.com	d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
1	pixel.rubiconproject.com	d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
1	id.rlcdn.com	d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
1	ads.yahoo.com	d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
1	mb.moatads.com	z.moatads.com
1	dsp.adfarm1.adition.com	1 redirects
1	um.simpli.fi	1 redirects
1	geo.moatads.com	z.moatads.com
1	z.moatads.com	d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
1	fastlane.rubiconproject.com	anymind360.com
1	htlb.casalemedia.com	anymind360.com
1	prebid.media.net	anymind360.com
1	adasia-d.openx.net	anymind360.com
1	cdn.jsdelivr.net	anymind360.com
1	id5-sync.com	ced.sascdn.com
1	pixel.wp.com	mustsharenews.com
1	ced.sascdn.com	anymind360.com
1	ads.pubmatic.com	anymind360.com
1	stats.wp.com	mustsharenews.com
1	cdn.ampproject.org	mustsharenews.com
1	fonts.googleapis.com	mustsharenews.com
0	match.360yield.com Failed	d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
0	google2waycm.netmng.com Failed	d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
0	hbopenbid.pubmatic.com Failed	anymind360.com
595	98

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
www.instagram.com
t.me
twitter.com
www.straitstimes.com
www.channelnewsasia.com
www.todayonline.com
bit.ly
www.flickr.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-06-16` - `2022-06-15`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
anymind360.com R3	`2022-03-04` - `2022-06-02`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-02` - `2022-07-05`	2 years	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-01-05` - `2022-04-05`	3 months	crt.sh
*.pubmatic.com DigiCert SHA2 Secure Server CA	`2022-02-04` - `2023-02-03`	a year	crt.sh
*.sascdn.com DigiCert SHA2 Secure Server CA	`2021-09-13` - `2022-09-13`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.id5-sync.com R3	`2022-03-08` - `2022-06-06`	3 months	crt.sh
*.adasiaholdings.com Go Daddy Secure Certificate Authority - G2	`2021-05-13` - `2022-06-14`	a year	crt.sh
*.google.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-02-04` - `2022-05-03`	3 months	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-25` - `2023-01-25`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
smaato.net Sectigo ECC Organization Validation Secure Server CA	`2020-07-28` - `2022-10-04`	2 years	crt.sh
*.media.net Sectigo RSA Domain Validation Secure Server CA	`2021-04-12` - `2022-05-05`	a year	crt.sh
*.3lift.com Amazon	`2021-06-12` - `2022-07-11`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-12-12` - `2022-12-13`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-08` - `2023-04-04`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
*.truste.com Amazon	`2022-01-17` - `2023-02-15`	a year	crt.sh
moatads.com DigiCert SHA2 Secure Server CA	`2021-11-27` - `2022-11-29`	a year	crt.sh
update.adsrvr.org R3	`2022-02-22` - `2022-05-23`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-03-17` - `2022-06-09`	3 months	crt.sh
*.moatads.com DigiCert TLS RSA SHA256 2020 CA1	`2021-05-25` - `2022-06-25`	a year	crt.sh
update.rubiconproject.com R3	`2022-02-02` - `2022-05-03`	3 months	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2021-09-06` - `2022-10-07`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-03` - `2023-02-25`	a year	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2022-03-28` - `2022-09-28`	6 months	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2020-04-23` - `2022-05-04`	2 years	crt.sh
www.bing.com Microsoft RSA TLS CA 01	`2022-03-16` - `2022-09-16`	6 months	crt.sh
*.adlooxtracking.com R3	`2022-02-07` - `2022-05-08`	3 months	crt.sh
*.trustarc.com Go Daddy Secure Certificate Authority - G2	`2020-05-21` - `2022-07-17`	2 years	crt.sh

This page contains 60 frames:

Primary Page: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
Frame ID: B9888410BA83417DFDF33C93B98D24A7
Requests: 151 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220324/r20190131/zrt_lookup.html
Frame ID: A88BA02C4DA31FAB086EE4F46A0C7A2E
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdJ12kbAAAAAOc3xsOVeEOvsYVw2Z1KebJcXiG8&co=aHR0cHM6Ly9tdXN0c2hhcmVuZXdzLmNvbTo0NDM.&hl=de&v=2uoiJ4hP3NUoP9v_eBNfU6CR&size=invisible&cb=79i2uy298fqs
Frame ID: E60F40819F6EDE1DD8A093476368D7A2
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9994647129360327&output=html&adk=1812271804&adf=3025194257&lmt=1648529998&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A34635776%2C32%3A32&format=0x0&url=https%3A%2F%2Fmustsharenews.com%2Fspf-arrest-scams%2F%3FisentiaPostId%3Dpost-1&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1648529998170&bpp=2&bdt=529&idt=139&shv=r20220324&mjsv=m202203230101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=7175789465843&frm=20&pv=2&ga_vid=1334310438.1648529998&ga_sid=1648529998&ga_hid=1890991456&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31063247&oid=2&pvsid=710278017565655&pem=188&tmod=219732294&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=157
Frame ID: CCFA7F81F9652DEDAD19F95A541812E3
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 4053348C711D24BA1AF9E1A26FC0FA82
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dtrue%26app_id%3D403902689943296%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df16782fff2c72f%2526domain%253Dmustsharenews.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fmustsharenews.com%25252Ff1ab5eb3fdb7b9c%2526relation%253Dparent.parent%26container_width%3D214%26hide_cover%3Dtrue%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Fmustsharenews%252F%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26small_header%3Dtrue%26tabs%26width%3D265
Frame ID: 09A77831D9C26C6584729F1F8CD52B2C
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 359A89BFFA644664D768794F2EBE10CD
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: E40140A4FAFB3CFC39382CEAD4A236C1
Requests: 2 HTTP requests in this frame

Frame: https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dtrue%26app_id%3D403902689943296%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df17b205630de0d8%2526domain%253Dmustsharenews.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fmustsharenews.com%25252Ff1ab5eb3fdb7b9c%2526relation%253Dparent.parent%26container_width%3D0%26hide_cover%3Dtrue%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Fmustsharenews%252F%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26small_header%3Dtrue%26tabs%26width%3D265
Frame ID: 2865E9D30DF00F2F2546531A95D6B5B9
Requests: 1 HTTP requests in this frame

Frame: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: C58F9EFF2F08B62A809A558627DDDB71
Requests: 1 HTTP requests in this frame

Frame: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: F8A3031B2A8F3BEAE84FB45C48AA9C5F
Requests: 43 HTTP requests in this frame

Frame: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: CB8AEF401637C140ECE45345FA7D6F94
Requests: 16 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&gdpr=1&gdpr_consent=BPWmbcgPWmbcg__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU&geo=eu&co=de
Frame ID: 631DCC58AE995C575E7068521CABF4A0
Requests: 10 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 2B04A703D2C196EC7F092EC48113AC56
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: C25C74C2DDB85A170975E96DC994BCC2
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=OB3obxC56Z&t=4&renderingType=2
Frame ID: B9F5A15D2C29B28DD28F17052B7C4790
Requests: 25 HTTP requests in this frame

Frame: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: B736A0B5BD2CA831A3B9AC07CDECBE8B
Requests: 36 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: F030841541DBE3D3C89710DFC9577283
Requests: 9 HTTP requests in this frame

Frame: data://truncated
Frame ID: 91567FF228725C1F37489FE6094C4E79
Requests: 1 HTTP requests in this frame

Frame: https://track.adform.net/adfscript/?bn=53729164;rtbwp=0.053;rtbdata=bOmcyWsQpwm_M7QCoKbNJeBgiSZ8TfysSG6Iu8q9jW6KoShCtMK4Uvl5As8YdMPMDJ92hFkrgvWuXTuwtKQ83Djq_DtLbyGCr_flNGb82zSX6XGzTuAKU8H7etFiZJ_Xd0aPpDgzou-R8XgSBoe-yLs105Sz4v9tHSjhvNWpJ7eKAnUeaQi6huXSXM2SIPr-1UgLLk1lkcsk6wIDvC_fKDiFNnZ0dsM1omN1-c6UvUo1
Frame ID: 6DFFF0E30DFBAD6F627DF981EEABF810
Requests: 6 HTTP requests in this frame

Frame: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: BDEFC190B2245596FDCDC3FF39880FAB
Requests: 25 HTTP requests in this frame

Frame: blob://https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/1950d175-e026-432e-9e7c-bbb30321a938
Frame ID: AEE757B45DDC3EFC8495A832EB6934D3
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsub9ujz03d2o1QGUPh9Iuqolv9QAtIxhds0m8xkVCWPAB0bgMs1B-1PfLrerk42qXz4IfoT7d7oghiUdP-9Xb4BKF5mdV2pn9IDDoPQvny9aNOJTDjo0k8YIhXYK9nMechkllszM0oQWXuIo6fhtFqzKFlHAYFvoif6vX0NBUsxPrHQ2uO1zI7CGkwRR0slUf1McMlQudbbaqOsmbMOObwUxuHbVdEd1soGtp_aS_CoSClsAm1VuBHzUs6yS7HfROW0xnFE1oL8u53xLLZ_PtdO2h8zpT0Uct4VXc62XFB1ON975mkWsGB9vM94v_zL12nPp6Y9sUGTtFrCWkW1Ep1nBfTlpgnCKK53bdPk854PH907PEgsMDY&sig=Cg0ArKJSzFPLZo_cujIIEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: CD1CEA9316B1DD9A8D396B9BE5CCEFDE
Requests: 12 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&gdpr=1&gdpr_consent=BPWmbcqPWmbcq__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU&geo=eu&co=de
Frame ID: 270D5844D00EC8BCF891F439128F2DD8
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: B285DC107015E22DB98613044A55DD1C
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/CGHVXjYJRnLTYRF6fgor0GmLhTjmHb-GVf8novFL6vc.js
Frame ID: 2EC954D7679A1C349689BA7F878A83A4
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 1D28D3DECF0AF9280B28359A808DB178
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=AS7j1Z6qRo&t=4&renderingType=2
Frame ID: 467820D05A1EEF2B10313244DE68ABF1
Requests: 25 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9994647129360327&output=html&h=250&slotname=6052293568&adk=1036449870&adf=776186312&pi=t.ma~as.6052293568&w=300&psa=0&format=300x250&url=https%3A%2F%2Fmustsharenews.com%2Fspf-arrest-scams%2F%3FisentiaPostId%3Dpost-1&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1648530002026&bpp=4&bdt=115&idt=162&shv=r20220324&mjsv=m202203230101&ptt=9&saldr=aa&cookie=ID%3Db17120d3de7eb68d%3AT%3D1648529998%3AS%3DALNI_MaBAz1-yu_vRHDLrRVeUX3V3blIsg&correlator=7175789465843&frm=23&ife=4&pv=1&ga_vid=1334310438.1648529998&ga_sid=1648530002&ga_hid=1695335677&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=464&ady=5369&biw=1600&bih=1200&isw=300&ish=250&ifk=1165671238&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842&oid=2&pvsid=111525324806400&pem=188&tmod=618151652&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.vuog2hdk0n0t&btvi=1&fsb=1&dtd=177
Frame ID: EBF2747E8F70E79C15E3D12D1E8AFE69
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?max=10&cb=75345&ld=1
Frame ID: 9544C68729F37411325575FC8D12C48C
Requests: 11 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&gdpr=1&gdpr_consent=BPWmbcqPWmbcq__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU&geo=eu&co=de
Frame ID: 2A67FAF3410CF1241FECA269618791C7
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: C3BE05AA378AE221E9215BDABCD02D81
Requests: 9 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsst-qlJG-WVjPijuIVCfLzRmZAHLLrJbw9-KmEYsTtK82oeybd65rfpc4434XuZlv19AsP2BCVnrKSP1PM7LeZLxRGgKtANsiP0U4r6FZR27fmCSJ5gBT3XtJ4cSSmi5svn2m5-Pmy-0H3qe1OcEHRrESVuX1bIgd5Dm-fKO9NTARVJMAN5erh-Iz3_ALFxm6h29lcYeVhRiBPaKghU9WTCVS0WWDEQ7cLyjmF9gbGVu8sTIKZ8kXCegEfUIFxvcZfPP7f1zJoEKAtR4pG289kjDUFyadrGVCrMjhvRnrPyrfF8gwIjQq5UNd4WxcmvulxXncxmB8ExVtEXNoRtxhvo-oz65elgzcfff_k8_euiU19kUY9XIO4&sig=Cg0ArKJSzGUffRX3m7deEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: 03D1419C16F5EFEBB9D4199376CAD72C
Requests: 11 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=wmnOVNcP9D&t=4&renderingType=2
Frame ID: 6114517A31BE42763887B451A1427481
Requests: 25 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: D03C70AB6B66986E0432F6F3F88C243B
Requests: 3 HTTP requests in this frame

Frame: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 1FFCE316CF58E8F2B00F37E19AA66C9E
Requests: 21 HTTP requests in this frame

Frame: blob://https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/fa8db22b-77c2-43eb-ad5b-b10b8e759893
Frame ID: 6AC483EFCB5183C22E465FCB28947A65
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9994647129360327&output=html&h=280&slotname=3920313618&adk=1313424537&adf=776186319&pi=t.ma~as.3920313618&w=336&psa=0&format=336x280&url=https%3A%2F%2Fmustsharenews.com%2Fspf-arrest-scams%2F%3FisentiaPostId%3Dpost-1&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1648530002535&bpp=3&bdt=205&idt=207&shv=r20220324&mjsv=m202203230101&ptt=9&saldr=aa&cookie=ID%3Db17120d3de7eb68d%3AT%3D1648529998%3AS%3DALNI_MaBAz1-yu_vRHDLrRVeUX3V3blIsg&correlator=7175789465843&frm=23&ife=4&pv=1&ga_vid=1334310438.1648529998&ga_sid=1648530003&ga_hid=1281871197&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=446&ady=3201&biw=1600&bih=1200&isw=336&ish=280&ifk=2213663414&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065370%2C31063246%2C31065656&oid=2&pvsid=3246387072062102&pem=188&tmod=1910048678&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C336%2C280&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.pb3k9ykl1va9&btvi=1&fsb=1&dtd=220
Frame ID: 5AFEF296453F92BAA4BF7EFD49C35430
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuI6khxVvJQ_FKB8BBaKIfGjhzigEQ7U_stSeUSKfBBg3COS0xFg7eEqcvGd7VFKTlAkJc4IVEzEhM7-J92gwyEPauUEDCIBJL7_K4_2h4o8Gela409coGUUqzUQ3_c_PlQQNvMQRDcAumYtPMJdZmBDi3n706K7QRUqu5WtDIMZBVr_SAVUe1_LAoXhmY5EwnSNaz06mT7u3gZSoWCE5LdzXzD-BZ3jjFrs6nqHZSR8lVPxbFwqIh7vLMpWcPDaoTMn6piuKG_c86XRtEXZIlijeIXNEbVM6uFHVueDNP_m1jaVv-138sjebdARzH0c0TxYhdApDlftXZgLZkiu1_pLxd9yPto-Ifm_-T5mkNV1OBwQUMHiNjYUQ1P_7WSK3n6Jv5Yuw&sig=Cg0ArKJSzAx4X3IZXU71EAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: 170A0BE6546582D1CDC95EA12A90D779
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 6AA63547FA2267450B8A661348CB503F
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: BD3407EDE780E8B0AA892CCDDF672126
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/CGHVXjYJRnLTYRF6fgor0GmLhTjmHb-GVf8novFL6vc.js
Frame ID: ACC8B21C51DBE2AD415B1908444CE2FE
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/CGHVXjYJRnLTYRF6fgor0GmLhTjmHb-GVf8novFL6vc.js
Frame ID: 1D9373C23E0411BD2B633F79FBD62410
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&gdpr=1&gdpr_consent=BPWmbc0PWmbc0__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU&geo=eu&co=de
Frame ID: 63CA6E43FE3197A03F5D7029781941BD
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: EBE9707CCDEA7A075422F35F789C3B66
Requests: 9 HTTP requests in this frame

Frame: https://choices.trustarc.com/get?name=admarker-icon-tr.png
Frame ID: 111FCC0C16C942A028FD308360433C46
Requests: 2 HTTP requests in this frame

Frame: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 9624AEE15C00D9AF619BE790B984CE26
Requests: 14 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 06039F3B8A573D51EE82CE2360032B2E
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: CED1DF3D07A5A4565A97861F1422F99D
Requests: 2 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=IesEaISHTZ&t=4&renderingType=2
Frame ID: 569CFD376CB1AFD5F7AABF0CA47CF902
Requests: 25 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: D58632FE050CD68A9E519E75B65EEBDC
Requests: 2 HTTP requests in this frame

Frame: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: BE5AE89657E0FE872D7E9217C5D15666
Requests: 19 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/CGHVXjYJRnLTYRF6fgor0GmLhTjmHb-GVf8novFL6vc.js
Frame ID: 5B02AD4A31AC9C281699E821E86A9B00
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&gdpr=1&gdpr_consent=BPWmbc0PWmbc0__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU&geo=eu&co=de
Frame ID: D77196EF755240CA3CB54CAC2720C0E7
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 798689F8137CF5B6D31A99EB77D7494A
Requests: 9 HTTP requests in this frame

Frame: https://choices.trustarc.com/get?name=admarker-icon-tr.png
Frame ID: 32F89E9CF93AC75A4B585185FE4BDCA3
Requests: 2 HTTP requests in this frame

Frame: https://choices.trustarc.com/get?name=admarker-icon-tr.png
Frame ID: 5E93C79A2BA9C85265B1E7C867304D7E
Requests: 2 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&gdpr=1&gdpr_consent=BPWmbc-PWmbc-__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU&geo=eu&co=de
Frame ID: 36855579F162DAAD90A7C3B83C5666C3
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 478375EF1FD4548BF0A63C9F79EB31DD
Requests: 1 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=D7xTRE99ic&t=4&renderingType=2
Frame ID: 00C2AE588F2A08EDE8914C90CC7B9542
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

35 Arrested In 4-Day Operation Targeting Scams, SPF Cautions Public To Stay Vigilant

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/
wp-embed\.min\.js\?ver=([\d.]+)

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Moat (Analytics) Expand

Overall confidence: 100%
Detected patterns

moatads\.com

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

595
Requests

90 %
HTTPS

34 %
IPv6

59
Domains

98
Subdomains

74
IPs

11
Countries

5937 kB
Transfer

14972 kB
Size

53
Cookies

16 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/mustsharenews

Search URL Search Domain Scan URL

URL: https://www.instagram.com/mustsharenews/

Search URL Search Domain Scan URL

URL: https://t.me/mustsharenews

Search URL Search Domain Scan URL

URL: https://twitter.com/MustShareNews

Search URL Search Domain Scan URL

URL: https://www.straitstimes.com/singapore/courts-crime/35-arrested-in-4-day-operation-as-police-probe-1200-cases-of-scams-involving-31-million
Title: Source

Search URL Search Domain Scan URL

URL: https://www.channelnewsasia.com/singapore/spf-scam-enforcement-35-arrested-1200-cases-involving-31-million-2589276
Title: Channel NewsAsia (CNA)

Search URL Search Domain Scan URL

URL: https://www.todayonline.com/singapore/35-arrested-anti-scam-enforcement-operation-police-investigating-more-1200-cases-involving-s31-million-1856396
Title: TODAY Online

Search URL Search Domain Scan URL

URL: https://www.facebook.com/586604782/posts/10160238566829783/?d=n
Title: Source

Search URL Search Domain Scan URL

URL: https://www.straitstimes.com/singapore/courts-crime/35-arrested-in-4-day-operation-as-police-probe-1200-cases-of-scams-involving-31-million?utm_campaign=stfb&utm_medium=social&utm_source=facebook&fbclid=IwAR1ntOi8HBKHQknBcFBIancUA6RqWbVuTYdRH_46d59OdErlJazewbKb3pE
Title: The Straits Times (ST)

Search URL Search Domain Scan URL

URL: https://bit.ly/msnFBcta

Search URL Search Domain Scan URL

URL: https://bit.ly/msnIGcta

Search URL Search Domain Scan URL

URL: https://bit.ly/msnTGcta

Search URL Search Domain Scan URL

URL: https://www.flickr.com/photos/25802865@N08/7511495518/
Title: Flickr

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=https%3A%2F%2Fmustsharenews.com%2Fspf-arrest-scams%2F
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=35%20Arrested%20In%204-Day%20Operation%20Targeting%20Scams%2C%20SPF%20Cautions%20Public%20To%20Stay%20Vigilant&url=https://mustsharenews.com/?p=326555
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=https://mustsharenews.com/spf-arrest-scams/
Title: Facebook

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 62

https://adnetwork.adasiaholdings.com/2060/call HTTP 307
https://adnetwork.adasiaholdings.com/2060/call?cklb=1

Request Chain 91

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fmustsharenews.com%2F&domain=mustsharenews.com&cw=1&lsw=1 HTTP 302
https://mug.criteo.com/sid?cpp=U81ICnxMQVhLb0wwVDMzYUlGa3NkM0NrRHpwUlo5emNXc3k0SmNyYnlmNVpUSXF2RTA0TUdOK1ZyRXhuQ1R6ekRlQ1I0TWpoNlNoQzJZVnMwRHQrRTRZdklObkdZb04zUHdFT1FHYkdHT3ZwNGxxVXJFc3gwZXZIQkhycnh1aUYxY2J1QU1WZGw3dWh0b3hLaVBDaDJmTmxIUlZwTmw4dUplZ2hJNFREZGdZQ29FMFBYd3FPaHM1MzlkQ1lqKzU0QkJ0cU13cnpnVEFjeVMyZ05ZcUJjd0JxVHZnRisyOUphbHJ6V0pxUDBCcHozakloSTk4N01obE1Va0ZMYytrOXY3Vk5CfA&cppv=2

Request Chain 144

https://www.facebook.com/v2.9/plugins/page.php?adapt_container_width=true&app_id=403902689943296&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df16782fff2c72f%26domain%3Dmustsharenews.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmustsharenews.com%252Ff1ab5eb3fdb7b9c%26relation%3Dparent.parent&container_width=214&hide_cover=true&href=https%3A%2F%2Fwww.facebook.com%2Fmustsharenews%2F&locale=en_US&sdk=joey&show_facepile=true&small_header=true&tabs=&width=265 HTTP 302
https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dtrue%26app_id%3D403902689943296%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df16782fff2c72f%2526domain%253Dmustsharenews.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fmustsharenews.com%25252Ff1ab5eb3fdb7b9c%2526relation%253Dparent.parent%26container_width%3D214%26hide_cover%3Dtrue%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Fmustsharenews%252F%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26small_header%3Dtrue%26tabs%26width%3D265

Request Chain 153

https://www.facebook.com/v2.9/plugins/page.php?adapt_container_width=true&app_id=403902689943296&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df17b205630de0d8%26domain%3Dmustsharenews.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fmustsharenews.com%252Ff1ab5eb3fdb7b9c%26relation%3Dparent.parent&container_width=0&hide_cover=true&href=https%3A%2F%2Fwww.facebook.com%2Fmustsharenews%2F&locale=en_US&sdk=joey&show_facepile=true&small_header=true&tabs=&width=265 HTTP 302
https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dtrue%26app_id%3D403902689943296%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df17b205630de0d8%2526domain%253Dmustsharenews.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fmustsharenews.com%25252Ff1ab5eb3fdb7b9c%2526relation%253Dparent.parent%26container_width%3D0%26hide_cover%3Dtrue%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Fmustsharenews%252F%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26small_header%3Dtrue%26tabs%26width%3D265

Request Chain 177

https://match.adsrvr.org/track/cmf/generic?ttd_pid=mookie-ps&ttd_tpi=1 HTTP 302
https://odr.mookie1.com/t/v2?tagid=V2_2087&src.visitorId=514a4b88-0dfd-434d-a84a-f5d9ce432a25&gdpr=1&gdpr_consent=

Request Chain 178

https://metrics.getrockerbox.com/track/v4?source=weight_watchers_subscription_germany&tier_one=ttd-display&tier_two=0a7a8j6&tier_three=a99jcch&tier_four=1e7nlzp2 HTTP 302
https://secure.adnxs.com/getuid?https%3A%2F%2Fmetrics.getrockerbox.com%2Ftrack%2Fv4%3Fuid%3D%24UID%26source%3Dweight_watchers_subscription_germany%26tier_one%3Dttd-display%26tier_two%3D0a7a8j6%26tier_three%3Da99jcch%26tier_four%3D1e7nlzp2%26uid_ts%3D1648530001 HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fmetrics.getrockerbox.com%252Ftrack%252Fv4%253Fuid%253D%2524UID%2526source%253Dweight_watchers_subscription_germany%2526tier_one%253Dttd-display%2526tier_two%253D0a7a8j6%2526tier_three%253Da99jcch%2526tier_four%253D1e7nlzp2%2526uid_ts%253D1648530001 HTTP 302
https://metrics.getrockerbox.com/track/v4?uid=3274717522904464586&source=weight_watchers_subscription_germany&tier_one=ttd-display&tier_two=0a7a8j6&tier_three=a99jcch&tier_four=1e7nlzp2&uid_ts=1648530001

Request Chain 211

https://um.simpli.fi/gp_match?google_gid=CAESEA85OE3M-unGw-7-cDtGs1Q&google_cver=1&google_push=AYg5qPIESIwOmRW7Q9pE3AC5UHboXaec-4FwEM7BP8bvztJH7kVP0YQT_O4RBl1Kk6GCkYc7e5JdhTqSQpWDMVzmy-gigQ9PON4e HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=E4F8497C5FD740E193A9D9B8A4074E12&google_push=AYg5qPIESIwOmRW7Q9pE3AC5UHboXaec-4FwEM7BP8bvztJH7kVP0YQT_O4RBl1Kk6GCkYc7e5JdhTqSQpWDMVzmy-gigQ9PON4e

Request Chain 213

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESENHbEss19UYanCni9UQvsOo&google_cver=1&google_push=AYg5qPIOIW7kVbpj-i49q0eis3WqISvx09rB1VQgCJ8MKI6-Cl9M3ySjfTvb-5G_468EjUZG7dFLyGV4gDAJZvCCNQEOMHoaHUI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPIOIW7kVbpj-i49q0eis3WqISvx09rB1VQgCJ8MKI6-Cl9M3ySjfTvb-5G_468EjUZG7dFLyGV4gDAJZvCCNQEOMHoaHUI&google_hm=c9fpMcL7TGKKj4EGLAonkx4

Request Chain 214

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEAqXiPXVMRDE-HB77RaZ1kA&google_cver=1&google_push=AYg5qPLPf74dUcw6IzP1q92ogxnUD-jOostgfQi_PxPUZuUCPMBSDeqkujvd8EL7JSfl8nZrYDby6mLKnvDp4rCg2YWxyMGrZVQg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzA4MDM4MjQ0MDc4MDcyNDM3Mw%3D%3D&google_push=AYg5qPLPf74dUcw6IzP1q92ogxnUD-jOostgfQi_PxPUZuUCPMBSDeqkujvd8EL7JSfl8nZrYDby6mLKnvDp4rCg2YWxyMGrZVQg

Request Chain 215

https://d5p.de17a.com/cookies/google?google_gid=CAESEIvZYV0hvftDXK8rtlforf8&google_cver=1&google_push=AYg5qPI3QD7ROBalTaunWp3lZL22TaZgQXQ_u0QbXHbXsWRzUyd7qbWkusAVEnzTlqu4RViU6EmEOokwTUKcvETHPBMwkjk6EaM HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEIvZYV0hvftDXK8rtlforf8&google_cver=1&google_push=AYg5qPI3QD7ROBalTaunWp3lZL22TaZgQXQ_u0QbXHbXsWRzUyd7qbWkusAVEnzTlqu4RViU6EmEOokwTUKcvETHPBMwkjk6EaM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPI3QD7ROBalTaunWp3lZL22TaZgQXQ_u0QbXHbXsWRzUyd7qbWkusAVEnzTlqu4RViU6EmEOokwTUKcvETHPBMwkjk6EaM

Request Chain 217

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEOuPSZt7MV-PCxDIFlEKJB0&google_cver=1&google_push=AYg5qPLl7nZuWHhrZweQCa07kQDoYoWSNX3Uf1qABvp4StSwaPWfGdJ3uRChBcpkec06R85FZtXIV1NwX1lRkZ00-dkIF5NZS58MpA HTTP 302
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEOuPSZt7MV-PCxDIFlEKJB0&google_cver=1&google_push=AYg5qPLl7nZuWHhrZweQCa07kQDoYoWSNX3Uf1qABvp4StSwaPWfGdJ3uRChBcpkec06R85FZtXIV1NwX1lRkZ00-dkIF5NZS58MpA&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS13dXR1aVBSRTJ1RlpTSkRwMVRaVlVuem4zX0lfZ3kzTX5B&google_push=AYg5qPLl7nZuWHhrZweQCa07kQDoYoWSNX3Uf1qABvp4StSwaPWfGdJ3uRChBcpkec06R85FZtXIV1NwX1lRkZ00-dkIF5NZS58MpA

Request Chain 247

https://match.adsrvr.org/track/cmf/generic?ttd_pid=mookie-ps&ttd_tpi=1 HTTP 302
https://odr.mookie1.com/t/v2?tagid=V2_2087&src.visitorId=514a4b88-0dfd-434d-a84a-f5d9ce432a25&gdpr=1&gdpr_consent=

Request Chain 248

https://metrics.getrockerbox.com/track/v4?source=weight_watchers_subscription_germany&tier_one=ttd-display&tier_two=0a7a8j6&tier_three=a99jcch&tier_four=1e7nlzp2 HTTP 302
https://secure.adnxs.com/getuid?https%3A%2F%2Fmetrics.getrockerbox.com%2Ftrack%2Fv4%3Fuid%3D%24UID%26source%3Dweight_watchers_subscription_germany%26tier_one%3Dttd-display%26tier_two%3D0a7a8j6%26tier_three%3Da99jcch%26tier_four%3D1e7nlzp2%26uid_ts%3D1648530002 HTTP 302
https://metrics.getrockerbox.com/track/v4?uid=3274717522904464586&source=weight_watchers_subscription_germany&tier_one=ttd-display&tier_two=0a7a8j6&tier_three=a99jcch&tier_four=1e7nlzp2&uid_ts=1648530002

Request Chain 272

https://token.rubiconproject.com/token?pid=25470&gdpr_consent=BPWmbcgPWmbcg__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU&gdpr=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDFCTzc0N0ktMjMtRU9RNQ==&gdpr=1&gdpr_consent=BPWmbcgPWmbcg__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU

Request Chain 273

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&gdpr_consent=BPWmbcgPWmbcg__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU&gdpr=1 HTTP 302
https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&gdpr_consent=BPWmbcgPWmbcg__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU&gdpr=1&dcc=t

Request Chain 274

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr_consent=BPWmbcgPWmbcg__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU&gdpr=1 HTTP 302
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr_consent=BPWmbcgPWmbcg__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU&gdpr=1&dcc=t

Request Chain 275

https://token.rubiconproject.com/token?pid=26594&gdpr_consent=BPWmbcgPWmbcg__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU&gdpr=1 HTTP 302
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L1BO747I-23-EOQ5&sigv=1&esig=2~1e436f9dbbb665cce79ddfb7a3e2f17717ef5883&gdpr=1&gdpr_consent=BPWmbcgPWmbcg__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU

Request Chain 277

https://token.rubiconproject.com/token?pid=2249&pt=n&gdpr_consent=BPWmbcgPWmbcg__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU&gdpr=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YzBkMzhkZDVkY2RlMGFlNGQ2YWM3MDMzNWQzMjdiMGVmMDZjYWUwZg&gdpr=1&gdpr_consent=BPWmbcgPWmbcg__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU

Request Chain 278

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1&gdpr_consent=BPWmbcgPWmbcg__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU&gdpr=1 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/rubicon/UmolKd309U002bc_Y8lFU8n5EUdSAgOZEtemQ7w0kco?csrc=&gdpr=1&gdpr_consent=BPWmbcgPWmbcg__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU

Request Chain 279

https://match.adsrvr.org/track/cmf/rubicon?gdpr_consent=BPWmbcgPWmbcg__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU&gdpr=1 HTTP 302
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=514a4b88-0dfd-434d-a84a-f5d9ce432a25&gdpr=1&gdpr_consent=BPWmbcgPWmbcg__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU&expires=30

Request Chain 280

https://a.tribalfusion.com/i.match?p=b6&u=CAESEAMlVJkKOPvGRPk2AzbIzxo&google_cver=1&google_push=AYg5qPLY452GhbSL-vZnWSc7FQKYlEDaKFVv08rch1pKkKb8vPyQ4JPfocnYChHMQ8BJiyPnl20PY9joVZSwzqu0mF6OaN7pAzlE8w&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPLY452GhbSL-vZnWSc7FQKYlEDaKFVv08rch1pKkKb8vPyQ4JPfocnYChHMQ8BJiyPnl20PY9joVZSwzqu0mF6OaN7pAzlE8w%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEAMlVJkKOPvGRPk2AzbIzxo&google_cver=1&google_push=AYg5qPLY452GhbSL-vZnWSc7FQKYlEDaKFVv08rch1pKkKb8vPyQ4JPfocnYChHMQ8BJiyPnl20PY9joVZSwzqu0mF6OaN7pAzlE8w&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPLY452GhbSL-vZnWSc7FQKYlEDaKFVv08rch1pKkKb8vPyQ4JPfocnYChHMQ8BJiyPnl20PY9joVZSwzqu0mF6OaN7pAzlE8w%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 281

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEEIJt5oS6y0sVAecnSiRUug&google_cver=1&google_push=AYg5qPLgzFpFmIDXFgQZ5_NR1_2C72oK5w46Cz-9Wu-gC-cicVxrpoC19juZrsHjIAxfs_Wo0w9FKIFOlL6yypxDZ1wIgi8ibI-x HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEEIJt5oS6y0sVAecnSiRUug&google_cver=1&google_push=AYg5qPLgzFpFmIDXFgQZ5_NR1_2C72oK5w46Cz-9Wu-gC-cicVxrpoC19juZrsHjIAxfs_Wo0w9FKIFOlL6yypxDZ1wIgi8ibI-x HTTP 302
https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=google&bsw_custom_parameter=1f554cb1-f262-4be5-8e8c-a88a6c12fca2 HTTP 302
https://pool.admedo.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=google&bsw_custom_parameter=1f554cb1-f262-4be5-8e8c-a88a6c12fca2 HTTP 302
https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=7b13d734-bcc6-4958-ac48-670cbdc5f20b&user_group=1&ssp=google&bsw_param=1f554cb1-f262-4be5-8e8c-a88a6c12fca2 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPLgzFpFmIDXFgQZ5_NR1_2C72oK5w46Cz-9Wu-gC-cicVxrpoC19juZrsHjIAxfs_Wo0w9FKIFOlL6yypxDZ1wIgi8ibI-x&google_hm=H1VMsfJiS-WOjKiKbBL8og==

Request Chain 282

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEFV2rIu7DcD_F5SKJqW0juE&google_cver=1&google_push=AYg5qPJvKMQ-ewLqWUBiNaJ1IE9C-aLd1nUBCkSw5KqKsIvcpomO6Z5RmvdeoOF4S01L8iwPcIO99wS5wU-XseNRP3nJEvKY_Q1zog HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEFV2rIu7DcD_F5SKJqW0juE&google_cver=1&google_push=AYg5qPJvKMQ-ewLqWUBiNaJ1IE9C-aLd1nUBCkSw5KqKsIvcpomO6Z5RmvdeoOF4S01L8iwPcIO99wS5wU-XseNRP3nJEvKY_Q1zog HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODU3OTA0NTAwMzE2MTYwNTAxOA&google_push=AYg5qPJvKMQ-ewLqWUBiNaJ1IE9C-aLd1nUBCkSw5KqKsIvcpomO6Z5RmvdeoOF4S01L8iwPcIO99wS5wU-XseNRP3nJEvKY_Q1zog

Request Chain 283

https://d5p.de17a.com/cookies/google?google_gid=CAESENVX2n9KhcvHaaFVGm37yyI&google_cver=1&google_push=AYg5qPIDW8Hbygi_jAlUHHhS_RcvJQxBHZYbrp1qtmKGQoVaW4kct4HvoXaVRIPcoARHJpnTD_5-VSrQ_NSCqnkee41qeLaiwPbAMg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPIDW8Hbygi_jAlUHHhS_RcvJQxBHZYbrp1qtmKGQoVaW4kct4HvoXaVRIPcoARHJpnTD_5-VSrQ_NSCqnkee41qeLaiwPbAMg

Request Chain 285

https://onetag-sys.com/sync/i,19/?google_gid=CAESEMMytAN66ob6kgh0ExGsOGM&google_cver=1&google_push=AYg5qPJb4Y_W5WC_GPuYj2z7ZHe5SIAZevJof0hx7zAxZUrANl8yEH_x4nKjpNfV_-ZGfS9jnMWNraAN5CK2g0EPGhO86M5VDIc4hQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJb4Y_W5WC_GPuYj2z7ZHe5SIAZevJof0hx7zAxZUrANl8yEH_x4nKjpNfV_-ZGfS9jnMWNraAN5CK2g0EPGhO86M5VDIc4hQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJb4Y_W5WC_GPuYj2z7ZHe5SIAZevJof0hx7zAxZUrANl8yEH_x4nKjpNfV_-ZGfS9jnMWNraAN5CK2g0EPGhO86M5VDIc4hQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJb4Y_W5WC_GPuYj2z7ZHe5SIAZevJof0hx7zAxZUrANl8yEH_x4nKjpNfV_-ZGfS9jnMWNraAN5CK2g0EPGhO86M5VDIc4hQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJb4Y_W5WC_GPuYj2z7ZHe5SIAZevJof0hx7zAxZUrANl8yEH_x4nKjpNfV_-ZGfS9jnMWNraAN5CK2g0EPGhO86M5VDIc4hQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJb4Y_W5WC_GPuYj2z7ZHe5SIAZevJof0hx7zAxZUrANl8yEH_x4nKjpNfV_-ZGfS9jnMWNraAN5CK2g0EPGhO86M5VDIc4hQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJb4Y_W5WC_GPuYj2z7ZHe5SIAZevJof0hx7zAxZUrANl8yEH_x4nKjpNfV_-ZGfS9jnMWNraAN5CK2g0EPGhO86M5VDIc4hQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJb4Y_W5WC_GPuYj2z7ZHe5SIAZevJof0hx7zAxZUrANl8yEH_x4nKjpNfV_-ZGfS9jnMWNraAN5CK2g0EPGhO86M5VDIc4hQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJb4Y_W5WC_GPuYj2z7ZHe5SIAZevJof0hx7zAxZUrANl8yEH_x4nKjpNfV_-ZGfS9jnMWNraAN5CK2g0EPGhO86M5VDIc4hQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJb4Y_W5WC_GPuYj2z7ZHe5SIAZevJof0hx7zAxZUrANl8yEH_x4nKjpNfV_-ZGfS9jnMWNraAN5CK2g0EPGhO86M5VDIc4hQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJb4Y_W5WC_GPuYj2z7ZHe5SIAZevJof0hx7zAxZUrANl8yEH_x4nKjpNfV_-ZGfS9jnMWNraAN5CK2g0EPGhO86M5VDIc4hQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJb4Y_W5WC_GPuYj2z7ZHe5SIAZevJof0hx7zAxZUrANl8yEH_x4nKjpNfV_-ZGfS9jnMWNraAN5CK2g0EPGhO86M5VDIc4hQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJb4Y_W5WC_GPuYj2z7ZHe5SIAZevJof0hx7zAxZUrANl8yEH_x4nKjpNfV_-ZGfS9jnMWNraAN5CK2g0EPGhO86M5VDIc4hQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJb4Y_W5WC_GPuYj2z7ZHe5SIAZevJof0hx7zAxZUrANl8yEH_x4nKjpNfV_-ZGfS9jnMWNraAN5CK2g0EPGhO86M5VDIc4hQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJb4Y_W5WC_GPuYj2z7ZHe5SIAZevJof0hx7zAxZUrANl8yEH_x4nKjpNfV_-ZGfS9jnMWNraAN5CK2g0EPGhO86M5VDIc4hQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJb4Y_W5WC_GPuYj2z7ZHe5SIAZevJof0hx7zAxZUrANl8yEH_x4nKjpNfV_-ZGfS9jnMWNraAN5CK2g0EPGhO86M5VDIc4hQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJb4Y_W5WC_GPuYj2z7ZHe5SIAZevJof0hx7zAxZUrANl8yEH_x4nKjpNfV_-ZGfS9jnMWNraAN5CK2g0EPGhO86M5VDIc4hQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJb4Y_W5WC_GPuYj2z7ZHe5SIAZevJof0hx7zAxZUrANl8yEH_x4nKjpNfV_-ZGfS9jnMWNraAN5CK2g0EPGhO86M5VDIc4hQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJb4Y_W5WC_GPuYj2z7ZHe5SIAZevJof0hx7zAxZUrANl8yEH_x4nKjpNfV_-ZGfS9jnMWNraAN5CK2g0EPGhO86M5VDIc4hQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJb4Y_W5WC_GPuYj2z7ZHe5SIAZevJof0hx7zAxZUrANl8yEH_x4nKjpNfV_-ZGfS9jnMWNraAN5CK2g0EPGhO86M5VDIc4hQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJb4Y_W5WC_GPuYj2z7ZHe5SIAZevJof0hx7zAxZUrANl8yEH_x4nKjpNfV_-ZGfS9jnMWNraAN5CK2g0EPGhO86M5VDIc4hQ

Request Chain 286

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESECXgm_RZOEdWWrSMSGz4Z5g&google_cver=1&google_push=AYg5qPIWvP23ebcAetUOvZ7OWLMRAti3mWVdg6jHFXwd_8Ruu2ZoADwB_kQuczbAr0Rt0lODJADShmCqos3vvnIli91tYRcP0lJu HTTP 302
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=AYg5qPIWvP23ebcAetUOvZ7OWLMRAti3mWVdg6jHFXwd_8Ruu2ZoADwB_kQuczbAr0Rt0lODJADShmCqos3vvnIli91tYRcP0lJu&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&cb=1648530001956 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-8e8d7b9d-af80-4a7c-931d-748683170876-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAYg5qPIWvP23ebcAetUOvZ7OWLMRAti3mWVdg6jHFXwd_8Ruu2ZoADwB_kQuczbAr0Rt0lODJADShmCqos3vvnIli91tYRcP0lJu%26google_hm%3DA46Ne52vgEp8kx10hoMXCHY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPIWvP23ebcAetUOvZ7OWLMRAti3mWVdg6jHFXwd_8Ruu2ZoADwB_kQuczbAr0Rt0lODJADShmCqos3vvnIli91tYRcP0lJu&google_hm=A46Ne52vgEp8kx10hoMXCHY

Request Chain 295

https://match.adsrvr.org/track/cmf/generic?ttd_pid=mookie-ps&ttd_tpi=1 HTTP 302
https://odr.mookie1.com/t/v2?tagid=V2_2087&src.visitorId=514a4b88-0dfd-434d-a84a-f5d9ce432a25&gdpr=1&gdpr_consent=

Request Chain 335

https://eb2.3lift.com/sync?max=10&cb=75345 HTTP 302
https://eb2.3lift.com/sync?max=10&cb=75345&ld=1

Request Chain 340

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEAldTBnz14a_ppROfgsYhiw&google_cver=1&google_push=AYg5qPISyKxb7p4rn3RHyQjntdNkKg9GYWlQaK1uKAKQyIMt4Kfik3lc8dhhdxGEPvGsHeFXqTz6e2bYQ6EViTyPVy2MejO2O6Mj HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEAldTBnz14a_ppROfgsYhiw&google_push=AYg5qPISyKxb7p4rn3RHyQjntdNkKg9GYWlQaK1uKAKQyIMt4Kfik3lc8dhhdxGEPvGsHeFXqTz6e2bYQ6EViTyPVy2MejO2O6Mj

Request Chain 341

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEG-h8F0Ll43Xk8ra1hszunw&google_cver=1&google_push=AYg5qPLmrhvSDlzos2cs4althzIW_4lFypQSWvyc63Y77y1qiciBndq28Zi1s5IXUCH7ssJlIsipy6hzkgHGtp_57058-A7VbYfm HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPLmrhvSDlzos2cs4althzIW_4lFypQSWvyc63Y77y1qiciBndq28Zi1s5IXUCH7ssJlIsipy6hzkgHGtp_57058-A7VbYfm&google_hm=c9fpMcL7TGKKj4EGLAonkx4

Request Chain 343

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEKemgJD6edAGz7P_WMTUMB0&google_cver=1&google_push=AYg5qPLPlXI5k2Lv1ymIwVYrQl2W_RTXaDYGyL-yJwvuNmjnFaXSu1fdUryZjus4oRDoxPl5tBgI2vbxiaRdbdmkMb-sf5HXskAcQw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODU3OTA0NTAwMzE2MTYwNTAxOA&google_push=AYg5qPLPlXI5k2Lv1ymIwVYrQl2W_RTXaDYGyL-yJwvuNmjnFaXSu1fdUryZjus4oRDoxPl5tBgI2vbxiaRdbdmkMb-sf5HXskAcQw

Request Chain 344

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESED4Ep2FfBJfdwJV9dp6mKqY&google_cver=1&google_push=AYg5qPKN2VhshnWC0hYeGl4GrMJU87FQ2bVzmbs8TguQmfCGMjjjjaCZX4fBpA735kv7SW0qtv6dbBo0zY3zkZD10nfE2qmWJemTJw HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-8e8d7b9d-af80-4a7c-931d-748683170876-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAYg5qPKN2VhshnWC0hYeGl4GrMJU87FQ2bVzmbs8TguQmfCGMjjjjaCZX4fBpA735kv7SW0qtv6dbBo0zY3zkZD10nfE2qmWJemTJw%26google_hm%3DA46Ne52vgEp8kx10hoMXCHY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPKN2VhshnWC0hYeGl4GrMJU87FQ2bVzmbs8TguQmfCGMjjjjaCZX4fBpA735kv7SW0qtv6dbBo0zY3zkZD10nfE2qmWJemTJw&google_hm=A46Ne52vgEp8kx10hoMXCHY

Request Chain 345

https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESECB19iKHrl-KzEeaHNdSg3s&google_cver=1&google_push=AYg5qPIiCxKRM4lmMlut1rihgCU_sblfFmZWZ1s-C_WbLW9s9B8R3G_Niyl9qHLK73WqLhZilSgGhLJmjM3EWPiJoD29XS7gzKOunA HTTP 302
https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESECB19iKHrl-KzEeaHNdSg3s&google_cver=1&google_push=AYg5qPIiCxKRM4lmMlut1rihgCU_sblfFmZWZ1s-C_WbLW9s9B8R3G_Niyl9qHLK73WqLhZilSgGhLJmjM3EWPiJoD29XS7gzKOunA&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESECB19iKHrl-KzEeaHNdSg3s&google_cver=1&google_push=AYg5qPIiCxKRM4lmMlut1rihgCU_sblfFmZWZ1s-C_WbLW9s9B8R3G_Niyl9qHLK73WqLhZilSgGhLJmjM3EWPiJoD29XS7gzKOunA&apid=UP17643bec-af1d-11ec-900c-06b097fc39c8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVAxNzY0M2JlYy1hZjFkLTExZWMtOTAwYy0wNmIwOTdmYzM5Yzg%3D&google_push=AYg5qPIiCxKRM4lmMlut1rihgCU_sblfFmZWZ1s-C_WbLW9s9B8R3G_Niyl9qHLK73WqLhZilSgGhLJmjM3EWPiJoD29XS7gzKOunA

Request Chain 372

https://eb2.3lift.com/ebda?sync=1&gdpr=1&cmp_cs= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDM0NTgzNDI4NzMwNjI1NTU5MTQ3NQ%3D%3D

Request Chain 374

https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=1&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDM0NTgzNDI4NzMwNjI1NTU5MTQ3NQ%3D%3D

Request Chain 376

https://pr-bh.ybp.yahoo.com/sync/triplelift/4345834287306255591475?gdpr=1&gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=2662&xuid=y-_KAj3OBE2oRhONrrTUg0ChbDg4tP1f6jZsm6BX0BwA--~A&dongle=0883

Request Chain 379

https://s.amazon-adsystem.com/x/757c0557066e95cfd4c7?gdpr=1&gdpr_consent=&uid=4345834287306255591475 HTTP 302
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=4345834287306255591475&dcc=t

Request Chain 380

https://b1sync.zemanta.com/usersync/triplelift?gdpr=1&gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1

Request Chain 389

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEPgWyIgVuczyByGpk8fQowM&google_cver=1&google_push=AYg5qPLxJgga6RPGQb_VHKxmaPb1blxoMeTp-SVlFBk936ro3sBR0QU0TX6bxtceXXKJ96ux9KcnIxgxTF2lbnTQxTfsdG2BEbmo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WWtLU1VnQUVYX1ViQVFBLQ==&google_gid=CAESEPgWyIgVuczyByGpk8fQowM&google_cver=1&google_push=AYg5qPLxJgga6RPGQb_VHKxmaPb1blxoMeTp-SVlFBk936ro3sBR0QU0TX6bxtceXXKJ96ux9KcnIxgxTF2lbnTQxTfsdG2BEbmo

Request Chain 390

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEF2NDQN_t1WU6kbZNBYDbms&google_cver=1&google_push=AYg5qPL6L0reKAGWUEtjT4zyVZmJgdxEHyfn6mYOFQpD4yPnoCG1obvNTBAF9-_lrJ7lriMtpLhtBO4gskasSxPL5eorOE_FmBc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPL6L0reKAGWUEtjT4zyVZmJgdxEHyfn6mYOFQpD4yPnoCG1obvNTBAF9-_lrJ7lriMtpLhtBO4gskasSxPL5eorOE_FmBc&google_hm=Mjg4Mjc4MTQwNzE4Mzc0MzcxNw%3D%3D

Request Chain 391

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEN2b4vYJ-GP10v2phvxcmUk&google_cver=1&google_push=AYg5qPKhxbl9kFLROZSbYmu2Zp9QWZ9Yk_BhN_KZTXyws41vKkp51WEZbLBVOaMZK8SqLLD9uZTItj9VZBvhG290dkYTTkpXhQYH HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEN2b4vYJ-GP10v2phvxcmUk&google_cver=1&google_push=AYg5qPKhxbl9kFLROZSbYmu2Zp9QWZ9Yk_BhN_KZTXyws41vKkp51WEZbLBVOaMZK8SqLLD9uZTItj9VZBvhG290dkYTTkpXhQYH&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=1EIv93PATJy-agQ8xRwu3w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKhxbl9kFLROZSbYmu2Zp9QWZ9Yk_BhN_KZTXyws41vKkp51WEZbLBVOaMZK8SqLLD9uZTItj9VZBvhG290dkYTTkpXhQYH

Request Chain 392

https://onetag-sys.com/sync/i,19/?google_gid=CAESEJIqYIXTw7TBSxJlohaDrZA&google_cver=1&google_push=AYg5qPLXQfQZhrHx5ZFt5YjvugVZox6hPe7jFMTMf14aqv7VYrBzb89cX_gsGdSBOS4BWKAp3B_QFyXdHpeYZmJL5ye6DsGr6xHk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXQfQZhrHx5ZFt5YjvugVZox6hPe7jFMTMf14aqv7VYrBzb89cX_gsGdSBOS4BWKAp3B_QFyXdHpeYZmJL5ye6DsGr6xHk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXQfQZhrHx5ZFt5YjvugVZox6hPe7jFMTMf14aqv7VYrBzb89cX_gsGdSBOS4BWKAp3B_QFyXdHpeYZmJL5ye6DsGr6xHk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXQfQZhrHx5ZFt5YjvugVZox6hPe7jFMTMf14aqv7VYrBzb89cX_gsGdSBOS4BWKAp3B_QFyXdHpeYZmJL5ye6DsGr6xHk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXQfQZhrHx5ZFt5YjvugVZox6hPe7jFMTMf14aqv7VYrBzb89cX_gsGdSBOS4BWKAp3B_QFyXdHpeYZmJL5ye6DsGr6xHk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXQfQZhrHx5ZFt5YjvugVZox6hPe7jFMTMf14aqv7VYrBzb89cX_gsGdSBOS4BWKAp3B_QFyXdHpeYZmJL5ye6DsGr6xHk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXQfQZhrHx5ZFt5YjvugVZox6hPe7jFMTMf14aqv7VYrBzb89cX_gsGdSBOS4BWKAp3B_QFyXdHpeYZmJL5ye6DsGr6xHk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXQfQZhrHx5ZFt5YjvugVZox6hPe7jFMTMf14aqv7VYrBzb89cX_gsGdSBOS4BWKAp3B_QFyXdHpeYZmJL5ye6DsGr6xHk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXQfQZhrHx5ZFt5YjvugVZox6hPe7jFMTMf14aqv7VYrBzb89cX_gsGdSBOS4BWKAp3B_QFyXdHpeYZmJL5ye6DsGr6xHk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXQfQZhrHx5ZFt5YjvugVZox6hPe7jFMTMf14aqv7VYrBzb89cX_gsGdSBOS4BWKAp3B_QFyXdHpeYZmJL5ye6DsGr6xHk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXQfQZhrHx5ZFt5YjvugVZox6hPe7jFMTMf14aqv7VYrBzb89cX_gsGdSBOS4BWKAp3B_QFyXdHpeYZmJL5ye6DsGr6xHk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXQfQZhrHx5ZFt5YjvugVZox6hPe7jFMTMf14aqv7VYrBzb89cX_gsGdSBOS4BWKAp3B_QFyXdHpeYZmJL5ye6DsGr6xHk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXQfQZhrHx5ZFt5YjvugVZox6hPe7jFMTMf14aqv7VYrBzb89cX_gsGdSBOS4BWKAp3B_QFyXdHpeYZmJL5ye6DsGr6xHk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXQfQZhrHx5ZFt5YjvugVZox6hPe7jFMTMf14aqv7VYrBzb89cX_gsGdSBOS4BWKAp3B_QFyXdHpeYZmJL5ye6DsGr6xHk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXQfQZhrHx5ZFt5YjvugVZox6hPe7jFMTMf14aqv7VYrBzb89cX_gsGdSBOS4BWKAp3B_QFyXdHpeYZmJL5ye6DsGr6xHk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXQfQZhrHx5ZFt5YjvugVZox6hPe7jFMTMf14aqv7VYrBzb89cX_gsGdSBOS4BWKAp3B_QFyXdHpeYZmJL5ye6DsGr6xHk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXQfQZhrHx5ZFt5YjvugVZox6hPe7jFMTMf14aqv7VYrBzb89cX_gsGdSBOS4BWKAp3B_QFyXdHpeYZmJL5ye6DsGr6xHk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXQfQZhrHx5ZFt5YjvugVZox6hPe7jFMTMf14aqv7VYrBzb89cX_gsGdSBOS4BWKAp3B_QFyXdHpeYZmJL5ye6DsGr6xHk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXQfQZhrHx5ZFt5YjvugVZox6hPe7jFMTMf14aqv7VYrBzb89cX_gsGdSBOS4BWKAp3B_QFyXdHpeYZmJL5ye6DsGr6xHk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXQfQZhrHx5ZFt5YjvugVZox6hPe7jFMTMf14aqv7VYrBzb89cX_gsGdSBOS4BWKAp3B_QFyXdHpeYZmJL5ye6DsGr6xHk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXQfQZhrHx5ZFt5YjvugVZox6hPe7jFMTMf14aqv7VYrBzb89cX_gsGdSBOS4BWKAp3B_QFyXdHpeYZmJL5ye6DsGr6xHk

Request Chain 393

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESENMCHf9p7PPDnder_SASkBA&google_cver=1&google_push=AYg5qPKgl7_fIUj-ABuswVsNDSwGdtNmCx1dHaQ4gQu2St6SzOBuPHatlL-RsTko_Pc_1Wi31oMx7YeT-dDvIKv3tPrM-Nby2YSz HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-8e8d7b9d-af80-4a7c-931d-748683170876-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAYg5qPKgl7_fIUj-ABuswVsNDSwGdtNmCx1dHaQ4gQu2St6SzOBuPHatlL-RsTko_Pc_1Wi31oMx7YeT-dDvIKv3tPrM-Nby2YSz%26google_hm%3DA46Ne52vgEp8kx10hoMXCHY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPKgl7_fIUj-ABuswVsNDSwGdtNmCx1dHaQ4gQu2St6SzOBuPHatlL-RsTko_Pc_1Wi31oMx7YeT-dDvIKv3tPrM-Nby2YSz&google_hm=A46Ne52vgEp8kx10hoMXCHY

Request Chain 394

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEDfs551B-kom3Ki8wPVy3hU&google_cver=1&google_push=AYg5qPKqOb0naiUQeDcOMLOOLs_UFEp4kv90GhftxpM74P-vIMJxtv8m4CxjI9L14OElGv8aEcGRqtl9HTJErwyljA8tNe28rQFm HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS13dXR1aVBSRTJ1RlpTSkRwMVRaVlVuem4zX0lfZ3kzTX5B&google_push=AYg5qPKqOb0naiUQeDcOMLOOLs_UFEp4kv90GhftxpM74P-vIMJxtv8m4CxjI9L14OElGv8aEcGRqtl9HTJErwyljA8tNe28rQFm

Request Chain 438

https://match.adsrvr.org/track/cmf/generic?ttd_pid=mookie-ps&ttd_tpi=1 HTTP 302
https://odr.mookie1.com/t/v2?tagid=V2_2087&src.visitorId=514a4b88-0dfd-434d-a84a-f5d9ce432a25&gdpr=1&gdpr_consent=

Request Chain 508

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEOfUcL-XSf_Qjblw5ye1KtU&google_cver=1&google_push=AYg5qPJ_-kXMwSd00uKoXlXVkF2XuLsPv27wccfULWrvpTcmsb-Tr3xLuleZnTnhdQSmIbukpHNvKN8T2chEWZ22BRRnCvZw8w HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEOfUcL-XSf_Qjblw5ye1KtU&google_push=AYg5qPJ_-kXMwSd00uKoXlXVkF2XuLsPv27wccfULWrvpTcmsb-Tr3xLuleZnTnhdQSmIbukpHNvKN8T2chEWZ22BRRnCvZw8w&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkKSU-M-BY1WVSBPYhwqxQAABFwAAAIB&google_gid=CAESEOfUcL-XSf_Qjblw5ye1KtU&google_cver=1&google_push=AYg5qPJ_-kXMwSd00uKoXlXVkF2XuLsPv27wccfULWrvpTcmsb-Tr3xLuleZnTnhdQSmIbukpHNvKN8T2chEWZ22BRRnCvZw8w HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkKSU-M-BY1WVSBPYhwqxQAABFwAAAIB&google_gid=CAESEOfUcL-XSf_Qjblw5ye1KtU&google_cver=1&google_push=AYg5qPJ_-kXMwSd00uKoXlXVkF2XuLsPv27wccfULWrvpTcmsb-Tr3xLuleZnTnhdQSmIbukpHNvKN8T2chEWZ22BRRnCvZw8w HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkKSU-M-BY1WVSBPYhwqxQAABFwAAAIB&google_gid=CAESEOfUcL-XSf_Qjblw5ye1KtU&google_cver=1&google_push=AYg5qPJ_-kXMwSd00uKoXlXVkF2XuLsPv27wccfULWrvpTcmsb-Tr3xLuleZnTnhdQSmIbukpHNvKN8T2chEWZ22BRRnCvZw8w HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkKSU-M-BY1WVSBPYhwqxQAABFwAAAIB&google_gid=CAESEOfUcL-XSf_Qjblw5ye1KtU&google_cver=1&google_push=AYg5qPJ_-kXMwSd00uKoXlXVkF2XuLsPv27wccfULWrvpTcmsb-Tr3xLuleZnTnhdQSmIbukpHNvKN8T2chEWZ22BRRnCvZw8w HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkKSU-M-BY1WVSBPYhwqxQAABFwAAAIB&google_gid=CAESEOfUcL-XSf_Qjblw5ye1KtU&google_cver=1&google_push=AYg5qPJ_-kXMwSd00uKoXlXVkF2XuLsPv27wccfULWrvpTcmsb-Tr3xLuleZnTnhdQSmIbukpHNvKN8T2chEWZ22BRRnCvZw8w HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkKSU-M-BY1WVSBPYhwqxQAABFwAAAIB&google_gid=CAESEOfUcL-XSf_Qjblw5ye1KtU&google_cver=1&google_push=AYg5qPJ_-kXMwSd00uKoXlXVkF2XuLsPv27wccfULWrvpTcmsb-Tr3xLuleZnTnhdQSmIbukpHNvKN8T2chEWZ22BRRnCvZw8w HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkKSU-M-BY1WVSBPYhwqxQAABFwAAAIB&google_gid=CAESEOfUcL-XSf_Qjblw5ye1KtU&google_cver=1&google_push=AYg5qPJ_-kXMwSd00uKoXlXVkF2XuLsPv27wccfULWrvpTcmsb-Tr3xLuleZnTnhdQSmIbukpHNvKN8T2chEWZ22BRRnCvZw8w HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkKSU-M-BY1WVSBPYhwqxQAABFwAAAIB&google_gid=CAESEOfUcL-XSf_Qjblw5ye1KtU&google_cver=1&google_push=AYg5qPJ_-kXMwSd00uKoXlXVkF2XuLsPv27wccfULWrvpTcmsb-Tr3xLuleZnTnhdQSmIbukpHNvKN8T2chEWZ22BRRnCvZw8w

Request Chain 510

https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEFSzoQWZQBE2CDRO3d8yWRQ&google_cver=1&google_push=AYg5qPI7VvhHlYzUitTrdjjg_r_p9B7-vRTahStpJ2XvUyVrom5H7gkGncTavDdhTcbai5vDqWBbXLRyA213bfqUZdTZagTWhx3F HTTP 302
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEFSzoQWZQBE2CDRO3d8yWRQ&google_cver=1&google_push=AYg5qPI7VvhHlYzUitTrdjjg_r_p9B7-vRTahStpJ2XvUyVrom5H7gkGncTavDdhTcbai5vDqWBbXLRyA213bfqUZdTZagTWhx3F&apid=UP17643bec-af1d-11ec-900c-06b097fc39c8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVAxNzY0M2JlYy1hZjFkLTExZWMtOTAwYy0wNmIwOTdmYzM5Yzg%3D&google_push=AYg5qPI7VvhHlYzUitTrdjjg_r_p9B7-vRTahStpJ2XvUyVrom5H7gkGncTavDdhTcbai5vDqWBbXLRyA213bfqUZdTZagTWhx3F

Request Chain 555

https://match.adsrvr.org/track/cmf/generic?ttd_pid=mookie-ps&ttd_tpi=1 HTTP 302
https://odr.mookie1.com/t/v2?tagid=V2_2087&src.visitorId=514a4b88-0dfd-434d-a84a-f5d9ce432a25&gdpr=1&gdpr_consent=

Request Chain 590

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEILWj41QOUVXpkIII3SyKYI&google_cver=1&google_push=AYg5qPJ3c5QRqtu0RUVu3BVKsWPVcSayoIaeCVeinRF2y8ovULiTulw8Ii7cZw4g_BOjq0aEv9H6pkNsKmkwjRCiueshbmrauJM HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEILWj41QOUVXpkIII3SyKYI&google_cver=1&google_push=AYg5qPJ3c5QRqtu0RUVu3BVKsWPVcSayoIaeCVeinRF2y8ovULiTulw8Ii7cZw4g_BOjq0aEv9H6pkNsKmkwjRCiueshbmrauJM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=Y1hVS21YeEcxTnozWEM1&google_gid=CAESEILWj41QOUVXpkIII3SyKYI&google_cver=1&google_push=AYg5qPJ3c5QRqtu0RUVu3BVKsWPVcSayoIaeCVeinRF2y8ovULiTulw8Ii7cZw4g_BOjq0aEv9H6pkNsKmkwjRCiueshbmrauJM

Request Chain 591

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEO21tyno6lWI--SZIxrwoz0&google_cver=1&google_push=AYg5qPJCepHAlv0OLsDTs0sryL4LVKifBjzrMjars0dy812QJf_CIvmjm93-dSsiUPRQrp1AkwPbmFvlGsTbAQukS2NiG7JsIW3n HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WWtLU1VnQUVYX1ViQVFBLQ==&google_gid=CAESEO21tyno6lWI--SZIxrwoz0&google_cver=1&google_push=AYg5qPJCepHAlv0OLsDTs0sryL4LVKifBjzrMjars0dy812QJf_CIvmjm93-dSsiUPRQrp1AkwPbmFvlGsTbAQukS2NiG7JsIW3n

Request Chain 593

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEJkg61R3c68iQqP5LUHGI0U&google_cver=1&google_push=AYg5qPKIfVeA2wfEIwwYI03RriPu00ebFxLFxQIx_8tDr1yh2YdocO7qdjgOFd5oEHLJRYNzW5qCZVs2lH1zAeBQtPhPN2M1m0kh HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODU3OTA0NTAwMzE2MTYwNTAxOA&google_push=AYg5qPKIfVeA2wfEIwwYI03RriPu00ebFxLFxQIx_8tDr1yh2YdocO7qdjgOFd5oEHLJRYNzW5qCZVs2lH1zAeBQtPhPN2M1m0kh

Request Chain 594

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEGlI8hPaYs0GFHhiqdWQvws&google_cver=1&google_push=AYg5qPJ5c0bzrwZukFqUSn1SD-oT0lSZDFjmmNQavsJT5QQ-Tl2MyYan4XVCAxBjbqlBYK7TS2lYWSO--mL_fBrVFMndl-sXWAE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=1EIv93PATJy-agQ8xRwu3w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJ5c0bzrwZukFqUSn1SD-oT0lSZDFjmmNQavsJT5QQ-Tl2MyYan4XVCAxBjbqlBYK7TS2lYWSO--mL_fBrVFMndl-sXWAE

Request Chain 596

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEIjSnyZ99x5maoYbqINbpG4&google_cver=1&google_push=AYg5qPIaTCKjr9AfwpxCda9UwGlNWJXwPi76mGk2UsSTpnXoouifitqB-JKGxThFEuiC0mScAE4cvDoVrt-EcPJviQ-PX4FLf63w HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-8e8d7b9d-af80-4a7c-931d-748683170876-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAYg5qPIaTCKjr9AfwpxCda9UwGlNWJXwPi76mGk2UsSTpnXoouifitqB-JKGxThFEuiC0mScAE4cvDoVrt-EcPJviQ-PX4FLf63w%26google_hm%3DA46Ne52vgEp8kx10hoMXCHY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPIaTCKjr9AfwpxCda9UwGlNWJXwPi76mGk2UsSTpnXoouifitqB-JKGxThFEuiC0mScAE4cvDoVrt-EcPJviQ-PX4FLf63w&google_hm=A46Ne52vgEp8kx10hoMXCHY

595 HTTP transactions
14 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
mustsharenews.com/spf-arrest-scams/ 183 KB
41 KB 257ms
205ms Document
text/html 2606:4700:20::681a:d92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:d92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 18e2827980bd296c951393b5330d12ae65cbe2079877421ca2d24a96d3159b15

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Date: Tue, 29 Mar 2022 04:59:57 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding,Cookie
Cache-Control: max-age=600
Link: <https://mustsharenews.com/wp-json/>; rel="https://api.w.org/", <https://mustsharenews.com/wp-json/wp/v2/posts/326555>; rel="alternate"; type="application/json", <https://mustsharenews.com/?p=326555>; rel=shortlink
CF-Cache-Status: DYNAMIC
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TFQqam6IN5SSEWrs0b9hPZ0x96dRA4JAXUdFAmszZaxoEebvk4PUAlQ5CSunXTMz7oJQSU%2BJ%2Fe48enqMjy9Zf1KyCUUr14LV0bEdIBlw2csZg5RbzXADrz0ytyP7O422ourLf0JeLNtpLYcWKvTN"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 6f360a040f0f83a3-MXP
Content-Encoding: br

GET
H/1.1 200
OK style.min.css
mustsharenews.com/wp-includes/css/dist/block-library/ 79 KB
11 KB 32ms
31ms Stylesheet
text/css 2606:4700:20::681a:d92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mustsharenews.com/wp-includes/css/dist/block-library/style.min.css?ver=5.8.4
Requested by: Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:d92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 04:59:57 GMT
Content-Encoding: br
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 4749
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 19 Jul 2021 00:56:57 GMT
Server: cloudflare
ETag: W/"13abe-5c76f69fc6840-gzip"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2jPHhRlnGEeHGkxgm5JM5wbYqYJGYvCAymmbIIX3ygseYpEgDEfIQy3G7QoY3BmrGRNt9PtrIpx2dpbRqxzDWYvmqoHUbGxwTTAcyXBySizt7mppo68E5nJhKfySHq97YyjcJpxbq46DQRrhWJnD"}],"group":"cf-nel","max_age":604800}
Content-Type: text/css
Cache-Control: max-age=14400
CF-RAY: 6f360a0568f283a3-MXP

GET
H/1.1 200
OK mediaelementplayer-legacy.min.css
mustsharenews.com/wp-includes/js/mediaelement/ 11 KB
3 KB 58ms
25ms Stylesheet
text/css 2606:4700:20::681a:d92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mustsharenews.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.16
Requested by: Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:d92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 04:59:57 GMT
Content-Encoding: br
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 3340
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 29 Sep 2020 15:53:06 GMT
Server: cloudflare
ETag: W/"2bf8-5b075c75d5c80-gzip"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HYvS%2BHtfk5QVidxQ452i3NkEff6OywUCo9shDpWw%2Boz30oWxqVvO58XBmIuihLFv6CIfz5rI0KenqlukIznAYU%2B2s%2FQdiq3gmq7CJkK9XsOEkSUJ6fQS8jtVDfAvq1%2FRXmCSG9VZuE51wrvwzoYZ"}],"group":"cf-nel","max_age":604800}
Content-Type: text/css
Cache-Control: max-age=14400
CF-RAY: 6f360a05993183a3-MXP

GET
H/1.1 200
OK wp-mediaelement.min.css
mustsharenews.com/wp-includes/js/mediaelement/ 4 KB
2 KB 63ms
29ms Stylesheet
text/css 2606:4700:20::681a:d92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mustsharenews.com/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=5.8.4
Requested by: Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:d92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 04:59:57 GMT
Content-Encoding: br
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 3340
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 07 Jun 2019 20:45:02 GMT
Server: cloudflare
ETag: W/"105a-58ac1e7924f80-gzip"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5OazedPX2ti6xzahkb%2BMvH9p%2FfhMyHwfiZydq9WHOmw2ddK2g%2B4P%2FKO4EKmEl1fqhdiYLYDnnMcawYgtA0XgvQs8n5V3rLHddK%2FjDmmxxTHFyiQT0THeleqi5q3Q222hxUea0l7JY4f%2FZ2sLUavq"}],"group":"cf-nel","max_age":604800}
Content-Type: text/css
Cache-Control: max-age=14400
CF-RAY: 6f360a05af5f59b9-MXP

GET
H/1.1 200
OK styles.css
mustsharenews.com/wp-content/plugins/contact-form-7/includes/css/ 2 KB
2 KB 63ms
29ms Stylesheet
text/css 2606:4700:20::681a:d92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mustsharenews.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.5.6
Requested by: Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:d92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fb12708d973e6b9354f367a6780e5a166b0da7d2721d856da7f9d57130883eaa

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 04:59:57 GMT
Content-Encoding: br
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 3340
Cf-Polished: origSize=2731
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 08 Mar 2022 10:41:59 GMT
Server: cloudflare
ETag: W/"aab-5d9b2a17473ae-gzip"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WbPvCadNHbldZ1itRYaF0q6fRWFsO7kNA%2FL9JFqiVxou%2BIi5ZbLiNgzO0INQDd8KVO4uYmcjGJG8EbPyVZjdgsw0EHObERV%2FMFihQD50VGt3xd5gKcdznmCEQA3gWIBeECjd%2BQP%2B5QUAsGgHhxqw"}],"group":"cf-nel","max_age":604800}
Content-Type: text/css
Cache-Control: max-age=14400
CF-RAY: 6f360a05a9a6839d-MXP
Cf-Bgj: minify

GET
H/1.1 200
OK mashsb.min.css
mustsharenews.com/wp-content/plugins/facebook-sharecount-plugin/assets/css/ 46 KB
28 KB 71ms
36ms Stylesheet
text/css 2606:4700:20::681a:d92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mustsharenews.com/wp-content/plugins/facebook-sharecount-plugin/assets/css/mashsb.min.css?ver=3.5.7
Requested by: Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:d92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff4832891f440eef69f6db3572ef7fc3e69f6635bf0d56af126b3930c0a5070e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 04:59:57 GMT
Content-Encoding: br
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 6984
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 31 Aug 2021 21:50:22 GMT
Server: cloudflare
ETag: W/"b75f-5cae1efc9657f-gzip"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8sXIfe1P3N4rZOmKxszMrHfcOCzue04GSF0yDYdSd6lyBg2gLT8x%2FPv2XrxfO0Z3CcaEidzFpLTzRKW5x%2FA3iff6VL8Wp9AhxIPLNsbMRGFAxD11eqz2Ai2G24WGMT71Cyzmo%2Fa4KTucwhuqLeRy"}],"group":"cf-nel","max_age":604800}
Content-Type: text/css
Cache-Control: max-age=14400
CF-RAY: 6f360a05af4459a7-MXP

GET
H/1.1 200
OK mashbar.min.css
mustsharenews.com/wp-content/plugins/mashshare-sharebar/assets/css/ 1 KB
1 KB 64ms
26ms Stylesheet
text/css 2606:4700:20::681a:d92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mustsharenews.com/wp-content/plugins/mashshare-sharebar/assets/css/mashbar.min.css?ver=5.8.4
Requested by: Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:d92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: daa9346d4445de08b9e12c573d88ec23c986a390c018b46bc2d0286ae4922b22

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 04:59:57 GMT
Content-Encoding: br
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 3340
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 31 Aug 2021 21:50:33 GMT
Server: cloudflare
ETag: W/"58e-5cae1f06ebc34-gzip"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3kINak%2FAnwlgxEgshEjE76PAGnej8IZqNBmxSahDj3ZUG73F%2F12tXYA7LJCHWarQySPy4tp9IEDNjQX4FzWtgeWFeHQHgmIgSZ0RvHi8gQl9E0VcxNlteEAdUiqdogtSwlFJrK4HYWoTmceqNfy%2B"}],"group":"cf-nel","max_age":604800}
Content-Type: text/css
Cache-Control: max-age=14400
CF-RAY: 6f360a05ad573745-MXP

GET
H/1.1 200
OK style.css
mustsharenews.com/wp-content/plugins/td-composer/td-multi-purpose/ 68 KB
10 KB 73ms
32ms Stylesheet
text/css 2606:4700:20::681a:d92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mustsharenews.com/wp-content/plugins/td-composer/td-multi-purpose/style.css?ver=9e241c87ee8782e8f19bb886a935e653
Requested by: Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:d92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6423be11726e1e0b4634c6eff293988080151402a0b5fa202b0d3ba768053261

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 04:59:57 GMT
Content-Encoding: br
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 3340
Cf-Polished: origSize=70108
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 31 Aug 2021 21:49:57 GMT
Server: cloudflare
ETag: W/"111dc-5cae1ee4a79a3-gzip"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XHddjHh%2BwrlimOL6Gu7n%2BORqUgIEgjHucpPeOdud7PnUebqkgKi7MYzgNveqo%2FtlNPG5Ms80tHl6Bcl2iC1XcqnPHyGucXnBAhBdQHVU%2BhQ9kC%2B%2B%2BJQQmX0enzL%2FfsNuArwkbpvyRl%2FcjUL33gqx"}],"group":"cf-nel","max_age":604800}
Content-Type: text/css
Cache-Control: max-age=14400
CF-RAY: 6f360a05ad5383b4-MXP
Cf-Bgj: minify

GET
H2 200 css
fonts.googleapis.com/ 31 KB
2 KB 39ms
15ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat%3A400%7CRoboto%3A300%2C400%2C400italic%2C500%2C500italic%2C700%2C900%7COpen+Sans%3A300italic%2C400%2C400italic%2C600%2C600italic%2C700&ver=9.1

Requested by

Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e5ecac81bed7e5fdbcd9b8d8caf945748cf52ec470f69451828579b97c29b78e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Tue, 29 Mar 2022 04:31:55 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 29 Mar 2022 04:59:57 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 29 Mar 2022 04:59:57 GMT

GET
H/1.1 200
OK style.css
mustsharenews.com/wp-content/themes/Newspaper/ 903 KB
102 KB 95ms
37ms Stylesheet
text/css 2606:4700:20::681a:d92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mustsharenews.com/wp-content/themes/Newspaper/style.css?ver=9.1
Requested by: Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:d92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4be624c6915035ad35c909f2470e9002f2f81b6b719b991f3bfc32386e3bc6ea

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 04:59:57 GMT
Content-Encoding: br
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 4749
Cf-Polished: origSize=1229551
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 31 Aug 2021 21:49:26 GMT
Server: cloudflare
ETag: W/"12c2ef-5cae1ec7010f2-gzip"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JdJ9WupwUv%2BnWMZggFYm2GfCK%2B71JjH%2FHgs16F0WYAorlcLSJx8%2BMVBJiDyxMgklUIEY2FapXu1g7GY56BNX60QJzT1xVc7vLz0c2FoZgr3pBm%2BsP0RTJ5f7tupqbN%2By%2B26I2wj6%2BpK74o1WJmkm"}],"group":"cf-nel","max_age":604800}
Content-Type: text/css
Cache-Control: max-age=14400
CF-RAY: 6f360a05c97a83a3-MXP
Cf-Bgj: minify

GET
H/1.1 200
OK jetpack.css
mustsharenews.com/wp-content/plugins/jetpack/css/ 86 KB
18 KB 94ms
30ms Stylesheet
text/css 2606:4700:20::681a:d92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mustsharenews.com/wp-content/plugins/jetpack/css/jetpack.css?ver=10.7
Requested by: Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:d92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0b26aba82da1d312d1dbc9358d949d7c63465f31da706b44aa0394f6bc70c0c3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 04:59:57 GMT
Content-Encoding: br
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 3340
Cf-Polished: origSize=87940
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 08 Mar 2022 10:42:30 GMT
Server: cloudflare
ETag: W/"15784-5d9b2a344bbf7-gzip"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Uulfp3ooD9ryiM0yg9UgN8OYdD1kcs9RPN0rkfA6EriUnPX0BZ%2FDODS94mXoafTx7xgwsNrhLpbLDTUgJ3rAQBJWNI71Moyvm8Qo548w0C%2Fk6BKjGE6zoJsFzROAQhi7J1J%2Bwuu0QAp%2Bv%2BtLW7aK"}],"group":"cf-nel","max_age":604800}
Content-Type: text/css
Cache-Control: max-age=14400
CF-RAY: 6f360a05df9559b9-MXP
Cf-Bgj: minify

GET
H/1.1 200
OK jquery.min.js Show response
mustsharenews.com/wp-includes/js/jquery/ 87 KB
32 KB 90ms
27ms Script
application/javascript 2606:4700:20::681a:d92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mustsharenews.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Requested by: Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:d92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 04:59:57 GMT
Content-Encoding: br
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 3340
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 10 Mar 2021 15:07:24 GMT
Server: cloudflare
ETag: W/"15db1-5bd3006388300-gzip"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iN0mocyUOwWOiCiPbvjJZ%2B84ltm3vAj3jAPqaMUMTvrNu19s982l%2FU%2FlzcrbSXJnFNbKFHLake%2F2uWl4HvLV0c6%2BmEKfYSD3HwXPhzbMg8HO1lCbo%2FfD5aMf69iUSqUIcvO5ZmtoYzDS76PViUOz"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
Cache-Control: max-age=14400
CF-RAY: 6f360a05d9fb839d-MXP

GET
H/1.1 200
OK jquery-migrate.min.js Show response
mustsharenews.com/wp-includes/js/jquery/ 11 KB
5 KB 100ms
35ms Script
application/javascript 2606:4700:20::681a:d92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mustsharenews.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by: Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:d92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 04:59:57 GMT
Content-Encoding: br
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 3340
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 18 Nov 2020 09:06:06 GMT
Server: cloudflare
ETag: W/"2bd8-5b45debe27b80-gzip"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ESFCfua9ZdM8Lg5rhgT0KN9ze0q7bHqb%2BTSORGXy0nKJ%2BucH1U3ZLmV7o33IfI9A5tpWoBq%2FeXu6qwoBKgemQf54ni%2B%2BJ%2FVNtTm8doyHm7UWZacJDaeQ%2B5OwHbFe0NOO4jj12gLgtn9Fwo3TZGZi"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
Cache-Control: max-age=14400
CF-RAY: 6f360a05dd8c3745-MXP

GET
H/1.1 200
OK mashsb.min.js Show response
mustsharenews.com/wp-content/plugins/facebook-sharecount-plugin/assets/js/ 4 KB
2 KB 101ms
28ms Script
application/javascript 2606:4700:20::681a:d92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mustsharenews.com/wp-content/plugins/facebook-sharecount-plugin/assets/js/mashsb.min.js?ver=3.5.7
Requested by: Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:d92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0ee12b93ba50a11840fa569d1a4d299a2a044b0c4e16adc69e769c5846c22daa

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 04:59:57 GMT
Content-Encoding: br
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 6984
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 31 Aug 2021 21:50:23 GMT
Server: cloudflare
ETag: W/"f7a-5cae1efce66b3-gzip"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pA7Ohten0Bzoocz7tp5XbmtAPuuEyG%2BtEtyW%2FwjBsO%2FlrFkztq2yXLiJjtYE0OvamZRIcGx1D8c4doPJ7%2B6OphhzI9pzfFGXF3ZelvlnG1MdPeCfc5608fnXgdnF9o9nlA0tzeV%2B%2BBOx3%2B1HMEi9"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
Cache-Control: max-age=14400
CF-RAY: 6f360a05efce59a7-MXP

GET
H/1.1 200
OK mashbar.min.js Show response
mustsharenews.com/wp-content/plugins/mashshare-sharebar/assets/js/ 803 B
1 KB 101ms
28ms Script
application/javascript 2606:4700:20::681a:d92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mustsharenews.com/wp-content/plugins/mashshare-sharebar/assets/js/mashbar.min.js?ver=1.3.9
Requested by: Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:d92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 177d03a93d5bcfcf091484b3da03592467931ab06aa64492c229c3b7e293470b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 04:59:57 GMT
Content-Encoding: br
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 3340
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 31 Aug 2021 21:50:33 GMT
Server: cloudflare
ETag: W/"323-5cae1f06ff4b1-gzip"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=seZ1umVmkpDQdDaWG29FKopy7%2BqorfZ9UAwSbb2pqBIxqe2Sa0LTp%2Bmsfy%2BXYKFZSNZ1uEymmhdK74oj4yD%2BNjC1MpeTgnG6%2B%2FWawv6i4H9QjsIgfyiAgzicl3dgWQU%2Fne6ByiHaN66iygFGIjiW"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
Cache-Control: max-age=14400
CF-RAY: 6f360a05ed9883b4-MXP

GET
H/1.1 200
OK smush-lazy-load.min.js Show response
mustsharenews.com/wp-content/plugins/wp-smushit/app/assets/js/ 8 KB
4 KB 128ms
34ms Script
application/javascript 2606:4700:20::681a:d92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mustsharenews.com/wp-content/plugins/wp-smushit/app/assets/js/smush-lazy-load.min.js?ver=3.9.5
Requested by: Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:d92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f65784e5e7332dc1e4bbeacbec70fdeef4a1bea84f16ce2ee144999719d195ce

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 04:59:57 GMT
Content-Encoding: br
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 4749
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 06 Feb 2022 12:48:22 GMT
Server: cloudflare
ETag: W/"1ef2-5d758e62df37d-gzip"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qN8zKd76uAoKHpX6BWIacgqklW%2FXxH8HNdz5k%2BTiiRkT0Vjcqka%2F6LiPyvNKIWiqXgFJ%2F8nm6hilUkBKlijEQxawFNG0BWKc3WIAT6apHCulKtZ2aVKur5dAxVbLr8ejJPRP%2FWusVVqMdaJQTkdl"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
Cache-Control: max-age=14400
CF-RAY: 6f360a060a61839d-MXP

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 95 KB
37 KB 121ms
22ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-54789758-1

Requested by

Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

44f66a1b8aaba78fb07373997c1be870e96b71e6ea4cee0187b61f419d117d54

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 04:59:57 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37770
x-xss-protection: 0
last-modified: Tue, 29 Mar 2022 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 29 Mar 2022 04:59:57 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 154 KB
53 KB 154ms
55ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b2373c2055f7d790f590ed0e49b87cb740c2927a113eadc2140376cd62cbf395

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 04:59:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53780
x-xss-protection: 0
server: cafe
etag: 15917978939433901390
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 29 Mar 2022 04:59:57 GMT

GET
H2 200 ats.js Show response
anymind360.com/js/1816/ 166 KB
31 KB 50ms
15ms Script
application/javascript 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://anymind360.com/js/1816/ats.js

Requested by

Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

22d020772d4885ac0ed5f7913304e8eb6e161eb32d3cc658e725959a0955a79e

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 04:59:57 GMT
content-encoding: gzip
fastly-original-body-size: 31057
age: 45793
x-guploader-uploadid: ADPycdvw9QwhGO4-sZAoG-qVIEGo3E9Dx3oN_GtyJPAzzXTIvynoKxmvkOOYg__Yy8PkBKbvECQGmdlF_gueglMm3vqwGfgQsQ
x-cache: HIT, HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
strict-transport-security: max-age=300
content-length: 31057
x-served-by: cache-tyo11927-TYO, cache-mxp6952-MXP
access-control-allow-origin: *
expires: Mon, 28 Mar 2022 16:16:44 GMT
last-modified: Wed, 23 Mar 2022 15:08:55 GMT
server: UploadServer
x-timer: S1648529998.704094,VS0,VE0
etag: "bea19ce9cd828a49384d36455fd14ae5"
vary: Accept-Encoding
x-goog-hash: crc32c=bV9Wkg==, md5=vqGc6c2Cikk4TTZFX9FK5Q==
x-goog-generation: 1648048135880897
via: 1.1 varnish, 1.1 varnish
access-control-expose-headers: Content-Type
cache-control: max-age=43200
x-goog-stored-content-length: 31057
accept-ranges: bytes
content-type: application/javascript; charset=UTF-8
x-cache-hits: 1, 2

GET
H2 200 amp-sticky-ad-1.0.js Show response
cdn.ampproject.org/v0/ 40 KB
11 KB 114ms
16ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-sticky-ad-1.0.js

Requested by

Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

470c5074c671f376d6f3ac789824ebf538f6188ae517f8495696d11d0ad351b5

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10331
x-xss-protection: 0
server: sffe
date: Tue, 29 Mar 2022 04:59:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: private, max-age=604800, stale-while-revalidate=604800
etag: "a24217a6b0130710"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 29 Mar 2022 04:59:57 GMT

GET
H/1.1 200
OK regenerator-runtime.min.js Show response
mustsharenews.com/wp-includes/js/dist/vendor/ 6 KB
3 KB 124ms
28ms Script
application/javascript 2606:4700:20::681a:d92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mustsharenews.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.7
Requested by: Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:d92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e87a1c5e24f9a7c7dcb437417f0b05b0a3c12947ce32d65c990c988a8b5ed4d7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 04:59:57 GMT
Content-Encoding: br
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 3340
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 23 Jun 2021 00:06:13 GMT
Server: cloudflare
ETag: W/"1906-5c563acace740-gzip"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YC4Jc6Ok0is16Fcg9WrJlpiMW7p%2FS1NHXXZxx%2FKgi%2BYM6a59M1degUK2ks29OVs1nko92UKm%2F5KuhINdU6hxiSQ0hcTZO19yFfjfjfhBlZpF2qOmyJ7OLGSbKXUi9MbBOJA1trB2c%2BQzN3cI1IkW"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
Cache-Control: max-age=14400
CF-RAY: 6f360a060fd759b9-MXP

GET
H/1.1 200
OK wp-polyfill.min.js Show response
mustsharenews.com/wp-includes/js/dist/vendor/ 16 KB
7 KB 132ms
32ms Script
application/javascript 2606:4700:20::681a:d92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mustsharenews.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
Requested by: Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:d92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 293913879d30bab7499013e935009f5183facbddd63bfc9656a859622590b80b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 04:59:57 GMT
Content-Encoding: br
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 3340
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 14 Jun 2021 23:18:11 GMT
Server: cloudflare
ETag: W/"4056-5c4c2122a12c0-gzip"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aJTy%2BcT6Ec5aoFQPZ7R%2Bn%2B37%2FVR2YEuD9bcMltmQ6gFOtlZ2cPG3IzZYL3YPVEDDP62nyLKOcBPIg3DFrV39bC8xGLxCwwUVgXCLIHnL1zGCT%2BGibB1KcYanMUDaQCcXrcOas22jwO0uipnikEkg"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
Cache-Control: max-age=14400
CF-RAY: 6f360a060dcb3745-MXP

GET
H/1.1 200
OK index.js Show response
mustsharenews.com/wp-content/plugins/contact-form-7/includes/js/ 9 KB
4 KB 127ms
26ms Script
application/javascript 2606:4700:20::681a:d92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mustsharenews.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.5.6
Requested by: Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:d92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 679e44f9b4bbbc2ad0c4000c1413fd3a88627d83f1cba8ebdac26f81bc7edb78

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 04:59:57 GMT
Content-Encoding: br
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 3340
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 08 Mar 2022 10:41:59 GMT
Server: cloudflare
ETag: W/"25f8-5d9b2a174834e-gzip"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FdW4D0%2BjIuGUb1hMoIb1LItZrPcMdGNv%2FZKfzUO26gr00GqZyyl5Q4794IROhG3r53oPmnvlzLznsn6lwZLAvQpKCDA6iVXVFbeYh4g4NDJbbqbtRHTLkKtXD19Gv15et6MVibCBv8J7k6Biazs%2B"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
Cache-Control: max-age=14400
CF-RAY: 6f360a06183a59a7-MXP
Cf-Bgj: minify

GET
H/1.1 200
OK tagdiv_theme.min.js Show response
mustsharenews.com/wp-content/themes/Newspaper/js/ 215 KB
52 KB 134ms
33ms Script
application/javascript 2606:4700:20::681a:d92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mustsharenews.com/wp-content/themes/Newspaper/js/tagdiv_theme.min.js?ver=9.1
Requested by: Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:d92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f550edcd8ddd3406cf76d5043489a7344ba8fac4a51a2e13bdd6eaeca5629369

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 04:59:57 GMT
Content-Encoding: br
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 3340
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 31 Aug 2021 21:50:06 GMT
Server: cloudflare
ETag: W/"35d8d-5cae1eecd3536-gzip"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gmuqxG1YGk8Anc7bUK14dP8dwJpOV01AfdRKHqe022u5VQsgDk10QkNlLVg1q2nVzS%2FmTvP%2B5y7a3tM0fN5UV3SWoNH%2BW2VqdyBEQDjUrAVu04Noxs32ICHwL%2BfLH6eGox1JGx%2BciF3py0xEm3Mq"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
Cache-Control: max-age=14400
CF-RAY: 6f360a061de483b4-MXP

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 884 B
999 B 41ms
18ms Script
text/javascript 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=6LdJ12kbAAAAAOc3xsOVeEOvsYVw2Z1KebJcXiG8&ver=3.0

Requested by

Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

0071fd6b2bd57ac47bfefa8744308f8fb5367192a787bb3ddca9c48e51ff3545

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 04:59:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 586
x-xss-protection: 1; mode=block
expires: Tue, 29 Mar 2022 04:59:57 GMT

GET
H/1.1 200
OK index.js Show response
mustsharenews.com/wp-content/plugins/contact-form-7/modules/recaptcha/ 999 B
1 KB 143ms
29ms Script
application/javascript 2606:4700:20::681a:d92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mustsharenews.com/wp-content/plugins/contact-form-7/modules/recaptcha/index.js?ver=5.5.6
Requested by: Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:d92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2648a1333fa24d383fd73a6beaac17156ae78f4267ff7407ad60e05a788df44c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 04:59:57 GMT
Content-Encoding: br
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 4749
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 08 Mar 2022 10:41:59 GMT
Server: cloudflare
ETag: W/"3e7-5d9b2a174a28e-gzip"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dFh7gJjdzW7NW%2BXkYU1VyInv3SThqtC6apzOgOzWdtIIwOkQV4zTW2aWtL8BJKO4DtAg9iJX%2FJE1vaBgUtzIXBVNb6T3BUiAXrYlMhkHpVHTj0b5F7xZAo9%2FW2l0%2Bg9F%2BJGjNLJY3f%2F3%2BUwajQ4%2B"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
Cache-Control: max-age=14400
CF-RAY: 6f360a0629f383a3-MXP
Cf-Bgj: minify

GET
H/1.1 200
OK wp-embed.min.js Show response
mustsharenews.com/wp-includes/js/ 1 KB
2 KB 150ms
25ms Script
application/javascript 2606:4700:20::681a:d92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mustsharenews.com/wp-includes/js/wp-embed.min.js?ver=5.8.4
Requested by: Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:d92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 04:59:57 GMT
Content-Encoding: br
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 3340
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 06 Jan 2021 15:29:24 GMT
Server: cloudflare
ETag: W/"592-5b83cfce57d00-gzip"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z%2Bx0ARsceychpuNtJTh3CXtkGcOXmnIY%2FCkNtRLH5AjP9HJl94pWMEtfqntI3z4gEMuH2OloiCXGedAq4sXZNjQuyD%2FMe5N%2BWbCSLz4eaoBMDbGXOSVpqLGviup1WSWbiexYx7v5kQK1f%2FhA9bYQ"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
Cache-Control: max-age=14400
CF-RAY: 6f360a06381e59b9-MXP

GET
H2 200 e-202213.js Show response
stats.wp.com/ 9 KB
3 KB 111ms
13ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202213.js
Requested by: Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

x-nc: HIT ams
date: Tue, 29 Mar 2022 04:59:57 GMT
content-encoding: br
server: nginx
etag: W/"6197c5cf-3508"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Sun, 19 Mar 2023 23:32:41 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 105ms
6ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 3311
date: Tue, 29 Mar 2022 04:04:46 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Tue, 29 Mar 2022 06:04:46 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 95ms
8ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d6c1241b1c5497f12d290dfd7de52f24a6eebf67f66fa8a4b0ace4395d9f486f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: i6+57GRR/YIi2HV8vBa3uQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
expires: Tue, 29 Mar 2022 05:08:22 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 1685
x-fb-rlafr: 0
x-fb-debug: 6qK1nYoJ73xPRH3N7ddV79sId/+UJYEt3TxC+LZqM9YStI/l6X0ATIXxGlsPoO289gaevtBSpMyH2wOfsPBeVQ==
x-fb-trip-id: 686109401
x-fb-content-md5: 04bae27e75959dd3ba9aa00bd4fedcd8
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Tue, 29 Mar 2022 04:59:57 GMT
x-frame-options: DENY
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "ed13528d2fb1a57f43bc2d90a75b0efc"
timing-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5

GET
H/1.1 200
OK wp-emoji-release.min.js Show response
mustsharenews.com/wp-includes/js/ 18 KB
5 KB 30ms
30ms Script
application/javascript 2606:4700:20::681a:d92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mustsharenews.com/wp-includes/js/wp-emoji-release.min.js?ver=5.8.4
Requested by: Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:d92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 04:59:57 GMT
Content-Encoding: br
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 549
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 08 Jun 2021 22:15:12 GMT
Server: cloudflare
ETag: W/"4705-5c4487ddedc00-gzip"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lf4EoFg5i6PNZaFPf1G%2FLG%2F8I0U5DE3iIWzUGhlTO2M71IUIogf6Km5%2FvV359bQT7D433f8%2ByPN45u5m%2BIDgPxFnB1UgmrvAts2t0SfVTI4qFBAXGGAiHi%2F4vjd%2Fu4iPwR%2BpjgEK0T46mlhOC6th"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
Cache-Control: max-age=14400
CF-RAY: 6f360a06786559b9-MXP

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 102 KB
39 KB 137ms
39ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PFFLZCT

Requested by

Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

93a99cc480b8baf469bfc9cc3774818ca053003ba12eb0b00c75044a66faa22b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 04:59:57 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39894
x-xss-protection: 0
last-modified: Tue, 29 Mar 2022 03:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 29 Mar 2022 04:59:57 GMT

GET
H2 200 pwt.js Show response
ads.pubmatic.com/AdServer/js/pwt/158497/5984/ 245 KB
76 KB 117ms
19ms Script
text/javascript 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/pwt/158497/5984/pwt.js
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/1816/ats.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 815564293529e8a1273e2d86754ea536392b6bfa1e9d98dadd708d3268e30c21

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 04:59:57 GMT
content-encoding: gzip
last-modified: Thu, 11 Nov 2021 07:01:22 GMT
server: Apache/2.2.15 (CentOS)
etag: "15c1e33-3d366-5d07de90548cc"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: public, max-age=111595
accept-ranges: bytes
content-type: text/javascript
content-length: 77259
expires: Wed, 30 Mar 2022 11:59:52 GMT

GET
H/1.1 200
OK smart.js Show response
ced.sascdn.com/tag/2060/ 93 KB
30 KB 124ms
26ms Script
application/javascript 2.16.186.26
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ced.sascdn.com/tag/2060/smart.js
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/1816/ats.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.186.26 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-16-186-26.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 41c9b724c00dba4554fa04b5637b2fec7b9067f208d11a974cbc4dd608de787d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 04:59:57 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/javascript; charset=UTF-8
Cache-Control: public, max-age=900
Connection: keep-alive
Content-Length: 30865
Expires: Tue, 29 Mar 2022 05:14:57 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 99 KB
26 KB 65ms
8ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3e18d0e3dd548e9745884578e3cd9f0a492ddbb6f3b797db364b45bb16cadfb3

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 26320
x-xss-protection: 0
pragma: public
x-fb-debug: WoF9ufp1j4O6qSZIwHstSpJ9fUiRUFg7wZV1S64vrUmu7rxtto1wTHQORJwW+uhvccjT+8KDEdro8fWxCgY8Jg==
x-fb-trip-id: 686109401
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Tue, 29 Mar 2022 04:59:57 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK newspaper.woff
mustsharenews.com/wp-content/themes/Newspaper/images/icons/ 22 KB
15 KB 34ms
33ms Font
application/font-woff 2606:4700:20::681a:d92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mustsharenews.com/wp-content/themes/Newspaper/images/icons/newspaper.woff?15
Requested by: Host: mustsharenews.com
URL: https://mustsharenews.com/wp-content/themes/Newspaper/style.css?ver=9.1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:d92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5b56f14bb63fc412aec1562ff5b4807919a486491f2e9a86054ef08922c634d1

Request headers

Referer: https://mustsharenews.com/wp-content/themes/Newspaper/style.css?ver=9.1
Origin: https://mustsharenews.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 04:59:57 GMT
Content-Encoding: br
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 3017
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 31 Aug 2021 21:50:51 GMT
Server: cloudflare
ETag: W/"5630-5cae1f17c0374"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mtGcGqUhWburHFNGzqjVwcnJHGH3oJFD81SxyFbkKQm3uUg9yzFQP5HBL93%2BkmePJMhof91lwwLhspIxHXwq93MV9bG7MC3PZfPB6%2FxA2xwdWvVpzhfrYdijbHWU2FXAjUCB2x%2FsY7NYqfBgIVhh"}],"group":"cf-nel","max_age":604800}
Content-Type: application/font-woff
Cache-Control: max-age=14400
CF-RAY: 6f360a068a8983a3-MXP

GET
H2 200 KFOkCnqEu92Fr1Mu51xIIzI.woff2
fonts.gstatic.com/s/roboto/v29/ 17 KB
17 KB 96ms
15ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOkCnqEu92Fr1Mu51xIIzI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat%3A400%7CRoboto%3A300%2C400%2C400italic%2C500%2C500italic%2C700%2C900%7COpen+Sans%3A300italic%2C400%2C400italic%2C600%2C600italic%2C700&ver=9.1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

46375ee9192c1e0f6eabe4d32b2a48b996b93037f7b4beb970df5b87359548fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://mustsharenews.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 20:39:33 GMT
x-content-type-options: nosniff
age: 462024
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17304
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 23 Mar 2023 20:39:33 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 15 KB
16 KB 82ms
8ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://mustsharenews.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 11:22:37 GMT
x-content-type-options: nosniff
age: 495440
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15732
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:20 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 23 Mar 2023 11:22:37 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 15 KB
16 KB 58ms
10ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://mustsharenews.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 22 Mar 2022 20:07:55 GMT
x-content-type-options: nosniff
age: 550322
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:28 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 22 Mar 2023 20:07:55 GMT

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 121 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a4b423bd3e84385d2bb624a55cddfaafe863235df9791628cb4fc0a9472d3f76

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 16 KB
16 KB 66ms
29ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://mustsharenews.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 05:33:18 GMT
x-content-type-options: nosniff
age: 516399
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:21 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 23 Mar 2023 05:33:18 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v28/ 44 KB
44 KB 54ms
18ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v28/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://mustsharenews.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 22 Mar 2022 22:45:30 GMT
x-content-type-options: nosniff
age: 540867
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44656
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 22:03:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Mar 2023 22:45:30 GMT

GET
H2 200 JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2
fonts.gstatic.com/s/montserrat/v23/ 12 KB
12 KB 73ms
37ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v23/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a658b5f3ec0fd27f3c1500b420b2ed4ff557f5ddb65fbc83c21eae5cadc97dfb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://mustsharenews.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 22 Mar 2022 21:26:13 GMT
x-content-type-options: nosniff
age: 545624
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12648
x-xss-protection: 0
last-modified: Thu, 03 Feb 2022 00:11:58 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 22 Mar 2023 21:26:13 GMT

GET
H2 200 memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2
fonts.gstatic.com/s/opensans/v28/ 47 KB
47 KB 68ms
34ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v28/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f57a038a716263766ff4d7f7d8a6ea13b22701ae6fc91e8b1b52fd8784844d23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://mustsharenews.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 22 Mar 2022 22:46:00 GMT
x-content-type-options: nosniff
age: 540837
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47836
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 22:01:28 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Mar 2023 22:46:00 GMT

GET
H/1.1 200
OK Logo-red-cropped-181.png
mustsharenews.com/wp-content/uploads/2018/10/ 2 KB
2 KB 36ms
35ms Image
image/webp 2606:4700:20::681a:d92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mustsharenews.com/wp-content/uploads/2018/10/Logo-red-cropped-181.png
Requested by: Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:d92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 73b76b2df4b5c17bb821b7d35a73bb35c2f0a2d3242042898af129b5d5638678

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 04:59:57 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 4748
Cf-Polished: origFmt=png, origSize=2288
Content-Disposition: inline; filename="Logo-red-cropped-181.webp"
Connection: keep-alive
Content-Length: 1586
Last-Modified: Tue, 31 Aug 2021 22:44:52 GMT
Server: cloudflare
ETag: "8f0-5cae2b2b1450e"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wkFenltqPex90awGVFwjjF4Ce880Qh8MjmLg1lmhQ%2BRjOLxoVJBx31l8FseUTolP7o2VP0ZLcTCOeKF%2Bi9BAjS6Q1HpZlIs%2BNr3mnJfeJMbLjWRHioPuFOBzTu4vn6Ykaxp4YkFsawUFMpq3arux"}],"group":"cf-nel","max_age":604800}
Content-Type: image/webp
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 6f360a071b8483a3-MXP
Cf-Bgj: imgq:85,h2pri

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ 15 KB
15 KB 40ms
39ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://mustsharenews.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 22 Mar 2022 18:59:49 GMT
x-content-type-options: nosniff
age: 554408
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 22 Mar 2023 18:59:49 GMT

GET
H/1.1 200
OK librefranklin-regular-webfont.woff
mustsharenews.com/wp-content/uploads/2018/10/ 31 KB
31 KB 40ms
40ms Font
application/font-woff 2606:4700:20::681a:d92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mustsharenews.com/wp-content/uploads/2018/10/librefranklin-regular-webfont.woff
Requested by: Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:d92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0458df465ed91976d098c684ee1ece072857ec798dfa003f2d66f2702c8bf562

Request headers

Referer: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
Origin: https://mustsharenews.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 04:59:57 GMT
Content-Encoding: br
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 3017
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 31 Aug 2021 22:44:46 GMT
Server: cloudflare
ETag: W/"7a88-5cae2b24c428a"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hXND%2Byd3mB5uP1wYdbSoekc7X5mpIV8MMc1%2FPhJhJooepMZNwB9dAoA2ZnSoeu0EMfQUX7FYDrO3fP5RbZFPigQGGqP2xCAC5HjIuPCeSe9cT6K4B7WDJtgOym0eXihjH3x9iZ9mSzmQAxF8JVqZ"}],"group":"cf-nel","max_age":604800}
Content-Type: application/font-woff
Cache-Control: max-age=14400
CF-RAY: 6f360a07193f59b9-MXP

GET
DATA 200
OK truncated
/ 11 KB
11 KB Font
application/octet-stream

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 745caffca4b97cf5cf2374d82c6dfb6fb7c7b694e85432f92ec4dcb35f4418c9

Request headers

Referer
Origin: https://mustsharenews.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Content-Type: application/octet-stream

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/2uoiJ4hP3NUoP9v_eBNfU6CR/ 361 KB
143 KB 57ms
17ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/2uoiJ4hP3NUoP9v_eBNfU6CR/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6LdJ12kbAAAAAOc3xsOVeEOvsYVw2Z1KebJcXiG8&ver=3.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a0315120b66d5141c4d2e381fb5b33602ac16ae8a11d3f9b53073c04ed1e2082

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mustsharenews.com/
Origin: https://mustsharenews.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 21:12:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 28047
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 145570
x-xss-protection: 0
last-modified: Mon, 21 Mar 2022 04:03:33 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 28 Mar 2023 21:12:31 GMT

GET
H/1.1 200
OK feature-image-for-spf-joint-operation-targeting-scams-35-arrested-1.jpg
mustsharenews.com/wp-content/uploads/2022/03/ 164 KB
164 KB 34ms
34ms Image
image/webp 2606:4700:20::681a:d92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mustsharenews.com/wp-content/uploads/2022/03/feature-image-for-spf-joint-operation-targeting-scams-35-arrested-1.jpg
Requested by: Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:d92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bf7c39b1c04634e6ce785fdab6a4fb5708859c05afb6248d2803cfe5372f6f28

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 04:59:58 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 1272
Cf-Polished: qual=85, origFmt=jpeg, origSize=222129
Content-Disposition: inline; filename="feature-image-for-spf-joint-operation-targeting-scams-35-arrested-1.webp"
Connection: keep-alive
Content-Length: 167430
Last-Modified: Mon, 28 Mar 2022 09:34:14 GMT
Server: cloudflare
ETag: "363b1-5db4403f843d7"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=77NUIWLaEl3vIakS9VlfifM6oNNGhQFFiSEtMqxLAvXa1XG6M52ILp8d7zCNI897RTOII%2Fo%2Frz22S4OAXxqHX6ORe9X7RRGxoof%2BzfxVvzG7Xv%2FRMngNljHAEh3ZOD4cXE%2FJFX%2FmIU7NYB3Iszgc"}],"group":"cf-nel","max_age":604800}
Content-Type: image/webp
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 6f360a080a8b59b9-MXP
Cf-Bgj: imgq:85,h2pri

GET
H2 200 g.gif
pixel.wp.com/ 50 B
116 B 14ms
13ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&j=1%3A10.7&blog=74748731&post=326555&tz=8&srv=mustsharenews.com&host=mustsharenews.com&ref=&fcp=501&rand=0.8820662341783532
Requested by: Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 29 Mar 2022 04:59:58 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H3 200 sdk.js Show response
connect.facebook.net/en_GB/ 3 KB
2 KB 18ms
8ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/sdk.js

Requested by

Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d3fd2cc77501f1c42507cecfbb47d62c6652c5bc2e648db5d4a7ba0440ac1dbd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://mustsharenews.com/
Origin: https://mustsharenews.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: Z0ODjhUxunLO7cVddTPvfg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
expires: Tue, 29 Mar 2022 05:01:43 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 1688
x-fb-rlafr: 0
x-fb-debug: hqkoXYXz7LNRZAf3wSYx7MkrjCLi+csCaoGLn8q7QBlXMC/oIuSfgRknOYTWshSp64F1iDpF2GKik4DcBz0pcw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: 68d657542f02155e28f633f811b57aea
cross-origin-opener-policy: same-origin-allow-popups
date: Tue, 29 Mar 2022 04:59:58 GMT
x-frame-options: DENY
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "702a0f0f22b88ced97ec71ab959d4843"
timing-allow-origin: *
priority: u=3,i
access-control-expose-headers: X-FB-Content-MD5

GET
H/1.1 200
OK MSNews-Banner-Mobile.jpg
mustsharenews.com/wp-content/uploads/2021/06/ 7 KB
8 KB 34ms
33ms Image
image/webp 2606:4700:20::681a:d92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mustsharenews.com/wp-content/uploads/2021/06/MSNews-Banner-Mobile.jpg
Requested by: Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:d92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16b602ead2a1b4f31efca9627e70bcbb98eb1b2287e04f3eb933d4a62aacfd51

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 04:59:58 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 4749
Cf-Polished: qual=85, origFmt=jpeg, origSize=61499
Content-Disposition: inline; filename="MSNews-Banner-Mobile.webp"
Connection: keep-alive
Content-Length: 6846
Last-Modified: Tue, 31 Aug 2021 22:59:36 GMT
Server: cloudflare
ETag: "f03b-5cae2e75ab3de"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zLGLeOoLfbwqRuSGZIRd2phBcV%2BDOhX5GxHVKBXCQ2XE8FwOYBeM%2BBC2483VvoYpCYngq8ngDAc8qI5G%2FgX4GPyPiJCdGd4yYM1H9dHCCZ9AnNJlBfzn2Z5xgFoiVrp%2FOdhixQ4k7ZshuRTs5qif"}],"group":"cf-nel","max_age":604800}
Content-Type: image/webp
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 6f360a081cda83a3-MXP
Cf-Bgj: imgq:85,h2pri

GET
H/1.1 200
OK MSNews-Banner-Title.gif
mustsharenews.com/wp-content/uploads/2021/06/ 7 KB
8 KB 37ms
37ms Image
image/gif 2606:4700:20::681a:d92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mustsharenews.com/wp-content/uploads/2021/06/MSNews-Banner-Title.gif
Requested by: Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:d92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fc0daf43c2398393b4b614f18d2f739c22d6f99cffbd2516ffbe23e6f294470c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 04:59:58 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 4749
Cf-Polished: origSize=8527, status=webp_bigger
Connection: keep-alive
Content-Length: 7326
Last-Modified: Tue, 31 Aug 2021 22:59:36 GMT
Server: cloudflare
ETag: "214f-5cae2e75aa43e"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F%2FpZPpqFTPvnssWxqHXwrP4Fd69kkwgXJAIVDkoeykCRVYGwuIOLcYcmQVx8oE0kuyvqs9wItQIEvf0YXB9LlSpPJEUOVAKh9rCklhMQm%2Ftu7kgsJrUnleICaW6Y4ioG%2FfEN1s5bqeMPcmKhyf1q"}],"group":"cf-nel","max_age":604800}
Content-Type: image/gif
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 6f360a0818ce83b4-MXP
Cf-Bgj: imgq:85,h2pri

GET
H/1.1 200
OK Banner-Facebook.png
mustsharenews.com/wp-content/uploads/2021/06/ 3 KB
4 KB 34ms
34ms Image
image/webp 2606:4700:20::681a:d92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mustsharenews.com/wp-content/uploads/2021/06/Banner-Facebook.png
Requested by: Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:d92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d35372eb43dde22c2b729cfd13376c853c0a44d60a478ac5167e57f8b7a4952d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 04:59:58 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2036
Cf-Polished: origFmt=png, origSize=10271
Content-Disposition: inline; filename="Banner-Facebook.webp"
Connection: keep-alive
Content-Length: 3460
Last-Modified: Tue, 31 Aug 2021 22:59:36 GMT
Server: cloudflare
ETag: "281f-5cae2e75aa43e"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e%2FnU0Z1UNd7flSzt0xUyHZo1TGvicjnfaWYPCPUcRp%2BF1nDRG9xj6gIB11CC3CIIFZc4Tf6huKQgcer8xMfZwu5dbpS7JFDtCBvy6wX22F8HH1zXErJN28EcOoCZEvAEimyi%2FQxlMZpQ93d9LsCK"}],"group":"cf-nel","max_age":604800}
Content-Type: image/webp
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 6f360a0818a03745-MXP
Cf-Bgj: imgq:85,h2pri

GET
H/1.1 200
OK Banner-Instagram.png
mustsharenews.com/wp-content/uploads/2021/06/ 45 KB
46 KB 34ms
34ms Image
image/png 2606:4700:20::681a:d92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mustsharenews.com/wp-content/uploads/2021/06/Banner-Instagram.png
Requested by: Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:d92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fcea1bbdca7df56358ed4cbedc9fad8c9371635f5ec082e7a0273471b1698968

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 04:59:58 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 4749
Cf-Polished: origSize=53209
Connection: keep-alive
Content-Length: 46038
Last-Modified: Tue, 31 Aug 2021 22:59:36 GMT
Server: cloudflare
ETag: "cfd9-5cae2e75ab3de"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pDSaWer3L0OCf8gu385koPxDcRXf2BZF10O4EHr6lZYOKQN4gHTQAHXelJNEUHK%2Fq61lz4o%2FNLShd2PTRkJfNTOEMGzvGBOHMC882TXta75Tr%2BZexnV%2BVOTYoqyE00YQ%2BnG8E%2BO8szaqjZN5CMnE"}],"group":"cf-nel","max_age":604800}
Content-Type: image/png
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 6f360a081e00839d-MXP
Cf-Bgj: imgq:85,h2pri

GET
H/1.1 200
OK Banner-Telegram.png
mustsharenews.com/wp-content/uploads/2021/06/ 5 KB
6 KB 39ms
39ms Image
image/webp 2606:4700:20::681a:d92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mustsharenews.com/wp-content/uploads/2021/06/Banner-Telegram.png
Requested by: Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:d92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0451eb057f839276787041ff6afa9e97d2d815f21d46c22dfb3222bcc04956c5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 04:59:58 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2870
Cf-Polished: origFmt=png, origSize=14046
Content-Disposition: inline; filename="Banner-Telegram.webp"
Connection: keep-alive
Content-Length: 5472
Last-Modified: Tue, 31 Aug 2021 22:59:36 GMT
Server: cloudflare
ETag: "36de-5cae2e75ab3de"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5MPBdy35cVYWOhWFs9gSBdmIsMUct%2BN8Mg0tAHO%2FQqj4WETu531dAba3qrBQArMDrGh28oAS%2B57Vw%2F0FFi1247N%2FJxdThTGJwJP%2FtxilPT8D4RiyZuugUFaweOQwb80RwIjlsIBqOuFEw1IBWd88"}],"group":"cf-nel","max_age":604800}
Content-Type: image/webp
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 6f360a081bd259a7-MXP
Cf-Bgj: imgq:85,h2pri

GET
H/1.1 200
OK MARKPRO-BOLD.woff
mustsharenews.com/wp-content/themes/Newspaper/images/icons/ 29 KB
29 KB 59ms
26ms Font
application/font-woff 2606:4700:20::681a:d92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mustsharenews.com/wp-content/themes/Newspaper/images/icons/MARKPRO-BOLD.woff
Requested by: Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:d92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7717c168fd31fdf0d2570a034cf1f419648556b8bbe9e081788df0f4e0fa60ad

Request headers

Referer: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
Origin: https://mustsharenews.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 04:59:58 GMT
Content-Encoding: br
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2548
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 31 Aug 2021 21:50:51 GMT
Server: cloudflare
ETag: W/"7304-5cae1f17a7cd8"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pq8KgEWm2pSB5s4eYNjWzctjKU9Q9k8wL9XIhUAgRlXsDg8aQ7Y%2F8xcM0kc75VCKG9CPMChjx7axglPyFKM%2Fg0x%2FsvhTNgW8jMlz9LKa%2BqJZmRaueHVw662oAh0%2Fub%2BsEdmXuYnhjP0x%2BXPQNwCk"}],"group":"cf-nel","max_age":604800}
Content-Type: application/font-woff
Cache-Control: max-age=14400
CF-RAY: 6f360a0848ea3745-MXP

GET
H/1.1 200
OK MARKPRO-BLACK.woff
mustsharenews.com/wp-content/themes/Newspaper/images/icons/ 64 KB
64 KB 64ms
31ms Font
application/font-woff 2606:4700:20::681a:d92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mustsharenews.com/wp-content/themes/Newspaper/images/icons/MARKPRO-BLACK.woff
Requested by: Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:d92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0746aa0afb2c133deb583b50dbde1ea6bef2b5371006723f7304f8dc5a11ad23

Request headers

Referer: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
Origin: https://mustsharenews.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 04:59:58 GMT
Content-Encoding: br
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2870
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 31 Aug 2021 21:50:51 GMT
Server: cloudflare
ETag: W/"fe3c-5cae1f17a9c17"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XQQtMwCH3oSuB5mRd%2F4fffRYhmUUIrxgERJ3kZO0NQRSrP6toA1mDHXipKHle54wyuLolCx1VvkrzUCGRQ8nP0CO6QvspBnpVwb60vxjJEVWk723%2BX5mAGhdTHhyNZKlRlIamjTmoMr4mOPsaHED"}],"group":"cf-nel","max_age":604800}
Content-Type: application/font-woff
Cache-Control: max-age=14400
CF-RAY: 6f360a084d1f83a3-MXP

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 283 KB
81 KB 13ms
9ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=de4ace45495bacc1161ff5c161a7f9ca

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

436869c2a516d9d0cad4ed9948c123d10006e18c8214475dbdf0afa7e21fdd45

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://mustsharenews.com/
Origin: https://mustsharenews.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: Rz3ctKjoCgoj58+C+h+Wlg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 82660
x-fb-rlafr: 0
x-fb-debug: 8i/3Nm9m2wBkPttGyqnrIOm7QkTTXkaR+TB9kZvx/qKSXdw792n6lCv85QxZBjiWb4INHEzfNdADWD057ea33w==
x-fb-content-md5: 09d1e7ae7f35fc26fab6a7a57aba4ca3
x-frame-options: DENY
date: Tue, 29 Mar 2022 04:59:58 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "3de160ec6ae9c2cd4ab2f8fa60d6558e"
timing-allow-origin: *
priority: u=3,i
expires: Wed, 29 Mar 2023 00:59:32 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 47ms
20ms XHR
text/plain 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1890991456&t=pageview&_s=1&dl=https%3A%2F%2Fmustsharenews.com%2Fspf-arrest-scams%2F%3FisentiaPostId%3Dpost-1&ul=en-us&de=UTF-8&dt=35%20Arrested%20In%204-Day%20Operation%20Targeting%20Scams%2C%20SPF%20Cautions%20Public%20To%20Stay%20Vigilant&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=1624666943&gjid=87758123&cid=1334310438.1648529998&tid=UA-54789758-1&_gid=257472219.1648529998&_r=1&_slc=1&z=1454773571

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://mustsharenews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 04:59:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://mustsharenews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200 102.json Show response
id5-sync.com/g/v2/ 213 B
535 B 45ms
9ms XHR
application/json 141.95.99.211
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/102.json

Requested by

Host: ced.sascdn.com
URL: https://ced.sascdn.com/tag/2060/smart.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

141.95.99.211 , France, ASN16276 (OVH, FR),

Reverse DNS

ns3213278.ip-141-95-99.eu

Software

Resource Hash

78ee31e34b030570da7481530b0c087165e30d6c0338a3faab059cd78ec7836a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://mustsharenews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://mustsharenews.com
date: Tue, 29 Mar 2022 04:59:57 GMT
access-control-allow-credentials: true
vary: Origin
transfer-encoding: chunked
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/json;charset=UTF-8

POST
H2

200

call Show response
adnetwork.adasiaholdings.com/2060/
Redirect Chain

https://adnetwork.adasiaholdings.com/2060/call
https://adnetwork.adasiaholdings.com/2060/call?cklb=1

2 KB
882 B

268ms
268ms

XHR
application/json

47.74.174.177
ALIBABA-CN-NET Al...

General

Check archive.org

Show headers Download Go to

Full URL: https://adnetwork.adasiaholdings.com/2060/call?cklb=1
Protocol: H2
Server: 47.74.174.177 Singapore, Singapore, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software: /
Resource Hash: 50fe61be4d5fc8bf8175e0062ec263533a760fa9acca89eff7487e9dd7db6b40

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:00 GMT
content-encoding: br
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://mustsharenews.com
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8

Redirect headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:00 GMT
location: https://adnetwork.adasiaholdings.com/2060/call?cklb=1
vary: Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://mustsharenews.com
cache-control: no-cache,no-store
access-control-allow-credentials: true
content-length: 0

OPTIONS
H2 204 call
adnetwork.adasiaholdings.com/2060/ Frame 0
0 1247ms
268ms Preflight 47.74.174.177
ALIBABA-CN-NET Al...

General

Check archive.org

Show headers Download Go to

Full URL: https://adnetwork.adasiaholdings.com/2060/call
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 47.74.174.177 Singapore, Singapore, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,save-data
Origin: https://mustsharenews.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Tue, 29 Mar 2022 04:59:59 GMT
access-control-allow-credentials: true
access-control-allow-headers: content-type,save-data
access-control-allow-methods: GET,HEAD,POST
access-control-allow-origin: https://mustsharenews.com
vary: Origin

GET
H3 200 1346928215461600 Show response
connect.facebook.net/signals/config/ 307 KB
87 KB 61ms
48ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1346928215461600?v=2.9.57&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f3a0d186e152bbeeb7b23ff5a10baa2b10213413dd9b762e5398fe0108b2230e

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: zpugBpWPwLvjUUnDz+cSD80I6LK8OMfjk/NdUtu2/tSR152JGV8e66QB1TB29vDdyeFF9guLgJEJpj63mKkQMA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Tue, 29 Mar 2022 04:59:58 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 82 KB
28 KB 57ms
25ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: anymind360.com
URL: https://anymind360.com/js/1816/ats.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

sffe /

Resource Hash

894b2d03f51d2dd9d0b7bfcb766ed71f003aff42736c2834a8d7dc893705e53a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 04:59:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28100
x-xss-protection: 0
server: sffe
etag: "1172 / 434 of 1000 / last-modified: 1648505365"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 29 Mar 2022 04:59:58 GMT

GET
H2 200 prebid_2022_3_23_15_8_51.js Show response
anymind360.com/js/1816/ 279 KB
87 KB 20ms
20ms Script
application/javascript 2a04:4e42:200::645
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://anymind360.com/js/1816/prebid_2022_3_23_15_8_51.js

Requested by

Host: anymind360.com
URL: https://anymind360.com/js/1816/ats.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:200::645 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

UploadServer /

Resource Hash

781b0aebb68349b18b83b4e19968ee2e54f02c5ec8a83af982d3a30e3635cd27

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 04:59:58 GMT
content-encoding: gzip
fastly-original-body-size: 88581
age: 395226
x-guploader-uploadid: ADPycduJQXBzv99InK6Pp1CwT8FO2w83w_iVSoDXqYp9tW3iwaWwYIyRP_fj8AOWSpZVLRSRCOiWiaAF2KgLf56WoA
x-cache: HIT, HIT
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
strict-transport-security: max-age=300
content-length: 88581
x-served-by: cache-tyo11937-TYO, cache-mxp6952-MXP
access-control-allow-origin: *
expires: Wed, 23 Mar 2022 15:08:58 GMT
last-modified: Wed, 23 Mar 2022 15:08:56 GMT
server: UploadServer
x-timer: S1648529998.165975,VS0,VE0
etag: "68c4a3413ea3e9e988ef7a46b8367101"
vary: Accept-Encoding
x-goog-hash: crc32c=+q4gPw==, md5=aMSjQT6j6emI73pGuDZxAQ==
x-goog-generation: 1648048136036494
via: 1.1 varnish, 1.1 varnish
access-control-expose-headers: Content-Type
cache-control: max-age=31536000, public
x-goog-stored-content-length: 88581
accept-ranges: bytes
content-type: application/javascript; charset=UTF-8
x-cache-hits: 1, 2

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203230101/ 296 KB
107 KB 52ms
35ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203230101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9994647129360327&plah=mustsharenews.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5525c29d96b58c5f887571a4c56d9b302db3caaa015913bed995fcfba7a90d78

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 04:59:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 109249
x-xss-protection: 0
server: cafe
etag: 1893163508052893777
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 29 Mar 2022 04:59:58 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220324/r20190131/ Frame A88B 10 KB
5 KB 37ms
7ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220324/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0ce5fc08d0f617e71e1d61bcd79fc7cc1855f4221945b0c09ac774685fe7f52c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4502
x-xss-protection: 0
date: Mon, 28 Mar 2022 11:23:19 GMT
expires: Mon, 11 Apr 2022 11:23:19 GMT
cache-control: public, max-age=1209600
etag: 4044455266028820542
content-type: text/html; charset=UTF-8
age: 63399
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 15ms
14ms XHR
text/plain 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1890991456&t=pageview&_s=1&dl=https%3A%2F%2Fmustsharenews.com%2Fspf-arrest-scams%2F%3FisentiaPostId%3Dpost-1&ul=en-us&de=UTF-8&dt=35%20Arrested%20In%204-Day%20Operation%20Targeting%20Scams%2C%20SPF%20Cautions%20Public%20To%20Stay%20Vigilant&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEDAAUABAAAAAC~&jid=2122852336&gjid=541769828&cid=1334310438.1648529998&tid=UA-54789758-1&_gid=257472219.1648529998&_r=1&gtm=2ou3n1&z=2032068087

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://mustsharenews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 04:59:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://mustsharenews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
443 B 59ms
19ms XHR
text/plain 2a00:1450:400c:c06::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-54789758-1&cid=1334310438.1648529998&jid=1624666943&gjid=87758123&_gid=257472219.1648529998&_u=IEBAAEAAAAAAAC~&z=1041522871

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c06::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://mustsharenews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 29 Mar 2022 04:59:58 GMT
content-type: text/plain
access-control-allow-origin: https://mustsharenews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
70 B 57ms
19ms XHR
text/plain 2a00:1450:400c:c06::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-54789758-1&cid=1334310438.1648529998&jid=2122852336&gjid=541769828&_gid=257472219.1648529998&_u=aEDAAUABAAAAAC~&z=1163478839

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c06::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://mustsharenews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Tue, 29 Mar 2022 04:59:58 GMT
content-type: text/plain
access-control-allow-origin: https://mustsharenews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 anchor Show response
www.google.com/recaptcha/api2/ Frame E60F 41 KB
21 KB 44ms
25ms Document
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdJ12kbAAAAAOc3xsOVeEOvsYVw2Z1KebJcXiG8&co=aHR0cHM6Ly9tdXN0c2hhcmVuZXdzLmNvbTo0NDM.&hl=de&v=2uoiJ4hP3NUoP9v_eBNfU6CR&size=invisible&cb=79i2uy298fqs

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/2uoiJ4hP3NUoP9v_eBNfU6CR/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

0e60b35470004af5449971aaa63d505584bf7266da8dfb0e45821a7a1f41911e

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-rX8pXyvUpgf64cWCxDtTig' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Tue, 29 Mar 2022 04:59:58 GMT
content-security-policy: script-src 'report-sample' 'nonce-rX8pXyvUpgf64cWCxDtTig' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 21964
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 221 B
423 B 16ms
16ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=mustsharenews.com&callback=_gfp_s_&client=ca-pub-9994647129360327

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203230101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9994647129360327&plah=mustsharenews.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

6f66745c86a33b23baeea300222be90f2ad8df1db9d9a45ce2c4664ff339f9a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 04:59:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 208
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 47ms
24ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=mustsharenews.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 29 Mar 2022 04:59:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 41ms
18ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=mustsharenews.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 29 Mar 2022 04:59:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame CCFA 0
19 B 97ms
80ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9994647129360327&output=html&adk=1812271804&adf=3025194257&lmt=1648529998&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A34635776%2C32%3A32&format=0x0&url=https%3A%2F%2Fmustsharenews.com%2Fspf-arrest-scams%2F%3FisentiaPostId%3Dpost-1&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1648529998170&bpp=2&bdt=529&idt=139&shv=r20220324&mjsv=m202203230101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=7175789465843&frm=20&pv=2&ga_vid=1334310438.1648529998&ga_sid=1648529998&ga_hid=1890991456&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31063247&oid=2&pvsid=710278017565655&pem=188&tmod=219732294&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=157

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Tue, 29 Mar 2022 04:59:58 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Tue, 29 Mar 2022 04:59:58 GMT
cache-control: private

GET
H/1.1 200
OK ARREST.jpg
mustsharenews.com/wp-content/uploads/2022/03/ 91 KB
91 KB 29ms
28ms Image
image/jpeg 2606:4700:20::681a:d92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mustsharenews.com/wp-content/uploads/2022/03/ARREST.jpg
Requested by: Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:d92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 55243e8ee850fcc3ba913136b7fd6fdb9b44ca42e473f5a6c5e47df0bb76f1cb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 04:59:58 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 1272
Cf-Polished: origSize=98452, status=webp_bigger
Connection: keep-alive
Content-Length: 92678
Last-Modified: Mon, 28 Mar 2022 11:08:55 GMT
Server: cloudflare
ETag: "18094-5db45569be606"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bp29O%2B4IhTtImUpbYJ6ObsnndsDy5pb1hwfMM%2BBZHWHGWU7z2TFgQLxzk6pGsu9Gnz8fBLH122HNygPHBjaB0kJxxHhxEkgjpj581ci7RP1FernB%2FXx%2Bwj6zHJwq7yAjtKIMAt%2FuzL5DV6HpFJ5m"}],"group":"cf-nel","max_age":604800}
Content-Type: image/jpeg
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 6f360a099f3283a3-MXP
Cf-Bgj: imgq:85,h2pri

GET
H2 200 Omega-Swatch-Feedback.jpg
i0.wp.com/mustsharenews.com/wp-content/uploads/2022/03/ 20 KB
20 KB 29ms
9ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/mustsharenews.com/wp-content/uploads/2022/03/Omega-Swatch-Feedback.jpg?resize=600%2C314&ssl=1

Requested by

Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

0ca392c46c706c47f0950f668c927c6d55fd4342aad0768a8c796c9dce7ae711

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 29 Mar 2022 04:59:58 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Mar 2022 11:03:57 GMT
server: nginx
etag: "935999d9597e583e"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://mustsharenews.com/wp-content/uploads/2022/03/Omega-Swatch-Feedback.jpg>; rel="canonical"
content-length: 20174
expires: Wed, 27 Mar 2024 23:03:57 GMT

GET
H2 200 grabfood-cover-edited.jpg
i0.wp.com/mustsharenews.com/wp-content/uploads/2022/03/ 27 KB
27 KB 38ms
18ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/mustsharenews.com/wp-content/uploads/2022/03/grabfood-cover-edited.jpg?resize=600%2C314&ssl=1

Requested by

Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

d1a0487fea35c3fd612d68397ae5c95e4b93cf09945d4378b45644d6282eaa9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

x-nc: HIT hhn 3
date: Tue, 29 Mar 2022 04:59:58 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Mar 2022 08:16:45 GMT
server: nginx
etag: "969e1e902c88e590"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://mustsharenews.com/wp-content/uploads/2022/03/grabfood-cover-edited.jpg>; rel="canonical"
content-length: 27896
expires: Wed, 27 Mar 2024 20:16:45 GMT

GET
H2 200 Man-Queuing-For-Omega-Swatch-Tells-Police-To-Shoot-Him-People-Say-Its-Just-A-300-Watch.jpg
i0.wp.com/mustsharenews.com/wp-content/uploads/2022/03/ 20 KB
21 KB 40ms
20ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/mustsharenews.com/wp-content/uploads/2022/03/Man-Queuing-For-Omega-Swatch-Tells-Police-To-Shoot-Him-People-Say-Its-Just-A-300-Watch.jpg?resize=600%2C314&ssl=1

Requested by

Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

ec81b7c067d9329f867aaba45fbd6f41f71df292964bc54116bb6825195d93c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

x-nc: HIT hhn 4
date: Tue, 29 Mar 2022 04:59:58 GMT
x-content-type-options: nosniff
last-modified: Sun, 27 Mar 2022 15:12:26 GMT
server: nginx
etag: "6381f24c3188effc"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://mustsharenews.com/wp-content/uploads/2022/03/Man-Queuing-For-Omega-Swatch-Tells-Police-To-Shoot-Him-People-Say-Its-Just-A-300-Watch.jpg>; rel="canonical"
content-length: 20734
expires: Wed, 27 Mar 2024 03:12:26 GMT

GET
H2 200 omega-swatch-carousell.jpg
i0.wp.com/mustsharenews.com/wp-content/uploads/2022/03/ 25 KB
25 KB 40ms
21ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/mustsharenews.com/wp-content/uploads/2022/03/omega-swatch-carousell.jpg?resize=600%2C314&ssl=1

Requested by

Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

fed32a82c107a9c4ba81d67f00e6010857397349d45f131d9aef7321e6ba5b72

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Tue, 29 Mar 2022 04:59:58 GMT
x-content-type-options: nosniff
last-modified: Sat, 26 Mar 2022 13:36:11 GMT
server: nginx
etag: "4c5a3d7ef4e459d8"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://mustsharenews.com/wp-content/uploads/2022/03/omega-swatch-carousell.jpg>; rel="canonical"
content-length: 25690
expires: Tue, 26 Mar 2024 01:36:11 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 23ms
22ms Image
image/gif 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-54789758-1&cid=1334310438.1648529998&jid=1624666943&_u=IEBAAEAAAAAAAC~&z=406405702

Requested by

Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 04:59:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 47ms
19ms Image
image/gif 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-54789758-1&cid=1334310438.1648529998&jid=1624666943&_u=IEBAAEAAAAAAAC~&z=406405702

Requested by

Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 04:59:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 22ms
21ms Image
image/gif 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-54789758-1&cid=1334310438.1648529998&jid=2122852336&_u=aEDAAUABAAAAAC~&z=201502674

Requested by

Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 04:59:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 45ms
19ms Image
image/gif 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-54789758-1&cid=1334310438.1648529998&jid=2122852336&_u=aEDAAUABAAAAAC~&z=201502674

Requested by

Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 04:59:58 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pubads_impl_2022032103.js Show response
securepubads.g.doubleclick.net/gpt/ 365 KB
124 KB 22ms
6ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032103.js?cb=31065882

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

sffe /

Resource Hash

d18ec92167044343d62b0bf3efc2518ce74fc10ae94f5792393d0bb9a55da98b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 21:56:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 25416
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 127209
x-xss-protection: 0
last-modified: Thu, 24 Mar 2022 20:07:32 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 28 Mar 2023 21:56:22 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 140 B
133 B 31ms
15ms XHR
application/json 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=mustsharenews.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

42422463e81313e10d58d194b4915388a003ba4e6a8ac38e05c1a14a78d15f9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 29 Mar 2022 04:59:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 108
x-xss-protection: 0
expires: Tue, 29 Mar 2022 04:59:58 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
409 B 25ms
10ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1346928215461600&ev=PageView&dl=https%3A%2F%2Fmustsharenews.com%2Fspf-arrest-scams%2F%3FisentiaPostId%3Dpost-1&rl=&if=false&ts=1648529998375&sw=1600&sh=1200&v=2.9.57&r=stable&ec=0&o=30&fbp=fb.1.1648529998374.1219241184&it=1648529998130&coo=false&rqm=GET

Requested by

Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 04:59:58 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 44
expires: Tue, 29 Mar 2022 04:59:58 GMT

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 67ms
22ms Preflight
application/json 2a02:2638:1::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fmustsharenews.com%2F&domain=mustsharenews.com&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: https://mustsharenews.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
access-control-allow-origin: https://mustsharenews.com
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 2178
date: Tue, 29 Mar 2022 04:59:58 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding

GET
H2 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ 2 KB
1 KB 55ms
20ms XHR
application/json 2606:4700::6810:5814
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json

Requested by

Host: anymind360.com
URL: https://anymind360.com/js/1816/prebid_2022_3_23_15_8_51.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5814 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cccf30038abcbf4d0d612fc493c5bcd879dd1dd585ff7b3c7ca7295e73671da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://mustsharenews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 29 Mar 2022 04:59:58 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 7125
x-jsd-version: 1.0.1294
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19162-FRA, cache-cdg20780-CDG
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"66f-iDmWE1MrMNrvMDkuXLj0/xquPQA"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
cf-ray: 6f360a0a495901f8-ZRH

GET
H2

200

sid Show response
mug.criteo.com/
Redirect Chain

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fmustsharenews.com%2F&domain=mustsharenews.com&cw=1&lsw=1
https://mug.criteo.com/sid?cpp=U81ICnxMQVhLb0wwVDMzYUlGa3NkM0NrRHpwUlo5emNXc3k0SmNyYnlmNVpUSXF2RTA0TUdOK1ZyRXhuQ1R6ekRlQ1I0TWpoNlNoQzJZVnMwRHQrRTRZdklObkdZb04zUHdFT1FHYkdHT3ZwNGxxVXJFc3gwZXZIQkhycn...

339 B
611 B

48ms
18ms

XHR
application/json

178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=U81ICnxMQVhLb0wwVDMzYUlGa3NkM0NrRHpwUlo5emNXc3k0SmNyYnlmNVpUSXF2RTA0TUdOK1ZyRXhuQ1R6ekRlQ1I0TWpoNlNoQzJZVnMwRHQrRTRZdklObkdZb04zUHdFT1FHYkdHT3ZwNGxxVXJFc3gwZXZIQkhycnh1aUYxY2J1QU1WZGw3dWh0b3hLaVBDaDJmTmxIUlZwTmw4dUplZ2hJNFREZGdZQ29FMFBYd3FPaHM1MzlkQ1lqKzU0QkJ0cU13cnpnVEFjeVMyZ05ZcUJjd0JxVHZnRisyOUphbHJ6V0pxUDBCcHozakloSTk4N01obE1Va0ZMYytrOXY3Vk5CfA&cppv=2

Requested by

Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1

Protocol

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

318997777ee62c83c0232c4e9a3925d5f18d781e0a26a3a5d8022f3ec297cb40

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 04:59:58 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: null
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 2744
strict-transport-security: max-age=31536000; preload;
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 29 Mar 2022 04:59:57 GMT
location: https://mug.criteo.com/sid?cpp=U81ICnxMQVhLb0wwVDMzYUlGa3NkM0NrRHpwUlo5emNXc3k0SmNyYnlmNVpUSXF2RTA0TUdOK1ZyRXhuQ1R6ekRlQ1I0TWpoNlNoQzJZVnMwRHQrRTRZdklObkdZb04zUHdFT1FHYkdHT3ZwNGxxVXJFc3gwZXZIQkhycnh1aUYxY2J1QU1WZGw3dWh0b3hLaVBDaDJmTmxIUlZwTmw4dUplZ2hJNFREZGdZQ29FMFBYd3FPaHM1MzlkQ1lqKzU0QkJ0cU13cnpnVEFjeVMyZ05ZcUJjd0JxVHZnRisyOUphbHJ6V0pxUDBCcHozakloSTk4N01obE1Va0ZMYytrOXY3Vk5CfA&cppv=2
strict-transport-security: max-age=31536000; preload;
access-control-allow-methods: GET
content-type: text/html; charset=utf-8
access-control-allow-origin: https://mustsharenews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1761
content-length: 509
expires: 0

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 171 B
559 B 711ms
23ms XHR
application/json 185.86.138.32
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/1816/prebid_2022_3_23_15_8_51.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.32 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://mustsharenews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 04:59:58 GMT
content-encoding: br
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://mustsharenews.com
cache-control: no-cache,no-store
transfer-encoding: chunked
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 171 B
559 B 717ms
28ms XHR
application/json 185.86.138.32
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/1816/prebid_2022_3_23_15_8_51.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.32 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://mustsharenews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 04:59:58 GMT
content-encoding: br
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://mustsharenews.com
cache-control: no-cache,no-store
transfer-encoding: chunked
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 171 B
559 B 716ms
28ms XHR
application/json 185.86.138.32
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/1816/prebid_2022_3_23_15_8_51.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.32 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://mustsharenews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 04:59:58 GMT
content-encoding: br
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://mustsharenews.com
cache-control: no-cache,no-store
transfer-encoding: chunked
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 171 B
564 B 712ms
24ms XHR
application/json 185.86.138.32
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/1816/prebid_2022_3_23_15_8_51.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.32 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://mustsharenews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 04:59:58 GMT
content-encoding: br
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://mustsharenews.com
cache-control: no-cache,no-store
transfer-encoding: chunked
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 171 B
559 B 714ms
26ms XHR
application/json 185.86.138.32
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/1816/prebid_2022_3_23_15_8_51.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.32 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://mustsharenews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 04:59:58 GMT
content-encoding: br
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://mustsharenews.com
cache-control: no-cache,no-store
transfer-encoding: chunked
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 171 B
559 B 712ms
24ms XHR
application/json 185.86.138.32
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/1816/prebid_2022_3_23_15_8_51.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.32 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://mustsharenews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 04:59:58 GMT
content-encoding: br
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://mustsharenews.com
cache-control: no-cache,no-store
transfer-encoding: chunked
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 171 B
559 B 733ms
22ms XHR
application/json 185.86.138.32
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/1816/prebid_2022_3_23_15_8_51.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.32 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://mustsharenews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 04:59:59 GMT
content-encoding: br
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://mustsharenews.com
cache-control: no-cache,no-store
transfer-encoding: chunked
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 171 B
559 B 739ms
27ms XHR
application/json 185.86.138.32
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/1816/prebid_2022_3_23_15_8_51.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.32 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://mustsharenews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 04:59:58 GMT
content-encoding: br
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://mustsharenews.com
cache-control: no-cache,no-store
transfer-encoding: chunked
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 171 B
559 B 737ms
25ms XHR
application/json 185.86.138.32
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/1816/prebid_2022_3_23_15_8_51.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.32 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://mustsharenews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 04:59:58 GMT
content-encoding: br
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://mustsharenews.com
cache-control: no-cache,no-store
transfer-encoding: chunked
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 171 B
559 B 736ms
23ms XHR
application/json 185.86.138.32
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/1816/prebid_2022_3_23_15_8_51.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.32 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://mustsharenews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 04:59:58 GMT
content-encoding: br
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://mustsharenews.com
cache-control: no-cache,no-store
transfer-encoding: chunked
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 171 B
559 B 743ms
26ms XHR
application/json 185.86.138.32
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/1816/prebid_2022_3_23_15_8_51.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.32 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://mustsharenews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 04:59:58 GMT
content-encoding: br
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://mustsharenews.com
cache-control: no-cache,no-store
transfer-encoding: chunked
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 171 B
564 B 767ms
50ms XHR
application/json 185.86.138.32
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/1816/prebid_2022_3_23_15_8_51.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.32 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://mustsharenews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 04:59:59 GMT
content-encoding: br
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://mustsharenews.com
cache-control: no-cache,no-store
transfer-encoding: chunked
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 171 B
559 B 756ms
24ms XHR
application/json 185.86.138.32
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/1816/prebid_2022_3_23_15_8_51.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.32 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://mustsharenews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 04:59:58 GMT
content-encoding: br
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://mustsharenews.com
cache-control: no-cache,no-store
transfer-encoding: chunked
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 171 B
559 B 758ms
21ms XHR
application/json 185.86.138.32
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/1816/prebid_2022_3_23_15_8_51.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.32 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://mustsharenews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 04:59:58 GMT
content-encoding: br
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://mustsharenews.com
cache-control: no-cache,no-store
transfer-encoding: chunked
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 171 B
559 B 767ms
30ms XHR
application/json 185.86.138.32
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/1816/prebid_2022_3_23_15_8_51.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.32 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://mustsharenews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 04:59:58 GMT
content-encoding: br
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://mustsharenews.com
cache-control: no-cache,no-store
transfer-encoding: chunked
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 171 B
559 B 762ms
24ms XHR
application/json 185.86.138.32
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/1816/prebid_2022_3_23_15_8_51.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.32 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://mustsharenews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 04:59:58 GMT
content-encoding: br
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://mustsharenews.com
cache-control: no-cache,no-store
transfer-encoding: chunked
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 171 B
559 B 765ms
22ms XHR
application/json 185.86.138.32
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/1816/prebid_2022_3_23_15_8_51.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.32 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://mustsharenews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 04:59:58 GMT
content-encoding: br
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://mustsharenews.com
cache-control: no-cache,no-store
transfer-encoding: chunked
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 171 B
559 B 787ms
30ms XHR
application/json 185.86.138.32
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/1816/prebid_2022_3_23_15_8_51.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.32 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://mustsharenews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 04:59:58 GMT
content-encoding: br
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://mustsharenews.com
cache-control: no-cache,no-store
transfer-encoding: chunked
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 171 B
559 B 781ms
24ms XHR
application/json 185.86.138.32
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/1816/prebid_2022_3_23_15_8_51.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.32 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://mustsharenews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 04:59:58 GMT
content-encoding: br
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://mustsharenews.com
cache-control: no-cache,no-store
transfer-encoding: chunked
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 171 B
559 B 785ms
24ms XHR
application/json 185.86.138.32
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/1816/prebid_2022_3_23_15_8_51.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.32 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://mustsharenews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 04:59:59 GMT
content-encoding: br
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://mustsharenews.com
cache-control: no-cache,no-store
transfer-encoding: chunked
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 171 B
559 B 792ms
26ms XHR
application/json 185.86.138.32
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/1816/prebid_2022_3_23_15_8_51.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.32 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://mustsharenews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 04:59:58 GMT
content-encoding: br
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://mustsharenews.com
cache-control: no-cache,no-store
transfer-encoding: chunked
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8

POST
H/1.1 200
OK v1 Show response
prg.smartadserver.com/prebid/ 171 B
559 B 788ms
22ms XHR
application/json 185.86.138.32
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/1816/prebid_2022_3_23_15_8_51.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.138.32 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068

Request headers

Referer: https://mustsharenews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 04:59:59 GMT
content-encoding: br
vary: Accept-Encoding, Origin
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin: https://mustsharenews.com
cache-control: no-cache,no-store
transfer-encoding: chunked
access-control-allow-credentials: true
content-type: application/json; charset=UTF-8

GET
H2 200 arj Show response
adasia-d.openx.net/w/1.0/ 73 B
380 B 712ms
28ms XHR
application/json 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://adasia-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fmustsharenews.com%2Fspf-arrest-scams%2F%3FisentiaPostId%3Dpost-1&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=f9c6fedc-5ecb-409d-833d-04ab992a7e54%2Cf9c6fedc-5ecb-409d-833d-04ab992a7e54%2Cf9cfb1a7-0231-4541-aad6-44fbf25929d8%2C7900a031-7323-48ed-b1ba-b44726fa3e87%2C4c4524ce-5e2e-4822-ac7c-1942af41d255%2C7184aefe-5e1c-450f-993a-1e17a1224037%2Cb22992d4-9ff8-4386-a2e8-092e056fdb68%2Cfbe10ae4-6106-4d79-ac31-d565f6548a4e%2C2ffa005a-bf20-41cd-b33b-952052e5d0fc&nocache=1648529998419&schain=1.0%2C1!anymanager.io%2C1816%2C1%2C%2C%2C&aus=300x250%2C336x280%2C320x180%7C300x250%2C336x280%2C320x180%7C300x250%2C336x280%2C640x360%7C300x250%2C336x280%2C640x360%7C300x250%2C640x360%2C336x280%7C300x250%7C300x250%2C336x280%7C300x250%2C336x280%7C300x250%2C336x280&divids=ats-insert_ads-1%2Cats-insert_ads-1%2Cats-insert_ads-2%2Cats-insert_ads-3%2Cats-insert_ads-5%2Cats-insert_ads-6%2Cats-insert_ads-19%2Cats-insert_ads-20%2Cats-insert_ads-21&aucs=%252F21622890900%252C22537359798%252FSG_mustsharenews.com_res_article_mid1_autoads%2C%252F21622890900%252C22537359798%252FSG_mustsharenews.com_res_article_mid1_autoads%2C%252F21622890900%252C22537359798%252FSG_mustsharenews.com_res_article_mid2_300x250%252F%252F336x280%2C%252F21622890900%252C22537359798%252FSG_mustsharenews.com_res_article_mid3_300x250%252F%252F336x280%2C%252F21622890900%252C22537359798%252FSG_mustsharenews.com_res_article_bottom_300x250%252F%252F336x280%2C%252F21622890900%252C22537359798%252FSG_mustsharenews.com_res_article_right1_300x250%252F%252F320x100%252F%252F320x50%2C%252F21622890900%252C22537359798%252FSG_mustsharenews.com_res_article_mid4_336x280%252F%252F300x250%2C%252F21622890900%252C22537359798%252FSG_mustsharenews.com_res_article_mid5_336x280%252F%252F300x250%2C%252F21622890900%252C22537359798%252FSG_mustsharenews.com_res_article_mid6_336x280%252F%252F300x250&auid=543868331%2C541034920%2C541034916%2C543868352%2C541034923%2C541034937%2C556413115%2C556413116%2C556413117
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/1816/prebid_2022_3_23_15_8_51.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/17.2.1 /
Resource Hash: 7e6af3df03b61bcea56c617be2d257e08cd1b375ca0da8f42ee4dd767cb79ad4

Request headers

Referer: https://mustsharenews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 04:59:59 GMT
content-encoding: gzip
server: OXGW/17.2.1
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://mustsharenews.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 400 prebid Show response
prebid.ad.smaato.net/oapi/ 0
460 B 739ms
28ms XHR
text/plain 54.76.152.190
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.ad.smaato.net/oapi/prebid
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/1816/prebid_2022_3_23_15_8_51.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.76.152.190 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-152-190.eu-west-1.compute.amazonaws.com
Software: SOMA /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://mustsharenews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 29 Mar 2022 04:59:58 GMT
Server: SOMA
X-SMT-MESSAGE: GDPR inventory not enabled for Application. Please contact your Account Manager.
Access-Control-Allow-Origin: https://mustsharenews.com
Access-Control-Expose-Headers: X-SMT-DivId,X-SMT-SessionId,X-SMT-ADTYPE,X-SMT-MESSAGE,X-SMT-Expires
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
X-SMT-SessionId: 4d97c57b-a180-4c24-b2a4-a9ca0449cbd0

POST
H/1.1 400 prebid Show response
prebid.ad.smaato.net/oapi/ 0
460 B 742ms
30ms XHR
text/plain 54.76.152.190
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.ad.smaato.net/oapi/prebid
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/1816/prebid_2022_3_23_15_8_51.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.76.152.190 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-152-190.eu-west-1.compute.amazonaws.com
Software: SOMA /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://mustsharenews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 29 Mar 2022 04:59:58 GMT
Server: SOMA
X-SMT-MESSAGE: GDPR inventory not enabled for Application. Please contact your Account Manager.
Access-Control-Allow-Origin: https://mustsharenews.com
Access-Control-Expose-Headers: X-SMT-DivId,X-SMT-SessionId,X-SMT-ADTYPE,X-SMT-MESSAGE,X-SMT-Expires
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
X-SMT-SessionId: 5e7b3aee-cf92-4d6c-862c-1311d5b17b2c

POST
H/1.1 400 prebid Show response
prebid.ad.smaato.net/oapi/ 0
460 B 743ms
30ms XHR
text/plain 54.76.152.190
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.ad.smaato.net/oapi/prebid
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/1816/prebid_2022_3_23_15_8_51.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.76.152.190 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-152-190.eu-west-1.compute.amazonaws.com
Software: SOMA /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://mustsharenews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 29 Mar 2022 04:59:58 GMT
Server: SOMA
X-SMT-MESSAGE: GDPR inventory not enabled for Application. Please contact your Account Manager.
Access-Control-Allow-Origin: https://mustsharenews.com
Access-Control-Expose-Headers: X-SMT-DivId,X-SMT-SessionId,X-SMT-ADTYPE,X-SMT-MESSAGE,X-SMT-Expires
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
X-SMT-SessionId: 3dfdf661-a7bf-4e7f-ace4-75b4a9fd202e

POST
H/1.1 400 prebid Show response
prebid.ad.smaato.net/oapi/ 0
460 B 743ms
30ms XHR
text/plain 54.76.152.190
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.ad.smaato.net/oapi/prebid
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/1816/prebid_2022_3_23_15_8_51.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.76.152.190 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-152-190.eu-west-1.compute.amazonaws.com
Software: SOMA /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://mustsharenews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 29 Mar 2022 04:59:58 GMT
Server: SOMA
X-SMT-MESSAGE: GDPR inventory not enabled for Application. Please contact your Account Manager.
Access-Control-Allow-Origin: https://mustsharenews.com
Access-Control-Expose-Headers: X-SMT-DivId,X-SMT-SessionId,X-SMT-ADTYPE,X-SMT-MESSAGE,X-SMT-Expires
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
X-SMT-SessionId: 678b3216-ecbf-4847-bc97-47c2dca702e9

POST
H/1.1 400 prebid Show response
prebid.ad.smaato.net/oapi/ 0
460 B 748ms
35ms XHR
text/plain 54.76.152.190
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.ad.smaato.net/oapi/prebid
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/1816/prebid_2022_3_23_15_8_51.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.76.152.190 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-152-190.eu-west-1.compute.amazonaws.com
Software: SOMA /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://mustsharenews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 29 Mar 2022 04:59:58 GMT
Server: SOMA
X-SMT-MESSAGE: GDPR inventory not enabled for Application. Please contact your Account Manager.
Access-Control-Allow-Origin: https://mustsharenews.com
Access-Control-Expose-Headers: X-SMT-DivId,X-SMT-SessionId,X-SMT-ADTYPE,X-SMT-MESSAGE,X-SMT-Expires
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
X-SMT-SessionId: 28576ce0-3a8e-4b8d-9c98-87eabb346a8d

POST
H/1.1 400 prebid Show response
prebid.ad.smaato.net/oapi/ 0
460 B 749ms
37ms XHR
text/plain 54.76.152.190
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.ad.smaato.net/oapi/prebid
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/1816/prebid_2022_3_23_15_8_51.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.76.152.190 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-152-190.eu-west-1.compute.amazonaws.com
Software: SOMA /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://mustsharenews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 29 Mar 2022 04:59:58 GMT
Server: SOMA
X-SMT-MESSAGE: GDPR inventory not enabled for Application. Please contact your Account Manager.
Access-Control-Allow-Origin: https://mustsharenews.com
Access-Control-Expose-Headers: X-SMT-DivId,X-SMT-SessionId,X-SMT-ADTYPE,X-SMT-MESSAGE,X-SMT-Expires
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
X-SMT-SessionId: 44aceea8-94a4-493e-a1ba-35e66d2039b6

POST
H/1.1 400 prebid Show response
prebid.ad.smaato.net/oapi/ 0
460 B 767ms
28ms XHR
text/plain 54.76.152.190
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.ad.smaato.net/oapi/prebid
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/1816/prebid_2022_3_23_15_8_51.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.76.152.190 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-152-190.eu-west-1.compute.amazonaws.com
Software: SOMA /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://mustsharenews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 29 Mar 2022 04:59:58 GMT
Server: SOMA
X-SMT-MESSAGE: GDPR inventory not enabled for Application. Please contact your Account Manager.
Access-Control-Allow-Origin: https://mustsharenews.com
Access-Control-Expose-Headers: X-SMT-DivId,X-SMT-SessionId,X-SMT-ADTYPE,X-SMT-MESSAGE,X-SMT-Expires
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
X-SMT-SessionId: 2d76ba94-6ca9-4480-8a4e-f916133ddad7

POST
H/1.1 400 prebid Show response
prebid.ad.smaato.net/oapi/ 0
460 B 774ms
32ms XHR
text/plain 54.76.152.190
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.ad.smaato.net/oapi/prebid
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/1816/prebid_2022_3_23_15_8_51.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.76.152.190 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-152-190.eu-west-1.compute.amazonaws.com
Software: SOMA /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://mustsharenews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 29 Mar 2022 04:59:58 GMT
Server: SOMA
X-SMT-MESSAGE: GDPR inventory not enabled for Application. Please contact your Account Manager.
Access-Control-Allow-Origin: https://mustsharenews.com
Access-Control-Expose-Headers: X-SMT-DivId,X-SMT-SessionId,X-SMT-ADTYPE,X-SMT-MESSAGE,X-SMT-Expires
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
X-SMT-SessionId: 5cf2bd94-84b9-45f8-8bff-87cdb3b4356c

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
839 B 174ms
151ms XHR
application/json 34.107.148.139
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CU3VM41V
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/1816/prebid_2022_3_23_15_8_51.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 77bdde4f18b06197f925b6e2e0ecb3dfe5f6f6e704bb381b6c69b4c2b161d8a6

Request headers

Referer: https://mustsharenews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 04:59:58 GMT
content-encoding: gzip
server: nginx
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://mustsharenews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 google

POST
H2 200 auction Show response
tlx.3lift.com/header/ 2 KB
2 KB 306ms
284ms XHR
application/json 18.185.154.32
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=4.43.4&referrer=https%3A%2F%2Fmustsharenews.com%2Fspf-arrest-scams%2F%3FisentiaPostId%3Dpost-1&tmax=2000

Requested by

Host: anymind360.com
URL: https://anymind360.com/js/1816/prebid_2022_3_23_15_8_51.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.185.154.32 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-185-154-32.eu-central-1.compute.amazonaws.com

Software

Resource Hash

bff294b546a8a9150f689bdff5623cf1b6de772a2dffcc581542d14460071d97

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://mustsharenews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 04:59:58 GMT
content-encoding: gzip
accept-ch: sec-ch-ua-platform-version,sec-ch-viewport-width,sec-ch-ua-arch,sec-ch-rtt,sec-ch-downlink,sec-ch-ect,sec-ch-ua-bitness,sec-ch-prefers-color-scheme,sec-ch-dpr,sec-ch-device-memory,sec-ch-save-data,sec-ch-width,sec-ch-viewport-height,sec-ch-ua-model,sec-ch-ua-full-version
content-type: application/json; charset=utf-8
access-control-allow-origin: https://mustsharenews.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 1235
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 37 B
332 B 872ms
199ms XHR
application/json 23.32.59.34
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=474658&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%22614a110a47f2835%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fmustsharenews.com%2Fspf-arrest-scams%2F%3FisentiaPostId%3Dpost-1%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22mfu%22%3A0%2C%22bu%22%3A8%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A8%2C%22ren%22%3Afalse%2C%22version%22%3A%224.43.4%22%2C%22userIds%22%3A%5B%5D%2C%22msd%22%3A0%2C%22msi%22%3A0%7D%7D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22anymanager.io%22%2C%22sid%22%3A%221816%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2264dece7e158d6a9%22%2C%22ext%22%3A%7B%22siteID%22%3A%22474658%22%2C%22sid%22%3A%2221825764864%22%2C%22dfp_ad_unit_code%22%3A%22%2F21622890900%2C22537359798%2FSG_mustsharenews.com_res_article_mid1_autoads%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22650d7151c86b54e%22%2C%22ext%22%3A%7B%22siteID%22%3A%22474658%22%2C%22sid%22%3A%2221825764864%22%2C%22dfp_ad_unit_code%22%3A%22%2F21622890900%2C22537359798%2FSG_mustsharenews.com_res_article_mid1_autoads%22%7D%2C%22banner%22%3A%7B%22w%22%3A336%2C%22h%22%3A280%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2266708f334660ea8%22%2C%22ext%22%3A%7B%22siteID%22%3A%22474658%22%2C%22sid%22%3A%2221825764864%22%2C%22dfp_ad_unit_code%22%3A%22%2F21622890900%2C22537359798%2FSG_mustsharenews.com_res_article_mid1_autoads%22%7D%2C%22banner%22%3A%7B%22w%22%3A320%2C%22h%22%3A180%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2268916f4b4f053a3%22%2C%22ext%22%3A%7B%22siteID%22%3A%22474658%22%2C%22sid%22%3A%2221827209782%22%2C%22dfp_ad_unit_code%22%3A%22%2F21622890900%2C22537359798%2FSG_mustsharenews.com_res_article_mid2_300x250%2F%2F336x280%22%7D%2C%22banner%22%3A%7B%22w%22%3A640%2C%22h%22%3A360%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2269fe2dee5240619%22%2C%22ext%22%3A%7B%22siteID%22%3A%22474658%22%2C%22sid%22%3A%2221827209782%22%2C%22dfp_ad_unit_code%22%3A%22%2F21622890900%2C22537359798%2FSG_mustsharenews.com_res_article_mid2_300x250%2F%2F336x280%22%7D%2C%22banner%22%3A%7B%22w%22%3A336%2C%22h%22%3A280%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%227053bae279f0e1f%22%2C%22ext%22%3A%7B%22siteID%22%3A%22474658%22%2C%22sid%22%3A%2221827209782%22%2C%22dfp_ad_unit_code%22%3A%22%2F21622890900%2C22537359798%2FSG_mustsharenews.com_res_article_mid2_300x250%2F%2F336x280%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%227177463bb5a2c28%22%2C%22ext%22%3A%7B%22siteID%22%3A%22474658%22%2C%22sid%22%3A%2222091467994%22%2C%22dfp_ad_unit_code%22%3A%22%2F21622890900%2C22537359798%2FSG_mustsharenews.com_res_article_mid3_300x250%2F%2F336x280%22%7D%2C%22banner%22%3A%7B%22w%22%3A640%2C%22h%22%3A360%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22726909b69beafa6%22%2C%22ext%22%3A%7B%22siteID%22%3A%22474658%22%2C%22sid%22%3A%2222091467994%22%2C%22dfp_ad_unit_code%22%3A%22%2F21622890900%2C22537359798%2FSG_mustsharenews.com_res_article_mid3_300x250%2F%2F336x280%22%7D%2C%22banner%22%3A%7B%22w%22%3A336%2C%22h%22%3A280%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22733dd1ac473c5ca%22%2C%22ext%22%3A%7B%22siteID%22%3A%22474658%22%2C%22sid%22%3A%2222091467994%22%2C%22dfp_ad_unit_code%22%3A%22%2F21622890900%2C22537359798%2FSG_mustsharenews.com_res_article_mid3_300x250%2F%2F336x280%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2274885939b90212%22%2C%22ext%22%3A%7B%22siteID%22%3A%22474658%22%2C%22sid%22%3A%2221827210310%22%2C%22dfp_ad_unit_code%22%3A%22%2F21622890900%2C22537359798%2FSG_mustsharenews.com_res_article_bottom_300x250%2F%2F336x280%22%7D%2C%22banner%22%3A%7B%22w%22%3A336%2C%22h%22%3A280%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%227502e9496ec30ce%22%2C%22ext%22%3A%7B%22siteID%22%3A%22474658%22%2C%22sid%22%3A%2221827210310%22%2C%22dfp_ad_unit_code%22%3A%22%2F21622890900%2C22537359798%2FSG_mustsharenews.com_res_article_bottom_300x250%2F%2F336x280%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22768fc7b00aef0b%22%2C%22ext%22%3A%7B%22siteID%22%3A%22474658%22%2C%22sid%22%3A%2221827210310%22%2C%22dfp_ad_unit_code%22%3A%22%2F21622890900%2C22537359798%2FSG_mustsharenews.com_res_article_bottom_300x250%2F%2F336x280%22%7D%2C%22banner%22%3A%7B%22w%22%3A640%2C%22h%22%3A360%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22778c003e025d03a%22%2C%22ext%22%3A%7B%22siteID%22%3A%22474658%22%2C%22sid%22%3A%2221780412646%22%2C%22dfp_ad_unit_code%22%3A%22%2F21622890900%2C22537359798%2FSG_mustsharenews.com_res_article_right1_300x250%2F%2F320x100%2F%2F320x50%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%227822cc3e4217631%22%2C%22ext%22%3A%7B%22siteID%22%3A%22474658%22%2C%22sid%22%3A%2222403052392%22%2C%22dfp_ad_unit_code%22%3A%22%2F21622890900%2C22537359798%2FSG_mustsharenews.com_res_article_mid4_336x280%2F%2F300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%22792b85ab0a93f84%22%2C%22ext%22%3A%7B%22siteID%22%3A%22474658%22%2C%22sid%22%3A%2222403052392%22%2C%22dfp_ad_unit_code%22%3A%22%2F21622890900%2C22537359798%2FSG_mustsharenews.com_res_article_mid4_336x280%2F%2F300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A336%2C%22h%22%3A280%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2280480790829c02c%22%2C%22ext%22%3A%7B%22siteID%22%3A%22474658%22%2C%22sid%22%3A%2222403052644%22%2C%22dfp_ad_unit_code%22%3A%22%2F21622890900%2C22537359798%2FSG_mustsharenews.com_res_article_mid5_336x280%2F%2F300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2281877013c9e4332%22%2C%22ext%22%3A%7B%22siteID%22%3A%22474658%22%2C%22sid%22%3A%2222403052644%22%2C%22dfp_ad_unit_code%22%3A%22%2F21622890900%2C22537359798%2FSG_mustsharenews.com_res_article_mid5_336x280%2F%2F300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A336%2C%22h%22%3A280%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2282cae60a0b23ddb%22%2C%22ext%22%3A%7B%22siteID%22%3A%22474658%22%2C%22sid%22%3A%2222402894636%22%2C%22dfp_ad_unit_code%22%3A%22%2F21622890900%2C22537359798%2FSG_mustsharenews.com_res_article_mid6_336x280%2F%2F300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A300%2C%22h%22%3A250%2C%22topframe%22%3A1%7D%7D%2C%7B%22id%22%3A%2283b8e787eae371a%22%2C%22ext%22%3A%7B%22siteID%22%3A%22474658%22%2C%22sid%22%3A%2222402894636%22%2C%22dfp_ad_unit_code%22%3A%22%2F21622890900%2C22537359798%2FSG_mustsharenews.com_res_article_mid6_336x280%2F%2F300x250%22%7D%2C%22banner%22%3A%7B%22w%22%3A336%2C%22h%22%3A280%2C%22topframe%22%3A1%7D%7D%5D%7D
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/1816/prebid_2022_3_23_15_8_51.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.32.59.34 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-32-59-34.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: a185a2be00645eec4224d431d44ddc31aca353db9ef1c453d602c40269bd7362

Request headers

Referer: https://mustsharenews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 04:59:59 GMT
x-ak-initial-geo: CC:[DE], RC:[HE], CN:[EU], CIP:[217.64.151.30], XFF:[]
server: Apache
content-type: application/json
access-control-allow-origin: https://mustsharenews.com
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 37
x-ak-client-geo: 12
expires: Tue, 29 Mar 2022 04:59:59 GMT

POST translator
hbopenbid.pubmatic.com/ 0
0

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 1 KB
4 KB 968ms
297ms XHR
application/json 2602:803:c003:200::31
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17692&site_id=278128&zone_id=1946822%3B1946788%3B1946818%3B1946820%3B1946824%3B2264240%3B2264242%3B2264244&size_id=15&alt_size_ids=10%2C16%2C43%2C117%2C124%3B16%2C198%3B16%2C198%3B16%2C198%3B43%2C117%3B16%3B16%3B16&rp_schain=1.0,1!anymanager.io,1816,1,,,&rf=https%3A%2F%2Fmustsharenews.com%2Fspf-arrest-scams%2F%3FisentiaPostId%3Dpost-1&tg_i.dfp_ad_unit_code=21622890900%2C22537359798%2FSG_mustsharenews.com_res_article_mid1_autoads%3B21622890900%2C22537359798%2FSG_mustsharenews.com_res_article_mid2_300x250%2F%2F336x280%3B21622890900%2C22537359798%2FSG_mustsharenews.com_res_article_mid3_300x250%2F%2F336x280%3B21622890900%2C22537359798%2FSG_mustsharenews.com_res_article_bottom_300x250%2F%2F336x280%3B21622890900%2C22537359798%2FSG_mustsharenews.com_res_article_right1_300x250%2F%2F320x100%2F%2F320x50%3B21622890900%2C22537359798%2FSG_mustsharenews.com_res_article_mid4_336x280%2F%2F300x250%3B21622890900%2C22537359798%2FSG_mustsharenews.com_res_article_mid5_336x280%2F%2F300x250%3B21622890900%2C22537359798%2FSG_mustsharenews.com_res_article_mid6_336x280%2F%2F300x250&tg_i.pbadslot=21622890900%2C22537359798%2FSG_mustsharenews.com_res_article_mid1_autoads%3B21622890900%2C22537359798%2FSG_mustsharenews.com_res_article_mid2_300x250%2F%2F336x280%3B21622890900%2C22537359798%2FSG_mustsharenews.com_res_article_mid3_300x250%2F%2F336x280%3B21622890900%2C22537359798%2FSG_mustsharenews.com_res_article_bottom_300x250%2F%2F336x280%3B21622890900%2C22537359798%2FSG_mustsharenews.com_res_article_right1_300x250%2F%2F320x100%2F%2F320x50%3B21622890900%2C22537359798%2FSG_mustsharenews.com_res_article_mid4_336x280%2F%2F300x250%3B21622890900%2C22537359798%2FSG_mustsharenews.com_res_article_mid5_336x280%2F%2F300x250%3B21622890900%2C22537359798%2FSG_mustsharenews.com_res_article_mid6_336x280%2F%2F300x250&tk_flint=pbjs_lite_v4.43.4&x_source.tid=f9c6fedc-5ecb-409d-833d-04ab992a7e54%3Bf9cfb1a7-0231-4541-aad6-44fbf25929d8%3B7900a031-7323-48ed-b1ba-b44726fa3e87%3B4c4524ce-5e2e-4822-ac7c-1942af41d255%3B7184aefe-5e1c-450f-993a-1e17a1224037%3Bb22992d4-9ff8-4386-a2e8-092e056fdb68%3Bfbe10ae4-6106-4d79-ac31-d565f6548a4e%3B2ffa005a-bf20-41cd-b33b-952052e5d0fc&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=8&rand=0.4411876577654117
Requested by: Host: anymind360.com
URL: https://anymind360.com/js/1816/prebid_2022_3_23_15_8_51.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c003:200::31 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: af53b23110bef0f5e04eab1ff2db4a2c7836fb6aba6cb4eb240959b03dc49c7d

Request headers

Referer: https://mustsharenews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 29 Mar 2022 04:59:59 GMT
Content-Encoding: gzip
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://mustsharenews.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 440
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 53 B
745 B 896ms
243ms XHR
application/json 37.252.173.215
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: anymind360.com
URL: https://anymind360.com/js/1816/prebid_2022_3_23_15_8_51.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.215 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

a68a70f7be9281f3f7148b38d7f5971f1dc946d3034a40e55021d0fb6fb78d73

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://mustsharenews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 29 Mar 2022 04:59:59 GMT
X-Proxy-Origin: 217.64.151.30; 217.64.151.30; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 53a83c09-36d8-4b1d-b51f-4ccf912c4110
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://mustsharenews.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 53
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 53 B
745 B 728ms
75ms XHR
application/json 37.252.173.215
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: anymind360.com
URL: https://anymind360.com/js/1816/prebid_2022_3_23_15_8_51.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.215 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

a68a70f7be9281f3f7148b38d7f5971f1dc946d3034a40e55021d0fb6fb78d73

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://mustsharenews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 29 Mar 2022 04:59:59 GMT
X-Proxy-Origin: 217.64.151.30; 217.64.151.30; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: e0aa57b6-fdd7-4254-8dac-ec9b64f86b3e
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://mustsharenews.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 53
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 status
www.facebook.com/x/oauth/ 0
0 37ms
27ms Fetch
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/x/oauth/status?client_id=403902689943296&input_token&origin=1&redirect_uri=https%3A%2F%2Fmustsharenews.com%2Fspf-arrest-scams%2F%3FisentiaPostId%3Dpost-1&sdk=joey&wants_cookie_data=false

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=de4ace45495bacc1161ff5c161a7f9ca

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: NL6H15kQuKmFTqlyRmTxAwhzCbGbuHf0X7O2sWz7Oe+pMtAhI2oXtRvB7MxqE+G+0c8aMg4idErWUaOauOrnQg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
fb-s: unknown
date: Tue, 29 Mar 2022 04:59:58 GMT
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://mustsharenews.com
access-control-expose-headers: fb-s
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
priority: u=1
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 /
www.facebook.com/tr/ 44 B
88 B 17ms
8ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=725465344242272&ev=fb_page_view&dl=https%3A%2F%2Fmustsharenews.com%2Fspf-arrest-scams%2F%3FisentiaPostId%3Dpost-1&rl=&if=false&ts=1648529998460&sw=1600&sh=1200&at=

Requested by

Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 04:59:58 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=3,i
expires: Tue, 29 Mar 2022 04:59:58 GMT

GET
H3 200 /
www.facebook.com/tr/ 44 B
91 B 17ms
7ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=403902689943296&ev=fb_page_view&dl=https%3A%2F%2Fmustsharenews.com%2Fspf-arrest-scams%2F%3FisentiaPostId%3Dpost-1&rl=&if=false&ts=1648529998461&sw=1600&sh=1200&at=

Requested by

Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 04:59:58 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=3,i
expires: Tue, 29 Mar 2022 04:59:58 GMT

GET
H2 200 Sporeans-Flock-To-Changi-Beach-To-Catch-Blue-Waves-Cause-Massive-Traffic-Jam.jpg
i0.wp.com/mustsharenews.com/wp-content/uploads/2022/03/ 27 KB
28 KB 7ms
6ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/mustsharenews.com/wp-content/uploads/2022/03/Sporeans-Flock-To-Changi-Beach-To-Catch-Blue-Waves-Cause-Massive-Traffic-Jam.jpg?resize=600%2C314&ssl=1

Requested by

Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

41145ced93f800ad1b0345872a1e51275073a3cd9bc607d4d940d05454d87ef6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Tue, 29 Mar 2022 04:59:58 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Mar 2022 16:21:33 GMT
server: nginx
etag: "91d24d171873c596"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://mustsharenews.com/wp-content/uploads/2022/03/Sporeans-Flock-To-Changi-Beach-To-Catch-Blue-Waves-Cause-Massive-Traffic-Jam.jpg>; rel="canonical"
content-length: 27962
expires: Thu, 28 Mar 2024 04:21:33 GMT

GET
H/1.1 200
OK Economy-Areas-of-Growth-100x70.jpg
mustsharenews.com/wp-content/uploads/2022/03/ 3 KB
4 KB 28ms
28ms Image
image/webp 2606:4700:20::681a:d92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mustsharenews.com/wp-content/uploads/2022/03/Economy-Areas-of-Growth-100x70.jpg
Requested by: Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:d92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 448cedfc3027af5a97cb35afd354c8aa47fa14b348e66228572aff751051ffdb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 04:59:58 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 2028
Cf-Polished: qual=85, origFmt=jpeg, origSize=17516
Content-Disposition: inline; filename="Economy-Areas-of-Growth-100x70.webp"
Connection: keep-alive
Content-Length: 2690
Last-Modified: Mon, 28 Mar 2022 07:23:02 GMT
Server: cloudflare
ETag: "446c-5db422ebe39c5"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HhwKqyNcSPPxvcvm0zR%2FEn8TI%2F8R%2FTDvG32wMv9zkhK2ZX%2Bx8Nzo8mfZmgs4LjnYDCb5mnOmZE62imETtPGDaLkQY9FWz77JVzrlpLWmymxD5KllylCcR%2FAKoHiBvXg4cF9guNQs8iOgunMo3AtG"}],"group":"cf-nel","max_age":604800}
Content-Type: image/webp
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 6f360a0b8a4583a3-MXP
Cf-Bgj: imgq:85,h2pri

POST
H3 200 / Show response
www.facebook.com/tr/ Frame 4053 0
15 B 10ms
8ms Document
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
Origin: https://mustsharenews.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/

Response headers

content-type: text/plain
access-control-allow-origin: https://mustsharenews.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=0
date: Tue, 29 Mar 2022 04:59:59 GMT

OPTIONS
H2 200 sid
mug.criteo.com/ Frame 0
0 592ms
18ms Preflight
application/json 178.250.0.157
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Origin: null
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
content-type: application/json; charset=utf-8
expires: 0
access-control-allow-origin: null
access-control-allow-headers: content-type
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 960
date: Tue, 29 Mar 2022 04:59:58 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
vary: Accept-Encoding

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/2uoiJ4hP3NUoP9v_eBNfU6CR/ Frame E60F 51 KB
24 KB 23ms
7ms Stylesheet
text/css 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/2uoiJ4hP3NUoP9v_eBNfU6CR/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdJ12kbAAAAAOc3xsOVeEOvsYVw2Z1KebJcXiG8&co=aHR0cHM6Ly9tdXN0c2hhcmVuZXdzLmNvbTo0NDM.&hl=de&v=2uoiJ4hP3NUoP9v_eBNfU6CR&size=invisible&cb=79i2uy298fqs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 13:28:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 55917
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24237
x-xss-protection: 0
last-modified: Mon, 21 Mar 2022 04:03:33 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 28 Mar 2023 13:28:02 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/2uoiJ4hP3NUoP9v_eBNfU6CR/ Frame E60F 361 KB
142 KB 27ms
11ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/2uoiJ4hP3NUoP9v_eBNfU6CR/recaptcha__de.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a0315120b66d5141c4d2e381fb5b33602ac16ae8a11d3f9b53073c04ed1e2082

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 21:12:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 28048
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 145570
x-xss-protection: 0
last-modified: Mon, 21 Mar 2022 04:03:33 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 28 Mar 2023 21:12:31 GMT

GET
H3 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame E60F 2 KB
2 KB 7ms
7ms Image
image/png 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/2uoiJ4hP3NUoP9v_eBNfU6CR/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/2uoiJ4hP3NUoP9v_eBNfU6CR/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 19:40:09 GMT
x-content-type-options: nosniff
age: 379190
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Thu, 31 Mar 2022 19:40:09 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame E60F 15 KB
15 KB 22ms
6ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 22 Mar 2022 11:18:05 GMT
x-content-type-options: nosniff
age: 582114
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 22 Mar 2023 11:18:05 GMT

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame E60F 15 KB
15 KB 22ms
8ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 22 Mar 2022 18:59:48 GMT
x-content-type-options: nosniff
age: 554411
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 22 Mar 2023 18:59:48 GMT

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame E60F 102 B
134 B 15ms
15ms Other
text/javascript 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=de&v=2uoiJ4hP3NUoP9v_eBNfU6CR

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

b3802ba95862b1fad8da321f4079cbc476e5ddc09a7138d1244c61100111af8f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdJ12kbAAAAAOc3xsOVeEOvsYVw2Z1KebJcXiG8&co=aHR0cHM6Ly9tdXN0c2hhcmVuZXdzLmNvbTo0NDM.&hl=de&v=2uoiJ4hP3NUoP9v_eBNfU6CR&size=invisible&cb=79i2uy298fqs
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 04:59:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112
x-xss-protection: 1; mode=block
expires: Tue, 29 Mar 2022 04:59:59 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
10 KB 39ms
24ms XHR
application/json 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220324&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

98649db6545b06a2a826966cd0ccbb6bbafc823d48143295b97205f5407aaa61

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 29 Mar 2022 04:59:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10677
x-xss-protection: 0

GET
H3

200

/
www.facebook.com/login/ Frame 09A7
Redirect Chain

https://www.facebook.com/v2.9/plugins/page.php?adapt_container_width=true&app_id=403902689943296&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df167...
https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dtrue%26app_id%3D403902689943296%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook....

0
0

121ms
121ms

Document
text/html

2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dtrue%26app_id%3D403902689943296%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df16782fff2c72f%2526domain%253Dmustsharenews.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fmustsharenews.com%25252Ff1ab5eb3fdb7b9c%2526relation%253Dparent.parent%26container_width%3D214%26hide_cover%3Dtrue%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Fmustsharenews%252F%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26small_header%3Dtrue%26tabs%26width%3D265

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=de4ace45495bacc1161ff5c161a7f9ca

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: about:blank

Response headers

vary: Accept-Encoding
content-encoding: br
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: IPBkQlL7B1KZoZdS1V7r9cdynwWbyOGLETIEpIrBA8YiBSmv9AfjkAv8Mkdaj+occAAXhpM+Ku/QLd7hLLQA7w==
date: Tue, 29 Mar 2022 04:59:59 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=0

Redirect headers

location: https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dtrue%26app_id%3D403902689943296%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df16782fff2c72f%2526domain%253Dmustsharenews.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fmustsharenews.com%25252Ff1ab5eb3fdb7b9c%2526relation%253Dparent.parent%26container_width%3D214%26hide_cover%3Dtrue%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Fmustsharenews%252F%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26small_header%3Dtrue%26tabs%26width%3D265
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-opener-policy: unsafe-none
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
facebook-api-version: v10.0
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: 4NxBRBYC67DfvZX3NwT4wiaH2mW3M/1rxGL0XJeL6WTbACEc2y2jVn9B3aMoZVU8ZY6EMR944FMWfRc5EKgMNQ==
content-length: 0
date: Tue, 29 Mar 2022 04:59:59 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 178ms
36ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 04:59:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 29 Mar 2022 04:59:59 GMT

GET
H/1.1 200
OK skudai-rr-final-100x70.jpg
mustsharenews.com/wp-content/uploads/2022/03/ 3 KB
4 KB 29ms
29ms Image
image/jpeg 2606:4700:20::681a:d92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mustsharenews.com/wp-content/uploads/2022/03/skudai-rr-final-100x70.jpg
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:d92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0fb6b4da6262188e5bf45853e853278c4d541f441989fb6e24705475df659e23

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 04:59:59 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 3004
Cf-Polished: degrade=85, origSize=16143, status=webp_bigger
Connection: keep-alive
Content-Length: 3121
Last-Modified: Fri, 25 Mar 2022 06:46:03 GMT
Server: cloudflare
ETag: "3f0f-5db0550f4d6af"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b5h289sQ4kE31ysXJUTj4SM6W7OXXeDEiGqKXNgMFxmNzYpcoOjPQyZcThDKHMRdYzjJTyd8OVOCZBVzvXvjvEaKicXP9Q3SB4H%2Bjbx0kGyT8f8yTglpt7%2BYfOTnZO%2FSi%2Bax1RMt%2BVTgYIGhevZf"}],"group":"cf-nel","max_age":604800}
Content-Type: image/jpeg
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 6f360a0ff8a083a3-MXP
Cf-Bgj: imgq:85,h2pri

GET
H/1.1 200
OK image8-1-100x70.jpg
mustsharenews.com/wp-content/uploads/2022/03/ 2 KB
3 KB 32ms
31ms Image
image/webp 2606:4700:20::681a:d92
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mustsharenews.com/wp-content/uploads/2022/03/image8-1-100x70.jpg
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:d92 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b0e5d4a0c56f2d100d4e4d5a8de61e5388ec801b5c914b8361b4a9ff8b9a8dd0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 04:59:59 GMT
CF-Cache-Status: HIT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Age: 3004
Cf-Polished: qual=85, origFmt=jpeg, origSize=13913
Content-Disposition: inline; filename="image8-1-100x70.webp"
Connection: keep-alive
Content-Length: 2378
Last-Modified: Tue, 22 Mar 2022 06:47:10 GMT
Server: cloudflare
ETag: "3659-5dac8fb787803"
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IpB2rKymhd80ZrSoPavADJDQ1E8Lce2BG7D4V3PURPpYXR5YWn%2FR2vTow2u76I%2FOnQlsn2rpiK%2BYm86Q1CXnhHbtGw9DR4NtSfHacd%2FJOPFSF3D%2FsGn7ebrewAsKJGMwqYSxA25SvHUia%2BNIC99x"}],"group":"cf-nel","max_age":604800}
Content-Type: image/webp
Cache-Control: max-age=14400
Accept-Ranges: bytes
CF-RAY: 6f360a0ff95c3745-MXP
Cf-Bgj: imgq:85,h2pri

POST
H3 200 reload Show response
www.google.com/recaptcha/api2/ Frame E60F 32 KB
18 KB 45ms
44ms XHR
application/json 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/reload?k=6LdJ12kbAAAAAOc3xsOVeEOvsYVw2Z1KebJcXiG8

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/2uoiJ4hP3NUoP9v_eBNfU6CR/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

0d7e2a922aa182391876c23887538233b24a77f8feff03968cfdba4d29e4b530

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdJ12kbAAAAAOc3xsOVeEOvsYVw2Z1KebJcXiG8&co=aHR0cHM6Ly9tdXN0c2hhcmVuZXdzLmNvbTo0NDM.&hl=de&v=2uoiJ4hP3NUoP9v_eBNfU6CR&size=invisible&cb=79i2uy298fqs
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: application/x-protobuffer

Response headers

date: Tue, 29 Mar 2022 04:59:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: private, max-age=0
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18522
x-xss-protection: 1; mode=block
expires: Tue, 29 Mar 2022 04:59:59 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 359A 13 KB
5 KB 25ms
7ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Mar 2022 04:46:23 GMT
expires: Wed, 29 Mar 2023 04:46:23 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 816
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame E401 783 B
534 B 15ms
15ms Document
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

eb3a5598948cbfab22be396b386d679372bb3cc702ca08b9394e454dc238b068

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-5wiBgd/qLrisyCzSh4Y5zQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Tue, 29 Mar 2022 04:59:59 GMT
date: Tue, 29 Mar 2022 04:59:59 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-5wiBgd/qLrisyCzSh4Y5zQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame E401 0
0 124ms
124ms Image
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220324&jk=710278017565655&rc=05ACxne1P61EPHaWUMNz8UZEYbLCJ4pp_P92M0-A5LQ6tvFQbBKJ7b-LHWmVt1bMvCI_HvIpGFmWZIumPTDCYNgewpNH8t-ddGadKsH3mqxJySUre2Of-RhOVoEf0-9f8FKD-naGPGMHvmYPQ89O7CDuI4hIkuyCGalF1QFw4Mqj9dw1dyt1YGlMVgZ4PSiaXCyAuNhIF-AxUU-EYova2Qzg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

GET
H3 200 CGHVXjYJRnLTYRF6fgor0GmLhTjmHb-GVf8novFL6vc.js Show response
pagead2.googlesyndication.com/bg/ Frame 359A 35 KB
14 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CGHVXjYJRnLTYRF6fgor0GmLhTjmHb-GVf8novFL6vc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0861d55e36094672d361117a7e0a2bd0698b8538e61dbf8655ff27a2f14beaf7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 21:17:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27721
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13806
x-xss-protection: 0
last-modified: Tue, 22 Mar 2022 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 28 Mar 2023 21:17:58 GMT

GET
H3

200

/
www.facebook.com/login/ Frame 2865
Redirect Chain

https://www.facebook.com/v2.9/plugins/page.php?adapt_container_width=true&app_id=403902689943296&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df17b...
https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dtrue%26app_id%3D403902689943296%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook....

0
0

94ms
94ms

Document
text/html

2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dtrue%26app_id%3D403902689943296%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df17b205630de0d8%2526domain%253Dmustsharenews.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fmustsharenews.com%25252Ff1ab5eb3fdb7b9c%2526relation%253Dparent.parent%26container_width%3D0%26hide_cover%3Dtrue%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Fmustsharenews%252F%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26small_header%3Dtrue%26tabs%26width%3D265

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=de4ace45495bacc1161ff5c161a7f9ca

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com 'unsafe-eval' .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: about:blank

Response headers

vary: Accept-Encoding
content-encoding: br
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: E1Mq8RCxmvRee+5xDr6UKhmujYRERyZ5DLeN1CpGH1+Jvjk8v+qLLTCUs6jlGM+R38YQ5+gqA4+WwRAlQAIzNw==
date: Tue, 29 Mar 2022 04:59:59 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

location: https://www.facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fplugins%2Fpage.php%3Fadapt_container_width%3Dtrue%26app_id%3D403902689943296%26channel%3Dhttps%253A%252F%252Fstaticxx.facebook.com%252Fx%252Fconnect%252Fxd_arbiter%252F%253Fversion%253D46%2523cb%253Df17b205630de0d8%2526domain%253Dmustsharenews.com%2526is_canvas%253Dfalse%2526origin%253Dhttps%25253A%25252F%25252Fmustsharenews.com%25252Ff1ab5eb3fdb7b9c%2526relation%253Dparent.parent%26container_width%3D0%26hide_cover%3Dtrue%26href%3Dhttps%253A%252F%252Fwww.facebook.com%252Fmustsharenews%252F%26locale%3Den_US%26sdk%3Djoey%26show_facepile%3Dtrue%26small_header%3Dtrue%26tabs%26width%3D265
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-opener-policy: unsafe-none
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
facebook-api-version: v10.0
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: 768cTUh2q4G/07WJKiFTnxu9p087RSNBCTRM1bwIesdgQnd09WtEYgN1VZtPhMY9Er2W3grngcAVYfOI89Pp2w==
content-length: 0
date: Tue, 29 Mar 2022 04:59:59 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 359A 0
9 B 8ms
6ms Image
text/plain 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?rv2xxg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 04:59:59 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 200 rid Show response
match.adsrvr.org/track/ 109 B
545 B 103ms
34ms XHR
application/json 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/rid?ttd_pid=pubmatic&fmt=json
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/158497/5984/pwt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 657739ccd32cecc6f31879cf180d72322699597c4aec63b3cc73c1ced7fbbbfd

Request headers

Referer: https://mustsharenews.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 29 Mar 2022 05:00:00 GMT
x-aspnet-version: 4.0.30319
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://mustsharenews.com
cache-control: private
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length: 109
expires: Thu, 28 Apr 2022 05:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 46ms
45ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gda_r20220324&jk=710278017565655&bg=!r6ylrOjNAAbzJazn0yU7ACkAdvg8Wj7OMRJjz8rSYo_vtgHq_BlFQRRLdq9XmufRumH6NTEyojEb1wIAAABbUgAAAAJoAQcKAEOQxU0f8tI8Lg0wvEovoRSCp8kRADv4XC9TddttJCXyoG34udOT5sK0VOLHZRqR9Y7lJcwYFjzr7It-gRedWWBWEVlYmQLKlhK1fQxkbyudR7Pn4ex6KmJ1hwEug94Qrx4M7ofz3AcALqyldywNPTMhHTFNWshnKlzkYTjhr5ptLxbCSlAUDurgednzbvcUALGpKoFbvpF7ldh2Zlqw1d8gxEW2ptxlufdO_tSY2zEONweu3MxKE8L2pVb53W_7fBkuYO5g8vrhe2ngsTsInsIvaGFGkvByHaZIk7Rzu1Pek7z3mxbg6kdjzBT6J6ne0tyL2o8QfVJGjsf301aErs-95-8TVu4gaZzE0qfVM-RkFRewzRpwl8qlBnxMdoF9WsKgdIAvKK9UFMVMClNEMCH66UFqMhM3-KvfS0Od2mSfDYB2gPgTZCHTY1pZ-0hXSsuZuvVBiuT84BFcMchOQ_mamq4E4k-RHc80iYhR_LfEp6ark4VYPVRa0OvsQ7_g2-_11Wnu1t7XLDnqPF3ARiIMjYNJBnhjhN9afp1lqrMHnf280jgdgFYJVMLfkFRyONeJzmlcrWDFp5C5ERjnpVpMrFDBSR2rUJOYg2hKl2eKOVtA-9q1SEsdLlbsLGxNZHD5BixROoymDor-bY5jdb0Pg3WIdVgW1Gl36YAHvR6YRi7GCkdxCubVXFA7rTCgNPJvOxpl1OKBcjGkahK-Ib0bllV37hUpQfD_NmzlRUK462ZuEsJcwdqSN4qEcggfhKWNRTKguuEd3kr7aUf98-TVZQ3FSJB2dg99Qmt__jKqioQcahWD4d2e7L6j2dqcRDEKVcVtiTtByCDV39Oreh6GFIkLDYiFrdio2AucGHYm24RDvFoQI-q9-Q_IXlJ8Kc_565ge_saQ4nziC-O99Yk5UaF0GlHXlIFkomqFr9Sf9BSjQXGUIxqYOI3u_H6kJouCR2Bxkak9B5kaNFhFP06JhBAz0HEUU9-yPdw3OpDigx7mcmfRedae07Si-GsONOMMIM-phBuvn-Up7-Dp7tF5

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 204 call
adnetwork.adasiaholdings.com/2060/ Frame 0
0 274ms
274ms Preflight 47.74.174.177
ALIBABA-CN-NET Al...

General

Check archive.org

Show headers Download Go to

Full URL: https://adnetwork.adasiaholdings.com/2060/call?cklb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 47.74.174.177 Singapore, Singapore, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,save-data
Origin: https://mustsharenews.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Tue, 29 Mar 2022 05:00:00 GMT
access-control-allow-credentials: true
access-control-allow-headers: content-type,save-data
access-control-allow-methods: GET,HEAD,POST
access-control-allow-origin: https://mustsharenews.com
vary: Origin

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 46ms
28ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=mustsharenews.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032103.js?cb=31065882

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 29 Mar 2022 05:00:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 45ms
28ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=mustsharenews.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032103.js?cb=31065882

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 29 Mar 2022 05:00:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 40ms
40ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_tt_blk&pvsid=710278017565655&vrg=2022032103&nw_id=21622890900%5C%2C22537359798&nslots=10&eid=31065882%2C31065402%2C31063247&pub_url=https%3A%2F%2Fmustsharenews.com%2Fspf-arrest-scams%2F%3FisentiaPostId%3Dpost-1&res=c&sig=0&req=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 34 KB
14 KB 445ms
445ms XHR
text/plain 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=710278017565655&correlator=4398925355386457&eid=31065882%2C31065402%2C31063247%2C31065517&output=ldjh&gdfp_req=1&vrg=2022032103&ptt=17&impl=fifs&iu_parts=21622890900%3A22537359798%2CSG_mustsharenews.com_res_article_mid6_336x280%2C300x250&enc_prev_ius=%2F0%2F1%2F%2F2&prev_iu_szs=300x250%7C336x280&ifi=3&adks=3624312603&sfv=1-0-38&ecs=20220329&fsapi=false&eri=1&cust_params=url%3D%252Fspf-arrest-scams%252F%26ref%3Dnull%26param%253AisentiaPostId%3Dpost-1&sc=1&cookie=ID%3Db17120d3de7eb68d-22e01fda66cd0022%3AT%3D1648529998%3ART%3D1648529998%3AS%3DALNI_MaO-o16uc8r6ZoLLzedGbP0iyFcVQ&arp=1&abxe=1&dt=1648530000464&lmt=1648530000&dlt=1648529997642&idt=869&biw=1600&bih=1200&adxs=266&adys=5209&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fmustsharenews.com%2Fspf-arrest-scams%2F%3FisentiaPostId%3Dpost-1&frm=20&vis=1&scr_x=0&scr_y=0&psz=696x0&msz=300x0&fws=132&ohw=1600&ga_vid=1334310438.1648529998&ga_sid=1648529998&ga_hid=1890991456&ga_fc=true&btvi=1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032103.js?cb=31065882

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

66317b7d838b4368690c48517dd4e22cdf660e2b0152e607bf6664c2ca4cfa7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:00 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: 212292
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14683
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-mediationtag-id: 314457
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://mustsharenews.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 20 KB
9 KB 1346ms
1345ms XHR
text/plain 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=710278017565655&correlator=4398925355386457&eid=31065882%2C31065402%2C31063247%2C31065517&output=ldjh&gdfp_req=1&vrg=2022032103&ptt=17&impl=fifs&iu_parts=21622890900%3A22537359798%2CSG_mustsharenews.com_res_article_mid5_336x280%2C300x250&enc_prev_ius=%2F0%2F1%2F%2F2&prev_iu_szs=300x250%7C336x280&ifi=4&adks=4227454490&sfv=1-0-38&ecs=20220329&fsapi=false&eri=1&cust_params=url%3D%252Fspf-arrest-scams%252F%26ref%3Dnull%26param%253AisentiaPostId%3Dpost-1&sc=1&cookie=ID%3Db17120d3de7eb68d-22e01fda66cd0022%3AT%3D1648529998%3ART%3D1648529998%3AS%3DALNI_MaO-o16uc8r6ZoLLzedGbP0iyFcVQ&arp=1&abxe=1&dt=1648530000474&lmt=1648530000&dlt=1648529997642&idt=869&biw=1600&bih=1200&adxs=266&adys=4712&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fmustsharenews.com%2Fspf-arrest-scams%2F%3FisentiaPostId%3Dpost-1&frm=20&vis=1&scr_x=0&scr_y=0&psz=696x0&msz=300x0&fws=132&ohw=1600&ga_vid=1334310438.1648529998&ga_sid=1648529998&ga_hid=1890991456&ga_fc=true&btvi=2&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032103.js?cb=31065882

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

f730ac7906b25410e1d42d28baef62103fb251ed8d86b1b43ebce610b527973a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:01 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8824
x-xss-protection: 0
google-lineitem-id: 5460088530
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138321168824
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://mustsharenews.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 31 KB
13 KB 1187ms
1185ms XHR
text/plain 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=710278017565655&correlator=4398925355386457&eid=31065882%2C31065402%2C31063247%2C31065517&output=ldjh&gdfp_req=1&vrg=2022032103&ptt=17&impl=fifs&iu_parts=21622890900%3A22537359798%2CSG_mustsharenews.com_res_article_mid4_336x280%2C300x250&enc_prev_ius=%2F0%2F1%2F%2F2&prev_iu_szs=300x250%7C336x280&ifi=5&adks=3514762643&sfv=1-0-38&ecs=20220329&fsapi=false&eri=1&cust_params=url%3D%252Fspf-arrest-scams%252F%26ref%3Dnull%26param%253AisentiaPostId%3Dpost-1&sc=1&cookie=ID%3Db17120d3de7eb68d-22e01fda66cd0022%3AT%3D1648529998%3ART%3D1648529998%3AS%3DALNI_MaO-o16uc8r6ZoLLzedGbP0iyFcVQ&arp=1&abxe=1&dt=1648530000491&lmt=1648530000&dlt=1648529997642&idt=869&biw=1600&bih=1200&adxs=266&adys=4378&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fmustsharenews.com%2Fspf-arrest-scams%2F%3FisentiaPostId%3Dpost-1&frm=20&vis=1&scr_x=0&scr_y=0&psz=696x0&msz=300x0&fws=132&ohw=1600&ga_vid=1334310438.1648529998&ga_sid=1648529998&ga_hid=1890991456&ga_fc=true&btvi=3&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032103.js?cb=31065882

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

9aaa9b664435c411b50baa77c6dc1b91f13cf69aebe60fc4a774512a49f3f171

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:01 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: 212292
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13751
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-mediationtag-id: 314457
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://mustsharenews.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 20 KB
9 KB 2219ms
2216ms XHR
text/plain 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=710278017565655&correlator=4398925355386457&eid=31065882%2C31065402%2C31063247%2C31065517&output=ldjh&gdfp_req=1&vrg=2022032103&ptt=17&impl=fifs&iu_parts=21622890900%3A22537359798%2CSG_mustsharenews.com_res_article_leaderboard_728x90%2C320x100%2C320x50&enc_prev_ius=%2F0%2F1%2F%2F2%2F%2F3&prev_iu_szs=728x90%7C970x90&ifi=6&adks=1573795440&sfv=1-0-38&ecs=20220329&fsapi=false&eri=1&cust_params=url%3D%252Fspf-arrest-scams%252F%26ref%3Dnull%26param%253AisentiaPostId%3Dpost-1&sc=1&cookie=ID%3Db17120d3de7eb68d-22e01fda66cd0022%3AT%3D1648529998%3ART%3D1648529998%3AS%3DALNI_MaO-o16uc8r6ZoLLzedGbP0iyFcVQ&arp=1&abxe=1&dt=1648530000496&lmt=1648530000&dlt=1648529997642&idt=869&biw=1600&bih=1200&adxs=436&adys=955&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fmustsharenews.com%2Fspf-arrest-scams%2F%3FisentiaPostId%3Dpost-1&frm=20&vis=1&scr_x=0&scr_y=0&psz=1600x0&msz=728x0&fws=132&ohw=1600&ga_vid=1334310438.1648529998&ga_sid=1648529998&ga_hid=1890991456&ga_fc=true&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032103.js?cb=31065882

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

2e4267cd6071f8c3fefce3cc1a3adef1dea699bcc1233b758bc26961a18d899f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:02 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9080
x-xss-protection: 0
google-lineitem-id: 5142635662
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138280972953
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://mustsharenews.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 28 KB
13 KB 2577ms
2575ms XHR
text/plain 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=710278017565655&correlator=4398925355386457&eid=31065882%2C31065402%2C31063247%2C31065517&output=ldjh&gdfp_req=1&vrg=2022032103&ptt=17&impl=fifs&iu_parts=21622890900%3A22537359798%2CSG_mustsharenews.com_pc_article_right2_sticky_300x600%2C160x600%2C120x600%2C300x250&enc_prev_ius=%2F0%2F1%2F%2F2%2F%2F3%2F%2F4&prev_iu_szs=300x250%7C300x600%7C160x600%7C120x600&ifi=7&adks=2180384200&sfv=1-0-38&ecs=20220329&fsapi=false&eri=1&cust_params=url%3D%252Fspf-arrest-scams%252F%26ref%3Dnull%26param%253AisentiaPostId%3Dpost-1&sc=1&cookie=ID%3Db17120d3de7eb68d-22e01fda66cd0022%3AT%3D1648529998%3ART%3D1648529998%3AS%3DALNI_MaO-o16uc8r6ZoLLzedGbP0iyFcVQ&arp=1&abxe=1&dt=1648530000504&lmt=1648530000&dlt=1648529997642&idt=869&biw=1600&bih=1200&adxs=1010&adys=2217&ucis=5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fmustsharenews.com%2Fspf-arrest-scams%2F%3FisentiaPostId%3Dpost-1&frm=20&vis=1&scr_x=0&scr_y=0&psz=324x0&msz=300x0&fws=132&ohw=1600&ga_vid=1334310438.1648529998&ga_sid=1648529998&ga_hid=1890991456&ga_fc=true&btvi=4&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032103.js?cb=31065882

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

8c6bc6804d1a8f7dfd6f739199f0c1b233778c8a06e4cea6fa42560332f2e6f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:03 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: 212292
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12874
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-mediationtag-id: 314457
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://mustsharenews.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 31 KB
14 KB 986ms
983ms XHR
text/plain 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=710278017565655&correlator=4398925355386457&eid=31065882%2C31065402%2C31063247%2C31065517&output=ldjh&gdfp_req=1&vrg=2022032103&ptt=17&impl=fifs&iu_parts=21622890900%3A22537359798%2CSG_mustsharenews.com_res_article_right1_300x250%2C320x100%2C320x50&enc_prev_ius=%2F0%2F1%2F%2F2%2F%2F3&prev_iu_szs=300x250&ifi=8&adks=244849635&sfv=1-0-38&ecs=20220329&fsapi=false&eri=1&cust_params=url%3D%252Fspf-arrest-scams%252F%26ref%3Dnull%26param%253AisentiaPostId%3Dpost-1&sc=1&cookie=ID%3Db17120d3de7eb68d-22e01fda66cd0022%3AT%3D1648529998%3ART%3D1648529998%3AS%3DALNI_MaO-o16uc8r6ZoLLzedGbP0iyFcVQ&arp=1&abxe=1&dt=1648530000507&lmt=1648530000&dlt=1648529997642&idt=869&biw=1600&bih=1200&adxs=1010&adys=1638&ucis=6&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fmustsharenews.com%2Fspf-arrest-scams%2F%3FisentiaPostId%3Dpost-1&frm=20&vis=1&scr_x=0&scr_y=0&psz=324x0&msz=300x0&fws=132&ohw=1600&ga_vid=1334310438.1648529998&ga_sid=1648529998&ga_hid=1890991456&ga_fc=true&btvi=5&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032103.js?cb=31065882

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

385fa48bed8588a41246baa4d39433f452270af2335e7d4e6b6874ad01484b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:01 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: 212292
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13967
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-mediationtag-id: 314457
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://mustsharenews.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 30 KB
13 KB 2778ms
2776ms XHR
text/plain 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=710278017565655&correlator=4398925355386457&eid=31065882%2C31065402%2C31063247%2C31065517&output=ldjh&gdfp_req=1&vrg=2022032103&ptt=17&impl=fifs&iu_parts=21622890900%3A22537359798%2CSG_mustsharenews.com_res_article_bottom_300x250%2C336x280&enc_prev_ius=%2F0%2F1%2F%2F2&prev_iu_szs=300x250%7C336x280%7C640x360&ifi=9&adks=3923764495&sfv=1-0-38&ecs=20220329&fsapi=false&eri=1&cust_params=url%3D%252Fspf-arrest-scams%252F%26ref%3Dnull%26param%253AisentiaPostId%3Dpost-1&sc=1&cookie=ID%3Db17120d3de7eb68d-22e01fda66cd0022%3AT%3D1648529998%3ART%3D1648529998%3AS%3DALNI_MaO-o16uc8r6ZoLLzedGbP0iyFcVQ&arp=1&abxe=1&dt=1648530000512&lmt=1648530000&dlt=1648529997642&idt=869&biw=1600&bih=1200&adxs=266&adys=5447&ucis=7&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fmustsharenews.com%2Fspf-arrest-scams%2F%3FisentiaPostId%3Dpost-1&frm=20&vis=1&scr_x=0&scr_y=0&psz=696x0&msz=300x0&fws=132&ohw=1600&ga_vid=1334310438.1648529998&ga_sid=1648529998&ga_hid=1890991456&ga_fc=true&btvi=6&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032103.js?cb=31065882

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

87c6aac23d0c0b018f8a94fbeeea65d4bf9ea0ca8649167664f27a58f7838027

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:03 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: 212292
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13342
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-mediationtag-id: 314457
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://mustsharenews.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 27 KB
12 KB 639ms
637ms XHR
text/plain 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=710278017565655&correlator=4398925355386457&eid=31065882%2C31065402%2C31063247%2C31065517&output=ldjh&gdfp_req=1&vrg=2022032103&ptt=17&impl=fifs&iu_parts=21622890900%3A22537359798%2CSG_mustsharenews.com_res_article_mid3_300x250%2C336x280&enc_prev_ius=%2F0%2F1%2F%2F2&prev_iu_szs=300x250%7C336x280%7C640x360&ifi=10&adks=1037569062&sfv=1-0-38&ecs=20220329&fsapi=false&eri=1&cust_params=url%3D%252Fspf-arrest-scams%252F%26ref%3Dnull%26param%253AisentiaPostId%3Dpost-1&sc=1&cookie=ID%3Db17120d3de7eb68d-22e01fda66cd0022%3AT%3D1648529998%3ART%3D1648529998%3AS%3DALNI_MaO-o16uc8r6ZoLLzedGbP0iyFcVQ&arp=1&abxe=1&dt=1648530000517&lmt=1648530000&dlt=1648529997642&idt=869&biw=1600&bih=1200&adxs=266&adys=3363&ucis=8&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fmustsharenews.com%2Fspf-arrest-scams%2F%3FisentiaPostId%3Dpost-1&frm=20&vis=1&scr_x=0&scr_y=0&psz=696x0&msz=300x0&fws=132&ohw=1600&ga_vid=1334310438.1648529998&ga_sid=1648529998&ga_hid=1890991456&ga_fc=true&btvi=7&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032103.js?cb=31065882

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

1d9b2d36253b07e95fcbb4abe1b6a32e8e155fcb8d91d30d2b6526e0ad2c0beb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:01 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: 211995
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11966
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-mediationtag-id: 314490
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://mustsharenews.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 20 KB
9 KB 1725ms
1723ms XHR
text/plain 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=710278017565655&correlator=4398925355386457&eid=31065882%2C31065402%2C31063247%2C31065517&output=ldjh&gdfp_req=1&vrg=2022032103&ptt=17&impl=fifs&iu_parts=21622890900%3A22537359798%2CSG_mustsharenews.com_res_article_mid2_300x250%2C336x280&enc_prev_ius=%2F0%2F1%2F%2F2&prev_iu_szs=300x250%7C336x280%7C640x360&ifi=11&adks=2765769448&sfv=1-0-38&ecs=20220329&fsapi=false&eri=1&cust_params=url%3D%252Fspf-arrest-scams%252F%26ref%3Dnull%26param%253AisentiaPostId%3Dpost-1&sc=1&cookie=ID%3Db17120d3de7eb68d-22e01fda66cd0022%3AT%3D1648529998%3ART%3D1648529998%3AS%3DALNI_MaO-o16uc8r6ZoLLzedGbP0iyFcVQ&arp=1&abxe=1&dt=1648530000521&lmt=1648530000&dlt=1648529997642&idt=869&biw=1600&bih=1200&adxs=266&adys=2895&ucis=9&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fmustsharenews.com%2Fspf-arrest-scams%2F%3FisentiaPostId%3Dpost-1&frm=20&vis=1&scr_x=0&scr_y=0&psz=696x0&msz=300x0&fws=132&ohw=1600&ga_vid=1334310438.1648529998&ga_sid=1648529998&ga_hid=1890991456&ga_fc=true&btvi=8&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032103.js?cb=31065882

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

bedd2d0cf34753a548f61ae2873658453e5ef3a26f82f4c9fb219c1bcb6807f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:02 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8832
x-xss-protection: 0
google-lineitem-id: 5460088530
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138321177347
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://mustsharenews.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 30 KB
13 KB 2001ms
2000ms XHR
text/plain 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=710278017565655&correlator=4398925355386457&eid=31065882%2C31065402%2C31063247%2C31065517&output=ldjh&gdfp_req=1&vrg=2022032103&ptt=17&impl=fifs&iu_parts=21622890900%3A22537359798%2CSG_mustsharenews.com_res_article_mid1_autoads&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250%7C336x280%7C320x180&ifi=12&adks=1654143143&sfv=1-0-38&ecs=20220329&fsapi=false&prev_scp=hb_format%3Dbanner%26hb_source%3Dclient%26hb_size%3D300x250%26ats_hb_pb%3D0.02%26hb_adid%3D131fa6dee04e295f%26ats_hb_bidder%3Dtriplelift&eri=1&cust_params=url%3D%252Fspf-arrest-scams%252F%26ref%3Dnull%26param%253AisentiaPostId%3Dpost-1&sc=1&cookie=ID%3Db17120d3de7eb68d-22e01fda66cd0022%3AT%3D1648529998%3ART%3D1648529998%3AS%3DALNI_MaO-o16uc8r6ZoLLzedGbP0iyFcVQ&arp=1&abxe=1&dt=1648530000525&lmt=1648530000&dlt=1648529997642&idt=869&biw=1600&bih=1200&adxs=266&adys=1423&ucis=a&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&url=https%3A%2F%2Fmustsharenews.com%2Fspf-arrest-scams%2F%3FisentiaPostId%3Dpost-1&frm=20&vis=1&scr_x=0&scr_y=0&psz=696x0&msz=300x0&fws=132&ohw=1600&ga_vid=1334310438.1648529998&ga_sid=1648529998&ga_hid=1890991456&ga_fc=true&btvi=9&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032103.js?cb=31065882

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

0b5722a0cc75bae244d762078d4134a0e1a8de2f5628833114f64ae2a9c47777

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:02 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: 212292
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13522
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-mediationtag-id: 314457
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://mustsharenews.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame C58F 6 KB
4 KB 82ms
22ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032103.js?cb=31065882

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Tue, 29 Mar 2022 05:00:00 GMT
expires: Wed, 29 Mar 2023 05:00:00 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aip
adnetwork.adasiaholdings.com/h/ 43 B
189 B 261ms
261ms Image
image/gif 47.74.174.177
ALIBABA-CN-NET Al...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://adnetwork.adasiaholdings.com/h/aip?uii=595146138828408176&tmstp=1784654543&ckid=0&systgt=%24qc%3d1311284246%3b%24ql%3dUnknown%3b%24qpc%3d60311%3b%24qt%3d25_1045_42811t%3b%24dma%3d0%3b%24b%3d16990%3b%24o%3d11100%3b%24sw%3d1600%3b%24sh%3d1200%3b%24wpc%3d5753%3b%24wpc%3d5755%3b%24wpc%3d5813%3b%24wpc%3d5917%3b%24wpc%3d5918%3b%24wpc%3d5977%3b%24wpc%3d5978%3b%24wpc%3d5890%3b%24wpc%3d5892%3b%24wpc%3d5839%3b%24wpc%3d5841%3b%24wpc%3d5844%3b%24wpc%3d5823%3b%24wpc%3d5825%3b%24wpc%3d5828%3b%24wpc%3d5830%3b%24wpc%3d5801%3b%24wpc%3d5804%3b%24wpc%3d5805%3b%24wpc%3d5807%3b%24wpc%3d5809%3b%24wpc%3d5810%3b%24wpc%3d5812%3b%24wpc%3d5757%3b%24wpc%3d5759%3b%24wpc%3d5771%3b%24wpc%3d5774%3b%24wpc%3d5775%3b%24wpc%3d5778%3b%24wpc%3d5779%3b%24wpc%3d5782%3b%24wpc%3d5783%3b%24wpc%3d5739%3b%24wpc%3d5741%3b%24wpc%3d5744%3b%24wpc%3d6052%3b%24wpc%3d6054%3b%24wpc%3d6055%3b%24wpc%3d6001%3b%24wpc%3d6002%3b%24wpc%3d6005%3b%24wpc%3d5985%3b%24wpc%3d5986%3b%24wpc%3d5989%3b%24wpc%3d5990%3b%24wpc%3d5993%3b%24wpc%3d5962%3b%24wpc%3d5965%3b%24wpc%3d5967%3b%24wpc%3d5968%3b%24wpc%3d5971%3b%24wpc%3d5973%3b%24wpc%3d5975%3b%24wpc%3d5947%3b%24wpc%3d5948%3b%24wpc%3d5951%3b%24wpc%3d5953%3b%24wpc%3d5955%3b%24wpc%3d5920%3b%24wpc%3d5921%3b%24wpc%3d5924%3b%24wpc%3d5933%3b%24wpc%3d5935%3b%24wpc%3d5937%3b%24wpc%3d5939%3b%24wpc%3d5941%3b%24wpc%3d5943%3b%24wpc%3d5945%3b%24wpc%3d5904%3b%24wpc%3d5906%3b%24wpc%3d5907%3b%24wpc%3d5910%3b%24wpc%3d5912%3b%24wpc%3d5914%3b%24wpc%3d5443%3b%24wpc%3d1263%3b%24wpc%3d6317%3b%24wpc%3d6316%3b%24wpc%3d1335%3b%24wpc%3d1336%3b%24wpc%3d1338%3b%24wpc%3d1339%3b%24wpc%3d1340%3b%24wpc%3d1342%3b%24wpc%3d1343%3b%24wpc%3d1344%3b%24wpc%3d1345%3b%24wpc%3d7823&acd=1648530000653&envtype=0&opid=7ae0819c-8698-495f-a91a-92509ec50abc&opdt=1648530000653&siteid=277322&tgt=%24dt%3d1t&gdpr=1&pgid=1027690&fmtid=44269&statid=3&visit=s
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 47.74.174.177 Singapore, Singapore, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:00 GMT
cache-control: no-cache,no-store
content-type: image/gif
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"

GET
H3 200 container.html Show response
d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame F8A3 6 KB
3 KB 22ms
7ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032103.js?cb=31065882

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Mar 2022 05:00:00 GMT
expires: Wed, 29 Mar 2023 05:00:00 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame F8A3 0
0 23ms
22ms Fetch
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CDaeDUJJCYrHJIsqN7_UPm_GL2Aj-0_evXM7PvdjqAsCNtwEQASAAYJWioIKwB4IBF2NhLXB1Yi05MDU4MjkxODU0NDQzODgxyAEJ4AIAqAMBqgTDAk_Q9dFYejy6rjrR4ufFf5hjkeEcCwlMTyEnx2-w8p4r2IkdJZT00NRHsSf8iNFXemfww2bR8gqk8S_70BmijhzDDF-qwTFuthnbC6BwcTnQspa6c9fVgP7ZdZO_NLVhoy46njuJ0s-yFuE8nLtjezuiSmrPu4DpMeodHaR-O6PVEGy9DZnPkF7HSzJT98y6VLmFBGimVXVlf0h6P7zVHARnrNv856OC38NS6RK9ex3BFUzcjHT5WuM4vIOa000kEaLFy2lSdGg5wpHf9U-umVyM56lmoKclhDeBLydsxbPtuLuZbWbhww5gwJA6A4ZbwlY9nML78gA-DzBTsl698UqO-iiUJil0gqwjQF5HLhdp9Q2Cf7tQ3xcq3tZ4qCQNAO7CF2qZUnshrABLPZDI0nnW5o0G7_dt7mEYpRw1XFA8ibJv4AQBgAb_3tqthLOumfsBoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAHyCBthZHgtc3Vic3luLTI4MDkyMDc3MzQ5MDYzNjmACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItOTA1ODI5MTg1NDQ0Mzg4MRi212k&sigh=6qiRGmwoTqc&uach_m=[UACH]&cid=CAQSPACNIrLMyRufb0pNvRncCMmBhoaXG6pvzK7GuR3gFVgPcc5Hh6aO3diRo-ZLqjBCJFFyIZFKVO6vlH2AKxgB&tpd=AGWhJmvFFSdXfu9YMPyt7tnG1V-hhebmhGWarMmYJIlh-F-EQiDdQSDEpEOK4hK5BKg2dcPEJm-7wE8kQqCnA3EGIdpGq6F1xsCWlpnwV9DStcqPs3nFwLMSnrwtqAHZonpFd6BEIDf03jm3RMFHtF_YG1iMLqCUpdnh4V8rnEwd_iSvMpAvHCDLV8VSrmx8x0RSrVUH5sHEpRrPOCGaHZP_mk2537uEW9rZBKTk7tx9i503Ma3jp5D-lBo7k-cFTbZvEVhV5O-Y8kJ0pi9a44SzTVUUcu4Gfo-O4Lma5BF6y_gUIZt8VdwG_O1NmX_6yWSw97G2I4Balf5Ad97RyBXEr1nD7WQomhbTkPZxAqYqRFLw8z4U2Xfy6Oj0Xi5jWi0v2NIj_3ZwsUlxVw6T29nt0CzAYjIK9uYABKXDQDLZyCKavEBC7CpVbmmzc6fho5bN7BA56C57SgLCO_ilrX_rqCc0mPgth6AQoJltzntCn9ccpwSqhpgJ9p_-FNO-uSb3gGTQptPlrl34GT2zGiVgGLvRZwtfjWmQkohHDxQNC94W-E4D87oSSSrHGg7LWREmI2r0sNGRBZf3hMKeVTfZqoHfqTlhlWzbM38XWOm_E0UmCct2XW7AnZR5rwTOBenI-5BlcOnPZHDJj7G6PTQW5h-00Eddif1te6kkYzpAwFGg__p3nywPBdoYOk2O5wykrQRlOCbmk-ATk3IOv8YGFSCuCHMBc3hwTp90zxdTNbUsNUNhit-kz1hHeGULDevwR3PTME5fOZi41OBUSZiABtepKZ9cpaSVqzMw_1trLR-FV4pGkk2anJQv2Klb97xOywh9vlrLQR4j6NzgJFgIasx8IH3IK6iCCPh3KkhCJJLWaHQJ99l-lMQQVg8zIS1HFSVGGbEryLfXrQ5GOQ
Requested by: Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s52-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

GET
H2 200 dcmads.js Show response
www.googletagservices.com/dcm/ Frame F8A3 11 KB
5 KB 32ms
7ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

503a1dd70b8b9c286875f5f7de72bce93c664b79f3fcfeefa1150d2384df33a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 04:14:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2706
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5008
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 18:23:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 29 Mar 2022 05:14:55 GMT

GET
H/1.1 200
OK rubicon
de1-bid.adsrvr.org/bid/feedback/ Frame F8A3 807 B
1 KB 33ms
8ms Image
image/gif 13.248.151.244
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://de1-bid.adsrvr.org/bid/feedback/rubicon?t=1&iid=09b98f2a-9940-4e5b-9ae1-8a4570d2a377&crid=1e7nlzp2&wp=D73D2D86FA739BE8&aid=1&wpc=USD&sfe=147a1250&puid=&tdid=&pid=vko50on&ag=a99jcch&adv=kywm6zw&sig=1edfu-qvHBJ2TXJGLvwBTaH_1lPl4KdpLOFejhTzFzI0.&bp=0.11714023337993907983&cf=3176281&fq=0&td_s=mustsharenews.com&rcats=&mcat=&mste=&mfld=3&mssi=&mfsi=&uhow=55&agsa=&rgz=&svbttd=1&dt=PC&osf=Windows&os=Windows10&br=Chrome&rlangs=en&mlang=&svpid=21468&did=&rcxt=Other&lat=51.570000&lon=7.440000&tmpc=6.12&daid=&vp=0&osi=&osv=&mk=Google&mdl=Chrome%20-%20Windows&c=CgdHZXJtYW55GgA4AUABUAeAAQCIAQGQAQE.&dur=CjAKDGNoYXJnZS1hbGwtMSIgCP___________wESE3R0ZF9kYXRhX2V4Y2x1c2lvbnMKOwodY2hhcmdlLWFsbFRUREN1c3RvbUNvbnRleHR1YWwiGgja__________8BEg10dGRjb250ZXh0dWFsCkgKIWNoYXJnZS1hbGxNb2F0Vmlld2FiaWxpdHlUcmFja2luZyIjCKX__________wESDm1vYXQtcmVwb3J0aW5nKgYIoI0GGAw.&durs=dwsLA4&crrelr=&ipl=/21622890900/SG_mustsharenews.com_res_article_mid6_336x280//300x250&pcm=1&grdc=CAEYASABKAFAAUgC&vc=3&cx=-5178883614526245302&said=2da623d5c2c71d4232883de21824387238eeb5d5&ict=Unknown&auct=1&cxlvs=0&im=1&mc=ec8ba4fc-052c-47ff-86ff-0d7df7787e6f&tail=1
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 13.248.151.244 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ad9411418cf2cdacd.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 3ca19e57c9a2465ae4df271316ba4d29e7ff7f113a2a2c5297780c0b7a0ac09d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:00 GMT
server: Kestrel
transfer-encoding: chunked
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
cache-control: must-revalidate, no-cache
connection: close
content-type: image/gif

GET
H2

200

v2
odr.mookie1.com/t/ Frame F8A3
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=mookie-ps&ttd_tpi=1
https://odr.mookie1.com/t/v2?tagid=V2_2087&src.visitorId=514a4b88-0dfd-434d-a84a-f5d9ce432a25&gdpr=1&gdpr_consent=

43 B
324 B

59ms
15ms

Image
image/gif

34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2?tagid=V2_2087&src.visitorId=514a4b88-0dfd-434d-a84a-f5d9ce432a25&gdpr=1&gdpr_consent=
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:01 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:01 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://odr.mookie1.com/t/v2?tagid=V2_2087&src.visitorId=514a4b88-0dfd-434d-a84a-f5d9ce432a25&gdpr=1&gdpr_consent=
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 259

GET
H3

200

v4
metrics.getrockerbox.com/track/ Frame F8A3
Redirect Chain

https://metrics.getrockerbox.com/track/v4?source=weight_watchers_subscription_germany&tier_one=ttd-display&tier_two=0a7a8j6&tier_three=a99jcch&tier_four=1e7nlzp2
https://secure.adnxs.com/getuid?https%3A%2F%2Fmetrics.getrockerbox.com%2Ftrack%2Fv4%3Fuid%3D%24UID%26source%3Dweight_watchers_subscription_germany%26tier_one%3Dttd-display%26tier_two%3D0a7a8j6%26ti...
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fmetrics.getrockerbox.com%252Ftrack%252Fv4%253Fuid%253D%2524UID%2526source%253Dweight_watchers_subscription_germany%2526tier_one%253Dt...
https://metrics.getrockerbox.com/track/v4?uid=3274717522904464586&source=weight_watchers_subscription_germany&tier_one=ttd-display&tier_two=0a7a8j6&tier_three=a99jcch&tier_four=1e7nlzp2&uid_ts=1648...

44 B
624 B

201ms
144ms

Image
image/gif

104.21.58.221
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://metrics.getrockerbox.com/track/v4?uid=3274717522904464586&source=weight_watchers_subscription_germany&tier_one=ttd-display&tier_two=0a7a8j6&tier_three=a99jcch&tier_four=1e7nlzp2&uid_ts=1648530001
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Server: 104.21.58.221 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 039a8bb6d736466063dde3c2a80d71d54456a7875cb1654263058bc69c1c042d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:01 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iX%2FGvIVmI45waKfa88KZu%2F06HdZc%2FvBmhI0TrwPuibK0ij4mLpYXRWaTo%2FwN8MYNo1kXJMhm236102VdFEAn0BFh5CKaqbjJFtkUOe8KdTXcTH8AMP5nofMfhUJpFb2MMdJKU5U5Aftg7zo%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cf-ray: 6f360a1ea86554e2-MAN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

Pragma: no-cache
Date: Tue, 29 Mar 2022 05:00:01 GMT
X-Proxy-Origin: 217.64.151.30; 217.64.151.30; 535.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 7f4ffde6-1e65-44fe-8d21-947fc6d98749
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://metrics.getrockerbox.com/track/v4?uid=3274717522904464586&source=weight_watchers_subscription_germany&tier_one=ttd-display&tier_two=0a7a8j6&tier_three=a99jcch&tier_four=1e7nlzp2&uid_ts=1648530001
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 ca Show response
choices.truste.com/ Frame F8A3 27 KB
10 KB 75ms
22ms Script
text/javascript 18.64.115.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.truste.com/ca?pid=tradedesk01&aid=tradedesk01&cid=0a7a8j6_a99jcch_1e7nlzp2&c=tradedesk01cont1&js=pmw0&w=300&h=250&sid=0
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.64.115.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-64-115-76.txl50.r.cloudfront.net
Software: nginx /
Resource Hash: 1e7f48b89d19cf8b368b05e374c9353785e0761a458b04f58126235998f08fbc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 04:10:13 GMT
content-encoding: gzip
server: nginx
age: 2988
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 f67cb1e6517f8abcedeb3b0734a257bc.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-amz-cf-pop: TXL50-P4
x-amz-cf-id: ImdPGhw-HyCBL4nzqoR_baK5Bt-Dr88lYQ8BVLr6JLmeDHKDidZsXA==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 moatad.js Show response
z.moatads.com/thetradedeskv275874568748/ Frame F8A3 328 KB
111 KB 29ms
11ms Script
application/x-javascript 2.21.143.57
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/thetradedeskv275874568748/moatad.js
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.21.143.57 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-21-143-57.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 9a4e1114258ebc7c5d03787c93a4f65c74ab07805b33a2cd06064e9ac81144ba

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:01 GMT
content-encoding: gzip
last-modified: Thu, 24 Mar 2022 16:09:45 GMT
server: AmazonS3
x-amz-request-id: C60E4C0GTVSS1DGW
etag: "7012cb4cc249ec57d9d7cc38f2f9483c"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=64055
accept-ranges: bytes
content-length: 113018
x-amz-id-2: I8l4JDKUv6HcTm8lR2wt6IKLiOJ/bEDSZZ7WUSZul9QsxttuvzQ4S1rDcd9vVR6sQxUCphx/Ny0=

GET
H/1.1 200
OK analytics.js Show response
s.update.adsrvr.org/2/357427/ Frame F8A3 6 KB
3 KB 195ms
28ms Script
text/javascript 18.203.209.222
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.update.adsrvr.org/2/357427/analytics.js?pd=avt&pp=21468&dm=300x250&cb=1648530000&di=mustsharenews.com&ui=&ti=09b98f2a-9940-4e5b-9ae1-8a4570d2a377&ap=&r7=&pv=940ddcb5-57e2-4786-a3f1-2dc32de7d904&to=3&de=2&md=1&dt=3574271504888517674019&ac=0a7a8j6&sr=rubicon

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

18.203.209.222 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-203-209-222.eu-west-1.compute.amazonaws.com

Software

Resource Hash

66f3053245163ba61eba3e89073a71b8b9b51689ce9f722873b7bc4c1d393c81

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 29 Mar 2022 05:00:00 GMT
Content-Encoding: gzip
Accept-Ch: Viewport-Width, Viewport-Height, Width, DPR, RTT, ECT, Device-Memory, Downlink, Save-Data
Vary: *
Content-Type: text/javascript; charset=utf-8
Cache-Control: no-cache, no-store, must-revalidate, no-transform, private, max-age=0
Strict-Transport-Security: max-age=31536000; includeSubDomains
Timing-Allow-Origin: *
Content-Length: 2881
Expires: 0

GET
H2 200 /
insight.adsrvr.org/enduser/pie/ Frame F8A3 807 B
925 B 35ms
34ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://insight.adsrvr.org/enduser/pie/?rtb=dD0xJmlpZD0wOWI5OGYyYS05OTQwLTRlNWItOWFlMS04YTQ1NzBkMmEzNzcmY3JpZD0xZTdubHpwMiZ3cD0ke0FVQ1RJT05fUFJJQ0U6QkZ9JmFpZD0xJndwYz1VU0Qmc2ZlPTE0N2ExMjUwJnB1aWQ9JnRkaWQ9JnBpZD12a281MG9uJmFnPWE5OWpjY2gmYWR2PWt5d202encmYnA9MC4xMTcxNDAyMzMzNzk5MzkwNzk4MyZjZj0zMTc2MjgxJmZxPTAmdGRfcz1tdXN0c2hhcmVuZXdzLmNvbSZyY2F0cz0mbWNhdD0mbXN0ZT0mbWZsZD0zJm1zc2k9Jm1mc2k9JnVob3c9NTUmYWdzYT0mcmd6PSZzdmJ0dGQ9MSZkdD1QQyZvc2Y9V2luZG93cyZvcz1XaW5kb3dzMTAmYnI9Q2hyb21lJnJsYW5ncz1lbiZtbGFuZz0mc3ZwaWQ9MjE0NjgmZGlkPSZyY3h0PU90aGVyJmxhdD01MS41NzAwMDAmbG9uPTcuNDQwMDAwJnRtcGM9Ni4xMiZkYWlkPSZ2cD0wJm9zaT0mb3N2PSZtaz1Hb29nbGUmbWRsPUNocm9tZSUyMC0lMjBXaW5kb3dzJmM9Q2dkSFpYSnRZVzU1R2dBNEFVQUJVQWVBQVFDSUFRR1FBUUUuJmR1cj1DakFLREdOb1lYSm5aUzFoYkd3dE1TSWdDUF9fX19fX19fX19fd0VTRTNSMFpGOWtZWFJoWDJWNFkyeDFjMmx2Ym5NS093b2RZMmhoY21kbExXRnNiRlJVUkVOMWMzUnZiVU52Ym5SbGVIUjFZV3dpR2dqYV9fX19fX19fX184QkVnMTBkR1JqYjI1MFpYaDBkV0ZzQ2tnS0lXTm9ZWEpuWlMxaGJHeE5iMkYwVm1sbGQyRmlhV3hwZEhsVWNtRmphMmx1WnlJakNLWF9fX19fX19fX193RVNEbTF2WVhRdGNtVndiM0owYVc1bktnWUlvSTBHR0F3LiZjcnJlbHI9JmlwbD0vMjE2MjI4OTA5MDAvU0dfbXVzdHNoYXJlbmV3cy5jb21fcmVzX2FydGljbGVfbWlkNl8zMzZ4MjgwLy8zMDB4MjUwJnBjbT0xJmdyZGM9Q0FFWUFTQUJLQUZBQVVnQyZ2Yz0zJmN4PS01MTc4ODgzNjE0NTI2MjQ1MzAyJnNhaWQ9MmRhNjIzZDVjMmM3MWQ0MjMyODgzZGUyMTgyNDM4NzIzOGVlYjVkNSZpY3Q9VW5rbm93biZhdWN0PTEmY3hsdnM9MCZpbT0xJm1jPWVjOGJhNGZjLTA1MmMtNDdmZi04NmZmLTBkN2RmNzc4N2U2ZiZ0YWlsPTEmc3Y9cnViaWNvbiZ0YWlsPTE.&pie=51
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: / ASP.NET
Resource Hash: 3ca19e57c9a2465ae4df271316ba4d29e7ff7f113a2a2c5297780c0b7a0ac09d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:01 GMT
cache-control: private
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: image/gif

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220324/r20110914/client/ Frame F8A3 2 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220324/r20110914/client/window_focus_fy2019.js

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 04:38:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1290
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Apr 2022 04:38:31 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F8A3 119 KB
36 KB 44ms
21ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30de69c01f8eb6cb0ab7b040f02316728cb490669cbf084aad71c06a708ed1ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36904
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648035241783118"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 29 Mar 2022 05:00:01 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220324/r20110914/client/ Frame F8A3 15 KB
6 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220324/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 04:18:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2513
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6407
x-xss-protection: 0
server: cafe
etag: 6055885685211612390
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Apr 2022 04:18:08 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame F8A3 22 KB
7 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 06:52:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 79660
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 28 Mar 2023 06:52:21 GMT

GET
H3 200 impl_v85.js Show response
www.googletagservices.com/dcm/ Frame F8A3 42 KB
17 KB 23ms
6ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v85.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7337a38ce3a732e5243bd354ad12d96b4d5512e283a8dd70d129b730d7a5d3d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Sun, 27 Mar 2022 22:14:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 110706
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17382
x-xss-protection: 0
last-modified: Mon, 21 Feb 2022 17:13:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 27 Mar 2023 22:14:55 GMT

GET
H2 200 B26791739.320447811;dc_ver=85.248;sz=300x250;u_sd=1;kw=a99jcch;dc_adk=374139685;ord=pj8mli;click=http%3A%2F%2Finsight.adsrvr.org%2Ftrack%2Fclk%3Fimp%3D09b98f2a-9940-4e5b-9ae1-8a4570d2a377%26ag%3Da9... Show response
ad.doubleclick.net/ddm/adj/N1549806.422087GROUPMCOMPETENCEC/ Frame F8A3 65 KB
27 KB 83ms
55ms Script
text/javascript 142.250.185.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/N1549806.422087GROUPMCOMPETENCEC/B26791739.320447811;dc_ver=85.248;sz=300x250;u_sd=1;kw=a99jcch;dc_adk=374139685;ord=pj8mli;click=http%3A%2F%2Finsight.adsrvr.org%2Ftrack%2Fclk%3Fimp%3D09b98f2a-9940-4e5b-9ae1-8a4570d2a377%26ag%3Da99jcch%26sfe%3D147a1250%26sig%3D5EPwiG15ZwxDt1AqrP05Xr6tj2YOKvrpzCFEpGal5IQ.%26crid%3D1e7nlzp2%26cf%3D3176281%26fq%3D0%26t%3D1%26td_s%3Dmustsharenews.com%26rcats%3D%26mcat%3D%26mste%3D%26mfld%3D3%26mssi%3D%26mfsi%3D%26sv%3Drubicon%26uhow%3D55%26agsa%3D%26wp%3DD73D2D86FA739BE8%26rgz%3D%26dt%3DPC%26osf%3DWindows%26os%3DWindows10%26br%3DChrome%26svpid%3D21468%26rlangs%3Den%26mlang%3D%26did%3D%26rcxt%3DOther%26tmpc%3D6.12%26vrtd%3D%26osi%3D%26osv%3D%26daid%3D%26dnr%3D0%26vpb%3D%26c%3DCgdHZXJtYW55GgA4AUABUAeAAQCIAQGQAQE.%26dur%3DCjAKDGNoYXJnZS1hbGwtMSIgCP___________wESE3R0ZF9kYXRhX2V4Y2x1c2lvbnMKOwodY2hhcmdlLWFsbFRUREN1c3RvbUNvbnRleHR1YWwiGgja__________8BEg10dGRjb250ZXh0dWFsCkgKIWNoYXJnZS1hbGxNb2F0Vmlld2FiaWxpdHlUcmFja2luZyIjCKX__________wESDm1vYXQtcmVwb3J0aW5nKgYIoI0GGAw.%26durs%3DdwsLA4%26crrelr%3D%26npt%3D%26mk%3DGoogle%26mdl%3DChrome%2520-%2520Windows%26ipl%3D%2F21622890900%2FSG_mustsharenews.com_res_article_mid6_336x280%2F%2F300x250%26pcm%3D1%26ict%3DUnknown%26said%3D2da623d5c2c71d4232883de21824387238eeb5d5%26auct%3D1%26cxlvs%3D0%26grdc%3DCAEYASABKAFAAUgC%26tail%3D1%26r%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.;dc_rfl=1,https%3A%2F%2Fmustsharenews.com%2F$0;xdt=1;crlt=4pRk!D!Krl;sttr=34;prcl=s

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v85.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f6.1e100.net

Software

cafe /

Resource Hash

d6050a43ba7c560a579885d462f59dc67cec962bf0110d7b17069d9b2de24272

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:01 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27218
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 container.html Show response
d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame CB8A 6 KB
3 KB 8ms
7ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032103.js?cb=31065882

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Mar 2022 05:00:00 GMT
expires: Wed, 29 Mar 2023 05:00:00 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame F8A3 169 KB
59 KB 58ms
6ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Requested by

Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
Origin: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 19:19:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34855
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60173
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:51 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 29 Mar 2022 19:19:06 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220324/r20110914/elements/html/ Frame F8A3 8 KB
3 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220324/r20110914/elements/html/omrhp.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N1549806.422087GROUPMCOMPETENCEC/B26791739.320447811;dc_ver=85.248;sz=300x250;u_sd=1;kw=a99jcch;dc_adk=374139685;ord=pj8mli;click=http%3A%2F%2Finsight.adsrvr.org%2Ftrack%2Fclk%3Fimp%3D09b98f2a-9940-4e5b-9ae1-8a4570d2a377%26ag%3Da99jcch%26sfe%3D147a1250%26sig%3D5EPwiG15ZwxDt1AqrP05Xr6tj2YOKvrpzCFEpGal5IQ.%26crid%3D1e7nlzp2%26cf%3D3176281%26fq%3D0%26t%3D1%26td_s%3Dmustsharenews.com%26rcats%3D%26mcat%3D%26mste%3D%26mfld%3D3%26mssi%3D%26mfsi%3D%26sv%3Drubicon%26uhow%3D55%26agsa%3D%26wp%3DD73D2D86FA739BE8%26rgz%3D%26dt%3DPC%26osf%3DWindows%26os%3DWindows10%26br%3DChrome%26svpid%3D21468%26rlangs%3Den%26mlang%3D%26did%3D%26rcxt%3DOther%26tmpc%3D6.12%26vrtd%3D%26osi%3D%26osv%3D%26daid%3D%26dnr%3D0%26vpb%3D%26c%3DCgdHZXJtYW55GgA4AUABUAeAAQCIAQGQAQE.%26dur%3DCjAKDGNoYXJnZS1hbGwtMSIgCP___________wESE3R0ZF9kYXRhX2V4Y2x1c2lvbnMKOwodY2hhcmdlLWFsbFRUREN1c3RvbUNvbnRleHR1YWwiGgja__________8BEg10dGRjb250ZXh0dWFsCkgKIWNoYXJnZS1hbGxNb2F0Vmlld2FiaWxpdHlUcmFja2luZyIjCKX__________wESDm1vYXQtcmVwb3J0aW5nKgYIoI0GGAw.%26durs%3DdwsLA4%26crrelr%3D%26npt%3D%26mk%3DGoogle%26mdl%3DChrome%2520-%2520Windows%26ipl%3D%2F21622890900%2FSG_mustsharenews.com_res_article_mid6_336x280%2F%2F300x250%26pcm%3D1%26ict%3DUnknown%26said%3D2da623d5c2c71d4232883de21824387238eeb5d5%26auct%3D1%26cxlvs%3D0%26grdc%3DCAEYASABKAFAAUgC%26tail%3D1%26r%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.;dc_rfl=1,https%3A%2F%2Fmustsharenews.com%2F$0;xdt=1;crlt=4pRk!D!Krl;sttr=34;prcl=s

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 04:20:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2386
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Apr 2022 04:20:15 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame F8A3 41 KB
15 KB 15ms
9ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 09:30:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 70175
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 28 Mar 2023 09:30:26 GMT

GET
H2 200 n.js Show response
geo.moatads.com/ Frame F8A3 126 B
302 B 218ms
20ms Script
text/html 52.56.234.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://geo.moatads.com/n.js?e=35&ol=3393439341&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2FG)lKr%23l9jmUdTfN%5Bqir1fcSC%3AU%3FWOvTh%7CzFK%3F%5B%22l!j%3F%5DV%22%3BU!%2FBwj%5DUG0U20!9%3Am%5EG..%2C*%5D%407%25rxaxcpaO%2BZ%5EhG%22%3ExZq%224%7CQjw%60.%7Bi%3F%5DQZ%2CA2%2BNhloI%40s1%7CZ5*%3FVl%3Fe3%7CqL5%40J%3D%5B%2BxkrG%3DGfv)C%24X%24H%3BatASYUby%3D(tN%23V.x%3Bm_Qrw5.W%2F84VKp%40i6AKx!f%3EUYoo813_xB%2CN22Ib%40aFB&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-JW9Zu%2FMUA%2BNI7%2BlS9taa18sl5UMbMAFrHQZRAnlp9pAdeA91T5s1LwZtUqv15LnesVBD&rs=1-eApmdJ04glpMDA%3D%3D&sc=1&os=1-Zg%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=300&qe=250&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&i=TRADEDESKV3&hp=1&ra=1&pxm=10&sgs=3&vb=-1&cm=11&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=0&f=1&nh=1&j=https%3A%2F%2Fmustsharenews.com&lp=https%3A%2F%2Fmustsharenews.com&t=1648530001216&de=424009794475&m=0&ar=9f397fe3151-clean&iw=275f53f&q=2&cb=0&ym=0&cu=1648530001216&ll=2&lm=1&ln=1&r=0&em=0&en=0&d=vko50on%3Akywm6zw%3A0a7a8j6%3Aa99jcch&zMoatJS=-&zMoatCachebuster=476271&zMoatCreative=1e7nlzp2&zMoatDealID=-&zMoatDomain=mustsharenews.com&zMoatImpressionId=09b98f2a-9940-4e5b-9ae1-8a4570d2a377&zMoatPartnerID=vko50on&zMoatSite=mustsharenews.com&zMoatSubdomain=mustsharenews.com&zMoatSupplyVendor=rubicon&zMoatTempIDs=https%253A%252F%252Finsight.adsrvr.org%252Fenduser%252Fpie%252F%253Fpie%253D20%2526vet%253DVIEWABILITY_EVENT_TYPE%2526rtb%253DdD0xJmlpZD0wOWI5OGYyYS05OTQwLTRlNWItOWFlMS04YTQ1NzBkMmEzNzcmY3JpZD0xZTdubHpwMiZ3cD0ke0FVQ1RJT05fUFJJQ0U6QkZ9JmFpZD0xJndwYz1VU0Qmc2ZlPTE0N2ExMjUwJnB1aWQ9JnBpZD12a281MG9uJmFnPWE5OWpjY2gmYWR2PWt5d202encmYnA9MC4xMTcxNDAyMzMzNzk5MzkwNzk4MyZjZj0zMTc2MjgxJmZxPTAmdGRfcz1tdXN0c2hhcmVuZXdzLmNvbSZyY2F0cz0mbWNhdD0mbXN0ZT0mbWZsZD0zJm1zc2k9Jm1mc2k9JnVob3c9NTUmYWdzYT0mcmd6PSZzdmJ0dGQ9MSZkdD1QQyZvc2Y9V2luZG93cyZvcz1XaW5kb3dzMTAmYnI9Q2hyb21lJnJsYW5ncz1lbiZtbGFuZz0mc3ZwaWQ9MjE0NjgmZGlkPSZyY3h0PU90aGVyJmxhdD01MS41NzAwMDAmbG9uPTcuNDQwMDAwJnRtcGM9Ni4xMiZkYWlkPSZ2cD0wJm9zaT0mb3N2PSZtaz1Hb29nbGUmbWRsPUNocm9tZSUyMC0lMjBXaW5kb3dzJmM9Q2dkSFpYSnRZVzU1R2dBNEFVQUJVQWVBQVFDSUFRR1FBUUUuJmR1cj1DakFLREdOb1lYSm5aUzFoYkd3dE1TSWdDUF9fX19fX19fX19fd0VTRTNSMFpGOWtZWFJoWDJWNFkyeDFjMmx2Ym5NS093b2RZMmhoY21kbExXRnNiRlJVUkVOMWMzUnZiVU52Ym5SbGVIUjFZV3dpR2dqYV9fX19fX19fX184QkVnMTBkR1JqYjI1MFpYaDBkV0ZzQ2tnS0lXTm9ZWEpuWlMxaGJHeE5iMkYwVm1sbGQyRmlhV3hwZEhsVWNtRmphMmx1WnlJakNLWF9fX19fX19fX193RVNEbTF2WVhRdGNtVndiM0owYVc1bktnWUlvSTBHR0F3LiZjcnJlbHI9JmlwbD0vMjE2MjI4OTA5MDAvU0dfbXVzdHNoYXJlbmV3cy5jb21fcmVzX2FydGljbGVfbWlkNl8zMzZ4MjgwLy8zMDB4MjUwJnBjbT0xJmdyZGM9Q0FFWUFTQUJLQUZBQVVnQyZ2Yz0zJmN4PS01MTc4ODgzNjE0NTI2MjQ1MzAyJnNhaWQ9MmRhNjIzZDVjMmM3MWQ0MjMyODgzZGUyMTgyNDM4NzIzOGVlYjVkNSZpY3Q9VW5rbm93biZhdWN0PTEmY3hsdnM9MCZpbT0xJm1jPWVjOGJhNGZjLTA1MmMtNDdmZi04NmZmLTBkN2RmNzc4N2U2ZiZ0YWlsPTEmc3Y9cnViaWNvbiZ0YWlsPTE.&zMoatViewType=0&zMoatOtherScript=-&zMoatOtherHash=-&zMoatAttention=-&zMoatDR=-&zMoatPublisherID=21468&zGSRC=1&gu=https%3A%2F%2Fmustsharenews.com%2F&id=0&ii=3&bd=mustsharenews.com&zMoatOrigSlicer1=mustsharenews.com&zMoatOrigSlicer2=N%2FA&gw=thetradedeskv275874568748&fd=1&ac=1&it=500&ti=0&ih=1&pe=0%3A-%3A-%3A0%3A0&jk=-1&jm=-1&fs=197724&na=1223044100&cs=0&ord=1648530001216&jv=80091975&callback=DOMlessLLDcallback_25703266
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/thetradedeskv275874568748/moatad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.56.234.21 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-56-234-21.eu-west-2.compute.amazonaws.com
Software: TornadoServer/5.1.1 /
Resource Hash: 13a80b79e8a0a5d4cb08291bde60f19a17b1543ccebd2bc3c75c8dc34bd47756

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:01 GMT
cache-control: max-age=900
server: TornadoServer/5.1.1
timing-allow-origin: *
etag: "c4b98ddb71c949f7569ccc1b3d42fd1728d4db90"
content-length: 126
content-type: text/html; charset=UTF-8

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 631D 281 B
554 B 197ms
15ms Document
text/html 23.205.235.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?&gdpr=1&gdpr_consent=BPWmbcgPWmbcg__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU&geo=eu&co=de
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-235-133.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
ETag: "402b2-119-5d32342a551c0"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Tue, 29 Mar 2022 05:00:01 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 2B04 1 KB
749 B 11ms
11ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Mon, 28 Mar 2022 13:26:12 GMT
expires: Tue, 29 Mar 2022 13:26:12 GMT
cache-control: public, max-age=86400
age: 56029
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame F8A3 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0d89581f2897bad3b14ec17b04c2e348cc1bcd5b063cecb317b6e13c53084cbe

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame CB8A 0
0 29ms
29ms Fetch
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CAv_dUJJCYsT-OrDO7_UPoLm4UO6StZNcv6KFx-QFwI23ARABIABglaKggrAHggEXY2EtcHViLTkwNTgyOTE4NTQ0NDM4ODHIAQngAgCoAwGqBMUCT9D_JATlo77eUaQvpWx-oGnNegs1dTxPDXQom7sFtjS34ZS4wttV8yrnhfC9xUFg9yExVNIC1vPo4dh23_U5_fK4612e_Gj1iPpzlw9nsfnJQriLBwcuLrsYnIobn6TDC9WfXhKmAFQRTM4OVscvg0LWvGXR2MoozwD3l3RhuBu_QFAI-Ir9Q3yAqPcGzcdgXH_7rtYAwzOfJPOfHk5ejgbTW-AHqVw4CjiZsYc8amrFU5BIqU4GX_7654M7IkBJa9-WRpxR4OsJcnjnmpKau28XvsRjiQT4flVvqnxYvVTda3660l6oiQepULWtqOpePC8lSlikgENqI7n9-rbtIr5VqZ8I6Ntpgz00XWEjqs2uqoGpLTIcQCPP9oplGA1zyTjUey6lL7twoPaMagoVfCn5JB2oCXzR1Ax7XTax6YEXiO7glOAEAYAG69OAxeO3w6P6AaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB8ggbYWR4LXN1YnN5bi0yODA5MjA3NzM0OTA2MzY5gAoD-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTkwNTgyOTE4NTQ0NDM4ODEYttdp&sigh=HrsIGx939H0&uach_m=[UACH]&cid=CAQSPACNIrLMHuCaK_q7b-xfgxjlLrKkcp5Ee6wsEowg6YWLOLYxY4hZQ4uXGIgr-Gizwqg_SaV0uegU4FxxXBgB
Requested by: Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s52-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

GET
H2 200 ttj Show response
ib.3lift.com/ Frame CB8A 4 KB
2 KB 149ms
12ms Script
application/javascript 108.157.4.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ib.3lift.com/ttj?inv_code=adasia_allpublishers_display
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-12.dus51.r.cloudfront.net
Software: /
Resource Hash: ccaa51271b339a3d0f1c244e679e062d2664aa1db8b42ccec98f8fcfca18d16b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 04:45:34 GMT
via: 1.1 f97c9082b750957571bc7e3354a4f4a4.cloudfront.net (CloudFront)
age: 871
etag: "3eff43f0535e7950884c4686f367157ca994cd68"
x-cache: Hit from cloudfront
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900
x-amz-cf-pop: DUS51-P2
content-encoding: gzip
content-length: 2011
x-amz-cf-id: 9Krzi7l0AMq1hKO_nn7htaKSxuy5vLJX3W9dJ6gyEnLTC8HTqf-CpQ==

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220324/r20110914/client/ Frame CB8A 2 KB
1 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220324/r20110914/client/window_focus_fy2019.js

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 04:38:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1290
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Apr 2022 04:38:31 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame CB8A 119 KB
36 KB 27ms
26ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30de69c01f8eb6cb0ab7b040f02316728cb490669cbf084aad71c06a708ed1ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36904
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648035241783118"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 29 Mar 2022 05:00:01 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220324/r20110914/client/ Frame CB8A 15 KB
6 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220324/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 04:18:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2513
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6407
x-xss-protection: 0
server: cafe
etag: 6055885685211612390
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Apr 2022 04:18:08 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame CB8A 22 KB
7 KB 11ms
11ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 06:52:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 79660
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 28 Mar 2023 06:52:21 GMT

GET
H2 200 notify
tlx.3lift.com/s2s/ Frame CB8A 37 B
183 B 14ms
13ms Image
image/gif 18.185.154.32
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tlx.3lift.com/s2s/notify?px=1&pr=YkKSUAAOv0QIu-cwAA4coGP0NN90515v3AyimA&ts=1648530001&aid=16142210261725856179470&ec=7354_118144_53729164&n=GgDyAtABCAASFzE2MTQyMjEwMjYxNzI1ODU2MTc5NDcwGAAgASi6OTCAmwdAAUgAUABgCmgAcLPGFZABAJgBAKgBALABNbgBCcABKsgBNeABE%2FABAPgBNYACKogCE5ECAAAAAAAA8D%2BZAuF6FK5H4co%2FoQIAAAAAAADwP6gCALACAMgCBNgCAPECZmZmZmZm5j%2F4ApA3gAOsAogD%2BgGQAwCYAwCgAwC4A9eGE8ADAMgDANIDCDUzNzI5MTY04AP%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F8B6QMAAAAAAAAAAPADNfgCBYgDAJIDBEFEMjCYAwCgA9G2AqgDAA%3D%3D
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.185.154.32 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-185-154-32.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:01 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 37
expires: Thu, 15 Oct 1992 20:10:00 GMT

GET
H2 200 pe
eb2.3lift.com/ Frame CB8A 37 B
140 B 137ms
6ms Image
image/gif 13.248.245.213
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/pe?fid=10&peid=0&aid=16142210261725856179470
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:01 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

POST
H/1.1 200
OK postback Show response
s.update.adsrvr.org/2/2.52.0/357427/ASvT-7gQEeWhgXSd/ Frame F8A3 0
145 B 137ms
44ms XHR
text/plain 18.203.209.222
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.adsrvr.org/2/2.52.0/357427/ASvT-7gQEeWhgXSd/postback?oz_pl=1&de=2&dt=3574271504888517674019&pp=21468&dm=300x250&di=mustsharenews.com&md=1&ac=0a7a8j6&cb=1648530000&r7=&to=3&sr=rubicon&ci=357427&ap=&pv=940ddcb5-57e2-4786-a3f1-2dc32de7d904&pd=avt&ui=&ti=09b98f2a-9940-4e5b-9ae1-8a4570d2a377&_x=1
Requested by: Host: s.update.adsrvr.org
URL: https://s.update.adsrvr.org/2/357427/analytics.js?pd=avt&pp=21468&dm=300x250&cb=1648530000&di=mustsharenews.com&ui=&ti=09b98f2a-9940-4e5b-9ae1-8a4570d2a377&ap=&r7=&pv=940ddcb5-57e2-4786-a3f1-2dc32de7d904&to=3&de=2&md=1&dt=3574271504888517674019&ac=0a7a8j6&sr=rubicon
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 18.203.209.222 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-203-209-222.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 29 Mar 2022 05:00:00 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H/1.1 200
OK main.js Show response
s.update.adsrvr.org/2/2.52.0/ Frame F8A3 156 KB
49 KB 57ms
56ms Script
text/javascript 18.203.209.222
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.update.adsrvr.org/2/2.52.0/main.js

Requested by

Host: s.update.adsrvr.org
URL: https://s.update.adsrvr.org/2/357427/analytics.js?pd=avt&pp=21468&dm=300x250&cb=1648530000&di=mustsharenews.com&ui=&ti=09b98f2a-9940-4e5b-9ae1-8a4570d2a377&ap=&r7=&pv=940ddcb5-57e2-4786-a3f1-2dc32de7d904&to=3&de=2&md=1&dt=3574271504888517674019&ac=0a7a8j6&sr=rubicon

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

18.203.209.222 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-203-209-222.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ebc1809c917b61781cda24334f55c7010d9bf8986b99ea3f59d049e78d491910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 05:00:00 GMT
Content-Encoding: br
Accept-Ch: Viewport-Width, Viewport-Height, Width, DPR, RTT, ECT, Device-Memory, Downlink, Save-Data
Vary: Origin, Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: public, no-transform, immutable, max-age=999999999
Strict-Transport-Security: max-age=31536000; includeSubDomains
Timing-Allow-Origin: *
Content-Length: 49733
Expires: Fri, 05 Dec 2053 06:03:08 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame C25C 22 KB
8 KB 10ms
9ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Mar 2022 09:31:07 GMT
expires: Tue, 28 Mar 2023 09:31:07 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 70134
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F8A3 119 KB
36 KB 32ms
32ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30de69c01f8eb6cb0ab7b040f02316728cb490669cbf084aad71c06a708ed1ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36904
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648035241783118"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 29 Mar 2022 05:00:01 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame B9F5 65 KB
6 KB 37ms
16ms Document
text/html 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=OB3obxC56Z&t=4&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f9e787c9d70e0c965c4443b288ca75dfed1d883fc3d9bbde05accb94e8c179c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
date: Tue, 29 Mar 2022 05:00:01 GMT
expires: Wed, 29 Mar 2023 05:00:01 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame F8A3 0
524 B 139ms
33ms Ping
image/gif 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvFWJd0tzsVPnRP6vRh7yW5ZZVLOi-e_RIqhAJcFwqO5k6j18tcZ08SaQs9Abudo1ofejMlyKqkAva1OP1zCHUCCgFDcSRU-jdElmyAJ_Nmw8UlpLKlEyXVH4SA-40vKbl2mBmSQdnwJjQ0zw4oTY5Sx-s&sig=Cg0ArKJSzKoOVvtJl9O9EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=171&cbvp=1&cstd=164&cisv=r20220324.04276&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 29 Mar 2022 05:00:01 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2B04
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEA85OE3M-unGw-7-cDtGs1Q&google_cver=1&google_push=AYg5qPIESIwOmRW7Q9pE3AC5UHboXaec-4FwEM7BP8bvztJH7kVP0YQT_O4RBl1Kk6GCkYc7e5JdhTqSQpWDMVzmy-gigQ9PON4e
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=E4F8497C5FD740E193A9D9B8A4074E12&google_push=AYg5qPIESIwOmRW7Q9pE3AC5UHboXaec-4FwEM7BP8bvztJH7kVP0YQT_O4RBl1Kk6GCkYc7e5JdhTqSQpWDMVz...

170 B
188 B

25ms
24ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=E4F8497C5FD740E193A9D9B8A4074E12&google_push=AYg5qPIESIwOmRW7Q9pE3AC5UHboXaec-4FwEM7BP8bvztJH7kVP0YQT_O4RBl1Kk6GCkYc7e5JdhTqSQpWDMVzmy-gigQ9PON4e

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 29 Mar 2022 05:00:01 GMT
x-content-type-options: nosniff
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=E4F8497C5FD740E193A9D9B8A4074E12&google_push=AYg5qPIESIwOmRW7Q9pE3AC5UHboXaec-4FwEM7BP8bvztJH7kVP0YQT_O4RBl1Kk6GCkYc7e5JdhTqSQpWDMVzmy-gigQ9PON4e
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 138
expires: Mon, 28 Mar 2022 05:00:01 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 2B04 70 B
264 B 43ms
34ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEBPKMaOpeotcDnzKbUzSu1M&google_cver=1&google_push=AYg5qPJ0Ng_ArxC8gfoWxjPDYjodQNLHzb4r6e2QEz6DPaVIXxiGmKvS9OBmQHe6foE9ddXyGBV4NKRo6EOw0xMnXgNkHb0oga4
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:01 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2B04
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESENHbEss19UYanCni9UQvsOo&google_cver=1&google_push=AYg5qPIOIW7kVbpj-i49q0eis3WqISvx09rB1VQgCJ8MKI6-Cl9M3ySjfTvb-5G_468EjUZG7dFLyGV4gDA...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPIOIW7kVbpj-i49q0eis3WqISvx09rB1VQgCJ8MKI6-Cl9M3ySjfTvb-5G_468EjUZG7dFLyGV4gDAJZvCCNQEOMHoaHUI&google_hm=c9fpMcL7TGKKj4EGLAonkx4

170 B
188 B

20ms
20ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPIOIW7kVbpj-i49q0eis3WqISvx09rB1VQgCJ8MKI6-Cl9M3ySjfTvb-5G_468EjUZG7dFLyGV4gDAJZvCCNQEOMHoaHUI&google_hm=c9fpMcL7TGKKj4EGLAonkx4

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:01 GMT
via: 1.1 google
server: Apache-Coyote/1.1
status: 302
p3p: CP="NOI DSP COR NID CUR OUR NOR"
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPIOIW7kVbpj-i49q0eis3WqISvx09rB1VQgCJ8MKI6-Cl9M3ySjfTvb-5G_468EjUZG7dFLyGV4gDAJZvCCNQEOMHoaHUI&google_hm=c9fpMcL7TGKKj4EGLAonkx4
cache-control: no-cache, must-revalidate
content-type: text/html;charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2B04
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEAqXiPXVMRDE-HB77RaZ1kA&google_cver=1&google_push=AYg5qPLPf74dUcw6IzP1q92ogxnUD-jOostgfQi_PxPUZuUCPMBSDeqkujvd8EL7JSfl8nZrYDby6mLKnvDp4r...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzA4MDM4MjQ0MDc4MDcyNDM3Mw%3D%3D&google_push=AYg5qPLPf74dUcw6IzP1q92ogxnUD-jOostgfQi_PxPUZuUCPMBSDeqkujvd8EL7JSfl8nZrYDby6mLKnvDp4rCg2Y...

170 B
188 B

42ms
22ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzA4MDM4MjQ0MDc4MDcyNDM3Mw%3D%3D&google_push=AYg5qPLPf74dUcw6IzP1q92ogxnUD-jOostgfQi_PxPUZuUCPMBSDeqkujvd8EL7JSfl8nZrYDby6mLKnvDp4rCg2YWxyMGrZVQg

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzA4MDM4MjQ0MDc4MDcyNDM3Mw%3D%3D&google_push=AYg5qPLPf74dUcw6IzP1q92ogxnUD-jOostgfQi_PxPUZuUCPMBSDeqkujvd8EL7JSfl8nZrYDby6mLKnvDp4rCg2YWxyMGrZVQg
Date: Tue, 29 Mar 2022 05:00:01 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2B04
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESEIvZYV0hvftDXK8rtlforf8&google_cver=1&google_push=AYg5qPI3QD7ROBalTaunWp3lZL22TaZgQXQ_u0QbXHbXsWRzUyd7qbWkusAVEnzTlqu4RViU6EmEOokwTUKcvETHPBMwkjk...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEIvZYV0hvftDXK8rtlforf8&google_cver=1&google_push=AYg5qPI3QD7ROBalTaunWp3lZL22TaZgQXQ_u0QbXHbXsWRzUyd7qbWkusAVEnzTlqu4RViU6EmEOokwTUKcvETHPBMwk...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPI3QD7ROBalTaunWp3lZL22TaZgQXQ_u0QbXHbXsWRzUyd7qbWkusAVEnzTlqu4RViU6EmEOokwTUKcvETHPBMwkjk6EaM

170 B
188 B

17ms
16ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPI3QD7ROBalTaunWp3lZL22TaZgQXQ_u0QbXHbXsWRzUyd7qbWkusAVEnzTlqu4RViU6EmEOokwTUKcvETHPBMwkjk6EaM

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPI3QD7ROBalTaunWp3lZL22TaZgQXQ_u0QbXHbXsWRzUyd7qbWkusAVEnzTlqu4RViU6EmEOokwTUKcvETHPBMwkjk6EaM
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H2 200 dds
rtb.openx.net/sync/ Frame 2B04 43 B
351 B 72ms
21ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEL5jH4IgoTfk9vuhA4gciVM&google_cver=1&google_push=AYg5qPK4Kz3zQ3MuACQNlXC9pBSvGizzenKeE45q-qbjnt2zs8YuxJvW1-zBGgxshvcqRQP98j7L0IHA0wkR-AkBNA8k-Ff6kjuI
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:01 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: ttmq0q2nuaee8pko7g8m6maf9i5pop3k

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2B04
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEOuPSZt7MV-PCxDIFlEKJB0&google_cver=1&google_push=AYg5qPLl7nZuWHhrZweQCa07kQDoYoWSNX3Uf1qABvp4StSwaPWfGdJ3uRChBcpkec06R85FZt...
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEOuPSZt7MV-PCxDIFlEKJB0&google_cver=1&google_push=AYg5qPLl7nZuWHhrZweQCa07kQDoYoWSNX3Uf1qABvp4StSwaPWfGdJ3uRChBcpkec06R85FZt...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS13dXR1aVBSRTJ1RlpTSkRwMVRaVlVuem4zX0lfZ3kzTX5B&google_push=AYg5qPLl7nZuWHhrZweQCa07kQDoYoWSNX3Uf1qABvp4StSwaPWfGdJ3u...

170 B
188 B

18ms
18ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS13dXR1aVBSRTJ1RlpTSkRwMVRaVlVuem4zX0lfZ3kzTX5B&google_push=AYg5qPLl7nZuWHhrZweQCa07kQDoYoWSNX3Uf1qABvp4StSwaPWfGdJ3uRChBcpkec06R85FZtXIV1NwX1lRkZ00-dkIF5NZS58MpA

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS13dXR1aVBSRTJ1RlpTSkRwMVRaVlVuem4zX0lfZ3kzTX5B&google_push=AYg5qPLl7nZuWHhrZweQCa07kQDoYoWSNX3Uf1qABvp4StSwaPWfGdJ3uRChBcpkec06R85FZtXIV1NwX1lRkZ00-dkIF5NZS58MpA
date: Tue, 29 Mar 2022 05:00:01 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 2B04 0
232 B 75ms
23ms Image
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JLpnk2DZiTaqPICqO9nfQB060wWf5JXERsDyws8o12c3Gg5pHkZN59v-gpzxkcwsZLD3C0-Q

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:01 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

POST
H/1.1 200
OK postback Show response
s.update.adsrvr.org/2/2.52.0/357427/ASvT-7gQEeWhgXSd/ Frame F8A3 0
145 B 30ms
29ms XHR
text/plain 18.203.209.222
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.adsrvr.org/2/2.52.0/357427/ASvT-7gQEeWhgXSd/postback?oz_pl=1&de=2&dt=3574271504888517674019&pp=21468&dm=300x250&di=mustsharenews.com&md=1&ac=0a7a8j6&cb=1648530000&r7=&to=3&sr=rubicon&ci=357427&ap=&pv=940ddcb5-57e2-4786-a3f1-2dc32de7d904&pd=avt&ui=&ti=09b98f2a-9940-4e5b-9ae1-8a4570d2a377&_x=1
Requested by: Host: s.update.adsrvr.org
URL: https://s.update.adsrvr.org/2/357427/analytics.js?pd=avt&pp=21468&dm=300x250&cb=1648530000&di=mustsharenews.com&ui=&ti=09b98f2a-9940-4e5b-9ae1-8a4570d2a377&ap=&r7=&pv=940ddcb5-57e2-4786-a3f1-2dc32de7d904&to=3&de=2&md=1&dt=3574271504888517674019&ac=0a7a8j6&sr=rubicon
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 18.203.209.222 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-203-209-222.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 29 Mar 2022 05:00:01 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H3 200 container.html Show response
d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame B736 6 KB
3 KB 8ms
7ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032103.js?cb=31065882

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Mar 2022 05:00:00 GMT
expires: Wed, 29 Mar 2023 05:00:00 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H/1.1 200
OK postback Show response
s.update.adsrvr.org/2/2.52.0/357427/ASvT-7gQEeWhgXSd/ Frame F8A3 0
145 B 34ms
34ms XHR
text/plain 18.203.209.222
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.adsrvr.org/2/2.52.0/357427/ASvT-7gQEeWhgXSd/postback?de=2&dt=3574271504888517674019&pp=21468&dm=300x250&di=mustsharenews.com&md=1&ac=0a7a8j6&cb=1648530000&r7=&to=3&sr=rubicon&ci=357427&ap=&pv=940ddcb5-57e2-4786-a3f1-2dc32de7d904&pd=avt&ui=&ti=09b98f2a-9940-4e5b-9ae1-8a4570d2a377&sid=ASvT-7gQEeWhgXSd&oz_sc=2d7a79eaccfd3e89a25e8df4&oz_df=1648530001514&oz_l=240&cv=3
Requested by: Host: s.update.adsrvr.org
URL: https://s.update.adsrvr.org/2/2.52.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 18.203.209.222 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-203-209-222.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 29 Mar 2022 05:00:01 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 631D 32 KB
10 KB 19ms
19ms Script
text/html 23.205.235.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&gdpr=1&gdpr_consent=BPWmbcgPWmbcg__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU&geo=eu&co=de
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-235-133.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 9ad1bb44af5999c63ca2cb0cc07b90c55f3f4752a55578ff5fb7e2e953161e61

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?&gdpr=1&gdpr_consent=BPWmbcgPWmbcg__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU&geo=eu&co=de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 05:00:01 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Mar 2022 16:28:01 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=12993
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9540
Expires: Tue, 29 Mar 2022 08:36:34 GMT

GET
H2 200 bundle.js Show response
ib.3lift.com/rev/b5dbcaaad667d54756cc1e78e73a1e2616cc2b6d/dist/ Frame CB8A 254 KB
81 KB 11ms
11ms Script
application/javascript 108.157.4.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ib.3lift.com/rev/b5dbcaaad667d54756cc1e78e73a1e2616cc2b6d/dist/bundle.js
Requested by: Host: ib.3lift.com
URL: https://ib.3lift.com/ttj?inv_code=adasia_allpublishers_display
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-12.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 325e6a7b68748a169ffb84eef16a6aa2042e2fd8ee1819a61c7a5fb399ba5e54

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Thu, 10 Mar 2022 15:56:45 GMT
content-encoding: gzip
last-modified: Thu, 10 Mar 2022 15:56:23 GMT
server: AmazonS3
age: 1602197
etag: "72ce81d7d81987b2256ad6fa329008bc"
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 f97c9082b750957571bc7e3354a4f4a4.cloudfront.net (CloudFront)
cache-control: max-age=31536000, immutable
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
content-length: 82367
x-amz-cf-id: GQIyc_Nx6JmXyz_4sJL9S9yYKJivs-RCEIch1gQxr8BhcPknel0--w==

GET
H3 200 gwdpage_style.css
s0.2mdn.net/sadbundle/6538174354311107868/ Frame B9F5 55 B
103 B 7ms
7ms Stylesheet
text/css 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdpage_style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=OB3obxC56Z&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2afb3cf38deea01d461f29b961c8aab0da4f121a84a9c843f49dc7cced99b6a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=OB3obxC56Z&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 05:56:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 514997
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 74
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Mar 2023 05:56:44 GMT

GET
H3 200 gwdpagedeck_style.css
s0.2mdn.net/sadbundle/6538174354311107868/ Frame B9F5 731 B
263 B 8ms
7ms Stylesheet
text/css 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdpagedeck_style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=OB3obxC56Z&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3974624ff80521dbd81d3ed32f8ec10c7baef11c272f46626a6284538e90e44b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=OB3obxC56Z&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 22 Mar 2022 12:05:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 579273
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 234
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 22 Mar 2023 12:05:28 GMT

GET
H3 200 gwdgooglead_style.css
s0.2mdn.net/sadbundle/6538174354311107868/ Frame B9F5 24 B
72 B 9ms
8ms Stylesheet
text/css 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdgooglead_style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=OB3obxC56Z&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e52ad60cf8269c44381d5e0833e69b9b8f3b9f9346b7066b1dc5a52b390feedc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=OB3obxC56Z&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 07:01:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 511093
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Mar 2023 07:01:48 GMT

GET
H3 200 gwdimage_style.css
s0.2mdn.net/sadbundle/6538174354311107868/ Frame B9F5 281 B
187 B 10ms
8ms Stylesheet
text/css 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdimage_style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=OB3obxC56Z&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d3251d937d209def48e958bfeec683ca39dc0f15eb22f99bc3e7035995cd552

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=OB3obxC56Z&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 06:11:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 514107
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 158
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Mar 2023 06:11:34 GMT

GET
H3 200 gwdattached_style.css
s0.2mdn.net/sadbundle/6538174354311107868/ Frame B9F5 26 B
74 B 10ms
8ms Stylesheet
text/css 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdattached_style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=OB3obxC56Z&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fffa14e9a3c576087a9202af54e8f11669f29c37617df0c6f728ca24d95f60bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=OB3obxC56Z&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 18:05:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 471256
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Mar 2023 18:05:45 GMT

GET
H3 200 gwdtaparea_style.css
s0.2mdn.net/sadbundle/6538174354311107868/ Frame B9F5 157 B
144 B 16ms
14ms Stylesheet
text/css 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdtaparea_style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=OB3obxC56Z&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

20160b923de864cdf44fa26bfd6281a9e0aba7eb800fac86804d9a41a93c2394

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=OB3obxC56Z&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 18:42:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 469063
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 115
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Mar 2023 18:42:18 GMT

GET
H3 200 googbase_min.js Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame B9F5 400 B
304 B 17ms
14ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/googbase_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=OB3obxC56Z&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e13459782d7fc46c73821602bedc17cc2b3a2dc5ec07e91e30ed715193698a94

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=OB3obxC56Z&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 22 Mar 2022 15:23:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 567394
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 275
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 22 Mar 2023 15:23:27 GMT

GET
H3 200 gwd_webcomponents_v1_min.js Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame B9F5 20 KB
6 KB 17ms
14ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwd_webcomponents_v1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=OB3obxC56Z&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9c27626364eeaffb44ad2decb980dace7bedb3c8ea1575f81927fc9409cb5b49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=OB3obxC56Z&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 12:08:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 492718
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6276
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Mar 2023 12:08:03 GMT

GET
H3 200 gwdpage_min.js Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame B9F5 3 KB
1 KB 21ms
18ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdpage_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=OB3obxC56Z&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f3260225ba132e9bf8956514e81f6136265ee05250271a027bb2029cbbf4651d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=OB3obxC56Z&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 05:33:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 516384
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1308
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Mar 2023 05:33:37 GMT

GET
H3 200 gwdpagedeck_min.js Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame B9F5 8 KB
3 KB 34ms
32ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdpagedeck_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=OB3obxC56Z&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4eefdd923f73deeaec9e4ecb4cc3fae74379145f0fd3f5892165326bce8ed0ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=OB3obxC56Z&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 01:42:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 357461
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3191
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 25 Mar 2023 01:42:20 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame B9F5 118 KB
40 KB 16ms
13ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=OB3obxC56Z&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=OB3obxC56Z&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 08:58:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 72067
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 29 Mar 2022 08:58:54 GMT

GET
H3 200 gwdgooglead_min.js Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame B9F5 13 KB
4 KB 27ms
23ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdgooglead_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=OB3obxC56Z&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b671e2140966063715d21667867d60de45adc723cd1b31e0d2f7466105a90247

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=OB3obxC56Z&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 01:25:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 358498
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4481
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 25 Mar 2023 01:25:03 GMT

GET
H3 200 gwdimage_min.js Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame B9F5 5 KB
2 KB 36ms
33ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdimage_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=OB3obxC56Z&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

32ab0a5c85cabdb695704b5128a8fb7c9a8dfa3242cc36ceda6bb0650a45b35f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=OB3obxC56Z&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 11:52:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 493661
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2014
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Mar 2023 11:52:20 GMT

GET
H3 200 gwdattached_min.js Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame B9F5 1 KB
619 B 20ms
17ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdattached_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=OB3obxC56Z&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dd50ba290f74d344ad0d04ade63c55b02360bf4db99c0a2749f34deb0c8dcec9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=OB3obxC56Z&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 19:52:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 378467
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 590
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Mar 2023 19:52:14 GMT

GET
H3 200 gwdtexthelper_min.js Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame B9F5 7 KB
3 KB 30ms
27ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdtexthelper_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=OB3obxC56Z&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dea5d8ba9e54379b26e109f61ceba20a0781d4f80eed75fce6ad0993d4784195

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=OB3obxC56Z&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 07:24:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 509759
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2823
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Mar 2023 07:24:02 GMT

GET
H3 200 gwdtaparea_min.js Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame B9F5 3 KB
1 KB 27ms
24ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdtaparea_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=OB3obxC56Z&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0f2aac94d011ec45570ef1245e5fc8df73ebd09b1c6859c5a8393df5336e01b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=OB3obxC56Z&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 05:34:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 516316
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1356
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Mar 2023 05:34:45 GMT

GET
H3 200 gwdgpadataprovider_min.js Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame B9F5 3 KB
1 KB 29ms
26ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdgpadataprovider_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=OB3obxC56Z&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8a170f5913eecb1afeda4cccca5d5b9589c8f068a04ae2c517b602e1484982b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=OB3obxC56Z&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 07:14:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 510335
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1293
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Mar 2023 07:14:26 GMT

GET
H3 200 gwddatabinder_min.js Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame B9F5 5 KB
2 KB 28ms
26ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwddatabinder_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=OB3obxC56Z&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d3460d76a3013a4bb9c689877b41f3eadbf5e780ed9230fb8f8bbd16fcc59842

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=OB3obxC56Z&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 13:10:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 316159
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2351
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 25 Mar 2023 13:10:42 GMT

GET
H3 200 gwd-dynamic-binders.js Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame B9F5 23 KB
9 KB 20ms
17ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwd-dynamic-binders.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=OB3obxC56Z&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

df544db2e8b010512a5ec168d3a9b91355c7197d04a1b29325510e29405e6e0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=OB3obxC56Z&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 22 Mar 2022 11:52:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 580024
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9229
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 22 Mar 2023 11:52:57 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame F030 1 KB
749 B 24ms
8ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Mon, 28 Mar 2022 13:26:12 GMT
expires: Tue, 29 Mar 2022 13:26:12 GMT
cache-control: public, max-age=86400
age: 56029
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame CB8A 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 41f1190ed94dee899b6a685737c74c41616f7dc2b65f2a270e2212e39bbf80bc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 vukqqZMEwiKfO5iIQC2Qvig_P1EBwRi6HH-n7W3xhSE.js Show response
pagead2.googlesyndication.com/bg/ Frame C25C 35 KB
13 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/vukqqZMEwiKfO5iIQC2Qvig_P1EBwRi6HH-n7W3xhSE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bee92aa99304c2229f3b9888402d90be283f3f5101c118ba1c7fa7ed6df18521

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 06:38:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 80499
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13603
x-xss-protection: 0
last-modified: Tue, 22 Mar 2022 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 28 Mar 2023 06:38:22 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame B736 0
0 25ms
24ms Fetch
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Ca5WkUZJCYurrCfrh7_UPs_aM2A_-0_evXM7PvdjqAsCNtwEQASAAYJWioIKwB4IBF2NhLXB1Yi05MDU4MjkxODU0NDQzODgxyAEJ4AIAqAMBqgTQAk_QEj8EhuiCAQQtdzhVTZFwEpPGb573vI7H8FBOBnQA1zXRyAoNt8waQ0SpIxLJNIOdxRfQOEPsWbLAugkCxVPMF-_eh0BD4mO7nZ_almWgeufe9n0qCpus1joj0fmF5EfxS_3pO8GNtJgkWEaHtACjcTmz_S1Makb91TWs4G4ZxXeE1U3GKDDNRPIqgaNzFKTEEqw-6FdXXJHW6uExltMigjX2lS9NpVC17Wipq4Piwbf80a6ysTpkhUFycSLwtVEQEIZdK5P0G7pB9m42oNC1-Vr44s8Blk3vsxmY5IG7p8AnJc2QQkX3Y1zhiqE2ALHSo0lMG_T6qJveRCQUcMcEpd5RGYyFC2-lYrq57rvKC_G7tU9MPN5bjfNBKDYmL1MMh0ZfMeAjzU8p86m67OztL2jusFweXwfDzll_Rl9zp4JuhzQdKzmGWdhovtr-hOAEAYAG_97arYSzrpn7AaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB8ggbYWR4LXN1YnN5bi0yODA5MjA3NzM0OTA2MzY5gAoD-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTkwNTgyOTE4NTQ0NDM4ODEYttdp&sigh=hTluZ_W2lSY&uach_m=[UACH]&cid=CAQSPACNIrLMB6SaGr786Bp_lgVnDulPHMyn--tnFS6v5RFnx4mGwIOQyzrpuSI9Od6BaYe9ncIsLkYCSzIlmBgB&tpd=AGWhJmvV4gmlPIdYAuyMIebtljemRLr3VqCcMarf16-r7pxyiZo91LcY8-X05DVTV01eHVlvHQmvfoCsf6vKjlwrS_WG9FnVIEe3o2S1xbiwu_d9BEB9EEv4d670MAlK2ttc3xH8RZovqkj7K-FMYf6I-zlxEbIQbyJ1ZTorN3Yc9BwN8wVgOaP7j1r0aFYcPdvzHD5JtF-hPYD50bwxlyGtvshdla3BDysQkcFr3Yu0rFHwM7Afooc1cwryS-Xgevh1yNlUyNLwgLs_jFMPSy9zc58F0zelLIK_OZIy2g7oW3dhjLBAPPBQoe4o0Ktc9uwxrGWLN6PbWmdqFigUyxiXgi_lSuom9hD8TWdGoukROXuQgUo8vrMop5LyEYDXzp-Clvbz28Hb3bT1fiwoP8iUIxM5nG28AlLWlMjJmQW6smy6TDbVg3xRm-XNcf8KdrwPfP5cB3HOvrPfLrYiVQBuVHcfZfCTMbl1H7NOwk5kM_pB3lFBWXni5G0gk2t-HRdzV62fTf4_Fanj8MqA0wg9GWJjcC9fs-REvHe6ti1rcOsLF1JWIANFIO5cBw8_EeYj28oz8wYdt66zqh_ZKp2aD9vGk3hCxZu4Jho0ClfPQWWCz8AJvOgsOqT_jUxmEhYUqhztDVYUHMMUuPeL9zKFDZfxfWFZjKsSFNIrA2V_fRSULKbsb9uF3nllRGsMkIWfo5M4FxfNkuyQN_i_ilYwU0uKVjH250srMaAQIjidqnqUmwyD8KzLIrORktts9awbO9eeNRF4AfEDWlWT7-CuGqNy1FO8r0GtDm-6j0MHfZgW1I3hHgDhaLV_ToJaLAoCB8SrdmF2As7GX1xksIk0CbxzSbclmzm4DnFEaZ5wKWsPAd5FfJBwIucbW7jJdezJBl3yC-y1iwyP_xmlSw
Requested by: Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s52-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

GET
H2

200

v2
odr.mookie1.com/t/ Frame B736
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=mookie-ps&ttd_tpi=1
https://odr.mookie1.com/t/v2?tagid=V2_2087&src.visitorId=514a4b88-0dfd-434d-a84a-f5d9ce432a25&gdpr=1&gdpr_consent=

43 B
106 B

15ms
15ms

Image
image/gif

34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2?tagid=V2_2087&src.visitorId=514a4b88-0dfd-434d-a84a-f5d9ce432a25&gdpr=1&gdpr_consent=
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:01 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:01 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://odr.mookie1.com/t/v2?tagid=V2_2087&src.visitorId=514a4b88-0dfd-434d-a84a-f5d9ce432a25&gdpr=1&gdpr_consent=
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 259

GET
H3

200

v4
metrics.getrockerbox.com/track/ Frame B736
Redirect Chain

https://metrics.getrockerbox.com/track/v4?source=weight_watchers_subscription_germany&tier_one=ttd-display&tier_two=0a7a8j6&tier_three=a99jcch&tier_four=1e7nlzp2
https://secure.adnxs.com/getuid?https%3A%2F%2Fmetrics.getrockerbox.com%2Ftrack%2Fv4%3Fuid%3D%24UID%26source%3Dweight_watchers_subscription_germany%26tier_one%3Dttd-display%26tier_two%3D0a7a8j6%26ti...
https://metrics.getrockerbox.com/track/v4?uid=3274717522904464586&source=weight_watchers_subscription_germany&tier_one=ttd-display&tier_two=0a7a8j6&tier_three=a99jcch&tier_four=1e7nlzp2&uid_ts=1648...

44 B
590 B

121ms
120ms

Image
image/gif

104.21.58.221
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://metrics.getrockerbox.com/track/v4?uid=3274717522904464586&source=weight_watchers_subscription_germany&tier_one=ttd-display&tier_two=0a7a8j6&tier_three=a99jcch&tier_four=1e7nlzp2&uid_ts=1648530002
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Server: 104.21.58.221 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 039a8bb6d736466063dde3c2a80d71d54456a7875cb1654263058bc69c1c042d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:02 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ulxCAcDMsX7iPpqWTuT7edD51zZYHjIJQXXkkHZrFVj1l3bx4Meggkzp4%2F9wvZxQUMq19YwM0xDQTSMPMfIpLP0gJ%2Fp6DIBnex5lHqfpARX2E1qO7FHAxm21VzD8ehI38%2FxHkdrjQTs5D4Y%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cf-ray: 6f360a225bbf54e2-MAN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

Pragma: no-cache
Date: Tue, 29 Mar 2022 05:00:02 GMT
X-Proxy-Origin: 217.64.151.30; 217.64.151.30; 535.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: b8862bc5-7f75-4b18-8f01-13bb4cb3cc61
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://metrics.getrockerbox.com/track/v4?uid=3274717522904464586&source=weight_watchers_subscription_germany&tier_one=ttd-display&tier_two=0a7a8j6&tier_three=a99jcch&tier_four=1e7nlzp2&uid_ts=1648530002
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 dcmads.js Show response
www.googletagservices.com/dcm/ Frame B736 11 KB
5 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

503a1dd70b8b9c286875f5f7de72bce93c664b79f3fcfeefa1150d2384df33a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 04:14:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2706
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5008
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 18:23:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 29 Mar 2022 05:14:55 GMT

GET
H/1.1 200
OK rubicon
de1-bid.adsrvr.org/bid/feedback/ Frame B736 807 B
1 KB 54ms
31ms Image
image/gif 13.248.151.244
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://de1-bid.adsrvr.org/bid/feedback/rubicon?t=1&iid=b8d10335-e4a1-4c1e-8932-1be079f3f7e6&crid=1e7nlzp2&wp=D73D2D86FA739BE8&aid=1&wpc=USD&sfe=147a1251&puid=&tdid=&pid=vko50on&ag=a99jcch&adv=kywm6zw&sig=1xzZ2UjVLIgbjBBOZpoVVVfKQKU_YuQUvgFOkNTTYR_U.&bp=0.11714023337993907983&cf=3176281&fq=0&td_s=mustsharenews.com&rcats=&mcat=&mste=&mfld=3&mssi=&mfsi=&uhow=55&agsa=&rgz=&svbttd=1&dt=PC&osf=Windows&os=Windows10&br=Chrome&rlangs=en&mlang=&svpid=21468&did=&rcxt=Other&lat=51.570000&lon=7.440000&tmpc=6.12&daid=&vp=0&osi=&osv=&mk=Google&mdl=Chrome%20-%20Windows&c=CgdHZXJtYW55GgA4AVAHgAEAiAEBkAEB&dur=CjAKDGNoYXJnZS1hbGwtMSIgCP___________wESE3R0ZF9kYXRhX2V4Y2x1c2lvbnMKOwodY2hhcmdlLWFsbFRUREN1c3RvbUNvbnRleHR1YWwiGgja__________8BEg10dGRjb250ZXh0dWFsCkgKIWNoYXJnZS1hbGxNb2F0Vmlld2FiaWxpdHlUcmFja2luZyIjCKX__________wESDm1vYXQtcmVwb3J0aW5nKgYIoI0GGAw.&durs=dwsLA4&crrelr=&ipl=/21622890900/SG_mustsharenews.com_res_article_right1_300x250//320x100//320x50&pcm=1&grdc=CAEYASABKAFAAUgC&vc=3&cx=-5178883614526245302&said=ed531f3a42de882c61d42e4e9eba76a595f3b9a9&ict=Unknown&auct=1&cxlvs=0&im=1&mc=ec8ba4fc-052c-47ff-86ff-0d7df7787e6f&tail=1
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 13.248.151.244 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ad9411418cf2cdacd.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 3ca19e57c9a2465ae4df271316ba4d29e7ff7f113a2a2c5297780c0b7a0ac09d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:01 GMT
server: Kestrel
transfer-encoding: chunked
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
cache-control: must-revalidate, no-cache
connection: close
content-type: image/gif

GET
H2 200 ca Show response
choices.truste.com/ Frame B736 27 KB
10 KB 38ms
33ms Script
text/javascript 18.64.115.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.truste.com/ca?pid=tradedesk01&aid=tradedesk01&cid=0a7a8j6_a99jcch_1e7nlzp2&c=tradedesk01cont1&js=pmw0&w=300&h=250&sid=0
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.64.115.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-64-115-76.txl50.r.cloudfront.net
Software: nginx /
Resource Hash: 1e7f48b89d19cf8b368b05e374c9353785e0761a458b04f58126235998f08fbc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 04:10:13 GMT
content-encoding: gzip
server: nginx
age: 2988
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 f67cb1e6517f8abcedeb3b0734a257bc.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-amz-cf-pop: TXL50-P4
x-amz-cf-id: xDo98ka--cjPpqEpwqcfSUIdFBVyHtSlPgFFMsL7MgD3640-rZeJ4g==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK analytics.js Show response
s.update.rubiconproject.com/2/873648/ Frame B736 6 KB
3 KB 174ms
30ms Script
text/javascript 34.240.117.131
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.update.rubiconproject.com/2/873648/analytics.js?si=284364&di=mustsharenews.com&ap=&ui=L1BO75U0-1C-2UKP&pp=21468&pv=2e16d238-2d55-453f-8e0d-015d0562875f&gt=de&c1=1422796&c2=15&sr=magnite.com&dt=8736481481318196516000

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

34.240.117.131 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-240-117-131.eu-west-1.compute.amazonaws.com

Software

Resource Hash

9d59079336062694297193c4fb15be6c649509dcbbd42e706e93da05e0add5d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 29 Mar 2022 05:00:00 GMT
Content-Encoding: gzip
Accept-Ch: Viewport-Width, Viewport-Height, Width, DPR, RTT, ECT, Device-Memory, Downlink, Save-Data
Vary: *
Content-Type: text/javascript; charset=utf-8
Cache-Control: no-cache, no-store, must-revalidate, no-transform, private, max-age=0
Strict-Transport-Security: max-age=31536000; includeSubDomains
Timing-Allow-Origin: *
Content-Length: 2808
Expires: 0

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220324/r20110914/client/ Frame B736 2 KB
1 KB 14ms
10ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220324/r20110914/client/window_focus_fy2019.js

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 04:38:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1290
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Apr 2022 04:38:31 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B736 119 KB
36 KB 22ms
19ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30de69c01f8eb6cb0ab7b040f02316728cb490669cbf084aad71c06a708ed1ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36904
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648035241783118"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 29 Mar 2022 05:00:01 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220324/r20110914/client/ Frame B736 15 KB
6 KB 16ms
14ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220324/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 04:18:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2513
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6407
x-xss-protection: 0
server: cafe
etag: 6055885685211612390
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Apr 2022 04:18:08 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame B736 0
0 56ms
53ms Image
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSGEz8iODHFahzUj0isfLuja0su-m8CiW5CvJiW6eOL4eE67SkLbI3MxbjlQQhN_C2rb5CPMAaM2tJfU4nLxaAlCT02Ww
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame B736 22 KB
7 KB 18ms
15ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 06:52:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 79660
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 28 Mar 2023 06:52:21 GMT

GET
H2 200 r
eb2.3lift.com/ Frame CB8A 37 B
139 B 8ms
7ms Image
image/gif 13.248.245.213
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/r?inv_code=adasia_allpublishers_display&aid=16142210261725856179470&rev=b5dbcaa&pr=can%27t%2520access%2520top%2520document&bc=0.053&bmid=7354&biid=7056&sid=118144&brid=353075&adid=53729164&crid=-1&ts=1648530001&bcud=53&ss=5&caid=0&unid=0&domain=d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com&ref=https%253A%252F%252Fmustsharenews.com%252F&rr=creative&fid=10&rb=0&g=0&cb=49880
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:01 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

GET
DATA 200
OK truncated Show response
/ Frame 9156 26 B
0 Script
image/gif

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c00a759275b8628823a9809f24cbeca08cb48b52713adf221f70284e66d9c82f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 OBA_TRANS.png
ib.3lift.com/static/buttons/edaa/ Frame CB8A 3 KB
3 KB 11ms
10ms Image
image/png 108.157.4.12
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ib.3lift.com/static/buttons/edaa/OBA_TRANS.png
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-12.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2fd4c3ae6afc2b4026d9f0b64b8ff1110ecfcf47b90bc988c06e844b3921cbf6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 22:25:34 GMT
via: 1.1 f97c9082b750957571bc7e3354a4f4a4.cloudfront.net (CloudFront)
last-modified: Thu, 05 Aug 2021 17:23:36 GMT
server: AmazonS3
age: 455668
etag: "ddf020e069f1706b72b7698b28fede09"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=604800,s-maxage=604800,public
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
content-length: 3125
x-amz-cf-id: k6ETBPH2RCgteDeCtyqq3hIEtFCQVou4GAswSesbS6ucnF7Atm69Sw==

GET
H2 200 OBA_UK.png
ib.3lift.com/static/buttons/edaa/ Frame CB8A 3 KB
4 KB 11ms
10ms Image
image/png 108.157.4.12
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ib.3lift.com/static/buttons/edaa/OBA_UK.png
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.12 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-12.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 08285afd2f0c11a2a9d89f00dce769479e4d164e62caa39eceea9f1eb551afa9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 19:36:18 GMT
via: 1.1 f97c9082b750957571bc7e3354a4f4a4.cloudfront.net (CloudFront)
last-modified: Thu, 05 Aug 2021 17:23:31 GMT
server: AmazonS3
age: 345263
etag: "7ceab27af00fa466072a3c3360041755"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=604800,s-maxage=604800,public
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
content-length: 3518
x-amz-cf-id: leznmKYMDft8wep_VqPsM5JwxmBQhMjDtMCoNWQtdmO_hpzeiX3Ukg==

GET
H2 200 ctar
eb2.3lift.com/ Frame CB8A 37 B
139 B 8ms
8ms Image
image/gif 13.248.245.213
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/ctar?inv_code=adasia_allpublishers_display&aid=16142210261725856179470&rev=b5dbcaa&cta_render_method=1&cta_render_text=&cb=91314
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:01 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

GET
H2 200 / Show response
track.adform.net/adfscript/ Frame 6DFF 952 B
1 KB 75ms
18ms Script
text/javascript 37.157.2.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfscript/?bn=53729164;rtbwp=0.053;rtbdata=bOmcyWsQpwm_M7QCoKbNJeBgiSZ8TfysSG6Iu8q9jW6KoShCtMK4Uvl5As8YdMPMDJ92hFkrgvWuXTuwtKQ83Djq_DtLbyGCr_flNGb82zSX6XGzTuAKU8H7etFiZJ_Xd0aPpDgzou-R8XgSBoe-yLs105Sz4v9tHSjhvNWpJ7eKAnUeaQi6huXSXM2SIPr-1UgLLk1lkcsk6wIDvC_fKDiFNnZ0dsM1omN1-c6UvUo1

Requested by

Host: ib.3lift.com
URL: https://ib.3lift.com/rev/b5dbcaaad667d54756cc1e78e73a1e2616cc2b6d/dist/bundle.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

a94a2d304e6118e1c1590a8a16ffe6a0a0f8a69fc9863623c56811ee78d756bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:01 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 807
expires: -1

GET
H2 200 aop
eb2.3lift.com/ Frame CB8A 37 B
139 B 8ms
8ms Image
image/gif 13.248.245.213
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/aop?inv_code=adasia_allpublishers_display&aid=16142210261725856179470&rev=b5dbcaa&pr=can%27t%2520access%2520top%2520document&bc=0.053&bmid=7354&biid=7056&sid=118144&brid=353075&adid=53729164&crid=-1&ts=1648530001&bcud=53&ss=5&caid=0&unid=0&domain=d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com&ref=https%253A%252F%252Fmustsharenews.com%252F&rr=creative&fid=10&rb=0&g=0&cb=23374
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:01 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

GET
H3 200 container.html Show response
d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame BDEF 6 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032103.js?cb=31065882

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Mar 2022 05:00:00 GMT
expires: Wed, 29 Mar 2023 05:00:00 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
BLOB 200
OK 1950d175-e026-432e-9e7c-bbb30321a938
https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/ Frame AEE7 185 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/1950d175-e026-432e-9e7c-bbb30321a938
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 848fe19ed492948709b881f504ce2eb6274baa694606ca88eb9b2990a2460caf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Content-Length: 185
Content-Type: application/javascript

POST
H/1.1 200
OK postback Show response
s.update.adsrvr.org/2/2.52.0/357427/ASvT-7gQEeWhgXSd/ Frame F8A3 0
145 B 36ms
36ms XHR
text/plain 18.203.209.222
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.adsrvr.org/2/2.52.0/357427/ASvT-7gQEeWhgXSd/postback?de=2&dt=3574271504888517674019&pp=21468&dm=300x250&di=mustsharenews.com&md=1&ac=0a7a8j6&cb=1648530000&r7=&to=3&sr=rubicon&ci=357427&ap=&pv=940ddcb5-57e2-4786-a3f1-2dc32de7d904&pd=avt&ui=&ti=09b98f2a-9940-4e5b-9ae1-8a4570d2a377&sid=ASvT-7gQEeWhgXSd&oz_sc=2d7a79eaccfd3e89a25e8df4&oz_df=1648530001728&oz_l=4181&cv=3
Requested by: Host: s.update.adsrvr.org
URL: https://s.update.adsrvr.org/2/2.52.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 18.203.209.222 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-203-209-222.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 29 Mar 2022 05:00:01 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H3 200 impl_v85.js Show response
www.googletagservices.com/dcm/ Frame B736 42 KB
17 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v85.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7337a38ce3a732e5243bd354ad12d96b4d5512e283a8dd70d129b730d7a5d3d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Sun, 27 Mar 2022 22:14:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 110706
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17382
x-xss-protection: 0
last-modified: Mon, 21 Feb 2022 17:13:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 27 Mar 2023 22:14:55 GMT

GET
H3 200 National2-Medium.woff
s0.2mdn.net/creatives/assets/4372196/ Frame B9F5 45 KB
45 KB 9ms
9ms Font
font/woff 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4372196/National2-Medium.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=OB3obxC56Z&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

66e6fad9e5ec87bcda3f169e68173f0d99c792ec94f8586d7df8a4edb540d1e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=OB3obxC56Z&t=4&renderingType=2
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 04:55:15 GMT
x-content-type-options: nosniff
age: 286
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46308
x-xss-protection: 0
last-modified: Tue, 30 Nov 2021 12:01:18 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 29 Mar 2022 05:10:15 GMT

GET
H2 200 v2 Show response
mb.moatads.com/s/ Frame F8A3 322 B
496 B 86ms
28ms Script
text/html 52.56.234.21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mb.moatads.com/s/v2?url=https%3A%2F%2Fmustsharenews.com%2F&pcode=thetradedeskv275874568748&ord=1648530001216&jv=913951055&callback=BrandSafetyNadoscallback_25703266
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/thetradedeskv275874568748/moatad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.56.234.21 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-56-234-21.eu-west-2.compute.amazonaws.com
Software: TornadoServer/5.1.1 /
Resource Hash: 6d2e2a0cae053e9b8957b60fd6d5015308129cd0fc6ea89af4c398e7e77f1ba6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:01 GMT
cache-control: max-age=900
server: TornadoServer/5.1.1
timing-allow-origin: *
etag: "76703aa6c08aa70db3388bdcd320d30d50152209"
content-length: 322
content-type: text/html; charset=UTF-8

GET
H2 200 /
insight.adsrvr.org/enduser/pie/ Frame F8A3 807 B
925 B 37ms
34ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://insight.adsrvr.org/enduser/pie/?pie=20&vet=0&rtb=dD0xJmlpZD0wOWI5OGYyYS05OTQwLTRlNWItOWFlMS04YTQ1NzBkMmEzNzcmY3JpZD0xZTdubHpwMiZ3cD0ke0FVQ1RJT05fUFJJQ0U6QkZ9JmFpZD0xJndwYz1VU0Qmc2ZlPTE0N2ExMjUwJnB1aWQ9JnBpZD12a281MG9uJmFnPWE5OWpjY2gmYWR2PWt5d202encmYnA9MC4xMTcxNDAyMzMzNzk5MzkwNzk4MyZjZj0zMTc2MjgxJmZxPTAmdGRfcz1tdXN0c2hhcmVuZXdzLmNvbSZyY2F0cz0mbWNhdD0mbXN0ZT0mbWZsZD0zJm1zc2k9Jm1mc2k9JnVob3c9NTUmYWdzYT0mcmd6PSZzdmJ0dGQ9MSZkdD1QQyZvc2Y9V2luZG93cyZvcz1XaW5kb3dzMTAmYnI9Q2hyb21lJnJsYW5ncz1lbiZtbGFuZz0mc3ZwaWQ9MjE0NjgmZGlkPSZyY3h0PU90aGVyJmxhdD01MS41NzAwMDAmbG9uPTcuNDQwMDAwJnRtcGM9Ni4xMiZkYWlkPSZ2cD0wJm9zaT0mb3N2PSZtaz1Hb29nbGUmbWRsPUNocm9tZSUyMC0lMjBXaW5kb3dzJmM9Q2dkSFpYSnRZVzU1R2dBNEFVQUJVQWVBQVFDSUFRR1FBUUUuJmR1cj1DakFLREdOb1lYSm5aUzFoYkd3dE1TSWdDUF9fX19fX19fX19fd0VTRTNSMFpGOWtZWFJoWDJWNFkyeDFjMmx2Ym5NS093b2RZMmhoY21kbExXRnNiRlJVUkVOMWMzUnZiVU52Ym5SbGVIUjFZV3dpR2dqYV9fX19fX19fX184QkVnMTBkR1JqYjI1MFpYaDBkV0ZzQ2tnS0lXTm9ZWEpuWlMxaGJHeE5iMkYwVm1sbGQyRmlhV3hwZEhsVWNtRmphMmx1WnlJakNLWF9fX19fX19fX193RVNEbTF2WVhRdGNtVndiM0owYVc1bktnWUlvSTBHR0F3LiZjcnJlbHI9JmlwbD0vMjE2MjI4OTA5MDAvU0dfbXVzdHNoYXJlbmV3cy5jb21fcmVzX2FydGljbGVfbWlkNl8zMzZ4MjgwLy8zMDB4MjUwJnBjbT0xJmdyZGM9Q0FFWUFTQUJLQUZBQVVnQyZ2Yz0zJmN4PS01MTc4ODgzNjE0NTI2MjQ1MzAyJnNhaWQ9MmRhNjIzZDVjMmM3MWQ0MjMyODgzZGUyMTgyNDM4NzIzOGVlYjVkNSZpY3Q9VW5rbm93biZhdWN0PTEmY3hsdnM9MCZpbT0xJm1jPWVjOGJhNGZjLTA1MmMtNDdmZi04NmZmLTBkN2RmNzc4N2U2ZiZ0YWlsPTEmc3Y9cnViaWNvbiZ0YWlsPTE.
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: / ASP.NET
Resource Hash: 3ca19e57c9a2465ae4df271316ba4d29e7ff7f113a2a2c5297780c0b7a0ac09d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:01 GMT
cache-control: private
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: image/gif

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 631D
Redirect Chain

https://token.rubiconproject.com/token?pid=25470&gdpr_consent=BPWmbcgPWmbcg__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABA...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDFCTzc0N0ktMjMtRU9RNQ==&gdpr=1&gdpr_consent=BPWmbcgPWmbcg__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABAR...

170 B
188 B

19ms
19ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDFCTzc0N0ktMjMtRU9RNQ==&gdpr=1&gdpr_consent=BPWmbcgPWmbcg__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDFCTzc0N0ktMjMtRU9RNQ==&gdpr=1&gdpr_consent=BPWmbcgPWmbcg__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame 631D
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&gdpr_consent=BPWmbcgPWmbcg__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSg...
https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&gdpr_consent=BPWmbcgPWmbcg__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSg...

43 B
645 B

105ms
105ms

Image
image/gif

209.54.180.3
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&gdpr_consent=BPWmbcgPWmbcg__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU&gdpr=1&dcc=t

Protocol

HTTP/1.1

Server

209.54.180.3 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 29 Mar 2022 05:00:02 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: W7DSFW5QC8PX0KZY03SA
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 29 Mar 2022 05:00:02 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: YP10T6HH9HP202FMVVBQ
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&gdpr_consent=BPWmbcgPWmbcg__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU&gdpr=1&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

dcm
aax-eu.amazon-adsystem.com/s/ Frame 631D
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr_consent=BPWmbcgPWmbcg__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAA...
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr_consent=BPWmbcgPWmbcg__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAA...

43 B
645 B

39ms
39ms

Image
image/gif

52.95.125.22
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr_consent=BPWmbcgPWmbcg__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU&gdpr=1&dcc=t

Protocol

HTTP/1.1

Server

52.95.125.22 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 29 Mar 2022 05:00:02 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: ZSK6NW0PJFPW6M14T7NE
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 29 Mar 2022 05:00:01 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: YZFDH4VHAHNSKN4X5D2K
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr_consent=BPWmbcgPWmbcg__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU&gdpr=1&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

204

v1
ads.yahoo.com/cms/ Frame 631D
Redirect Chain

https://token.rubiconproject.com/token?pid=26594&gdpr_consent=BPWmbcgPWmbcg__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABA...
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L1BO747I-23-EOQ5&sigv=1&esig=2~1e436f9dbbb665cce79ddfb7a3e2f17717ef5883&gdpr=1&gdpr_consent=BPWmbcgPWmbcg__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQC...

0
194 B

143ms
22ms

Image
text/plain

2a00:1288:80:807::2
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L1BO747I-23-EOQ5&sigv=1&esig=2~1e436f9dbbb665cce79ddfb7a3e2f17717ef5883&gdpr=1&gdpr_consent=BPWmbcgPWmbcg__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

2a00:1288:80:807::2 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:02 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

Redirect headers

Location: https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L1BO747I-23-EOQ5&sigv=1&esig=2~1e436f9dbbb665cce79ddfb7a3e2f17717ef5883&gdpr=1&gdpr_consent=BPWmbcgPWmbcg__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 709414.gif
id.rlcdn.com/ Frame 631D 42 B
417 B 33ms
16ms Image
image/gif 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/709414.gif?gdpr_consent=BPWmbcgPWmbcg__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU&gdpr=1
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 29 Mar 2022 05:00:01 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: clear
content-length: 42

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 631D
Redirect Chain

https://token.rubiconproject.com/token?pid=2249&pt=n&gdpr_consent=BPWmbcgPWmbcg__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAA...
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YzBkMzhkZDVkY2RlMGFlNGQ2YWM3MDMzNWQzMjdiMGVmMDZjYWUwZg&gdpr=1&gdpr_consent=BPWmbcgPWmbcg__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAA...

170 B
188 B

19ms
19ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YzBkMzhkZDVkY2RlMGFlNGQ2YWM3MDMzNWQzMjdiMGVmMDZjYWUwZg&gdpr=1&gdpr_consent=BPWmbcgPWmbcg__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YzBkMzhkZDVkY2RlMGFlNGQ2YWM3MDMzNWQzMjdiMGVmMDZjYWUwZg&gdpr=1&gdpr_consent=BPWmbcgPWmbcg__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 611afce88997db6fdd35eb213e662871
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2

200

UmolKd309U002bc_Y8lFU8n5EUdSAgOZEtemQ7w0kco
pr-bh.ybp.yahoo.com/sync/rubicon/ Frame 631D
Redirect Chain

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1&gdpr_consent=BPWmbcgPWmbcg__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQE...
https://pr-bh.ybp.yahoo.com/sync/rubicon/UmolKd309U002bc_Y8lFU8n5EUdSAgOZEtemQ7w0kco?csrc=&gdpr=1&gdpr_consent=BPWmbcgPWmbcg__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAI...

43 B
323 B

120ms
37ms

Image
image/gif

2a05:d018:d29:3602:d715:9c64:5860:e3e3
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/rubicon/UmolKd309U002bc_Y8lFU8n5EUdSAgOZEtemQ7w0kco?csrc=&gdpr=1&gdpr_consent=BPWmbcgPWmbcg__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

2a05:d018:d29:3602:d715:9c64:5860:e3e3 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:02 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff

Redirect headers

Location: https://pr-bh.ybp.yahoo.com/sync/rubicon/UmolKd309U002bc_Y8lFU8n5EUdSAgOZEtemQ7w0kco?csrc=&gdpr=1&gdpr_consent=BPWmbcgPWmbcg__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame 631D
Redirect Chain

https://match.adsrvr.org/track/cmf/rubicon?gdpr_consent=BPWmbcgPWmbcg__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAA...
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=514a4b88-0dfd-434d-a84a-f5d9ce432a25&gdpr=1&gdpr_consent=BPWmbcgPWmbcg__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBA...

42 B
915 B

57ms
8ms

Image
image/gif

69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=514a4b88-0dfd-434d-a84a-f5d9ce432a25&gdpr=1&gdpr_consent=BPWmbcgPWmbcg__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU&expires=30
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 42
X-RPHost: 611afce88997db6fdd35eb213e662871
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:01 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=514a4b88-0dfd-434d-a84a-f5d9ce432a25&gdpr=1&gdpr_consent=BPWmbcgPWmbcg__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU&expires=30
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 601

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame F030
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEAMlVJkKOPvGRPk2AzbIzxo&google_cver=1&google_push=AYg5qPLY452GhbSL-vZnWSc7FQKYlEDaKFVv08rch1pKkKb8vPyQ4JPfocnYChHMQ8BJiyPnl20PY9joVZSwzqu0mF6OaN7pAzlE8...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEAMlVJkKOPvGRPk2AzbIzxo&google_cver=1&google_push=AYg5qPLY452GhbSL-vZnWSc7FQKYlEDaKFVv08rch1pKkKb8vPyQ4JPfocnYChHMQ8BJiyPnl20PY9joVZSwzqu0mF6OaN7pAzl...

43 B
419 B

205ms
188ms

Image
image/gif

2606:4700::6812:d05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEAMlVJkKOPvGRPk2AzbIzxo&google_cver=1&google_push=AYg5qPLY452GhbSL-vZnWSc7FQKYlEDaKFVv08rch1pKkKb8vPyQ4JPfocnYChHMQ8BJiyPnl20PY9joVZSwzqu0mF6OaN7pAzlE8w&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPLY452GhbSL-vZnWSc7FQKYlEDaKFVv08rch1pKkKb8vPyQ4JPfocnYChHMQ8BJiyPnl20PY9joVZSwzqu0mF6OaN7pAzlE8w%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Server: 2606:4700::6812:d05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:02 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 6f360a21a86e0208-ZRH
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
content-type: image/gif; charset=utf-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:02 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 2658
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 6f360a203ec20208-ZRH
p3p: CP="NOI DEVo TAIa OUR BUS"
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEAMlVJkKOPvGRPk2AzbIzxo&google_cver=1&google_push=AYg5qPLY452GhbSL-vZnWSc7FQKYlEDaKFVv08rch1pKkKb8vPyQ4JPfocnYChHMQ8BJiyPnl20PY9joVZSwzqu0mF6OaN7pAzlE8w&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPLY452GhbSL-vZnWSc7FQKYlEDaKFVv08rch1pKkKb8vPyQ4JPfocnYChHMQ8BJiyPnl20PY9joVZSwzqu0mF6OaN7pAzlE8w%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
cache-control: no-cache, private
content-type: text/html
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F030
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEEIJt5oS6y0sVAecnSiRUug&google_cver=1&google_push=AYg5qPLgzFpFmIDXFgQZ5_NR1_2C72oK5w46Cz-9Wu-gC-cicVxrpoC19juZrsHjIAxfs_Wo0w9FKIFOlL6yypxDZ1wI...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEEIJt5oS6y0sVAecnSiRUug&google_cver=1&google_push=AYg5qPLgzFpFmIDXFgQZ5_NR1_2C72oK5w46Cz-9Wu-gC-cicVxrpoC19juZrsHjIAxfs_Wo0w9FKIFOlL6yyp...
https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=google&bsw_custom_parameter=1f554cb1-f262-4be5-8e8c-a88a6c12fca2
https://pool.admedo.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=google&bsw_custom_parameter=1f554cb1-f262-4be5-8e8c-a88a6c12fca2
https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=7b13d734-bcc6-4958-ac48-670cbdc5f20b&user_group=1&ssp=google&bsw_param=1f554cb1-f262-4be5-8e8c-a88a6c12fca2
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPLgzFpFmIDXFgQZ5_NR1_2C72oK5w46Cz-9Wu-gC-cicVxrpoC19juZrsHjIAxfs_Wo0w9FKIFOlL6yypxDZ1wIgi8ibI-x&google_hm=H1VMsfJiS-WOjKiKbBL8og==

170 B
188 B

18ms
18ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPLgzFpFmIDXFgQZ5_NR1_2C72oK5w46Cz-9Wu-gC-cicVxrpoC19juZrsHjIAxfs_Wo0w9FKIFOlL6yypxDZ1wIgi8ibI-x&google_hm=H1VMsfJiS-WOjKiKbBL8og==

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AYg5qPLgzFpFmIDXFgQZ5_NR1_2C72oK5w46Cz-9Wu-gC-cicVxrpoC19juZrsHjIAxfs_Wo0w9FKIFOlL6yypxDZ1wIgi8ibI-x&google_hm=H1VMsfJiS-WOjKiKbBL8og==
Date: Tue, 29 Mar 2022 05:00:02 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F030
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEFV2rIu7DcD_F5SKJqW0juE&google_cver=1&google_push=AYg5qPJvKMQ-ewLqWUBiNaJ1IE9C-aLd1nUBCkSw5KqKsIvcpomO6Z5RmvdeoOF4S01L8iwPcIO99wS5...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEFV2rIu7DcD_F5SKJqW0juE&google_cver=1&google_push=AYg5qPJvKMQ-ewLqWUBiNaJ1IE9C-aLd1nUBCkSw5KqKsIvcpomO6Z5RmvdeoOF4S01L8iwPcIO...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODU3OTA0NTAwMzE2MTYwNTAxOA&google_push=AYg5qPJvKMQ-ewLqWUBiNaJ1IE9C-aLd1nUBCkSw5KqKsIvcpomO6Z5RmvdeoOF4S01L8iwPcIO99w...

170 B
188 B

16ms
16ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODU3OTA0NTAwMzE2MTYwNTAxOA&google_push=AYg5qPJvKMQ-ewLqWUBiNaJ1IE9C-aLd1nUBCkSw5KqKsIvcpomO6Z5RmvdeoOF4S01L8iwPcIO99wS5wU-XseNRP3nJEvKY_Q1zog

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:02 GMT
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODU3OTA0NTAwMzE2MTYwNTAxOA&google_push=AYg5qPJvKMQ-ewLqWUBiNaJ1IE9C-aLd1nUBCkSw5KqKsIvcpomO6Z5RmvdeoOF4S01L8iwPcIO99wS5wU-XseNRP3nJEvKY_Q1zog
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F030
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESENVX2n9KhcvHaaFVGm37yyI&google_cver=1&google_push=AYg5qPIDW8Hbygi_jAlUHHhS_RcvJQxBHZYbrp1qtmKGQoVaW4kct4HvoXaVRIPcoARHJpnTD_5-VSrQ_NSCqnkee41qeLa...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPIDW8Hbygi_jAlUHHhS_RcvJQxBHZYbrp1qtmKGQoVaW4kct4HvoXaVRIPcoARHJpnTD_5-VSrQ_NSCqnkee41qeLaiwPbAMg

170 B
188 B

18ms
17ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPIDW8Hbygi_jAlUHHhS_RcvJQxBHZYbrp1qtmKGQoVaW4kct4HvoXaVRIPcoARHJpnTD_5-VSrQ_NSCqnkee41qeLaiwPbAMg

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:01 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPIDW8Hbygi_jAlUHHhS_RcvJQxBHZYbrp1qtmKGQoVaW4kct4HvoXaVRIPcoARHJpnTD_5-VSrQ_NSCqnkee41qeLaiwPbAMg
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H3 200 dds
rtb.openx.net/sync/ Frame F030 43 B
64 B 35ms
25ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESECwMNtNZyZ2ayRBJssBS9ws&google_cver=1&google_push=AYg5qPLfBcdU7phelqRQkboU-gzhnKOvMFFb-bDzocQR2ive0WDc3KEikXMBISo9kLNWyCGivaFfLlEs9ECIgAfdBMVK-i8q3fE95w
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:01 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: c3s3212nbbhk9jkusnl4163kp7e1a2ti

GET

pixel
cm.g.doubleclick.net/ Frame F030
Redirect Chain

https://onetag-sys.com/sync/i,19/?google_gid=CAESEMMytAN66ob6kgh0ExGsOGM&google_cver=1&google_push=AYg5qPJb4Y_W5WC_GPuYj2z7ZHe5SIAZevJof0hx7zAxZUrANl8yEH_x4nKjpNfV_-ZGfS9jnMWNraAN5CK2g0EPGhO86M5VDI...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJb4Y_W5WC_GPuYj2z7ZHe5SIAZevJof0hx7zAxZUrANl8yEH_x4nKjpNfV_-ZGfS9jnMWNraAN5CK2g0EPGhO86M5VDIc4hQ
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJb4Y_W5WC_GPuYj2z7ZHe5SIAZevJof0hx7zAxZUrANl8yEH_x4nKjpNfV_-ZGfS9jnMWNraAN5CK2g0EPGhO86M5VDIc4hQ
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJb4Y_W5WC_GPuYj2z7ZHe5SIAZevJof0hx7zAxZUrANl8yEH_x4nKjpNfV_-ZGfS9jnMWNraAN5CK2g0EPGhO86M5VDIc4hQ
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJb4Y_W5WC_GPuYj2z7ZHe5SIAZevJof0hx7zAxZUrANl8yEH_x4nKjpNfV_-ZGfS9jnMWNraAN5CK2g0EPGhO86M5VDIc4hQ
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJb4Y_W5WC_GPuYj2z7ZHe5SIAZevJof0hx7zAxZUrANl8yEH_x4nKjpNfV_-ZGfS9jnMWNraAN5CK2g0EPGhO86M5VDIc4hQ
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJb4Y_W5WC_GPuYj2z7ZHe5SIAZevJof0hx7zAxZUrANl8yEH_x4nKjpNfV_-ZGfS9jnMWNraAN5CK2g0EPGhO86M5VDIc4hQ
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJb4Y_W5WC_GPuYj2z7ZHe5SIAZevJof0hx7zAxZUrANl8yEH_x4nKjpNfV_-ZGfS9jnMWNraAN5CK2g0EPGhO86M5VDIc4hQ
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJb4Y_W5WC_GPuYj2z7ZHe5SIAZevJof0hx7zAxZUrANl8yEH_x4nKjpNfV_-ZGfS9jnMWNraAN5CK2g0EPGhO86M5VDIc4hQ
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJb4Y_W5WC_GPuYj2z7ZHe5SIAZevJof0hx7zAxZUrANl8yEH_x4nKjpNfV_-ZGfS9jnMWNraAN5CK2g0EPGhO86M5VDIc4hQ
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJb4Y_W5WC_GPuYj2z7ZHe5SIAZevJof0hx7zAxZUrANl8yEH_x4nKjpNfV_-ZGfS9jnMWNraAN5CK2g0EPGhO86M5VDIc4hQ
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJb4Y_W5WC_GPuYj2z7ZHe5SIAZevJof0hx7zAxZUrANl8yEH_x4nKjpNfV_-ZGfS9jnMWNraAN5CK2g0EPGhO86M5VDIc4hQ
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJb4Y_W5WC_GPuYj2z7ZHe5SIAZevJof0hx7zAxZUrANl8yEH_x4nKjpNfV_-ZGfS9jnMWNraAN5CK2g0EPGhO86M5VDIc4hQ
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJb4Y_W5WC_GPuYj2z7ZHe5SIAZevJof0hx7zAxZUrANl8yEH_x4nKjpNfV_-ZGfS9jnMWNraAN5CK2g0EPGhO86M5VDIc4hQ
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJb4Y_W5WC_GPuYj2z7ZHe5SIAZevJof0hx7zAxZUrANl8yEH_x4nKjpNfV_-ZGfS9jnMWNraAN5CK2g0EPGhO86M5VDIc4hQ
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJb4Y_W5WC_GPuYj2z7ZHe5SIAZevJof0hx7zAxZUrANl8yEH_x4nKjpNfV_-ZGfS9jnMWNraAN5CK2g0EPGhO86M5VDIc4hQ
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJb4Y_W5WC_GPuYj2z7ZHe5SIAZevJof0hx7zAxZUrANl8yEH_x4nKjpNfV_-ZGfS9jnMWNraAN5CK2g0EPGhO86M5VDIc4hQ
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJb4Y_W5WC_GPuYj2z7ZHe5SIAZevJof0hx7zAxZUrANl8yEH_x4nKjpNfV_-ZGfS9jnMWNraAN5CK2g0EPGhO86M5VDIc4hQ
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJb4Y_W5WC_GPuYj2z7ZHe5SIAZevJof0hx7zAxZUrANl8yEH_x4nKjpNfV_-ZGfS9jnMWNraAN5CK2g0EPGhO86M5VDIc4hQ
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJb4Y_W5WC_GPuYj2z7ZHe5SIAZevJof0hx7zAxZUrANl8yEH_x4nKjpNfV_-ZGfS9jnMWNraAN5CK2g0EPGhO86M5VDIc4hQ
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJb4Y_W5WC_GPuYj2z7ZHe5SIAZevJof0hx7zAxZUrANl8yEH_x4nKjpNfV_-ZGfS9jnMWNraAN5CK2g0EPGhO86M5VDIc4hQ

0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F030
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEC...
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=AYg5qPIWvP23ebcAetUOvZ7OWLMRAti3mWVdg6jHFXwd_8Ruu2ZoADwB_kQuczbAr0Rt0lODJADShmCqos3vvnIli91tYRcP0lJu&redir=https%3A%2F%2Fcm.g.doubl...
https://sync.targeting.unrulymedia.com/csync/RX-8e8d7b9d-af80-4a7c-931d-748683170876-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAYg5qPIWvP23ebcAetUOvZ7OW...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPIWvP23ebcAetUOvZ7OWLMRAti3mWVdg6jHFXwd_8Ruu2ZoADwB_kQuczbAr0Rt0lODJADShmCqos3vvnIli91tYRcP0lJu&google_hm=A46Ne52vgEp8kx10hoMXCHY

170 B
188 B

22ms
22ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPIWvP23ebcAetUOvZ7OWLMRAti3mWVdg6jHFXwd_8Ruu2ZoADwB_kQuczbAr0Rt0lODJADShmCqos3vvnIli91tYRcP0lJu&google_hm=A46Ne52vgEp8kx10hoMXCHY

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPIWvP23ebcAetUOvZ7OWLMRAti3mWVdg6jHFXwd_8Ruu2ZoADwB_kQuczbAr0Rt0lODJADShmCqos3vvnIli91tYRcP0lJu&google_hm=A46Ne52vgEp8kx10hoMXCHY
date: Tue, 29 Mar 2022 05:00:02 GMT
server: Tengine
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RX8e8d7b9daf804a7c931d748683170876003
content-type: text/html

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame F030 0
12 B 16ms
16ms Image
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Jq5f90d7JefgzsQwH9wdrCuiKr_ivtnb4YiGKMgt5S-82MKJ5W9Ui5ceffreb8ay4_a6Fg

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:01 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame CD1C 0
0 21ms
19ms Fetch
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsub9ujz03d2o1QGUPh9Iuqolv9QAtIxhds0m8xkVCWPAB0bgMs1B-1PfLrerk42qXz4IfoT7d7oghiUdP-9Xb4BKF5mdV2pn9IDDoPQvny9aNOJTDjo0k8YIhXYK9nMechkllszM0oQWXuIo6fhtFqzKFlHAYFvoif6vX0NBUsxPrHQ2uO1zI7CGkwRR0slUf1McMlQudbbaqOsmbMOObwUxuHbVdEd1soGtp_aS_CoSClsAm1VuBHzUs6yS7HfROW0xnFE1oL8u53xLLZ_PtdO2h8zpT0Uct4VXc62XFB1ON975mkWsGB9vM94v_zL12nPp6Y9sUGTtFrCWkW1Ep1nBfTlpgnCKK53bdPk854PH907PEgsMDY&sig=Cg0ArKJSzFPLZo_cujIIEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 29 Mar 2022 05:00:01 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame CD1C 154 KB
53 KB 32ms
31ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032103.js?cb=31065882

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5567a97dec3917add7dc46fe251ceb1e50cb4413b772875764c5e12e0e78ae8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53780
x-xss-protection: 0
server: cafe
etag: 13334774120184065746
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 29 Mar 2022 05:00:01 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame CD1C 119 KB
36 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032103.js?cb=31065882

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30de69c01f8eb6cb0ab7b040f02316728cb490669cbf084aad71c06a708ed1ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36904
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648035241783118"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 29 Mar 2022 05:00:01 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame F8A3 0
23 B 52ms
32ms Ping
image/gif 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvFWJd0tzsVPnRP6vRh7yW5ZZVLOi-e_RIqhAJcFwqO5k6j18tcZ08SaQs9Abudo1ofejMlyKqkAva1OP1zCHUCCgFDcSRU-jdElmyAJ_Nmw8UlpLKlEyXVH4SA-40vKbl2mBmSQdnwJjQ0zw4oTY5Sx-s&sig=Cg0ArKJSzKoOVvtJl9O9EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=736&vt=11&dtpt=565&dett=3&cstd=164&cisv=r20220324.04276&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 29 Mar 2022 05:00:01 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 B26791739.320447811;dc_ver=85.248;sz=300x250;u_sd=1;kw=a99jcch;dc_adk=1037519631;ord=kncqil;click=http%3A%2F%2Finsight.adsrvr.org%2Ftrack%2Fclk%3Fimp%3Db8d10335-e4a1-4c1e-8932-1be079f3f7e6%26ag%3Da... Show response
ad.doubleclick.net/ddm/adj/N1549806.422087GROUPMCOMPETENCEC/ Frame B736 65 KB
26 KB 78ms
57ms Script
text/javascript 142.250.185.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/N1549806.422087GROUPMCOMPETENCEC/B26791739.320447811;dc_ver=85.248;sz=300x250;u_sd=1;kw=a99jcch;dc_adk=1037519631;ord=kncqil;click=http%3A%2F%2Finsight.adsrvr.org%2Ftrack%2Fclk%3Fimp%3Db8d10335-e4a1-4c1e-8932-1be079f3f7e6%26ag%3Da99jcch%26sfe%3D147a1251%26sig%3DMbdLDOKp9a28rzDUmMXpkaflIU_ePNnYB7AhzjRZRNI.%26crid%3D1e7nlzp2%26cf%3D3176281%26fq%3D0%26t%3D1%26td_s%3Dmustsharenews.com%26rcats%3D%26mcat%3D%26mste%3D%26mfld%3D3%26mssi%3D%26mfsi%3D%26sv%3Drubicon%26uhow%3D55%26agsa%3D%26wp%3DD73D2D86FA739BE8%26rgz%3D%26dt%3DPC%26osf%3DWindows%26os%3DWindows10%26br%3DChrome%26svpid%3D21468%26rlangs%3Den%26mlang%3D%26did%3D%26rcxt%3DOther%26tmpc%3D6.12%26vrtd%3D%26osi%3D%26osv%3D%26daid%3D%26dnr%3D0%26vpb%3D%26c%3DCgdHZXJtYW55GgA4AVAHgAEAiAEBkAEB%26dur%3DCjAKDGNoYXJnZS1hbGwtMSIgCP___________wESE3R0ZF9kYXRhX2V4Y2x1c2lvbnMKOwodY2hhcmdlLWFsbFRUREN1c3RvbUNvbnRleHR1YWwiGgja__________8BEg10dGRjb250ZXh0dWFsCkgKIWNoYXJnZS1hbGxNb2F0Vmlld2FiaWxpdHlUcmFja2luZyIjCKX__________wESDm1vYXQtcmVwb3J0aW5nKgYIoI0GGAw.%26durs%3DdwsLA4%26crrelr%3D%26npt%3D%26mk%3DGoogle%26mdl%3DChrome%2520-%2520Windows%26ipl%3D%2F21622890900%2FSG_mustsharenews.com_res_article_right1_300x250%2F%2F320x100%2F%2F320x50%26pcm%3D1%26ict%3DUnknown%26said%3Ded531f3a42de882c61d42e4e9eba76a595f3b9a9%26auct%3D1%26cxlvs%3D0%26grdc%3DCAEYASABKAFAAUgC%26tail%3D1%26r%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.;dc_rfl=1,https%3A%2F%2Fmustsharenews.com%2F$0;xdt=1;crlt=4pRk!D!Krl;sttr=112;prcl=s

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v85.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f6.1e100.net

Software

cafe /

Resource Hash

871fc000f20714bb2b863f2aa0b1f3f653c91e1fab3d09df9ba59f0e30cec859

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:01 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27108
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bootstrap.js Show response
s1.adform.net/stoat/626/s1.adform.net/ Frame 6DFF 33 KB
16 KB 87ms
20ms Script
text/javascript 37.157.5.71
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by: Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=53729164;rtbwp=0.053;rtbdata=bOmcyWsQpwm_M7QCoKbNJeBgiSZ8TfysSG6Iu8q9jW6KoShCtMK4Uvl5As8YdMPMDJ92hFkrgvWuXTuwtKQ83Djq_DtLbyGCr_flNGb82zSX6XGzTuAKU8H7etFiZJ_Xd0aPpDgzou-R8XgSBoe-yLs105Sz4v9tHSjhvNWpJ7eKAnUeaQi6huXSXM2SIPr-1UgLLk1lkcsk6wIDvC_fKDiFNnZ0dsM1omN1-c6UvUo1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.71 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 3d0bf782b47dcd079eedf6bb34ecb0742c114a4e4b90e37a58a412482101b475

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:02 GMT
content-encoding: gzip
last-modified: Thu, 10 Feb 2022 15:16:56 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Wed, 30 Mar 2022 08:01:10 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame BDEF 0
0 24ms
23ms Fetch
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CNQC6UZJCYrjmHpiK7_UPwK2Q4Az-0_evXM7PvdjqAsCNtwEQASAAYJWioIKwB4IBF2NhLXB1Yi05MDU4MjkxODU0NDQzODgxyAEJ4AIAqAMBqgTDAk_QFXtYcxjya6T4HbKKwp-zgh5v5oQXvbS4MwCUK1RSA2oSU_bcyJNn93Idjiudlj844aJiWfqeei_BS9RMrG_001hNZkxptX3SfvwBm4XMC7Hbk_eNkcvSvM9f0lr78ORwu_lsywghBVdaAPjBzsJ6hCRVaeiyNP6PFMFMj-Jzz1yKmJ-XK3Zf5A5ozaVnZcVwS6s3_qtMTm92TcGJGhByHE7Q7ellunMkjghyVbEDuOjLirjPaEVuyJ789XEcbYTnsoGM2MnwmOmYSODqAyXvmfF8tv2zNaCCt7haqzl0ldI_kWPw12HB-yItN7ue1ernEHWw7EOCs8gPWb-5SGn4enLNrrSGtU0kf0kXmyBh34bGcyc_6EtCxfW8BGNTN1GMBxd5-1godgxizhZKBTEYyfUvFrxx1GxQUc0jXHOPDkqj4AQBgAb_3tqthLOumfsBoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAHyCBthZHgtc3Vic3luLTI4MDkyMDc3MzQ5MDYzNjmACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItOTA1ODI5MTg1NDQ0Mzg4MRi212k&sigh=oDOWk5zmgjc&uach_m=[UACH]&cid=CAQSPACNIrLMRv-NYYEB75zkclLkwGevq9wAM04ajA0baqeUU3-mF8QqcBIldw5wFzEydjHIpDu5dt1XcROk9BgB&tpd=AGWhJmu4h-9zLDQJIU4OhvstcG4Kt77VMZfR8tMpWIU56xAyRWQtMRclRxNN_I3iheOw1NhKOuilKHMztvl9mRCtmR_JMShZWNFnASnRw_sYE06C70SR34d8bDuUrP99ul0W55TaqjhwdIhl6OMEtfEJOW58pBi_dCghaUopNCcHNVQczvic6yuNagW9HjFaSzczmbXVNKhTTcb61-VFl3tSRPiwn7GVpoa5Xl7kvviOoYBiUhiWC2FbWMFgajeLrMduh7li24VfpbHdq00c9H1Uyi6iWCtbuiff0mv24SrW7k4zMzOETksFxGx6mpsUCgFYFp7Kvt4HXQaxZCAH2Y9jZN7hO2b499mTPbUN_bYZRFPucZxNvJXJ2daW4tOHZzrwIC2rL3eTaL1jL0eGmLk7v_xCRUokwWglX5p3SKiebKu5HX3aRIMQcN8zmD2uoxqshQ1vOxKbD3FLYf61YQA2W-aoPyCopljoWAGnKiLaxu9SxGY7wA8ZXR3QS4WG3oBiFYbNybU_rhi2G-zpFeXjvqCIXCElR2hcQUPd4G1ytEvK77dVT4Camm1E2Jj4p9Gf4PcgXE28_GqnGFXRpajX7Mlr4ODGMBIK6DssB6BdXZlXhQq2b3o0g4YdjMoAKPqrdUy7Pv-kpdu_C4sB4u2seijBZMNnp797wRt4v6a0CHHq6I-as0NsHBH-0zB8RDrXzwCKWogT9nC_H3jCYX9T0E9jU9mD-tKfDHVawF5-DfZ5iywqGTrNRrfT6R4eRs9hVWlc0e15nzMGYQW3SzPGTQpCYUPIXeVWQ3WQ6AYQLqNn_VSuPReK0-HsBWZTePZ7Z-LFSI3EBilEGu0pLBnqwnNb3hlsn1_5lAfhOSl_FYD_t43d5RNlEULA2TC0iIvqsvyVlmuJldNQdjwVEg
Requested by: Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s52-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

GET
H2

200

v2
odr.mookie1.com/t/ Frame BDEF
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=mookie-ps&ttd_tpi=1
https://odr.mookie1.com/t/v2?tagid=V2_2087&src.visitorId=514a4b88-0dfd-434d-a84a-f5d9ce432a25&gdpr=1&gdpr_consent=

43 B
106 B

19ms
18ms

Image
image/gif

34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2?tagid=V2_2087&src.visitorId=514a4b88-0dfd-434d-a84a-f5d9ce432a25&gdpr=1&gdpr_consent=
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:02 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:01 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://odr.mookie1.com/t/v2?tagid=V2_2087&src.visitorId=514a4b88-0dfd-434d-a84a-f5d9ce432a25&gdpr=1&gdpr_consent=
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 259

GET
H3 200 v4
metrics.getrockerbox.com/track/ Frame BDEF 44 B
521 B 129ms
123ms Image
image/gif 104.21.58.221
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://metrics.getrockerbox.com/track/v4?source=weight_watchers_subscription_germany&tier_one=ttd-display&tier_two=0a7a8j6&tier_three=a99jcch&tier_four=1e7nlzp2
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.58.221 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 039a8bb6d736466063dde3c2a80d71d54456a7875cb1654263058bc69c1c042d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:02 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m6YTFkUS%2F9dHQZKhICAIVZzz90J7WSohr4CHFGv%2FKLk6l5YtWcNQIGUMVpTxIOF6DEuEliUez1GaWCZxQ9MzWhQ9C6AXt%2FICv3vkEuHOv5wtdV4hFxTxbjHkdr1hb2nfQ%2BSGTOQFyYlN9y8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cf-ray: 6f360a204a0854e2-MAN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 dcmads.js Show response
www.googletagservices.com/dcm/ Frame BDEF 11 KB
5 KB 14ms
7ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

503a1dd70b8b9c286875f5f7de72bce93c664b79f3fcfeefa1150d2384df33a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 04:14:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2706
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5008
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 18:23:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 29 Mar 2022 05:14:55 GMT

GET
H/1.1 200
OK rubicon
de1-bid.adsrvr.org/bid/feedback/ Frame BDEF 807 B
1 KB 33ms
10ms Image
image/gif 13.248.151.244
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://de1-bid.adsrvr.org/bid/feedback/rubicon?t=1&iid=46cd5258-2c86-4431-ad06-f81411b1a858&crid=1e7nlzp2&wp=D73D2D86FA739BE8&aid=1&wpc=USD&sfe=147a1251&puid=&tdid=&pid=vko50on&ag=a99jcch&adv=kywm6zw&sig=1_A3Em_o0B9LSNfTDvP0PEDRHRPbJlZgW2RVyAqdTlsk.&bp=0.11714023337993907983&cf=3176281&fq=0&td_s=mustsharenews.com&rcats=&mcat=&mste=&mfld=3&mssi=&mfsi=&uhow=55&agsa=&rgz=&svbttd=1&dt=PC&osf=Windows&os=Windows10&br=Chrome&rlangs=en&mlang=&svpid=21468&did=&rcxt=Other&lat=51.570000&lon=7.440000&tmpc=6.12&daid=&vp=0&osi=&osv=&mk=Google&mdl=Chrome%20-%20Windows&c=CgdHZXJtYW55GgA4AVAHgAEAiAEBkAEB&dur=CjAKDGNoYXJnZS1hbGwtMSIgCP___________wESE3R0ZF9kYXRhX2V4Y2x1c2lvbnMKOwodY2hhcmdlLWFsbFRUREN1c3RvbUNvbnRleHR1YWwiGgja__________8BEg10dGRjb250ZXh0dWFsCkgKIWNoYXJnZS1hbGxNb2F0Vmlld2FiaWxpdHlUcmFja2luZyIjCKX__________wESDm1vYXQtcmVwb3J0aW5nKgYIoI0GGAw.&durs=dwsLA4&crrelr=&ipl=/21622890900/SG_mustsharenews.com_res_article_mid4_336x280//300x250&pcm=1&grdc=CAEYASABKAFAAUgC&vc=3&cx=-5178883614526245302&said=3e49812aba4a05a7848e205115235b0a17cb9eea&ict=Unknown&auct=1&cxlvs=0&im=1&mc=ec8ba4fc-052c-47ff-86ff-0d7df7787e6f&tail=1
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 13.248.151.244 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ad9411418cf2cdacd.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 3ca19e57c9a2465ae4df271316ba4d29e7ff7f113a2a2c5297780c0b7a0ac09d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:01 GMT
server: Kestrel
transfer-encoding: chunked
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
cache-control: must-revalidate, no-cache
connection: close
content-type: image/gif

GET
H2 200 ca Show response
choices.truste.com/ Frame BDEF 27 KB
10 KB 28ms
19ms Script
text/javascript 18.64.115.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.truste.com/ca?pid=tradedesk01&aid=tradedesk01&cid=0a7a8j6_a99jcch_1e7nlzp2&c=tradedesk01cont1&js=pmw0&w=300&h=250&sid=0
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.64.115.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-64-115-76.txl50.r.cloudfront.net
Software: nginx /
Resource Hash: 1e7f48b89d19cf8b368b05e374c9353785e0761a458b04f58126235998f08fbc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 04:10:13 GMT
content-encoding: gzip
server: nginx
age: 2988
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 f67cb1e6517f8abcedeb3b0734a257bc.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-amz-cf-pop: TXL50-P4
x-amz-cf-id: vrcI8TExIFnXHfqrDnSoQR0LmIJ46sb9fB8eGqonvesMsm4QRT_HIA==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220324/r20110914/client/ Frame BDEF 2 KB
1 KB 12ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220324/r20110914/client/window_focus_fy2019.js

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 04:38:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1290
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Apr 2022 04:38:31 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220324/r20110914/client/ Frame BDEF 15 KB
6 KB 12ms
8ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220324/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 04:18:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2513
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6407
x-xss-protection: 0
server: cafe
etag: 6055885685211612390
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Apr 2022 04:18:08 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame BDEF 0
0 20ms
15ms Image
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQU90OIYU_MQyfyfn-MCckII7Hke0W5wT7oyxwHplHo3w-SToe7D8bxLuk9X0rpy12Umdh2z5Y7hNIvxUqjawTHTIZFsw
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame BDEF 22 KB
7 KB 13ms
9ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 06:52:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 79660
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 28 Mar 2023 06:52:21 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame BDEF 119 KB
36 KB 36ms
31ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30de69c01f8eb6cb0ab7b040f02316728cb490669cbf084aad71c06a708ed1ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36904
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648035241783118"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 29 Mar 2022 05:00:01 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame B9F5 7 KB
5 KB 21ms
19ms XHR
application/json 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9bb55ad45493cd1322f344b00e81cd210b7347230e81c0ef0a24cfcdf18cb01e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 29 Mar 2022 05:00:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5567
x-xss-protection: 0

POST
H/1.1 200
OK postback Show response
s.update.adsrvr.org/2/2.52.0/357427/ASvT-7gQEeWhgXSd/ Frame F8A3 0
145 B 38ms
38ms XHR
text/plain 18.203.209.222
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.adsrvr.org/2/2.52.0/357427/ASvT-7gQEeWhgXSd/postback?de=2&dt=3574271504888517674019&pp=21468&dm=300x250&di=mustsharenews.com&md=1&ac=0a7a8j6&cb=1648530000&r7=&to=3&sr=rubicon&ci=357427&ap=&pv=940ddcb5-57e2-4786-a3f1-2dc32de7d904&pd=avt&ui=&ti=09b98f2a-9940-4e5b-9ae1-8a4570d2a377&sid=ASvT-7gQEeWhgXSd&oz_sc=2d7a79eaccfd3e89a25e8df4&oz_df=1648530001944&oz_l=409&cv=3
Requested by: Host: s.update.adsrvr.org
URL: https://s.update.adsrvr.org/2/2.52.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 18.203.209.222 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-203-209-222.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 29 Mar 2022 05:00:01 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
DATA 200
OK truncated
/ Frame CD1C 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e58c48ccab319c1743e68c1c2e40e5b1937bfcef3aa077d4d853ce1140a1b214

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 impl_v85.js Show response
www.googletagservices.com/dcm/ Frame BDEF 42 KB
17 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v85.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7337a38ce3a732e5243bd354ad12d96b4d5512e283a8dd70d129b730d7a5d3d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Sun, 27 Mar 2022 22:14:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 110706
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17382
x-xss-protection: 0
last-modified: Mon, 21 Feb 2022 17:13:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 27 Mar 2023 22:14:55 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame B9F5 17 KB
6 KB 28ms
28ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 29 Mar 2022 05:00:02 GMT

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203230101/ Frame CD1C 296 KB
107 KB 33ms
33ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203230101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9994647129360327&plah=mustsharenews.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c47e3277e17f3fddae257e83adced71ea8eed89e4f58db09a7b34ce79ca035a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 109243
x-xss-protection: 0
server: cafe
etag: 16193964174371263485
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 29 Mar 2022 05:00:02 GMT

GET
H3 200 ww-logo.svg
s0.2mdn.net/sadbundle/6538174354311107868/ Frame B9F5 864 B
523 B 9ms
9ms Image
image/svg+xml 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/ww-logo.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c22e801148939673da59909834ef2cbd09855ab48ecfc7ee3e501bd25eec0102

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=OB3obxC56Z&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 22 Mar 2022 15:15:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 567881
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 485
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 22 Mar 2023 15:15:21 GMT

GET
H3 200 60021267_20220317072610540_WW_2ndChance_NeuesLeben_Prospecting.jpg
s0.2mdn.net/ads/richmedia/studio/60021267/ Frame B9F5 30 KB
30 KB 10ms
10ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60021267/60021267_20220317072610540_WW_2ndChance_NeuesLeben_Prospecting.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

21066dd1052a0cc3cc6d40e20caadba8f798380d59166e9b5ea75f4a859a472c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=OB3obxC56Z&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 09:52:54 GMT
x-content-type-options: nosniff
age: 68828
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30753
x-xss-protection: 0
last-modified: Thu, 17 Mar 2022 14:26:10 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 29 Mar 2022 09:52:54 GMT

GET
H3 200 B26791739.320447811;dc_ver=85.248;sz=300x250;u_sd=1;kw=a99jcch;dc_adk=1974501068;ord=umozmk;click=http%3A%2F%2Finsight.adsrvr.org%2Ftrack%2Fclk%3Fimp%3D46cd5258-2c86-4431-ad06-f81411b1a858%26ag%3Da... Show response
ad.doubleclick.net/ddm/adj/N1549806.422087GROUPMCOMPETENCEC/ Frame BDEF 65 KB
26 KB 57ms
57ms Script
text/javascript 142.250.185.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/N1549806.422087GROUPMCOMPETENCEC/B26791739.320447811;dc_ver=85.248;sz=300x250;u_sd=1;kw=a99jcch;dc_adk=1974501068;ord=umozmk;click=http%3A%2F%2Finsight.adsrvr.org%2Ftrack%2Fclk%3Fimp%3D46cd5258-2c86-4431-ad06-f81411b1a858%26ag%3Da99jcch%26sfe%3D147a1251%26sig%3DrOELSOH8HW8CkcY7-3mewdd6na8E_NXC9A7SgmKYlGY.%26crid%3D1e7nlzp2%26cf%3D3176281%26fq%3D0%26t%3D1%26td_s%3Dmustsharenews.com%26rcats%3D%26mcat%3D%26mste%3D%26mfld%3D3%26mssi%3D%26mfsi%3D%26sv%3Drubicon%26uhow%3D55%26agsa%3D%26wp%3DD73D2D86FA739BE8%26rgz%3D%26dt%3DPC%26osf%3DWindows%26os%3DWindows10%26br%3DChrome%26svpid%3D21468%26rlangs%3Den%26mlang%3D%26did%3D%26rcxt%3DOther%26tmpc%3D6.12%26vrtd%3D%26osi%3D%26osv%3D%26daid%3D%26dnr%3D0%26vpb%3D%26c%3DCgdHZXJtYW55GgA4AVAHgAEAiAEBkAEB%26dur%3DCjAKDGNoYXJnZS1hbGwtMSIgCP___________wESE3R0ZF9kYXRhX2V4Y2x1c2lvbnMKOwodY2hhcmdlLWFsbFRUREN1c3RvbUNvbnRleHR1YWwiGgja__________8BEg10dGRjb250ZXh0dWFsCkgKIWNoYXJnZS1hbGxNb2F0Vmlld2FiaWxpdHlUcmFja2luZyIjCKX__________wESDm1vYXQtcmVwb3J0aW5nKgYIoI0GGAw.%26durs%3DdwsLA4%26crrelr%3D%26npt%3D%26mk%3DGoogle%26mdl%3DChrome%2520-%2520Windows%26ipl%3D%2F21622890900%2FSG_mustsharenews.com_res_article_mid4_336x280%2F%2F300x250%26pcm%3D1%26ict%3DUnknown%26said%3D3e49812aba4a05a7848e205115235b0a17cb9eea%26auct%3D1%26cxlvs%3D0%26grdc%3DCAEYASABKAFAAUgC%26tail%3D1%26r%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.;dc_rfl=1,https%3A%2F%2Fmustsharenews.com%2F$0;xdt=1;crlt=4pRk!D!Krl;sttr=48;prcl=s

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v85.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f6.1e100.net

Software

cafe /

Resource Hash

0fbd06b3bd014070a652478df9f409ab5ba0cd72176a21cbf7583700715e1c12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:02 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27045
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame B736 169 KB
59 KB 23ms
8ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Requested by

Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
Origin: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 19:19:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34856
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60173
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:51 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 29 Mar 2022 19:19:06 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220324/r20110914/elements/html/ Frame B736 8 KB
3 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220324/r20110914/elements/html/omrhp.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N1549806.422087GROUPMCOMPETENCEC/B26791739.320447811;dc_ver=85.248;sz=300x250;u_sd=1;kw=a99jcch;dc_adk=1037519631;ord=kncqil;click=http%3A%2F%2Finsight.adsrvr.org%2Ftrack%2Fclk%3Fimp%3Db8d10335-e4a1-4c1e-8932-1be079f3f7e6%26ag%3Da99jcch%26sfe%3D147a1251%26sig%3DMbdLDOKp9a28rzDUmMXpkaflIU_ePNnYB7AhzjRZRNI.%26crid%3D1e7nlzp2%26cf%3D3176281%26fq%3D0%26t%3D1%26td_s%3Dmustsharenews.com%26rcats%3D%26mcat%3D%26mste%3D%26mfld%3D3%26mssi%3D%26mfsi%3D%26sv%3Drubicon%26uhow%3D55%26agsa%3D%26wp%3DD73D2D86FA739BE8%26rgz%3D%26dt%3DPC%26osf%3DWindows%26os%3DWindows10%26br%3DChrome%26svpid%3D21468%26rlangs%3Den%26mlang%3D%26did%3D%26rcxt%3DOther%26tmpc%3D6.12%26vrtd%3D%26osi%3D%26osv%3D%26daid%3D%26dnr%3D0%26vpb%3D%26c%3DCgdHZXJtYW55GgA4AVAHgAEAiAEBkAEB%26dur%3DCjAKDGNoYXJnZS1hbGwtMSIgCP___________wESE3R0ZF9kYXRhX2V4Y2x1c2lvbnMKOwodY2hhcmdlLWFsbFRUREN1c3RvbUNvbnRleHR1YWwiGgja__________8BEg10dGRjb250ZXh0dWFsCkgKIWNoYXJnZS1hbGxNb2F0Vmlld2FiaWxpdHlUcmFja2luZyIjCKX__________wESDm1vYXQtcmVwb3J0aW5nKgYIoI0GGAw.%26durs%3DdwsLA4%26crrelr%3D%26npt%3D%26mk%3DGoogle%26mdl%3DChrome%2520-%2520Windows%26ipl%3D%2F21622890900%2FSG_mustsharenews.com_res_article_right1_300x250%2F%2F320x100%2F%2F320x50%26pcm%3D1%26ict%3DUnknown%26said%3Ded531f3a42de882c61d42e4e9eba76a595f3b9a9%26auct%3D1%26cxlvs%3D0%26grdc%3DCAEYASABKAFAAUgC%26tail%3D1%26r%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.;dc_rfl=1,https%3A%2F%2Fmustsharenews.com%2F$0;xdt=1;crlt=4pRk!D!Krl;sttr=112;prcl=s

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 04:20:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2387
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Apr 2022 04:20:15 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame B736 41 KB
15 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 09:30:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 70176
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 28 Mar 2023 09:30:26 GMT

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 270D 281 B
554 B 16ms
15ms Document
text/html 23.205.235.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?&gdpr=1&gdpr_consent=BPWmbcqPWmbcq__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU&geo=eu&co=de
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-235-133.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
ETag: "402b2-119-5d32342a551c0"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Tue, 29 Mar 2022 05:00:02 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame B285 1 KB
749 B 11ms
11ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Mon, 28 Mar 2022 13:26:12 GMT
expires: Tue, 29 Mar 2022 13:26:12 GMT
cache-control: public, max-age=86400
age: 56030
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 CGHVXjYJRnLTYRF6fgor0GmLhTjmHb-GVf8novFL6vc.js Show response
pagead2.googlesyndication.com/bg/ Frame 2EC9 35 KB
14 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CGHVXjYJRnLTYRF6fgor0GmLhTjmHb-GVf8novFL6vc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0861d55e36094672d361117a7e0a2bd0698b8538e61dbf8655ff27a2f14beaf7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 21:17:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27724
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13806
x-xss-protection: 0
last-modified: Tue, 22 Mar 2022 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 28 Mar 2023 21:17:58 GMT

GET
DATA 200
OK truncated
/ Frame B736 207 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7ce9197a6c9a358e73b24c066102fbdc791bb6fe90b2e9550f31585a23c27055

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame 6DFF 4 KB
2 KB 22ms
21ms Script
text/javascript 37.157.2.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?bn=53729164;rtbwp=0.053;rtbdata=bOmcyWsQpwm_M7QCoKbNJeBgiSZ8TfysSG6Iu8q9jW6KoShCtMK4Uvl5As8YdMPMDJ92hFkrgvWuXTuwtKQ83Djq_DtLbyGCr_flNGb82zSX6XGzTuAKU8H7etFiZJ_Xd0aPpDgzou-R8XgSBoe-yLs105Sz4v9tHSjhvNWpJ7eKAnUeaQi6huXSXM2SIPr-1UgLLk1lkcsk6wIDvC_fKDiFNnZ0dsM1omN1-c6UvUo1;js=1;adfxid=1x;8312;set=en-US|en-US|1600X1200|0|300|250|24|8|3|7|1|;fd=0|0&CREFURL=https%3A%2F%2Fmustsharenews.com

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

eeffbcdbda898801d1a243fc80b8c0cf32a9091380518cd6c169c14f5676f4f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:02 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 2088
expires: -1

POST
H/1.1 200
OK postback Show response
s.update.rubiconproject.com/2/2.52.0/873648/ASvT-_UOEPR8frgV/ Frame B736 0
145 B 122ms
30ms XHR
text/plain 34.240.117.131
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.rubiconproject.com/2/2.52.0/873648/ASvT-_UOEPR8frgV/postback?oz_pl=1&di=mustsharenews.com&pv=2e16d238-2d55-453f-8e0d-015d0562875f&c2=15&si=284364&ap=&ui=L1BO75U0-1C-2UKP&pp=21468&gt=de&c1=1422796&sr=magnite.com&dt=8736481481318196516000&ci=873648&_x=1
Requested by: Host: s.update.rubiconproject.com
URL: https://s.update.rubiconproject.com/2/873648/analytics.js?si=284364&di=mustsharenews.com&ap=&ui=L1BO75U0-1C-2UKP&pp=21468&pv=2e16d238-2d55-453f-8e0d-015d0562875f&gt=de&c1=1422796&c2=15&sr=magnite.com&dt=8736481481318196516000
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 34.240.117.131 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-240-117-131.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 29 Mar 2022 05:00:01 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H/1.1 200
OK main.js Show response
s.update.rubiconproject.com/2/2.52.0/ Frame B736 156 KB
49 KB 29ms
29ms Script
text/javascript 34.240.117.131
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.update.rubiconproject.com/2/2.52.0/main.js

Requested by

Host: s.update.rubiconproject.com
URL: https://s.update.rubiconproject.com/2/873648/analytics.js?si=284364&di=mustsharenews.com&ap=&ui=L1BO75U0-1C-2UKP&pp=21468&pv=2e16d238-2d55-453f-8e0d-015d0562875f&gt=de&c1=1422796&c2=15&sr=magnite.com&dt=8736481481318196516000

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

34.240.117.131 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-240-117-131.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ebc1809c917b61781cda24334f55c7010d9bf8986b99ea3f59d049e78d491910

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 05:00:01 GMT
Content-Encoding: br
Accept-Ch: Viewport-Width, Viewport-Height, Width, DPR, RTT, ECT, Device-Memory, Downlink, Save-Data
Vary: Origin, Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: public, no-transform, immutable, max-age=999999999
Strict-Transport-Security: max-age=31536000; includeSubDomains
Timing-Allow-Origin: *
Content-Length: 49733
Expires: Fri, 05 Dec 2053 06:03:13 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 270D 32 KB
10 KB 21ms
20ms Script
text/html 23.205.235.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&gdpr=1&gdpr_consent=BPWmbcqPWmbcq__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU&geo=eu&co=de
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-235-133.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 9ad1bb44af5999c63ca2cb0cc07b90c55f3f4752a55578ff5fb7e2e953161e61

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?&gdpr=1&gdpr_consent=BPWmbcqPWmbcq__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU&geo=eu&co=de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 05:00:02 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Mar 2022 16:28:01 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=12992
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9540
Expires: Tue, 29 Mar 2022 08:36:34 GMT

GET
H3 200 html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame BDEF 169 KB
59 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Requested by

Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
Origin: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 19:19:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34856
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60173
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:51 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 29 Mar 2022 19:19:06 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220324/r20110914/elements/html/ Frame BDEF 8 KB
3 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220324/r20110914/elements/html/omrhp.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N1549806.422087GROUPMCOMPETENCEC/B26791739.320447811;dc_ver=85.248;sz=300x250;u_sd=1;kw=a99jcch;dc_adk=1974501068;ord=umozmk;click=http%3A%2F%2Finsight.adsrvr.org%2Ftrack%2Fclk%3Fimp%3D46cd5258-2c86-4431-ad06-f81411b1a858%26ag%3Da99jcch%26sfe%3D147a1251%26sig%3DrOELSOH8HW8CkcY7-3mewdd6na8E_NXC9A7SgmKYlGY.%26crid%3D1e7nlzp2%26cf%3D3176281%26fq%3D0%26t%3D1%26td_s%3Dmustsharenews.com%26rcats%3D%26mcat%3D%26mste%3D%26mfld%3D3%26mssi%3D%26mfsi%3D%26sv%3Drubicon%26uhow%3D55%26agsa%3D%26wp%3DD73D2D86FA739BE8%26rgz%3D%26dt%3DPC%26osf%3DWindows%26os%3DWindows10%26br%3DChrome%26svpid%3D21468%26rlangs%3Den%26mlang%3D%26did%3D%26rcxt%3DOther%26tmpc%3D6.12%26vrtd%3D%26osi%3D%26osv%3D%26daid%3D%26dnr%3D0%26vpb%3D%26c%3DCgdHZXJtYW55GgA4AVAHgAEAiAEBkAEB%26dur%3DCjAKDGNoYXJnZS1hbGwtMSIgCP___________wESE3R0ZF9kYXRhX2V4Y2x1c2lvbnMKOwodY2hhcmdlLWFsbFRUREN1c3RvbUNvbnRleHR1YWwiGgja__________8BEg10dGRjb250ZXh0dWFsCkgKIWNoYXJnZS1hbGxNb2F0Vmlld2FiaWxpdHlUcmFja2luZyIjCKX__________wESDm1vYXQtcmVwb3J0aW5nKgYIoI0GGAw.%26durs%3DdwsLA4%26crrelr%3D%26npt%3D%26mk%3DGoogle%26mdl%3DChrome%2520-%2520Windows%26ipl%3D%2F21622890900%2FSG_mustsharenews.com_res_article_mid4_336x280%2F%2F300x250%26pcm%3D1%26ict%3DUnknown%26said%3D3e49812aba4a05a7848e205115235b0a17cb9eea%26auct%3D1%26cxlvs%3D0%26grdc%3DCAEYASABKAFAAUgC%26tail%3D1%26r%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.;dc_rfl=1,https%3A%2F%2Fmustsharenews.com%2F$0;xdt=1;crlt=4pRk!D!Krl;sttr=48;prcl=s

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 04:20:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2387
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Apr 2022 04:20:15 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame BDEF 41 KB
15 KB 11ms
11ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 09:30:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 70176
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 28 Mar 2023 09:30:26 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 1D28 22 KB
8 KB 8ms
8ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Mar 2022 09:31:07 GMT
expires: Tue, 28 Mar 2023 09:31:07 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 70135
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 4678 65 KB
6 KB 17ms
17ms Document
text/html 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=AS7j1Z6qRo&t=4&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f9e787c9d70e0c965c4443b288ca75dfed1d883fc3d9bbde05accb94e8c179c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
date: Tue, 29 Mar 2022 05:00:02 GMT
expires: Wed, 29 Mar 2023 05:00:02 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame B736 0
23 B 30ms
30ms Ping
image/gif 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsulAB2s5Jw5eGj42cCs73qr2UkxU0S9b4-x2E95D3-QbhZ7YlHeeTL87vNkD9CQ6unNsSn2FexI4qE7PiiUhhiye8N8_GKl5TTEuou7yuV7tK99Lbqcv03tjER2kaAnB8hUTDLDkj5Rg-1OT_cie8PLsEw&sig=Cg0ArKJSzFOrRWL8HIPxEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=135&cbvp=1&cstd=132&cisv=r20220324.60902&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 29 Mar 2022 05:00:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 cookie.js Show response
partner.googleadservices.com/gampad/ Frame CD1C 221 B
235 B 15ms
14ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=mustsharenews.com&callback=_gfp_s_&client=ca-pub-9994647129360327&cookie=ID%3Db17120d3de7eb68d%3AT%3D1648529998%3AS%3DALNI_MaBAz1-yu_vRHDLrRVeUX3V3blIsg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

fd10709b0625c4ac712608efa31aa9ee59ae1c38c373c92b700661f575ea545c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 213
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame CD1C 107 B
122 B 15ms
14ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=mustsharenews.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 29 Mar 2022 05:00:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame CD1C 107 B
122 B 15ms
15ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=mustsharenews.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 29 Mar 2022 05:00:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame EBF2 436 B
233 B 211ms
210ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9994647129360327&output=html&h=250&slotname=6052293568&adk=1036449870&adf=776186312&pi=t.ma~as.6052293568&w=300&psa=0&format=300x250&url=https%3A%2F%2Fmustsharenews.com%2Fspf-arrest-scams%2F%3FisentiaPostId%3Dpost-1&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1648530002026&bpp=4&bdt=115&idt=162&shv=r20220324&mjsv=m202203230101&ptt=9&saldr=aa&cookie=ID%3Db17120d3de7eb68d%3AT%3D1648529998%3AS%3DALNI_MaBAz1-yu_vRHDLrRVeUX3V3blIsg&correlator=7175789465843&frm=23&ife=4&pv=1&ga_vid=1334310438.1648529998&ga_sid=1648530002&ga_hid=1695335677&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=464&ady=5369&biw=1600&bih=1200&isw=300&ish=250&ifk=1165671238&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842&oid=2&pvsid=111525324806400&pem=188&tmod=618151652&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C300%2C250&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.vuog2hdk0n0t&btvi=1&fsb=1&dtd=177

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7913fb9d7def1ae9378f53170fef284b1a60ea25e25e3cfb7f65754377a768a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 29 Mar 2022 05:00:02 GMT
server: cafe
content-length: 213
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2

200

sync Show response
eb2.3lift.com/ Frame 9544
Redirect Chain

https://eb2.3lift.com/sync?max=10&cb=75345
https://eb2.3lift.com/sync?max=10&cb=75345&ld=1

1 KB
1 KB

8ms
7ms

Document
text/html

13.248.245.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?max=10&cb=75345&ld=1
Requested by: Host: ib.3lift.com
URL: https://ib.3lift.com/rev/b5dbcaaad667d54756cc1e78e73a1e2616cc2b6d/dist/bundle.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: fe86a6db6afa6aa84da1009ce5672d790577db37855de180ca3bca783845020f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/

Response headers

date: Tue, 29 Mar 2022 05:00:02 GMT
content-type: text/html; charset=utf-8
content-length: 461
content-encoding: gzip
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
cache-control: no-cache, no-store, must-revalidate

Redirect headers

date: Tue, 29 Mar 2022 05:00:02 GMT
content-length: 0
location: /sync?max=10&cb=75345&ld=1
cache-control: no-cache, no-store, must-revalidate
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 2A67 281 B
554 B 15ms
14ms Document
text/html 23.205.235.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?&gdpr=1&gdpr_consent=BPWmbcqPWmbcq__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU&geo=eu&co=de
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-235-133.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
ETag: "402b2-119-5d32342a551c0"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Tue, 29 Mar 2022 05:00:02 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame C3BE 1 KB
749 B 8ms
7ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Mon, 28 Mar 2022 13:26:12 GMT
expires: Tue, 29 Mar 2022 13:26:12 GMT
cache-control: public, max-age=86400
age: 56030
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame BDEF 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2b09833814ea726c1641113309aa9956eb47ec858bd3a62e33b195a7a45dfd21

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 dpixel
cms.quantserve.com/ Frame B285 35 B
463 B 37ms
10ms Image
image/gif 2620:116:800d:21:8c6e:cf2c:8d6:9fb5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEEHCCB25UvWxSsBORFwvWOM&google_cver=1&google_push=AYg5qPKj4FRQ70wMI-pw5EuW7J15Ot5HUBUTAjE9k3iXGIieTVten4-I9erE9o2_hmuvotVoNZMp3ca7zJxvUO04Xr-_xrYM_68_fw

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:02 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B285
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEAldTBnz14a_ppROfgsYhiw&google_push=AYg5qPISyKxb7p4rn3RHyQjntdNkKg9GYWlQaK1uKAKQyIMt4Kfik3lc8d...

170 B
188 B

18ms
18ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEAldTBnz14a_ppROfgsYhiw&google_push=AYg5qPISyKxb7p4rn3RHyQjntdNkKg9GYWlQaK1uKAKQyIMt4Kfik3lc8dhhdxGEPvGsHeFXqTz6e2bYQ6EViTyPVy2MejO2O6Mj

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:02 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1648530002.300322,VS0,VE90
x-served-by: cache-hhn4050-HHN
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEAldTBnz14a_ppROfgsYhiw&google_push=AYg5qPISyKxb7p4rn3RHyQjntdNkKg9GYWlQaK1uKAKQyIMt4Kfik3lc8dhhdxGEPvGsHeFXqTz6e2bYQ6EViTyPVy2MejO2O6Mj
cache-control: no-cache
accept-ranges: bytes
access-control-allow-origin: *
content-length: 0
x-cache-hits: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B285
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEG-h8F0Ll43Xk8ra1hszunw&google_cver=1&google_push=AYg5qPLmrhvSDlzos2cs4althzIW_4lFypQSWvyc63Y77y1qiciBndq28Zi1s5IXUCH7ssJlIsipy6hzkgH...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPLmrhvSDlzos2cs4althzIW_4lFypQSWvyc63Y77y1qiciBndq28Zi1s5IXUCH7ssJlIsipy6hzkgHGtp_57058-A7VbYfm&google_hm=c9fpMcL7TGKKj4EGLAonkx4

170 B
188 B

22ms
21ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPLmrhvSDlzos2cs4althzIW_4lFypQSWvyc63Y77y1qiciBndq28Zi1s5IXUCH7ssJlIsipy6hzkgHGtp_57058-A7VbYfm&google_hm=c9fpMcL7TGKKj4EGLAonkx4

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:01 GMT
via: 1.1 google
server: Apache-Coyote/1.1
status: 302
p3p: CP="NOI DSP COR NID CUR OUR NOR"
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPLmrhvSDlzos2cs4althzIW_4lFypQSWvyc63Y77y1qiciBndq28Zi1s5IXUCH7ssJlIsipy6hzkgHGtp_57058-A7VbYfm&google_hm=c9fpMcL7TGKKj4EGLAonkx4
cache-control: no-cache, must-revalidate
content-type: text/html;charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 dot.gif
s0.2mdn.net/ Frame B285 43 B
72 B 22ms
15ms Image
image/gif 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif?google_gid=CAESEOy1rqOnE4F3aIyANxgPZhc&google_cver=1&google_push=AYg5qPJbrOXzZ8djd0LEbcCULwRYcoeoXD1AvBQv9odmCuWcg7LCdKEuJeZUyD9pRz-AI3Xu3mipm2-i7s2kzj0FYtmMcW7D94yKYw

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:02 GMT
x-content-type-options: nosniff
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 30 Mar 2022 05:00:02 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B285
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEKemgJD6edAGz7P_WMTUMB0&google_cver=1&google_push=AYg5qPLPlXI5k2Lv1ymIwVYrQl2W_RTXaDYGyL-yJwvuNmjnFaXSu1fdUryZjus4oRDoxPl5tBgI2vbx...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODU3OTA0NTAwMzE2MTYwNTAxOA&google_push=AYg5qPLPlXI5k2Lv1ymIwVYrQl2W_RTXaDYGyL-yJwvuNmjnFaXSu1fdUryZjus4oRDoxPl5tBgI2v...

170 B
188 B

22ms
22ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODU3OTA0NTAwMzE2MTYwNTAxOA&google_push=AYg5qPLPlXI5k2Lv1ymIwVYrQl2W_RTXaDYGyL-yJwvuNmjnFaXSu1fdUryZjus4oRDoxPl5tBgI2vbxiaRdbdmkMb-sf5HXskAcQw

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:02 GMT
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODU3OTA0NTAwMzE2MTYwNTAxOA&google_push=AYg5qPLPlXI5k2Lv1ymIwVYrQl2W_RTXaDYGyL-yJwvuNmjnFaXSu1fdUryZjus4oRDoxPl5tBgI2vbxiaRdbdmkMb-sf5HXskAcQw
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B285
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESED...
https://sync.targeting.unrulymedia.com/csync/RX-8e8d7b9d-af80-4a7c-931d-748683170876-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAYg5qPKN2VhshnWC0hYeGl4Gr...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPKN2VhshnWC0hYeGl4GrMJU87FQ2bVzmbs8TguQmfCGMjjjjaCZX4fBpA735kv7SW0qtv6dbBo0zY3zkZD10nfE2qmWJemTJw&google_hm=A46Ne52vgEp8kx10hoMXCHY

170 B
188 B

17ms
16ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPKN2VhshnWC0hYeGl4GrMJU87FQ2bVzmbs8TguQmfCGMjjjjaCZX4fBpA735kv7SW0qtv6dbBo0zY3zkZD10nfE2qmWJemTJw&google_hm=A46Ne52vgEp8kx10hoMXCHY

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPKN2VhshnWC0hYeGl4GrMJU87FQ2bVzmbs8TguQmfCGMjjjjaCZX4fBpA735kv7SW0qtv6dbBo0zY3zkZD10nfE2qmWJemTJw&google_hm=A46Ne52vgEp8kx10hoMXCHY
date: Tue, 29 Mar 2022 05:00:02 GMT
server: Tengine
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RX8e8d7b9daf804a7c931d748683170876003
content-type: text/html

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B285
Redirect Chain

https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESECB19iKHrl-KzEeaHNdSg3s&google_cver=1&google_push=AYg5qPIiCxKRM4lmMlut1rihgCU_sblfFmZWZ1s-C_WbLW9s9B8R3G_N...
https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESECB19iKHrl-KzEeaHNdSg3s&google_cver=1&google_push=AYg5qPIiCxKRM4lmMlut1rihgCU_sblfFmZWZ1s-C_WbLW9s9B8R3G_N...
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESECB19iKHrl-KzEeaHNdSg3s&google_cver=1&google_push=AYg5qPIiCxKRM4lmMlut1rihgCU_sblfFmZWZ1s-C_WbLW9s9B8R3G...
https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVAxNzY0M2JlYy1hZjFkLTExZWMtOTAwYy0wNmIwOTdmYzM5Yzg%3D&google_push=AYg5qPIiCxKRM4lmMlut1rihgCU_sblfFmZWZ1s-C_WbLW9s9B8R3G_Niyl9qHLK73...

170 B
188 B

28ms
24ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVAxNzY0M2JlYy1hZjFkLTExZWMtOTAwYy0wNmIwOTdmYzM5Yzg%3D&google_push=AYg5qPIiCxKRM4lmMlut1rihgCU_sblfFmZWZ1s-C_WbLW9s9B8R3G_Niyl9qHLK73WqLhZilSgGhLJmjM3EWPiJoD29XS7gzKOunA

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVAxNzY0M2JlYy1hZjFkLTExZWMtOTAwYy0wNmIwOTdmYzM5Yzg%3D&google_push=AYg5qPIiCxKRM4lmMlut1rihgCU_sblfFmZWZ1s-C_WbLW9s9B8R3G_Niyl9qHLK73WqLhZilSgGhLJmjM3EWPiJoD29XS7gzKOunA
date: Tue, 29 Mar 2022 05:00:02 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame B285 0
12 B 15ms
14ms Image
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IY7KGKPXqSieAPKILxCVhCB4DZu13HOxs3la5r2mPk6CBA_DdAVGJsnDq3cMKRZqKI4n8uRg

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:02 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 Standard Show response
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/2gSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/ImageTag:types/ Frame 6DFF 85 KB
36 KB 28ms
26ms Script
text/javascript 37.157.5.71
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/2gSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/ImageTag:types/Standard
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.71 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 37ae0e5ace2ec8066810439183d348223decdd4b54dd943956c7b220d1a647af

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:02 GMT
content-encoding: gzip
last-modified: Thu, 10 Feb 2022 15:16:56 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Wed, 30 Mar 2022 08:07:13 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 03D1 0
0 20ms
19ms Fetch
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsst-qlJG-WVjPijuIVCfLzRmZAHLLrJbw9-KmEYsTtK82oeybd65rfpc4434XuZlv19AsP2BCVnrKSP1PM7LeZLxRGgKtANsiP0U4r6FZR27fmCSJ5gBT3XtJ4cSSmi5svn2m5-Pmy-0H3qe1OcEHRrESVuX1bIgd5Dm-fKO9NTARVJMAN5erh-Iz3_ALFxm6h29lcYeVhRiBPaKghU9WTCVS0WWDEQ7cLyjmF9gbGVu8sTIKZ8kXCegEfUIFxvcZfPP7f1zJoEKAtR4pG289kjDUFyadrGVCrMjhvRnrPyrfF8gwIjQq5UNd4WxcmvulxXncxmB8ExVtEXNoRtxhvo-oz65elgzcfff_k8_euiU19kUY9XIO4&sig=Cg0ArKJSzGUffRX3m7deEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 29 Mar 2022 05:00:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 03D1 154 KB
53 KB 34ms
33ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032103.js?cb=31065882

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6669956b5e05b886f6da152ec97fbf6b25f1ebe5625c9947ab2bbbd0e46dabfc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53778
x-xss-protection: 0
server: cafe
etag: 306986146426207804
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 29 Mar 2022 05:00:02 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 03D1 119 KB
36 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032103.js?cb=31065882

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30de69c01f8eb6cb0ab7b040f02316728cb490669cbf084aad71c06a708ed1ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36904
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648035241783118"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 29 Mar 2022 05:00:02 GMT

GET
H3 200 gwdpage_style.css
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 4678 55 B
115 B 7ms
7ms Stylesheet
text/css 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdpage_style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=AS7j1Z6qRo&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2afb3cf38deea01d461f29b961c8aab0da4f121a84a9c843f49dc7cced99b6a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=AS7j1Z6qRo&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 05:56:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 514998
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 74
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Mar 2023 05:56:44 GMT

GET
H3 200 gwdpagedeck_style.css
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 4678 731 B
275 B 7ms
7ms Stylesheet
text/css 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdpagedeck_style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=AS7j1Z6qRo&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3974624ff80521dbd81d3ed32f8ec10c7baef11c272f46626a6284538e90e44b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=AS7j1Z6qRo&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 22 Mar 2022 12:05:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 579274
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 234
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 22 Mar 2023 12:05:28 GMT

GET
H3 200 gwdgooglead_style.css
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 4678 24 B
84 B 8ms
7ms Stylesheet
text/css 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdgooglead_style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=AS7j1Z6qRo&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e52ad60cf8269c44381d5e0833e69b9b8f3b9f9346b7066b1dc5a52b390feedc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=AS7j1Z6qRo&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 07:01:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 511094
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Mar 2023 07:01:48 GMT

GET
H3 200 gwdimage_style.css
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 4678 281 B
199 B 8ms
7ms Stylesheet
text/css 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdimage_style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=AS7j1Z6qRo&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d3251d937d209def48e958bfeec683ca39dc0f15eb22f99bc3e7035995cd552

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=AS7j1Z6qRo&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 06:11:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 514108
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 158
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Mar 2023 06:11:34 GMT

GET
H3 200 gwdattached_style.css
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 4678 26 B
86 B 9ms
8ms Stylesheet
text/css 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdattached_style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=AS7j1Z6qRo&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fffa14e9a3c576087a9202af54e8f11669f29c37617df0c6f728ca24d95f60bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=AS7j1Z6qRo&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 18:05:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 471257
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Mar 2023 18:05:45 GMT

GET
H3 200 gwdtaparea_style.css
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 4678 157 B
156 B 10ms
8ms Stylesheet
text/css 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdtaparea_style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=AS7j1Z6qRo&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

20160b923de864cdf44fa26bfd6281a9e0aba7eb800fac86804d9a41a93c2394

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=AS7j1Z6qRo&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 18:42:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 469064
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 115
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Mar 2023 18:42:18 GMT

GET
H3 200 googbase_min.js Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 4678 400 B
317 B 10ms
8ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/googbase_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=AS7j1Z6qRo&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e13459782d7fc46c73821602bedc17cc2b3a2dc5ec07e91e30ed715193698a94

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=AS7j1Z6qRo&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 22 Mar 2022 15:23:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 567395
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 275
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 22 Mar 2023 15:23:27 GMT

GET
H3 200 gwd_webcomponents_v1_min.js Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 4678 20 KB
6 KB 10ms
8ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwd_webcomponents_v1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=AS7j1Z6qRo&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9c27626364eeaffb44ad2decb980dace7bedb3c8ea1575f81927fc9409cb5b49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=AS7j1Z6qRo&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 12:08:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 492719
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6276
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Mar 2023 12:08:03 GMT

GET
H3 200 gwdpage_min.js Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 4678 3 KB
1 KB 11ms
9ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdpage_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=AS7j1Z6qRo&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f3260225ba132e9bf8956514e81f6136265ee05250271a027bb2029cbbf4651d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=AS7j1Z6qRo&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 05:33:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 516385
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1308
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Mar 2023 05:33:37 GMT

GET
H3 200 gwdpagedeck_min.js Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 4678 8 KB
3 KB 11ms
9ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdpagedeck_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=AS7j1Z6qRo&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4eefdd923f73deeaec9e4ecb4cc3fae74379145f0fd3f5892165326bce8ed0ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=AS7j1Z6qRo&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 01:42:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 357462
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3191
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 25 Mar 2023 01:42:20 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 4678 118 KB
40 KB 12ms
10ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=AS7j1Z6qRo&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=AS7j1Z6qRo&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 08:58:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 72068
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 29 Mar 2022 08:58:54 GMT

GET
H3 200 gwdgooglead_min.js Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 4678 13 KB
4 KB 15ms
13ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdgooglead_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=AS7j1Z6qRo&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b671e2140966063715d21667867d60de45adc723cd1b31e0d2f7466105a90247

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=AS7j1Z6qRo&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 01:25:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 358499
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4481
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 25 Mar 2023 01:25:03 GMT

GET
H3 200 gwdimage_min.js Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 4678 5 KB
2 KB 15ms
13ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdimage_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=AS7j1Z6qRo&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

32ab0a5c85cabdb695704b5128a8fb7c9a8dfa3242cc36ceda6bb0650a45b35f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=AS7j1Z6qRo&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 11:52:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 493662
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2014
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Mar 2023 11:52:20 GMT

GET
H3 200 gwdattached_min.js Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 4678 1 KB
632 B 15ms
14ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdattached_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=AS7j1Z6qRo&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dd50ba290f74d344ad0d04ade63c55b02360bf4db99c0a2749f34deb0c8dcec9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=AS7j1Z6qRo&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 19:52:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 378468
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 590
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Mar 2023 19:52:14 GMT

GET
H3 200 gwdtexthelper_min.js Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 4678 7 KB
3 KB 15ms
14ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdtexthelper_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=AS7j1Z6qRo&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dea5d8ba9e54379b26e109f61ceba20a0781d4f80eed75fce6ad0993d4784195

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=AS7j1Z6qRo&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 07:24:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 509760
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2823
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Mar 2023 07:24:02 GMT

GET
H3 200 gwdtaparea_min.js Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 4678 3 KB
1 KB 16ms
14ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdtaparea_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=AS7j1Z6qRo&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0f2aac94d011ec45570ef1245e5fc8df73ebd09b1c6859c5a8393df5336e01b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=AS7j1Z6qRo&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 05:34:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 516317
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1356
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Mar 2023 05:34:45 GMT

GET
H3 200 gwdgpadataprovider_min.js Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 4678 3 KB
1 KB 16ms
14ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdgpadataprovider_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=AS7j1Z6qRo&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8a170f5913eecb1afeda4cccca5d5b9589c8f068a04ae2c517b602e1484982b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=AS7j1Z6qRo&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 07:14:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 510336
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1293
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Mar 2023 07:14:26 GMT

GET
H3 200 gwddatabinder_min.js Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 4678 5 KB
2 KB 16ms
15ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwddatabinder_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=AS7j1Z6qRo&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d3460d76a3013a4bb9c689877b41f3eadbf5e780ed9230fb8f8bbd16fcc59842

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=AS7j1Z6qRo&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 13:10:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 316160
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2351
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 25 Mar 2023 13:10:42 GMT

GET
H3 200 gwd-dynamic-binders.js Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 4678 23 KB
9 KB 16ms
15ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwd-dynamic-binders.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=AS7j1Z6qRo&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

df544db2e8b010512a5ec168d3a9b91355c7197d04a1b29325510e29405e6e0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=AS7j1Z6qRo&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 22 Mar 2022 11:52:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 580025
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9229
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 22 Mar 2023 11:52:57 GMT

POST
H/1.1 200
OK postback Show response
s.update.rubiconproject.com/2/2.52.0/873648/ASvT-_UOEPR8frgV/ Frame B736 0
145 B 33ms
32ms XHR
text/plain 34.240.117.131
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.rubiconproject.com/2/2.52.0/873648/ASvT-_UOEPR8frgV/postback?oz_pl=1&di=mustsharenews.com&pv=2e16d238-2d55-453f-8e0d-015d0562875f&c2=15&si=284364&ap=&ui=L1BO75U0-1C-2UKP&pp=21468&gt=de&c1=1422796&sr=magnite.com&dt=8736481481318196516000&ci=873648&_x=1
Requested by: Host: s.update.rubiconproject.com
URL: https://s.update.rubiconproject.com/2/873648/analytics.js?si=284364&di=mustsharenews.com&ap=&ui=L1BO75U0-1C-2UKP&pp=21468&pv=2e16d238-2d55-453f-8e0d-015d0562875f&gt=de&c1=1422796&c2=15&sr=magnite.com&dt=8736481481318196516000
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 34.240.117.131 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-240-117-131.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 29 Mar 2022 05:00:01 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame 9544 70 B
264 B 33ms
32ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=1&gdpr_consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&cb=75345&ld=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:02 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9544
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&gdpr=1&cmp_cs=
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDM0NTgzNDI4NzMwNjI1NTU5MTQ3NQ%3D%3D

170 B
188 B

18ms
18ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDM0NTgzNDI4NzMwNjI1NTU5MTQ3NQ%3D%3D

Requested by

Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&cb=75345&ld=1

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDM0NTgzNDI4NzMwNjI1NTU5MTQ3NQ%3D%3D
date: Tue, 29 Mar 2022 05:00:02 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame 9544 170 B
188 B 18ms
16ms Image
image/png 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=1&gdpr_consent=

Requested by

Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&cb=75345&ld=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9544
Redirect Chain

https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=1&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDM0NTgzNDI4NzMwNjI1NTU5MTQ3NQ%3D%3D

170 B
188 B

22ms
22ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDM0NTgzNDI4NzMwNjI1NTU5MTQ3NQ%3D%3D

Requested by

Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&cb=75345&ld=1

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDM0NTgzNDI4NzMwNjI1NTU5MTQ3NQ%3D%3D
date: Tue, 29 Mar 2022 05:00:02 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 setuid
px.ads.linkedin.com/ Frame 9544 0
921 B 178ms
153ms Image
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/setuid?partner=tripleliftdbredirect&tlUid=4345834287306255591475&dbredirect=true&gdpr=1&consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&cb=75345&ld=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:02 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: FA9C58806E6745AF97EB25EE03E2116B Ref B: FRAEDGE1112 Ref C: 2022-03-29T05:00:02Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-ltx1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXbVE0z3sD2X62XLCxTUw==

GET
H2

200

xuid
eb2.3lift.com/ Frame 9544
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/triplelift/4345834287306255591475?gdpr=1&gdpr_consent=
https://eb2.3lift.com/xuid?mid=2662&xuid=y-_KAj3OBE2oRhONrrTUg0ChbDg4tP1f6jZsm6BX0BwA--~A&dongle=0883

37 B
354 B

9ms
9ms

Image
image/gif

13.248.245.213
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=2662&xuid=y-_KAj3OBE2oRhONrrTUg0ChbDg4tP1f6jZsm6BX0BwA--~A&dongle=0883
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&cb=75345&ld=1
Protocol: H2
Server: 13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:02 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

date: Tue, 29 Mar 2022 05:00:02 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://eb2.3lift.com/xuid?mid=2662&xuid=y-_KAj3OBE2oRhONrrTUg0ChbDg4tP1f6jZsm6BX0BwA--~A&dongle=0883
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff

GET
H/1.1 200
OK sync
x.bidswitch.net/ Frame 9544 43 B
220 B 10ms
8ms Image
image/gif 18.157.193.122
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=triplelift&user_id=4345834287306255591475&gdpr=1&gdpr_consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&cb=75345&ld=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.157.193.122 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-157-193-122.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 05:00:02 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2 200 c.gif
c.bing.com/ Frame 9544 42 B
594 B 56ms
31ms Image
image/gif 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.bing.com/c.gif?xid=4345834287306255591475&Red3=TLMS_pd
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&cb=75345&ld=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:02 GMT
etag: "8120eaf0ff3ad81:0"
last-modified: Fri, 18 Mar 2022 19:39:54 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1E5F168574404D5F84DF2DEBFEF64551 Ref B: FRAEDGE1516 Ref C: 2022-03-29T05:00:02Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-type: image/gif
content-length: 42

GET
H/1.1

200
OK

iu3
s.amazon-adsystem.com/ Frame 9544
Redirect Chain

https://s.amazon-adsystem.com/x/757c0557066e95cfd4c7?gdpr=1&gdpr_consent=&uid=4345834287306255591475
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=4345834287306255591475&dcc=t

0
0

100ms
100ms

Image
text/html

209.54.180.3
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=4345834287306255591475&dcc=t
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&cb=75345&ld=1
Protocol: HTTP/1.1
Server: 209.54.180.3 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Redirect headers

Pragma: no-cache
Date: Tue, 29 Mar 2022 05:00:02 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 0AC7GDA9P5B2D4RTJM0X
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=4345834287306255591475&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

xuid
eb2.3lift.com/ Frame 9544
Redirect Chain

https://b1sync.zemanta.com/usersync/triplelift?gdpr=1&gdpr_consent=
https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1

37 B
139 B

7ms
7ms

Image
image/gif

13.248.245.213
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?max=10&cb=75345&ld=1
Protocol: H2
Server: 13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:02 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

Redirect headers

Location: https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
Pragma: no-cache
Date: Tue, 29 Mar 2022 05:00:02 GMT
Cache-Control: no-cache, no-store, must-revalidate
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Content-Length: 95
Content-Type: text/html; charset=utf-8

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 2A67 32 KB
10 KB 17ms
16ms Script
text/html 23.205.235.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&gdpr=1&gdpr_consent=BPWmbcqPWmbcq__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU&geo=eu&co=de
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-235-133.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 9ad1bb44af5999c63ca2cb0cc07b90c55f3f4752a55578ff5fb7e2e953161e61

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?&gdpr=1&gdpr_consent=BPWmbcqPWmbcq__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU&geo=eu&co=de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 05:00:02 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Mar 2022 16:28:01 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=12992
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9540
Expires: Tue, 29 Mar 2022 08:36:34 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame BDEF 119 KB
36 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30de69c01f8eb6cb0ab7b040f02316728cb490669cbf084aad71c06a708ed1ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36904
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648035241783118"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 29 Mar 2022 05:00:02 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 6114 65 KB
6 KB 16ms
15ms Document
text/html 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=wmnOVNcP9D&t=4&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f9e787c9d70e0c965c4443b288ca75dfed1d883fc3d9bbde05accb94e8c179c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
date: Tue, 29 Mar 2022 05:00:02 GMT
expires: Wed, 29 Mar 2023 05:00:02 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame BDEF 0
23 B 32ms
32ms Ping
image/gif 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuH3Bdh_2QXeBiRN9vSFvlQDfAtjZQojDEpIgnd3MDKDRfmyXfX4HKaoLls-IGUsHuvjIv741L9ifnSqeCajIOdMmjy-GBeuVD3plmusGZnbKWIVC5csgMmxHFV_X8sU5RIOFZEJqsOkUlm6jwFNz1LEEI&sig=Cg0ArKJSzP6wyyjO1lRaEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=264&cbvp=1&cstd=261&cisv=r20220324.87477&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 29 Mar 2022 05:00:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C25C 0
20 B 45ms
44ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bhj_jUZJCYqPRCNOR3gOO7ZeYAgAAAAA4AeAEAg&bg=!xsWlxYHNAAbzJazn0yU7ACkAdvg8WvlPMEVk2C30sS9S7O19Smw3mC5Rp-jiLO29XOhrqdDC1A9UAgIAAAGOUgAAAAJoAQeZAyDcoQdpuOmPj8TqRmuTaEXN3XyVzuhYPndFMl1SpUH0eJilpC94UinxsJjNTC3AKp0eHKH_wNUukMTmfCh0AgU3W96qk3DBz8TuLPO4ov-X9ebyiGApyeIF2JyuQpR8Bb_vZPLZ_7dkjCAUXymFB2ImL8zy4Xe9VhpBSdv3Bimbb3nKNVERsiU1-X8HG0HPnlngd6-zysdsegPxAR9wEUSrZp_TsbDA5F7WhQnVW7V76oLKAiROw6xlHUEG99ralhbkXgEoPlbVKFq4R9zTfJW8Dy55KsNotcjvsiYjpHjEUCPLDy2tMdQnsbzPodFf1wSwClyTg0OWL2fgR2olD4BQEr34ZCWwqgNVeHM6dIAglqUQZIxfAh7HGRPItB0mopYuL-ZDs0O6n5MkQHCM3mJeq3eodq-K6u5p8I-lC9SNh2woNioUIe6QRH3roX5Sh1EU9xiXwkPnsLCJX7bhWaFU9csLKAg1X_QKrDlb_7y3MNpqyByYPA0kylb8gXBju_ned_gkkAZ7n5ZgoT_8jCnR4Wsy2MclbIebTBOhetJYReyDKh3RQSHK3_VCy31Qt364_VMMzgDSbFLfYQlzZifYBoTrUSZvNmjpEwTaL-3S8vBbDxwZTcXyHUx4hxWW27XYLQupTV_WvUuWUtC_6wG5xyD7wOHcXMbYRmtQeMatrLqJjwIhUpIStQs9bHnivMypQyMuutcmvQTTKiExQJT7Q-6oAuFlJtX8YVAyRda3kgWMgsMWOKkKPueXY-RVHDyeYvJ7jpS6CDZjPCcVSL1Py52nHcaB2CNJ-X0kQPYKGeMB93dA6bRghx-xMLIm8RkgxpVowTDnjuQ8h6toUoPBXq9SYOLUxCrWYZ90ajUGZeyLLw5YXKDYA_a2qcsoohY8lUfQP9GxdwMa5dvk8gbP0sxgcZmIX22hIr4vPawRF9MIDF_z7agDNeWs9HIInTG5a3S4RVPT7f0TbjXH4s8nfVgVyXV0aFYRMiNdWDyQBS07YTPw7evlXYcPrXMfFF6Gl8A-fgGy5KsDyWY5I2cGcx07hP4Gi08FpzpoyK5-Ig

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK postback Show response
s.update.rubiconproject.com/2/2.52.0/873648/ASvT-_UOEPR8frgV/ Frame B736 0
145 B 31ms
31ms XHR
text/plain 34.240.117.131
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.rubiconproject.com/2/2.52.0/873648/ASvT-_UOEPR8frgV/postback?di=mustsharenews.com&pv=2e16d238-2d55-453f-8e0d-015d0562875f&c2=15&si=284364&ap=&ui=L1BO75U0-1C-2UKP&pp=21468&gt=de&c1=1422796&sr=magnite.com&dt=8736481481318196516000&ci=873648&sid=ASvT-_UOEPR8frgV&oz_sc=c2f9589ca866abf3344f77b8&oz_df=1648530002383&oz_l=240&cv=3
Requested by: Host: s.update.rubiconproject.com
URL: https://s.update.rubiconproject.com/2/2.52.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 34.240.117.131 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-240-117-131.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 29 Mar 2022 05:00:01 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame D03C 22 KB
8 KB 8ms
7ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Mar 2022 09:31:07 GMT
expires: Tue, 28 Mar 2023 09:31:07 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 70135
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET /
google2waycm.netmng.com/cm/ Frame C3BE 0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C3BE
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WWtLU1VnQUVYX1ViQVFBLQ==&google_gid=CAESEPgWyIgVuczyByGpk8fQowM&google_cver=1&google_push=AYg5qPLxJgga6RPGQb_VHKxmaPb1blxoMe...

170 B
188 B

17ms
17ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WWtLU1VnQUVYX1ViQVFBLQ==&google_gid=CAESEPgWyIgVuczyByGpk8fQowM&google_cver=1&google_push=AYg5qPLxJgga6RPGQb_VHKxmaPb1blxoMeTp-SVlFBk936ro3sBR0QU0TX6bxtceXXKJ96ux9KcnIxgxTF2lbnTQxTfsdG2BEbmo

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:02 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1648530002.480542,VS0,VE0
x-served-by: cache-hhn4050-HHN
x-cache: HIT
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WWtLU1VnQUVYX1ViQVFBLQ==&google_gid=CAESEPgWyIgVuczyByGpk8fQowM&google_cver=1&google_push=AYg5qPLxJgga6RPGQb_VHKxmaPb1blxoMeTp-SVlFBk936ro3sBR0QU0TX6bxtceXXKJ96ux9KcnIxgxTF2lbnTQxTfsdG2BEbmo
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C3BE
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEF2NDQN_t1WU6kbZNBYDbms&google_cver=1&google_push=AYg5qPL6L0reKAGWUEtjT4zyVZmJgdxEHyfn6mYOFQpD4yPnoCG1obvNTBAF9-_lrJ7lriMtpLhtBO4gskasSxPL5eorOE_...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPL6L0reKAGWUEtjT4zyVZmJgdxEHyfn6mYOFQpD4yPnoCG1obvNTBAF9-_lrJ7lriMtpLhtBO4gskasSxPL5eorOE_FmBc&google_hm=Mjg4Mjc4MTQwNzE4Mzc0Mzc...

170 B
188 B

19ms
18ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPL6L0reKAGWUEtjT4zyVZmJgdxEHyfn6mYOFQpD4yPnoCG1obvNTBAF9-_lrJ7lriMtpLhtBO4gskasSxPL5eorOE_FmBc&google_hm=Mjg4Mjc4MTQwNzE4Mzc0MzcxNw%3D%3D

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 29 Mar 2022 05:00:02 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPL6L0reKAGWUEtjT4zyVZmJgdxEHyfn6mYOFQpD4yPnoCG1obvNTBAF9-_lrJ7lriMtpLhtBO4gskasSxPL5eorOE_FmBc&google_hm=Mjg4Mjc4MTQwNzE4Mzc0MzcxNw%3D%3D
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C3BE
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=1EIv93PATJy-agQ8xRwu3w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

17ms
16ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=1EIv93PATJy-agQ8xRwu3w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKhxbl9kFLROZSbYmu2Zp9QWZ9Yk_BhN_KZTXyws41vKkp51WEZbLBVOaMZK8SqLLD9uZTItj9VZBvhG290dkYTTkpXhQYH

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=1EIv93PATJy-agQ8xRwu3w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKhxbl9kFLROZSbYmu2Zp9QWZ9Yk_BhN_KZTXyws41vKkp51WEZbLBVOaMZK8SqLLD9uZTItj9VZBvhG290dkYTTkpXhQYH
date: Tue, 29 Mar 2022 05:00:02 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET

pixel
cm.g.doubleclick.net/ Frame C3BE
Redirect Chain

https://onetag-sys.com/sync/i,19/?google_gid=CAESEJIqYIXTw7TBSxJlohaDrZA&google_cver=1&google_push=AYg5qPLXQfQZhrHx5ZFt5YjvugVZox6hPe7jFMTMf14aqv7VYrBzb89cX_gsGdSBOS4BWKAp3B_QFyXdHpeYZmJL5ye6DsGr6xHk
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXQfQZhrHx5ZFt5YjvugVZox6hPe7jFMTMf14aqv7VYrBzb89cX_gsGdSBOS4BWKAp3B_QFyXdHpeYZmJL5ye6DsGr6xHk
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXQfQZhrHx5ZFt5YjvugVZox6hPe7jFMTMf14aqv7VYrBzb89cX_gsGdSBOS4BWKAp3B_QFyXdHpeYZmJL5ye6DsGr6xHk
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXQfQZhrHx5ZFt5YjvugVZox6hPe7jFMTMf14aqv7VYrBzb89cX_gsGdSBOS4BWKAp3B_QFyXdHpeYZmJL5ye6DsGr6xHk
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXQfQZhrHx5ZFt5YjvugVZox6hPe7jFMTMf14aqv7VYrBzb89cX_gsGdSBOS4BWKAp3B_QFyXdHpeYZmJL5ye6DsGr6xHk
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXQfQZhrHx5ZFt5YjvugVZox6hPe7jFMTMf14aqv7VYrBzb89cX_gsGdSBOS4BWKAp3B_QFyXdHpeYZmJL5ye6DsGr6xHk
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXQfQZhrHx5ZFt5YjvugVZox6hPe7jFMTMf14aqv7VYrBzb89cX_gsGdSBOS4BWKAp3B_QFyXdHpeYZmJL5ye6DsGr6xHk
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXQfQZhrHx5ZFt5YjvugVZox6hPe7jFMTMf14aqv7VYrBzb89cX_gsGdSBOS4BWKAp3B_QFyXdHpeYZmJL5ye6DsGr6xHk
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXQfQZhrHx5ZFt5YjvugVZox6hPe7jFMTMf14aqv7VYrBzb89cX_gsGdSBOS4BWKAp3B_QFyXdHpeYZmJL5ye6DsGr6xHk
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXQfQZhrHx5ZFt5YjvugVZox6hPe7jFMTMf14aqv7VYrBzb89cX_gsGdSBOS4BWKAp3B_QFyXdHpeYZmJL5ye6DsGr6xHk
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXQfQZhrHx5ZFt5YjvugVZox6hPe7jFMTMf14aqv7VYrBzb89cX_gsGdSBOS4BWKAp3B_QFyXdHpeYZmJL5ye6DsGr6xHk
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXQfQZhrHx5ZFt5YjvugVZox6hPe7jFMTMf14aqv7VYrBzb89cX_gsGdSBOS4BWKAp3B_QFyXdHpeYZmJL5ye6DsGr6xHk
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXQfQZhrHx5ZFt5YjvugVZox6hPe7jFMTMf14aqv7VYrBzb89cX_gsGdSBOS4BWKAp3B_QFyXdHpeYZmJL5ye6DsGr6xHk
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXQfQZhrHx5ZFt5YjvugVZox6hPe7jFMTMf14aqv7VYrBzb89cX_gsGdSBOS4BWKAp3B_QFyXdHpeYZmJL5ye6DsGr6xHk
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXQfQZhrHx5ZFt5YjvugVZox6hPe7jFMTMf14aqv7VYrBzb89cX_gsGdSBOS4BWKAp3B_QFyXdHpeYZmJL5ye6DsGr6xHk
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXQfQZhrHx5ZFt5YjvugVZox6hPe7jFMTMf14aqv7VYrBzb89cX_gsGdSBOS4BWKAp3B_QFyXdHpeYZmJL5ye6DsGr6xHk
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXQfQZhrHx5ZFt5YjvugVZox6hPe7jFMTMf14aqv7VYrBzb89cX_gsGdSBOS4BWKAp3B_QFyXdHpeYZmJL5ye6DsGr6xHk
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXQfQZhrHx5ZFt5YjvugVZox6hPe7jFMTMf14aqv7VYrBzb89cX_gsGdSBOS4BWKAp3B_QFyXdHpeYZmJL5ye6DsGr6xHk
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXQfQZhrHx5ZFt5YjvugVZox6hPe7jFMTMf14aqv7VYrBzb89cX_gsGdSBOS4BWKAp3B_QFyXdHpeYZmJL5ye6DsGr6xHk
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXQfQZhrHx5ZFt5YjvugVZox6hPe7jFMTMf14aqv7VYrBzb89cX_gsGdSBOS4BWKAp3B_QFyXdHpeYZmJL5ye6DsGr6xHk
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXQfQZhrHx5ZFt5YjvugVZox6hPe7jFMTMf14aqv7VYrBzb89cX_gsGdSBOS4BWKAp3B_QFyXdHpeYZmJL5ye6DsGr6xHk

0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C3BE
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEN...
https://sync.targeting.unrulymedia.com/csync/RX-8e8d7b9d-af80-4a7c-931d-748683170876-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAYg5qPKgl7_fIUj-ABuswVsND...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPKgl7_fIUj-ABuswVsNDSwGdtNmCx1dHaQ4gQu2St6SzOBuPHatlL-RsTko_Pc_1Wi31oMx7YeT-dDvIKv3tPrM-Nby2YSz&google_hm=A46Ne52vgEp8kx10hoMXCHY

170 B
188 B

18ms
18ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPKgl7_fIUj-ABuswVsNDSwGdtNmCx1dHaQ4gQu2St6SzOBuPHatlL-RsTko_Pc_1Wi31oMx7YeT-dDvIKv3tPrM-Nby2YSz&google_hm=A46Ne52vgEp8kx10hoMXCHY

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPKgl7_fIUj-ABuswVsNDSwGdtNmCx1dHaQ4gQu2St6SzOBuPHatlL-RsTko_Pc_1Wi31oMx7YeT-dDvIKv3tPrM-Nby2YSz&google_hm=A46Ne52vgEp8kx10hoMXCHY
date: Tue, 29 Mar 2022 05:00:02 GMT
server: Tengine
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RX8e8d7b9daf804a7c931d748683170876003
content-type: text/html

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C3BE
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEDfs551B-kom3Ki8wPVy3hU&google_cver=1&google_push=AYg5qPKqOb0naiUQeDcOMLOOLs_UFEp4kv90GhftxpM74P-vIMJxtv8m4CxjI9L14OElGv8aEc...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS13dXR1aVBSRTJ1RlpTSkRwMVRaVlVuem4zX0lfZ3kzTX5B&google_push=AYg5qPKqOb0naiUQeDcOMLOOLs_UFEp4kv90GhftxpM74P-vIMJxtv8m4...

170 B
188 B

18ms
17ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS13dXR1aVBSRTJ1RlpTSkRwMVRaVlVuem4zX0lfZ3kzTX5B&google_push=AYg5qPKqOb0naiUQeDcOMLOOLs_UFEp4kv90GhftxpM74P-vIMJxtv8m4CxjI9L14OElGv8aEcGRqtl9HTJErwyljA8tNe28rQFm

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:02 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS13dXR1aVBSRTJ1RlpTSkRwMVRaVlVuem4zX0lfZ3kzTX5B&google_push=AYg5qPKqOb0naiUQeDcOMLOOLs_UFEp4kv90GhftxpM74P-vIMJxtv8m4CxjI9L14OElGv8aEcGRqtl9HTJErwyljA8tNe28rQFm
date: Tue, 29 Mar 2022 05:00:02 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame C3BE 0
12 B 22ms
20ms Image
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LOVgVonN1NkAZg4HBcvy4dd7V_1B-zi14fPOD0LdEbivIT6KmqlVBRvwEmO_J8dUFTdFb5ag

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:02 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

POST
H2 200 /
track.adform.net/csimpr/ Frame 6DFF 35 B
503 B 20ms
19ms Ping
image/gif 37.157.2.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=53729164&csi=b4cpFU-Ym4nRoD2ftA7vmdAw96DauhU83jcb3uTycqTZKGWOLEEutt6vWmW1dlSa0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:02 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 52094395.jpg
s1.adform.net/Banners/52094395/ Frame 6DFF 128 KB
128 KB 23ms
22ms Image
image/jpeg 37.157.5.71
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/52094395/52094395.jpg?bv=2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.5.71 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

3439a2147b7429c86c1dfb21e024da16f96b7e15cea79094a7f69bbab594755e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:02 GMT
last-modified: Wed, 09 Mar 2022 12:37:20 GMT
server: nginx
etag: "62289f80-1ff6b"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/jpeg
content-length: 130923

POST
H/1.1 200
OK postback Show response
s.update.adsrvr.org/2/2.52.0/357427/ASvT-7gQEeWhgXSd/ Frame F8A3 0
145 B 32ms
32ms XHR
text/plain 18.203.209.222
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.adsrvr.org/2/2.52.0/357427/ASvT-7gQEeWhgXSd/postback?de=2&dt=3574271504888517674019&pp=21468&dm=300x250&di=mustsharenews.com&md=1&ac=0a7a8j6&cb=1648530000&r7=&to=3&sr=rubicon&ci=357427&ap=&pv=940ddcb5-57e2-4786-a3f1-2dc32de7d904&pd=avt&ui=&ti=09b98f2a-9940-4e5b-9ae1-8a4570d2a377&sid=ASvT-7gQEeWhgXSd&oz_sc=2d7a79eaccfd3e89a25e8df4&oz_df=1648530002447&oz_l=11&cv=3
Requested by: Host: s.update.adsrvr.org
URL: https://s.update.adsrvr.org/2/2.52.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 18.203.209.222 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-203-209-222.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 29 Mar 2022 05:00:02 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H3 200 gwdpage_style.css
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 6114 55 B
115 B 12ms
10ms Stylesheet
text/css 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdpage_style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=wmnOVNcP9D&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2afb3cf38deea01d461f29b961c8aab0da4f121a84a9c843f49dc7cced99b6a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=wmnOVNcP9D&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 05:56:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 514998
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 74
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Mar 2023 05:56:44 GMT

GET
H3 200 gwdpagedeck_style.css
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 6114 731 B
275 B 18ms
14ms Stylesheet
text/css 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdpagedeck_style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=wmnOVNcP9D&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3974624ff80521dbd81d3ed32f8ec10c7baef11c272f46626a6284538e90e44b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=wmnOVNcP9D&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 22 Mar 2022 12:05:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 579274
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 234
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 22 Mar 2023 12:05:28 GMT

GET
H3 200 gwdgooglead_style.css
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 6114 24 B
84 B 18ms
14ms Stylesheet
text/css 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdgooglead_style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=wmnOVNcP9D&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e52ad60cf8269c44381d5e0833e69b9b8f3b9f9346b7066b1dc5a52b390feedc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=wmnOVNcP9D&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 07:01:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 511094
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Mar 2023 07:01:48 GMT

GET
H3 200 gwdimage_style.css
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 6114 281 B
199 B 20ms
16ms Stylesheet
text/css 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdimage_style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=wmnOVNcP9D&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d3251d937d209def48e958bfeec683ca39dc0f15eb22f99bc3e7035995cd552

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=wmnOVNcP9D&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 06:11:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 514108
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 158
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Mar 2023 06:11:34 GMT

GET
H3 200 gwdattached_style.css
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 6114 26 B
86 B 20ms
16ms Stylesheet
text/css 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdattached_style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=wmnOVNcP9D&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fffa14e9a3c576087a9202af54e8f11669f29c37617df0c6f728ca24d95f60bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=wmnOVNcP9D&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 18:05:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 471257
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Mar 2023 18:05:45 GMT

GET
H3 200 gwdtaparea_style.css
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 6114 157 B
156 B 20ms
17ms Stylesheet
text/css 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdtaparea_style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=wmnOVNcP9D&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

20160b923de864cdf44fa26bfd6281a9e0aba7eb800fac86804d9a41a93c2394

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=wmnOVNcP9D&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 18:42:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 469064
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 115
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Mar 2023 18:42:18 GMT

GET
H3 200 googbase_min.js Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 6114 400 B
317 B 24ms
20ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/googbase_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=wmnOVNcP9D&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e13459782d7fc46c73821602bedc17cc2b3a2dc5ec07e91e30ed715193698a94

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=wmnOVNcP9D&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 22 Mar 2022 15:23:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 567395
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 275
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 22 Mar 2023 15:23:27 GMT

GET
H3 200 gwd_webcomponents_v1_min.js Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 6114 20 KB
6 KB 24ms
21ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwd_webcomponents_v1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=wmnOVNcP9D&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9c27626364eeaffb44ad2decb980dace7bedb3c8ea1575f81927fc9409cb5b49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=wmnOVNcP9D&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 12:08:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 492719
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6276
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Mar 2023 12:08:03 GMT

GET
H3 200 gwdpage_min.js Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 6114 3 KB
1 KB 25ms
21ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdpage_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=wmnOVNcP9D&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f3260225ba132e9bf8956514e81f6136265ee05250271a027bb2029cbbf4651d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=wmnOVNcP9D&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 05:33:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 516385
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1308
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Mar 2023 05:33:37 GMT

GET
H3 200 gwdpagedeck_min.js Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 6114 8 KB
3 KB 25ms
21ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdpagedeck_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=wmnOVNcP9D&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4eefdd923f73deeaec9e4ecb4cc3fae74379145f0fd3f5892165326bce8ed0ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=wmnOVNcP9D&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 01:42:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 357462
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3191
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 25 Mar 2023 01:42:20 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 6114 118 KB
40 KB 25ms
22ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=wmnOVNcP9D&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=wmnOVNcP9D&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 08:58:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 72068
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 29 Mar 2022 08:58:54 GMT

GET
H3 200 gwdgooglead_min.js Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 6114 13 KB
4 KB 26ms
23ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdgooglead_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=wmnOVNcP9D&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b671e2140966063715d21667867d60de45adc723cd1b31e0d2f7466105a90247

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=wmnOVNcP9D&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 01:25:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 358499
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4481
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 25 Mar 2023 01:25:03 GMT

GET
H3 200 gwdimage_min.js Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 6114 5 KB
2 KB 27ms
23ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdimage_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=wmnOVNcP9D&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

32ab0a5c85cabdb695704b5128a8fb7c9a8dfa3242cc36ceda6bb0650a45b35f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=wmnOVNcP9D&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 11:52:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 493662
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2014
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Mar 2023 11:52:20 GMT

GET
H3 200 gwdattached_min.js Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 6114 1 KB
632 B 26ms
23ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdattached_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=wmnOVNcP9D&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dd50ba290f74d344ad0d04ade63c55b02360bf4db99c0a2749f34deb0c8dcec9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=wmnOVNcP9D&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 19:52:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 378468
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 590
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Mar 2023 19:52:14 GMT

GET
H3 200 gwdtexthelper_min.js Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 6114 7 KB
3 KB 26ms
24ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdtexthelper_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=wmnOVNcP9D&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dea5d8ba9e54379b26e109f61ceba20a0781d4f80eed75fce6ad0993d4784195

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=wmnOVNcP9D&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 07:24:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 509760
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2823
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Mar 2023 07:24:02 GMT

GET
H3 200 gwdtaparea_min.js Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 6114 3 KB
1 KB 26ms
24ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdtaparea_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=wmnOVNcP9D&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0f2aac94d011ec45570ef1245e5fc8df73ebd09b1c6859c5a8393df5336e01b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=wmnOVNcP9D&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 05:34:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 516317
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1356
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Mar 2023 05:34:45 GMT

GET
H3 200 gwdgpadataprovider_min.js Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 6114 3 KB
1 KB 26ms
24ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdgpadataprovider_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=wmnOVNcP9D&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8a170f5913eecb1afeda4cccca5d5b9589c8f068a04ae2c517b602e1484982b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=wmnOVNcP9D&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 07:14:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 510336
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1293
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Mar 2023 07:14:26 GMT

GET
H3 200 gwddatabinder_min.js Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 6114 5 KB
2 KB 27ms
25ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwddatabinder_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=wmnOVNcP9D&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d3460d76a3013a4bb9c689877b41f3eadbf5e780ed9230fb8f8bbd16fcc59842

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=wmnOVNcP9D&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 13:10:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 316160
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2351
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 25 Mar 2023 13:10:42 GMT

GET
H3 200 gwd-dynamic-binders.js Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 6114 23 KB
9 KB 27ms
25ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwd-dynamic-binders.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=wmnOVNcP9D&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

df544db2e8b010512a5ec168d3a9b91355c7197d04a1b29325510e29405e6e0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=wmnOVNcP9D&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 22 Mar 2022 11:52:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 580025
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9229
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 22 Mar 2023 11:52:57 GMT

GET
H3 200 vukqqZMEwiKfO5iIQC2Qvig_P1EBwRi6HH-n7W3xhSE.js Show response
pagead2.googlesyndication.com/bg/ Frame 1D28 35 KB
13 KB 18ms
14ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/vukqqZMEwiKfO5iIQC2Qvig_P1EBwRi6HH-n7W3xhSE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bee92aa99304c2229f3b9888402d90be283f3f5101c118ba1c7fa7ed6df18521

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 06:38:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 80500
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13603
x-xss-protection: 0
last-modified: Tue, 22 Mar 2022 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 28 Mar 2023 06:38:22 GMT

GET
H3 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203230101/ Frame 03D1 296 KB
107 KB 36ms
36ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202203230101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9994647129360327&plah=mustsharenews.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

29f65fbbbfc145c9ea7b6a97414a882f09caff018a57f3c2709b7135aed346d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 109242
x-xss-protection: 0
server: cafe
etag: 574803720306891808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 29 Mar 2022 05:00:02 GMT

GET
DATA 200
OK truncated
/ Frame 03D1 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 230d8e0e7d6ac8e1689fff91448f4e4af5a7f2aa29bb27e5c04485a3ea4b7fe5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 National2-Medium.woff
s0.2mdn.net/creatives/assets/4372196/ Frame 4678 45 KB
45 KB 8ms
7ms Font
font/woff 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4372196/National2-Medium.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=AS7j1Z6qRo&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

66e6fad9e5ec87bcda3f169e68173f0d99c792ec94f8586d7df8a4edb540d1e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=AS7j1Z6qRo&t=4&renderingType=2
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 04:55:15 GMT
x-content-type-options: nosniff
age: 287
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46308
x-xss-protection: 0
last-modified: Tue, 30 Nov 2021 12:01:18 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 29 Mar 2022 05:10:15 GMT

GET
H3 200 container.html Show response
d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 1FFC 6 KB
3 KB 8ms
8ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032103.js?cb=31065882

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Mar 2022 05:00:00 GMT
expires: Wed, 29 Mar 2023 05:00:00 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame CD1C 0
0 18ms
17ms Fetch
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssg0EndiI1R40032g7A96zIgAtzK6--qVHofvye8SuRfxkY_BIHrhc45EVaQVnYEKzyjclepPsf3f4dlndk-Xr27-z60rw9iL1DjyyZeFDCAWscVzp1dVKDvz4uHiKsbyqkU_cbejDlL4SGjRLgztTSyc-rJiuxEbNaU7-qJtiU7vQWyP78_y2RV5_ekjUmK4Mxg-dYZ8o5tno7IemOWuW66_kWTfMGpZ7Lja6eY2bc4tP--q8HLCxq5xQo7rzv3dkduzjvhkG5QLpvk-2CzVLian9_trRgYxOsB7_fZwCE84-CaNci1g4HBlVRdvbmuNtcSOu-ASbY2-yuArrnojl2W72NdfWi_H_CR2OcYNNpq1jhduZVOS-oOw&sig=Cg0ArKJSzAo1DO9RwgWHEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 29 Mar 2022 05:00:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Tue, 29 Mar 2022 05:00:02 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame CD1C 14 KB
10 KB 20ms
20ms XHR
application/json 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220324&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

83195ec84a4f83775f22359f80b70633c4dac894c7bfec37d3c915f6f67c64c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 29 Mar 2022 05:00:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10711
x-xss-protection: 0

GET
BLOB 200
OK fa8db22b-77c2-43eb-ad5b-b10b8e759893
https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/ Frame 6AC4 185 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/fa8db22b-77c2-43eb-ad5b-b10b8e759893
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 848fe19ed492948709b881f504ce2eb6274baa694606ca88eb9b2990a2460caf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Content-Length: 185
Content-Type: application/javascript

POST
H/1.1 200
OK postback Show response
s.update.rubiconproject.com/2/2.52.0/873648/ASvT-_UOEPR8frgV/ Frame B736 0
145 B 31ms
31ms XHR
text/plain 34.240.117.131
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.rubiconproject.com/2/2.52.0/873648/ASvT-_UOEPR8frgV/postback?di=mustsharenews.com&pv=2e16d238-2d55-453f-8e0d-015d0562875f&c2=15&si=284364&ap=&ui=L1BO75U0-1C-2UKP&pp=21468&gt=de&c1=1422796&sr=magnite.com&dt=8736481481318196516000&ci=873648&sid=ASvT-_UOEPR8frgV&oz_sc=c2f9589ca866abf3344f77b8&oz_df=1648530002612&oz_l=4181&cv=3
Requested by: Host: s.update.rubiconproject.com
URL: https://s.update.rubiconproject.com/2/2.52.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 34.240.117.131 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-240-117-131.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 29 Mar 2022 05:00:01 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame B736 0
23 B 31ms
30ms Ping
image/gif 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsulAB2s5Jw5eGj42cCs73qr2UkxU0S9b4-x2E95D3-QbhZ7YlHeeTL87vNkD9CQ6unNsSn2FexI4qE7PiiUhhiye8N8_GKl5TTEuou7yuV7tK99Lbqcv03tjER2kaAnB8hUTDLDkj5Rg-1OT_cie8PLsEw&sig=Cg0ArKJSzFOrRWL8HIPxEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=643&vt=11&dtpt=508&dett=3&cstd=132&cisv=r20220324.60902&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 29 Mar 2022 05:00:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame CD1C 17 KB
6 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 29 Mar 2022 05:00:02 GMT

POST
H/1.1 200
OK postback Show response
s.update.adsrvr.org/2/2.52.0/357427/ASvT-7gQEeWhgXSd/ Frame F8A3 0
145 B 30ms
29ms XHR
text/plain 18.203.209.222
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.adsrvr.org/2/2.52.0/357427/ASvT-7gQEeWhgXSd/postback?de=2&dt=3574271504888517674019&pp=21468&dm=300x250&di=mustsharenews.com&md=1&ac=0a7a8j6&cb=1648530000&r7=&to=3&sr=rubicon&ci=357427&ap=&pv=940ddcb5-57e2-4786-a3f1-2dc32de7d904&pd=avt&ui=&ti=09b98f2a-9940-4e5b-9ae1-8a4570d2a377&sid=ASvT-7gQEeWhgXSd&oz_sc=2d7a79eaccfd3e89a25e8df4&oz_df=1648530002661&oz_l=8054&cv=3
Requested by: Host: s.update.adsrvr.org
URL: https://s.update.adsrvr.org/2/2.52.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 18.203.209.222 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-203-209-222.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 29 Mar 2022 05:00:02 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 4678 7 KB
6 KB 18ms
17ms XHR
application/json 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f975e3c382920e40a147617caceddec0b5f1234552f8b8f415611c4b2976deca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 29 Mar 2022 05:00:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5634
x-xss-protection: 0

GET
H3 200 cookie.js Show response
partner.googleadservices.com/gampad/ Frame 03D1 221 B
231 B 15ms
14ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

fb5b54a4337366c1e6f2469c7033e6ab4c50d680d6df74e6d326f33ec3dcd9af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 208
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 03D1 107 B
122 B 16ms
15ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=mustsharenews.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 29 Mar 2022 05:00:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 03D1 107 B
122 B 16ms
15ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=mustsharenews.com

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 29 Mar 2022 05:00:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 5AFE 436 B
233 B 124ms
123ms Document
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9994647129360327&output=html&h=280&slotname=3920313618&adk=1313424537&adf=776186319&pi=t.ma~as.3920313618&w=336&psa=0&format=336x280&url=https%3A%2F%2Fmustsharenews.com%2Fspf-arrest-scams%2F%3FisentiaPostId%3Dpost-1&ea=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1648530002535&bpp=3&bdt=205&idt=207&shv=r20220324&mjsv=m202203230101&ptt=9&saldr=aa&cookie=ID%3Db17120d3de7eb68d%3AT%3D1648529998%3AS%3DALNI_MaBAz1-yu_vRHDLrRVeUX3V3blIsg&correlator=7175789465843&frm=23&ife=4&pv=1&ga_vid=1334310438.1648529998&ga_sid=1648530003&ga_hid=1281871197&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=446&ady=3201&biw=1600&bih=1200&isw=336&ish=280&ifk=2213663414&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31065370%2C31063246%2C31065656&oid=2&pvsid=3246387072062102&pem=188&tmod=1910048678&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C336%2C280&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=4&bc=31&ifi=1&uci=1.pb3k9ykl1va9&btvi=1&fsb=1&dtd=220

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7b2a1232083772850c42755ef33845516473d6c5b8e4669f500c448974c430b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Tue, 29 Mar 2022 05:00:02 GMT
server: cafe
content-length: 213
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 National2-Medium.woff
s0.2mdn.net/creatives/assets/4372196/ Frame 6114 45 KB
45 KB 7ms
6ms Font
font/woff 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4372196/National2-Medium.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=wmnOVNcP9D&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

66e6fad9e5ec87bcda3f169e68173f0d99c792ec94f8586d7df8a4edb540d1e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=wmnOVNcP9D&t=4&renderingType=2
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 04:55:15 GMT
x-content-type-options: nosniff
age: 287
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46308
x-xss-protection: 0
last-modified: Tue, 30 Nov 2021 12:01:18 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 29 Mar 2022 05:10:15 GMT

GET
H3 200 vukqqZMEwiKfO5iIQC2Qvig_P1EBwRi6HH-n7W3xhSE.js Show response
pagead2.googlesyndication.com/bg/ Frame D03C 35 KB
13 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/vukqqZMEwiKfO5iIQC2Qvig_P1EBwRi6HH-n7W3xhSE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bee92aa99304c2229f3b9888402d90be283f3f5101c118ba1c7fa7ed6df18521

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 06:38:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 80500
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13603
x-xss-protection: 0
last-modified: Tue, 22 Mar 2022 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 28 Mar 2023 06:38:22 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 1FFC 0
0 23ms
23ms Fetch
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Crh5tUpJCYuHLDo2N7_UPjPuKgA_-0_evXM7PvdjqAsCNtwEQASAAYJWioIKwB4IBF2NhLXB1Yi05MDU4MjkxODU0NDQzODgxyAEJ4AIAqAMBqgS7Ak_Qy2I7PGDHMTdmim9nQzPYfKeoTN0UEPhpG9QOCGdCdhG4euwzmUGkff4eRZ4Ol7O_K5CnSr74QSYmiTCmtFqJWFn-rbK8PDt1pmSUb2jDFikRO6xhj_SzhDIsYApBsXnSdVcFn8IFREGGHcWSuLYlCk-yoEFy3maMTwKKVaiyLfRY3cl8MGM4hWmzDHHBFl8pLhs7HeTVsk9tzQ-ujYzQjLCr2dr4iiSPpzEg5a684g7AsxWK5ptExq6uzf7yhDB0pAcF3jhKAadoqOiwDEvjfcUvqqih4vwHn78kh8Vmv0p5W6l3Na3SmzYTI44Ox-djT92TdxgNUcI5hzP6xelOZhURfkqQQ3emQxqiM-zFdRQXp0h0ijFOQqEPe25QRIciG4ao8Tq2jlNHO1MyA2VI5LD7wKbSaP4gY-AEAYAG_97arYSzrpn7AaAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB8ggbYWR4LXN1YnN5bi0yODA5MjA3NzM0OTA2MzY5gAoD-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTkwNTgyOTE4NTQ0NDM4ODEYttdp&sigh=_2nitZR5DWg&uach_m=[UACH]&cid=CAQSPACNIrLM64D68tKH73rGJvikhtmUJ4S3MwfxUIdxqMLmQdxtL1MVHAvwCjBdgc_e9ItM2Fe5ut_13oJPuxgB&tpd=AGWhJmud6oX5iXO-6eNUivyGSiL4DUTnTTg5tQhugxOZ4hjXDeQlxqqyultf5-Oeml66a9GLSkPcJXHb_biOhv8YgognRigtmgB3V6KIXCDCBj8OyBFAlX4TK7nl_suIKJMfdpN0FuR0MqMb0EgZTqKFJ_MNG7aFNRRpQhXxiEso75LXnFELz5qWOkGz_rmH7Fa_95bUh6FRMRyGWEvurtXX0sznH-6F5f1tU_bA3PpYpDqbfCPw_MG1upVEXNQDZ6XRLAq-rvwD3OfIrIMVFntvuU3zoTYbZ5FljUVJXbd1gUdMMHpzJe7JjtoE2idlFREZqJ-2Ln-0SG4DW-xJN2TOyhUxnD1oRAlsR882cCdyIQw2Nkttd_6YvrFznTpS7FRRGTJiKfPKlUfVps9MVIdmZfTzJd9VRQ3sGeDUWswCltmhelCXewXOlbP8aJretY3Ev3_yqwr_vN4Gc5OTXaPg8cw3uTV17l9ym6SooRwABPfvna3IULmG-dRkqExqahXqFrHpC2CLI_jC4FpQrk5bOv1oZbAKgP_iS2tuEfD_F7ihbJsdiRRA3sRMLA1vxWQoVRkVqLGLoXOEpvcUoQEPTTX4oEuF8bRE24v5-NkbQ5RGPd9xYuCsW4NoEEf7PGwDHI22tVCZ30YIJ9ARMoZb84E1n2Y6QIgX6zBYQf2tM7xASpcsTmrzvH0G8xycwlFg1pCoGn18vjj3DeUXdl4KTg3mMHVdYZtOn5e0n5XI65MsSfkXECO23XPlTBjGmPWS6QugTIhzkQwjCSGHW4R4WB1r3VNaLbwuaI1BQ0Azl6IVodFT58T3OwtGRi5Ai7v9VR4cJoZrwi0KGilh-2cW-u0DNW2mo1bbNHN2F1uZ_eEYZjlJXhfzgDj1y8TbdH5TnV2Lj2fHHNGirlTzsA
Requested by: Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s52-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

GET
H2

200

v2
odr.mookie1.com/t/ Frame 1FFC
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=mookie-ps&ttd_tpi=1
https://odr.mookie1.com/t/v2?tagid=V2_2087&src.visitorId=514a4b88-0dfd-434d-a84a-f5d9ce432a25&gdpr=1&gdpr_consent=

43 B
106 B

18ms
17ms

Image
image/gif

34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2?tagid=V2_2087&src.visitorId=514a4b88-0dfd-434d-a84a-f5d9ce432a25&gdpr=1&gdpr_consent=
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:02 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:02 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://odr.mookie1.com/t/v2?tagid=V2_2087&src.visitorId=514a4b88-0dfd-434d-a84a-f5d9ce432a25&gdpr=1&gdpr_consent=
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 259

GET
H3 200 v4
metrics.getrockerbox.com/track/ Frame 1FFC 44 B
523 B 135ms
133ms Image
image/gif 104.21.58.221
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://metrics.getrockerbox.com/track/v4?source=weight_watchers_subscription_germany&tier_one=ttd-display&tier_two=0a7a8j6&tier_three=a99jcch&tier_four=1e7nlzp2
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.58.221 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 039a8bb6d736466063dde3c2a80d71d54456a7875cb1654263058bc69c1c042d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:02 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ngx5x7GSby%2BB0xyMnIOdBBC7ig8Gloe%2FJ1d%2FX9bGOdZPB8cQx8ZClB%2FSs3mCggmeyNfK09vBOD8ZEjHRtqNt29PgnE7WQ87hftl1VSyXwQy6wAdcOn1Y7NUWF%2BE3w9m%2Fq%2FsYgNc3hYZlkKw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cf-ray: 6f360a255e0554e2-MAN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 dcmads.js Show response
www.googletagservices.com/dcm/ Frame 1FFC 11 KB
5 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

503a1dd70b8b9c286875f5f7de72bce93c664b79f3fcfeefa1150d2384df33a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 04:14:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2707
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5008
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 18:23:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 29 Mar 2022 05:14:55 GMT

GET
H/1.1 200
OK rubicon
de1-bid.adsrvr.org/bid/feedback/ Frame 1FFC 807 B
1 KB 39ms
21ms Image
image/gif 13.248.151.244
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://de1-bid.adsrvr.org/bid/feedback/rubicon?t=1&iid=ff2b66c7-4435-4df5-b5ab-ecef4be4c63d&crid=1e7nlzp2&wp=D73D2D86FA739BE8&aid=1&wpc=USD&sfe=147a1252&puid=&tdid=&pid=vko50on&ag=a99jcch&adv=kywm6zw&sig=1Elks7onaMUQfYXu8eOsFT1E68jDooqaCUbVqWPAhPRw.&bp=0.11714023337993907983&cf=3176281&fq=0&td_s=mustsharenews.com&rcats=&mcat=&mste=&mfld=3&mssi=&mfsi=&uhow=55&agsa=&rgz=&svbttd=1&dt=PC&osf=Windows&os=Windows10&br=Chrome&rlangs=en&mlang=&svpid=21468&did=&rcxt=Other&lat=51.570000&lon=7.440000&tmpc=6.12&daid=&vp=0&osi=&osv=&mk=Google&mdl=Chrome%20-%20Windows&c=CgdHZXJtYW55GgA4AVAHgAEAiAEBkAEB&dur=CjAKDGNoYXJnZS1hbGwtMSIgCP___________wESE3R0ZF9kYXRhX2V4Y2x1c2lvbnMKOwodY2hhcmdlLWFsbFRUREN1c3RvbUNvbnRleHR1YWwiGgja__________8BEg10dGRjb250ZXh0dWFsCkgKIWNoYXJnZS1hbGxNb2F0Vmlld2FiaWxpdHlUcmFja2luZyIjCKX__________wESDm1vYXQtcmVwb3J0aW5nKgYIoI0GGAw.&durs=dwsLA4&crrelr=&ipl=/21622890900/SG_mustsharenews.com_res_article_mid1_autoads&pcm=1&grdc=CAEYASABKAFAAUgC&vc=3&cx=-5178883614526245302&said=91e731bc460eabdfff63ebf5ca94367eca4ce524&ict=Unknown&auct=1&cxlvs=0&im=1&mc=ec8ba4fc-052c-47ff-86ff-0d7df7787e6f&tail=1
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 13.248.151.244 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ad9411418cf2cdacd.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 3ca19e57c9a2465ae4df271316ba4d29e7ff7f113a2a2c5297780c0b7a0ac09d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:02 GMT
server: Kestrel
transfer-encoding: chunked
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
cache-control: must-revalidate, no-cache
connection: close
content-type: image/gif

GET
H2 200 ca Show response
choices.truste.com/ Frame 1FFC 27 KB
10 KB 21ms
19ms Script
text/javascript 18.64.115.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.truste.com/ca?pid=tradedesk01&aid=tradedesk01&cid=0a7a8j6_a99jcch_1e7nlzp2&c=tradedesk01cont1&js=pmw0&w=300&h=250&sid=0
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.64.115.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-64-115-76.txl50.r.cloudfront.net
Software: nginx /
Resource Hash: 1e7f48b89d19cf8b368b05e374c9353785e0761a458b04f58126235998f08fbc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 04:10:13 GMT
content-encoding: gzip
server: nginx
age: 2989
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 f67cb1e6517f8abcedeb3b0734a257bc.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-amz-cf-pop: TXL50-P4
x-amz-cf-id: MPDCrCH5ytjai3G1s1IQ1S7ZDEZ4L7GJXKZQs-pWvqtKlDckNpp_6g==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220324/r20110914/client/ Frame 1FFC 2 KB
1 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220324/r20110914/client/window_focus_fy2019.js

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 04:38:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1291
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Apr 2022 04:38:31 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1FFC 119 KB
36 KB 17ms
15ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30de69c01f8eb6cb0ab7b040f02316728cb490669cbf084aad71c06a708ed1ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36904
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648035241783118"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 29 Mar 2022 05:00:02 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220324/r20110914/client/ Frame 1FFC 15 KB
6 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220324/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 04:18:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2514
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6407
x-xss-protection: 0
server: cafe
etag: 6055885685211612390
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Apr 2022 04:18:08 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 1FFC 0
0 14ms
14ms Image
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQRCR9Qnv8hKSSMJ2OmO45nBZwRkgUTAL2NvHE2jc_He-2nYdFGPTIwDensHIj-v50PGPACRrYxYbcSEmBKKhY0iNbUVQ
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 1FFC 22 KB
7 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 06:52:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 79661
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 28 Mar 2023 06:52:21 GMT

GET
H3 200 ww-logo.svg
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 4678 864 B
523 B 7ms
6ms Image
image/svg+xml 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/ww-logo.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/gwdimage_min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c22e801148939673da59909834ef2cbd09855ab48ecfc7ee3e501bd25eec0102

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=AS7j1Z6qRo&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 22 Mar 2022 15:15:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 567881
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 485
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 22 Mar 2023 15:15:21 GMT

GET
H3 200 60021267_20220203021504109_WW_0222_Prospecting_Program1.jpg
s0.2mdn.net/ads/richmedia/studio/60021267/ Frame 4678 37 KB
37 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60021267/60021267_20220203021504109_WW_0222_Prospecting_Program1.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

20b40eb0180e01e389b252c7ea71410958e9e6243d2b8537a5c87678c8f17ca6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=AS7j1Z6qRo&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 18:09:35 GMT
x-content-type-options: nosniff
age: 39027
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38029
x-xss-protection: 0
last-modified: Thu, 03 Feb 2022 10:15:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 29 Mar 2022 18:09:35 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 4678 17 KB
6 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 29 Mar 2022 05:00:02 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 170A 0
0 18ms
17ms Fetch
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuI6khxVvJQ_FKB8BBaKIfGjhzigEQ7U_stSeUSKfBBg3COS0xFg7eEqcvGd7VFKTlAkJc4IVEzEhM7-J92gwyEPauUEDCIBJL7_K4_2h4o8Gela409coGUUqzUQ3_c_PlQQNvMQRDcAumYtPMJdZmBDi3n706K7QRUqu5WtDIMZBVr_SAVUe1_LAoXhmY5EwnSNaz06mT7u3gZSoWCE5LdzXzD-BZ3jjFrs6nqHZSR8lVPxbFwqIh7vLMpWcPDaoTMn6piuKG_c86XRtEXZIlijeIXNEbVM6uFHVueDNP_m1jaVv-138sjebdARzH0c0TxYhdApDlftXZgLZkiu1_pLxd9yPto-Ifm_-T5mkNV1OBwQUMHiNjYUQ1P_7WSK3n6Jv5Yuw&sig=Cg0ArKJSzAx4X3IZXU71EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 29 Mar 2022 05:00:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 17692.js Show response
ads.rubiconproject.com/ad/ Frame 170A 30 KB
9 KB 60ms
14ms Script
text/javascript 96.16.141.156
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.rubiconproject.com/ad/17692.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032103.js?cb=31065882
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 96.16.141.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a96-16-141-156.deploy.static.akamaitechnologies.com
Software: Apache / PHP/5.3.3
Resource Hash: 1e7adc9a24a57746863ef54f2de5f8905c242ebc6d416713133ff989fb050222

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:02 GMT
content-encoding: gzip
server: Apache
x-powered-by: PHP/5.3.3
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=12940
access-control-allow-credentials: true
content-length: 8916
expires: Tue, 29 Mar 2022 08:35:42 GMT

GET
H/1.1 200
OK tfav_adl_152.js Show response
as.adlooxtracking.com/ads/js/ Frame 170A 64 KB
64 KB 684ms
327ms Script
application/javascript 139.99.121.206

General

Check archive.org

Show headers Download Go to

Full URL: https://as.adlooxtracking.com/ads/js/tfav_adl_152.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032103.js?cb=31065882
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 139.99.121.206 -, , ASN (),
Reverse DNS
Software: nginx/1.14.0 (Ubuntu) /
Resource Hash: 950ca24dbd4302b6f0703d48e9ef36bd9f3aca7a218bd75a3bcd0e5cbefc21ae

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 05:00:03 GMT
Last-Modified: Tue, 14 Dec 2021 10:41:58 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "61b874f6-ffbb"
Content-Type: application/javascript
Cache-Control: no-cache, max-age=60
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 65467

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 170A 119 KB
36 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032103.js?cb=31065882

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30de69c01f8eb6cb0ab7b040f02316728cb490669cbf084aad71c06a708ed1ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36904
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648035241783118"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 29 Mar 2022 05:00:02 GMT

GET
H2 200 ca Show response
choices.trustarc.com/ Frame F8A3 7 KB
3 KB 47ms
11ms Script
text/javascript 108.157.4.14
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.trustarc.com/ca?aid=tradedesk01&pid=tradedesk01&cid=0a7a8j6_a99jcch_1e7nlzp2&w=300&h=250&c=tradedesk01cont1&js=pmw1&base=te-clr1-d5f8f0b5-d1d2-49a8-9a6e-46616bbab1d2&sid=0
Requested by: Host: choices.truste.com
URL: https://choices.truste.com/ca?pid=tradedesk01&aid=tradedesk01&cid=0a7a8j6_a99jcch_1e7nlzp2&c=tradedesk01cont1&js=pmw0&w=300&h=250&sid=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-14.dus51.r.cloudfront.net
Software: nginx /
Resource Hash: 05e94fcdf9b29839aed8b4cfb8d7b948f45626b2ace35103e52450b0a9460d11

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Mar 2022 22:54:05 GMT
content-encoding: gzip
server: nginx
age: 21957
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 347732911156afff87ff95b6d55b9278.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-amz-cf-pop: DUS51-P2
content-length: 2480
x-amz-cf-id: gE4FUVrphgd0aoOJnTElqg_w-nUqqRUOj8HOiApmiF2YLEQ8-OUNfQ==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 ca Show response
choices.trustarc.com/ Frame F8A3 38 KB
11 KB 46ms
11ms Script
text/javascript 108.157.4.14
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.trustarc.com/ca?aid=tradedesk01&pid=tradedesk01&cid=0a7a8j6_a99jcch_1e7nlzp2&w=300&h=250&c=tradedesk01cont1&js=pmw2
Requested by: Host: choices.truste.com
URL: https://choices.truste.com/ca?pid=tradedesk01&aid=tradedesk01&cid=0a7a8j6_a99jcch_1e7nlzp2&c=tradedesk01cont1&js=pmw0&w=300&h=250&sid=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-14.dus51.r.cloudfront.net
Software: nginx /
Resource Hash: e15a095adc9899b592ceccdd4885a3be3674a6bf6ec4be762566360424deb1f3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Mar 2022 23:57:54 GMT
content-encoding: gzip
server: nginx
age: 18128
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 347732911156afff87ff95b6d55b9278.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: S-yQJTuxZP5Yt1qYmIyLvEJ781Wp2yt33Llmo7zB5YDCwZnOjXSdrg==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 cap
choices.trustarc.com/ Frame F8A3 43 B
397 B 159ms
125ms Image
image/gif 108.157.4.14
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://choices.trustarc.com/cap?aid=tradedesk01&pid=tradedesk01&cid=0a7a8j6_a99jcch_1e7nlzp2&w=300&h=250&c=5d26
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-14.dus51.r.cloudfront.net
Software: nginx /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:02 GMT
via: 1.1 347732911156afff87ff95b6d55b9278.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: DUS51-P2
vary: Origin
x-cache: Miss from cloudfront
content-type: image/gif
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 43
x-amz-cf-id: DSBI9Peplww83f6RCvtdSCuLVAZNWjx_MruX6eMXtVFYD8xvF1rc2Q==
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK postback Show response
s.update.rubiconproject.com/2/2.52.0/873648/ASvT-_UOEPR8frgV/ Frame B736 0
145 B 37ms
36ms XHR
text/plain 34.240.117.131
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.rubiconproject.com/2/2.52.0/873648/ASvT-_UOEPR8frgV/postback?di=mustsharenews.com&pv=2e16d238-2d55-453f-8e0d-015d0562875f&c2=15&si=284364&ap=&ui=L1BO75U0-1C-2UKP&pp=21468&gt=de&c1=1422796&sr=magnite.com&dt=8736481481318196516000&ci=873648&sid=ASvT-_UOEPR8frgV&oz_sc=c2f9589ca866abf3344f77b8&oz_df=1648530002785&oz_l=409&cv=3
Requested by: Host: s.update.rubiconproject.com
URL: https://s.update.rubiconproject.com/2/2.52.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 34.240.117.131 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-240-117-131.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 29 Mar 2022 05:00:02 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame BDEF 0
23 B 29ms
29ms Ping
image/gif 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuH3Bdh_2QXeBiRN9vSFvlQDfAtjZQojDEpIgnd3MDKDRfmyXfX4HKaoLls-IGUsHuvjIv741L9ifnSqeCajIOdMmjy-GBeuVD3plmusGZnbKWIVC5csgMmxHFV_X8sU5RIOFZEJqsOkUlm6jwFNz1LEEI&sig=Cg0ArKJSzP6wyyjO1lRaEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=689&vt=11&dtpt=425&dett=3&cstd=261&cisv=r20220324.87477&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 29 Mar 2022 05:00:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 6AA6 13 KB
5 KB 9ms
8ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Mar 2022 04:46:23 GMT
expires: Wed, 29 Mar 2023 04:46:23 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 819
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame BD34 783 B
535 B 17ms
16ms Document
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

b7a69006970d4c5216660ed9393f078aa09041aad63530d1d0b30dde62e4611e

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-/QF7h6aEle6HdhhAGH9zYw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Tue, 29 Mar 2022 05:00:02 GMT
date: Tue, 29 Mar 2022 05:00:02 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-/QF7h6aEle6HdhhAGH9zYw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 impl_v85.js Show response
www.googletagservices.com/dcm/ Frame 1FFC 42 KB
17 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v85.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7337a38ce3a732e5243bd354ad12d96b4d5512e283a8dd70d129b730d7a5d3d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Sun, 27 Mar 2022 22:14:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 110707
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17382
x-xss-protection: 0
last-modified: Mon, 21 Feb 2022 17:13:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 27 Mar 2023 22:14:55 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 6114 7 KB
6 KB 25ms
25ms XHR
application/json 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

58f4365bdb45a919178d903b4758e88723d885b27fc4f06bbb084564f715b0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 29 Mar 2022 05:00:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5648
x-xss-protection: 0

GET
H3 200 CGHVXjYJRnLTYRF6fgor0GmLhTjmHb-GVf8novFL6vc.js Show response
pagead2.googlesyndication.com/bg/ Frame ACC8 35 KB
14 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CGHVXjYJRnLTYRF6fgor0GmLhTjmHb-GVf8novFL6vc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0861d55e36094672d361117a7e0a2bd0698b8538e61dbf8655ff27a2f14beaf7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 21:17:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27724
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13806
x-xss-protection: 0
last-modified: Tue, 22 Mar 2022 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 28 Mar 2023 21:17:58 GMT

POST
H/1.1 200
OK postback Show response
s.update.adsrvr.org/2/2.52.0/357427/ASvT-7gQEeWhgXSd/ Frame F8A3 0
145 B 29ms
28ms XHR
text/plain 18.203.209.222
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.adsrvr.org/2/2.52.0/357427/ASvT-7gQEeWhgXSd/postback?de=2&dt=3574271504888517674019&pp=21468&dm=300x250&di=mustsharenews.com&md=1&ac=0a7a8j6&cb=1648530000&r7=&to=3&sr=rubicon&ci=357427&ap=&pv=940ddcb5-57e2-4786-a3f1-2dc32de7d904&pd=avt&ui=&ti=09b98f2a-9940-4e5b-9ae1-8a4570d2a377&sid=ASvT-7gQEeWhgXSd&oz_sc=2d7a79eaccfd3e89a25e8df4&oz_df=1648530002845&oz_l=49&cv=3
Requested by: Host: s.update.adsrvr.org
URL: https://s.update.adsrvr.org/2/2.52.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 18.203.209.222 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-203-209-222.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 29 Mar 2022 05:00:02 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H3 200 ww-logo.svg
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 6114 864 B
523 B 7ms
6ms Image
image/svg+xml 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/ww-logo.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/gwdimage_min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c22e801148939673da59909834ef2cbd09855ab48ecfc7ee3e501bd25eec0102

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=wmnOVNcP9D&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 22 Mar 2022 15:15:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 567881
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 485
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 22 Mar 2023 15:15:21 GMT

GET
H3 200 60021267_20220203021504109_WW_0222_Prospecting_Program1.jpg
s0.2mdn.net/ads/richmedia/studio/60021267/ Frame 6114 37 KB
37 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60021267/60021267_20220203021504109_WW_0222_Prospecting_Program1.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/gwdimage_min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

20b40eb0180e01e389b252c7ea71410958e9e6243d2b8537a5c87678c8f17ca6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=wmnOVNcP9D&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 18:09:35 GMT
x-content-type-options: nosniff
age: 39027
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38029
x-xss-protection: 0
last-modified: Thu, 03 Feb 2022 10:15:04 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 29 Mar 2022 18:09:35 GMT

GET
H3 200 B26791739.320447811;dc_ver=85.248;sz=300x250;u_sd=1;kw=a99jcch;dc_adk=2328675810;ord=j21275;click=http%3A%2F%2Finsight.adsrvr.org%2Ftrack%2Fclk%3Fimp%3Dff2b66c7-4435-4df5-b5ab-ecef4be4c63d%26ag%3Da... Show response
ad.doubleclick.net/ddm/adj/N1549806.422087GROUPMCOMPETENCEC/ Frame 1FFC 65 KB
27 KB 62ms
61ms Script
text/javascript 142.250.185.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/N1549806.422087GROUPMCOMPETENCEC/B26791739.320447811;dc_ver=85.248;sz=300x250;u_sd=1;kw=a99jcch;dc_adk=2328675810;ord=j21275;click=http%3A%2F%2Finsight.adsrvr.org%2Ftrack%2Fclk%3Fimp%3Dff2b66c7-4435-4df5-b5ab-ecef4be4c63d%26ag%3Da99jcch%26sfe%3D147a1252%26sig%3DcT2H46P0KFl0mqCdIUviugBY3J4XCTTOVbT-t_JdiYo.%26crid%3D1e7nlzp2%26cf%3D3176281%26fq%3D0%26t%3D1%26td_s%3Dmustsharenews.com%26rcats%3D%26mcat%3D%26mste%3D%26mfld%3D3%26mssi%3D%26mfsi%3D%26sv%3Drubicon%26uhow%3D55%26agsa%3D%26wp%3DD73D2D86FA739BE8%26rgz%3D%26dt%3DPC%26osf%3DWindows%26os%3DWindows10%26br%3DChrome%26svpid%3D21468%26rlangs%3Den%26mlang%3D%26did%3D%26rcxt%3DOther%26tmpc%3D6.12%26vrtd%3D%26osi%3D%26osv%3D%26daid%3D%26dnr%3D0%26vpb%3D%26c%3DCgdHZXJtYW55GgA4AVAHgAEAiAEBkAEB%26dur%3DCjAKDGNoYXJnZS1hbGwtMSIgCP___________wESE3R0ZF9kYXRhX2V4Y2x1c2lvbnMKOwodY2hhcmdlLWFsbFRUREN1c3RvbUNvbnRleHR1YWwiGgja__________8BEg10dGRjb250ZXh0dWFsCkgKIWNoYXJnZS1hbGxNb2F0Vmlld2FiaWxpdHlUcmFja2luZyIjCKX__________wESDm1vYXQtcmVwb3J0aW5nKgYIoI0GGAw.%26durs%3DdwsLA4%26crrelr%3D%26npt%3D%26mk%3DGoogle%26mdl%3DChrome%2520-%2520Windows%26ipl%3D%2F21622890900%2FSG_mustsharenews.com_res_article_mid1_autoads%26pcm%3D1%26ict%3DUnknown%26said%3D91e731bc460eabdfff63ebf5ca94367eca4ce524%26auct%3D1%26cxlvs%3D0%26grdc%3DCAEYASABKAFAAUgC%26tail%3D1%26r%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.;dc_rfl=1,https%3A%2F%2Fmustsharenews.com%2F$0;xdt=1;crlt=4pRk!D!Krl;sttr=99;prcl=s

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v85.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f6.1e100.net

Software

cafe /

Resource Hash

fc92bebac9e300f68255bec2b013d9ba71203677e22c434bee2b5affb0d67215

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:02 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27168
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK 1389374-2.js Show response
smarttag.rubiconproject.com/a/17692/278128/ Frame 170A 146 B
507 B 100ms
24ms Script
text/javascript 2602:803:c003:200::41
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://smarttag.rubiconproject.com/a/17692/278128/1389374-2.js?&cb=0.40874093381584853&tk_st=1&rf=https%3A//mustsharenews.com/spf-arrest-scams/%3FisentiaPostId%3Dpost-1&rp_s=c&p_pos=atf&p_screen_res=1600x1200&ad_slot=278128_2&rp_secure=1
Requested by: Host: ads.rubiconproject.com
URL: https://ads.rubiconproject.com/ad/17692.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c003:200::41 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: f6914cddfb8fcc3e7d99864e104ebdb47934a357ef08d90f9e0acdf48433d6c9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 29 Mar 2022 05:00:03 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Connection: keep-alive
Content-Type: text/javascript
Content-Length: 146
Expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 6114 17 KB
6 KB 32ms
32ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 29 Mar 2022 05:00:02 GMT

GET
H2 200 get
choices.trustarc.com/ Frame F8A3 287 B
628 B 9ms
9ms Image
image/png 108.157.4.14
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://choices.trustarc.com/get?name=admarker-icon-tr.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-14.dus51.r.cloudfront.net
Software: nginx /
Resource Hash: 821262a8c32b52639f97ddf4f34c494e82156651752608fa6a23ffa3df2f84b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: public
date: Sat, 19 Mar 2022 06:28:21 GMT
via: 1.1 347732911156afff87ff95b6d55b9278.cloudfront.net (CloudFront)
server: nginx
age: 858702
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
x-amz-cf-pop: DUS51-P2
timing-allow-origin: *
content-length: 287
x-amz-cf-id: eVvRcqW1lr03eRsBQc_Woxss5GA81Fm3Cx9dLXvpfMrtVINkdxXYFg==
expires: Mon, 18 Apr 2022 06:28:20 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 03D1 0
0 18ms
18ms Fetch
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvOf7pUfO9LNIajfvLmNiYXsVUjH-qPT4IKJiNONE289xu-yytLFyLJ1aPfizz8T2mGCKGPqw9itckY-DGqgRxZWzqVXThKbZC_Lt7hN2Ei0F4tknijkH6lank3RBtDQYssUQnWKuywE8ERqkhewUP-BphPbz0fkPZxtggjn6FMU7ND3dcZ6z_iEulN0MU446GIKAQankda1uhq4QXZlQdnHgR776kuGjqQ5RT-Vz6_2dsmX1xMrlWP2PW1lv0Jc-PU1vt2LU9fOU0gjsT6k_YpFaCZuWzsq5YEJAp1jrMA_dRiq16z85Jn1pI2RBQXlzqLfTIpaKeZSvu6ab4LFWNq6ZIIFwVjW70HLYLyufOS-vl13viIRsKFnw&sig=Cg0ArKJSzHmwQLJdHjkTEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 29 Mar 2022 05:00:03 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Tue, 29 Mar 2022 05:00:03 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 03D1 14 KB
10 KB 27ms
27ms XHR
application/json 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220324&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5d1bde2a1374f603ad44618f045f9792fdf919fa792743355e0b254a63589358

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 29 Mar 2022 05:00:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10583
x-xss-protection: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame BD34 0
0 37ms
36ms Image
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220324&jk=111525324806400&rc=05ACxne1P61EPHaWUMNz8UZEYbLCJ4pp_P92M0-A5LQ6tvFQbBKJ7b-LHWmVt1bMvCI_HvIpGFmWZIumPTDCYNgewpNH8t-ddGadKsH3mqxJySUre2Of-RhOVoEf0-9f8FKD-naGPGMHvmYPQ89O7CDuI4hIkuyCGalF1QFw4Mqj9dw1dyt1YGlMVgZ4PSiaXCyAuNhIF-AxUU-EYova2Qzg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 03D1 17 KB
6 KB 33ms
32ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 29 Mar 2022 05:00:03 GMT

GET
H3 200 html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame 1FFC 169 KB
59 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Requested by

Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
Origin: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 19:19:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34857
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60173
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:51 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 29 Mar 2022 19:19:06 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220324/r20110914/elements/html/ Frame 1FFC 8 KB
3 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220324/r20110914/elements/html/omrhp.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N1549806.422087GROUPMCOMPETENCEC/B26791739.320447811;dc_ver=85.248;sz=300x250;u_sd=1;kw=a99jcch;dc_adk=2328675810;ord=j21275;click=http%3A%2F%2Finsight.adsrvr.org%2Ftrack%2Fclk%3Fimp%3Dff2b66c7-4435-4df5-b5ab-ecef4be4c63d%26ag%3Da99jcch%26sfe%3D147a1252%26sig%3DcT2H46P0KFl0mqCdIUviugBY3J4XCTTOVbT-t_JdiYo.%26crid%3D1e7nlzp2%26cf%3D3176281%26fq%3D0%26t%3D1%26td_s%3Dmustsharenews.com%26rcats%3D%26mcat%3D%26mste%3D%26mfld%3D3%26mssi%3D%26mfsi%3D%26sv%3Drubicon%26uhow%3D55%26agsa%3D%26wp%3DD73D2D86FA739BE8%26rgz%3D%26dt%3DPC%26osf%3DWindows%26os%3DWindows10%26br%3DChrome%26svpid%3D21468%26rlangs%3Den%26mlang%3D%26did%3D%26rcxt%3DOther%26tmpc%3D6.12%26vrtd%3D%26osi%3D%26osv%3D%26daid%3D%26dnr%3D0%26vpb%3D%26c%3DCgdHZXJtYW55GgA4AVAHgAEAiAEBkAEB%26dur%3DCjAKDGNoYXJnZS1hbGwtMSIgCP___________wESE3R0ZF9kYXRhX2V4Y2x1c2lvbnMKOwodY2hhcmdlLWFsbFRUREN1c3RvbUNvbnRleHR1YWwiGgja__________8BEg10dGRjb250ZXh0dWFsCkgKIWNoYXJnZS1hbGxNb2F0Vmlld2FiaWxpdHlUcmFja2luZyIjCKX__________wESDm1vYXQtcmVwb3J0aW5nKgYIoI0GGAw.%26durs%3DdwsLA4%26crrelr%3D%26npt%3D%26mk%3DGoogle%26mdl%3DChrome%2520-%2520Windows%26ipl%3D%2F21622890900%2FSG_mustsharenews.com_res_article_mid1_autoads%26pcm%3D1%26ict%3DUnknown%26said%3D91e731bc460eabdfff63ebf5ca94367eca4ce524%26auct%3D1%26cxlvs%3D0%26grdc%3DCAEYASABKAFAAUgC%26tail%3D1%26r%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.;dc_rfl=1,https%3A%2F%2Fmustsharenews.com%2F$0;xdt=1;crlt=4pRk!D!Krl;sttr=99;prcl=s

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 04:20:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2388
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Apr 2022 04:20:15 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 1FFC 41 KB
15 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 09:30:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 70177
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 28 Mar 2023 09:30:26 GMT

GET
H3 200 CGHVXjYJRnLTYRF6fgor0GmLhTjmHb-GVf8novFL6vc.js Show response
pagead2.googlesyndication.com/bg/ Frame 1D93 35 KB
14 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CGHVXjYJRnLTYRF6fgor0GmLhTjmHb-GVf8novFL6vc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0861d55e36094672d361117a7e0a2bd0698b8538e61dbf8655ff27a2f14beaf7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 21:17:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27725
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13806
x-xss-protection: 0
last-modified: Tue, 22 Mar 2022 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 28 Mar 2023 21:17:58 GMT

GET
H3 200 CGHVXjYJRnLTYRF6fgor0GmLhTjmHb-GVf8novFL6vc.js Show response
pagead2.googlesyndication.com/bg/ Frame 6AA6 35 KB
14 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CGHVXjYJRnLTYRF6fgor0GmLhTjmHb-GVf8novFL6vc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0861d55e36094672d361117a7e0a2bd0698b8538e61dbf8655ff27a2f14beaf7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 21:17:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27725
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13806
x-xss-protection: 0
last-modified: Tue, 22 Mar 2022 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 28 Mar 2023 21:17:58 GMT

POST
H/1.1 200
OK postback Show response
s.update.adsrvr.org/2/2.52.0/357427/ASvT-7gQEeWhgXSd/ Frame F8A3 0
145 B 32ms
32ms XHR
text/plain 18.203.209.222
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.adsrvr.org/2/2.52.0/357427/ASvT-7gQEeWhgXSd/postback?de=2&dt=3574271504888517674019&pp=21468&dm=300x250&di=mustsharenews.com&md=1&ac=0a7a8j6&cb=1648530000&r7=&to=3&sr=rubicon&ci=357427&ap=&pv=940ddcb5-57e2-4786-a3f1-2dc32de7d904&pd=avt&ui=&ti=09b98f2a-9940-4e5b-9ae1-8a4570d2a377&sid=ASvT-7gQEeWhgXSd&oz_sc=2d7a79eaccfd3e89a25e8df4&oz_df=1648530003057&oz_l=11&cv=3
Requested by: Host: s.update.adsrvr.org
URL: https://s.update.adsrvr.org/2/2.52.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 18.203.209.222 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-203-209-222.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 29 Mar 2022 05:00:02 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 63CA 281 B
554 B 16ms
16ms Document
text/html 23.205.235.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?&gdpr=1&gdpr_consent=BPWmbc0PWmbc0__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU&geo=eu&co=de
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-235-133.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
ETag: "402b2-119-5d32342a551c0"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Tue, 29 Mar 2022 05:00:03 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame EBE9 1 KB
752 B 19ms
19ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Mon, 28 Mar 2022 13:26:12 GMT
expires: Tue, 29 Mar 2022 13:26:12 GMT
cache-control: public, max-age=86400
age: 56031
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 get
choices.trustarc.com/ Frame 111F 287 B
629 B 13ms
11ms Image
image/png 108.157.4.14
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://choices.trustarc.com/get?name=admarker-icon-tr.png
Requested by: Host: choices.trustarc.com
URL: https://choices.trustarc.com/ca?aid=tradedesk01&pid=tradedesk01&cid=0a7a8j6_a99jcch_1e7nlzp2&w=300&h=250&c=tradedesk01cont1&js=pmw2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-14.dus51.r.cloudfront.net
Software: nginx /
Resource Hash: 821262a8c32b52639f97ddf4f34c494e82156651752608fa6a23ffa3df2f84b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: public
date: Sat, 19 Mar 2022 06:28:21 GMT
via: 1.1 347732911156afff87ff95b6d55b9278.cloudfront.net (CloudFront)
server: nginx
age: 858702
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
x-amz-cf-pop: DUS51-P2
timing-allow-origin: *
content-length: 287
x-amz-cf-id: pWZdMEEGntg4Vy6k-TSbsHmNFtlL7rx8aznnKcL5may9pSa5JXxMoQ==
expires: Mon, 18 Apr 2022 06:28:20 GMT

GET
H2 200 get
choices.trustarc.com/ Frame 111F 739 B
1 KB 12ms
12ms Image
image/png 108.157.4.14
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://choices.trustarc.com/get?name=admarker-full-tr.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-14.dus51.r.cloudfront.net
Software: nginx /
Resource Hash: 093d94d4b660253c55e87d4503dffcb6cedc8f222f9d85d1faa68ff619ac9d3e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: public
date: Sun, 13 Mar 2022 13:36:21 GMT
via: 1.1 347732911156afff87ff95b6d55b9278.cloudfront.net (CloudFront)
server: nginx
age: 1351422
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
x-amz-cf-pop: DUS51-P2
timing-allow-origin: *
content-length: 739
x-amz-cf-id: L7T0Y-jN9o7DwhLTBrsZvBtkBHAQs09N6w61-cjrexU4qh1vqJjgJA==
expires: Tue, 12 Apr 2022 13:36:20 GMT

GET
H2 200 1x1.png
secure-assets.rubiconproject.com/static/psa/blank/ Frame 170A 156 B
319 B 18ms
16ms Image
image/png 96.16.141.156
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-assets.rubiconproject.com/static/psa/blank/1x1.png
Requested by: Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 96.16.141.156 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a96-16-141-156.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 58a617d2c88d378bfd267e2817e2228e82ef0c3f28d8ac3458b18af77335c39e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:03 GMT
content-encoding: gzip
last-modified: Tue, 01 Oct 2019 16:53:58 GMT
server: Apache
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
access-control-allow-credentials: true
accept-ranges: bytes
content-length: 155

GET
H3 200 container.html Show response
d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 9624 6 KB
3 KB 6ms
6ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032103.js?cb=31065882

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Mar 2022 05:00:00 GMT
expires: Wed, 29 Mar 2023 05:00:00 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 3
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 1FFC 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2773645eaeb225561ef10338f25f7fb8f64ce08a3b19a0e81bd9b49ef307ccaa

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 0603 13 KB
5 KB 9ms
8ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Mar 2022 04:46:23 GMT
expires: Wed, 29 Mar 2023 04:46:23 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 820
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame CED1 783 B
534 B 18ms
18ms Document
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

33a63cfb377a89f683cf1b97f00a389264c1a86f96cff315175b5140a18de25b

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-uUBFzCKbK/AwJZBsPayABg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Tue, 29 Mar 2022 05:00:03 GMT
date: Tue, 29 Mar 2022 05:00:03 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-uUBFzCKbK/AwJZBsPayABg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1FFC 119 KB
36 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30de69c01f8eb6cb0ab7b040f02316728cb490669cbf084aad71c06a708ed1ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36904
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648035241783118"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 29 Mar 2022 05:00:03 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 569C 65 KB
6 KB 17ms
17ms Document
text/html 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=IesEaISHTZ&t=4&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f9e787c9d70e0c965c4443b288ca75dfed1d883fc3d9bbde05accb94e8c179c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
date: Tue, 29 Mar 2022 05:00:03 GMT
expires: Wed, 29 Mar 2023 05:00:03 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 1FFC 0
23 B 29ms
29ms Ping
image/gif 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu93TP8Iwg_8XHg9UweAs-QGJ0TT2qGpfncsnRZs_9iLy115Tm8aVfw99d6b_FotAV3xQnK8QGDlayLI7l_fLk_4Tb5udnZdNGthlgjUII3W_c9zqZqzdVeeVq9GYUThziArpFrGLMD5DO8a0pTYrHy9ow&sig=Cg0ArKJSzLp3LyXHg734EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=159&cbvp=1&cstd=156&cisv=r20220324.17895&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 29 Mar 2022 05:00:03 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1D28 0
21 B 43ms
43ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BFahcUZJCYvyoO96MjuwPneK30AQAAAAAOAHgBAI&bg=!4-Cl4KTNAAbzJazn0yU7ACkAdvg8WmLgm8yjQElrRfuYSExraq15WOGAMBrNNFDr1smn593271DZ1AIAAAGPUgAAAAFoAQeZAx5DEY08NBbch1ToxYW_wKV-sgbNAklzf55YWbXovJeCFX9qUgzF4Q-2uYpuHixmmEAMqhy74j451DfGTumA_FpOUgCftpnjpJNs6Y1vzm4B74huTXmTJrh80BBGOJcxdxCNNcLGV0B3YFWQMuaNiWdKVHuG-HfyrHWbDf-b_mbvOIp3EeO2Us-VuPt-xw9yuW-W8YIyqKSfzPj2tRtUdWHYL0C9Wcic5mrpN-typDuYs5LU9wq9ayg8xuOy4O-i5-EjsZPZ1u28E2U_zB29e85tJAT8Zb9FuZSSTmyP-FW7PSWWFj6MF6V5X_DH2zzG4A-ok-lXVc_H4NcrdFxRu_f3n0df4nNNcfw6KEubnitVdHw309JAwT6zMscb5DRCW_6TtDdxCMjD3cYprmvTlHMtd1hWns4_uIz2XHbxGstrAlgmlh0XEI_Jmxp7VzKQ03l1Pc9CqLBPZ7zMgyvzbIKs2jkAbFvQbfDt-vkfjtlfYcCnBCGIfRVrRtHaDpEvAVvHunalNARRl3w6jMwg_Q5H5UGKbDezStNda-2u6KA37_HwFkFx-0XQLYkxiZQ8L_8QRquSVYTJ6b_55xrkvEMRSxfOQjKVUEIGwqJcfEDmifIGC87w08h1xtN4Np2W518dAQL7fpEQ13PdserIXH676Sun3mXvNL1McmofFtlBBOCGgX-4qNIFiF0rXEDryfwOymK3gKaHRb2xQtAIzusegBTc5Q_fUTQToMnG3FQ2rs24xaltYxeuHNslc4o10C_kM6nsYOMVa0etVC8tJaeYr00U_wcEmuZ9smjIgdKYdkATmkLTjD2n9En8IQiyJD7RyspVXiK9H9clfObp2l5MO6HAtHvOaDCgVLA8A5BTRnKgC7L0lq6KycarVYta8I_11i7LhiJUonQTR5BErwyXQ-9rUM3tSsb0BCCC9lxUnr8E4dz2RilSHo3EpdTdkrBr1uAAwZU33ngiU1fl_7fwUzbfFuj0Vrs0HAXfTpoZsPV8cawzK3U-XJuetja6rY1Fgc6G7Kpb9_fwWP5w0u7G9spil34Yuvod91Nxy8Q

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 63CA 32 KB
10 KB 17ms
16ms Script
text/html 23.205.235.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&gdpr=1&gdpr_consent=BPWmbc0PWmbc0__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU&geo=eu&co=de
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-235-133.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 9ad1bb44af5999c63ca2cb0cc07b90c55f3f4752a55578ff5fb7e2e953161e61

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?&gdpr=1&gdpr_consent=BPWmbc0PWmbc0__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU&geo=eu&co=de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 05:00:03 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Mar 2022 16:28:01 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=12991
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9540
Expires: Tue, 29 Mar 2022 08:36:34 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame D586 22 KB
8 KB 8ms
8ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Mar 2022 09:31:07 GMT
expires: Tue, 28 Mar 2023 09:31:07 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 70136
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H/1.1 200
OK postback Show response
s.update.rubiconproject.com/2/2.52.0/873648/ASvT-_UOEPR8frgV/ Frame B736 0
145 B 32ms
32ms XHR
text/plain 34.240.117.131
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.rubiconproject.com/2/2.52.0/873648/ASvT-_UOEPR8frgV/postback?di=mustsharenews.com&pv=2e16d238-2d55-453f-8e0d-015d0562875f&c2=15&si=284364&ap=&ui=L1BO75U0-1C-2UKP&pp=21468&gt=de&c1=1422796&sr=magnite.com&dt=8736481481318196516000&ci=873648&sid=ASvT-_UOEPR8frgV&oz_sc=c2f9589ca866abf3344f77b8&oz_df=1648530003255&oz_l=11&cv=3
Requested by: Host: s.update.rubiconproject.com
URL: https://s.update.rubiconproject.com/2/2.52.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 34.240.117.131 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-240-117-131.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 29 Mar 2022 05:00:02 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 9624 0
0 25ms
25ms Fetch
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CDLmSUpJCYqCKLb6P7_UPmPmRyAv-0_evXM7PvdjqAsCNtwEQASAAYJWioIKwB4IBF2NhLXB1Yi05MDU4MjkxODU0NDQzODgxyAEJ4AIAqAMBqgTdAk_QOX28k5KIED_MkoYcU0r_XG0dAnWeGpuaRsrdxNW0ee-elIB7zHiweC8auXRDppSq5egZWKCznbT1i3HhVTVl4c1NQxYwcxmk-HiMRFLAm2DBr0Bs-C5f0Hv34lv0vvrfu1ina0S8n7vjdOLg467e3F9cVUb1LHaVNaLT_Ssn1kK_dE7IqmlUjjyOOx1nNZO3QJf3V-shDfzpxXHJ-5AsNXZOpRxj0_3-Dqq3LwazeBKuLnI9ZwAqas_VJUDg-z0yXgSMSSmV60nopp4sJF9gREr71yBCfLqCOAN384vnbhITsFSdgshIa0uheprceoivraaaq7Yopn3ThYvg5ENaUbmOKTy_s8Tv3B697WRFC_OjW3eyIlYwZd33OQAuYXqY811NbL78m_SDFxYQuuXi7WDOzKnBoSph48-sxFmtmPILXWx9jJZ8NC8VrVLa--SY8QNID_m3VrU_r4TgBAGABoHmiIPPyPalfqAGIagHipixAqgHpr4bqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB8ggbYWR4LXN1YnN5bi0yODA5MjA3NzM0OTA2MzY5gAoD-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTkwNTgyOTE4NTQ0NDM4ODEYttdp&sigh=MI-FmiPqd8Y&uach_m=[UACH]&cid=CAQSPACNIrLMXHCDUZVXMkU0ai7-ZY042J3B8BEywrhNGQMndqy-blziCtevKww6AMl0dTK8CNJQc2ZJF731WxgB&tpd=AGWhJmtJ8_zY8bV4MRsbCA34YO2EED3pHDaxEoErQ4NjJIh53Cdyv0uTR7INxRJQ1wT8G1xgucrmKV-aVusSkfuo8dTyXp2Cm4pLYWC0MZ83o8wE-i9xCkhCEyWRbvZhl6nWcWHxuF-LEEbDcJ3sVSU1GZsP4meqmsm_cSWo_FUIokyYEbgnS3x6WPGxjr0ccmYCj5AanH-D6T12cNwuvn2XtiUXsQxG8o7AH7YUA72x4q6X_bILAxowTjQqCxTorJwiWsvKtuj2woyDPiJXri9ECwI7WS1K7kiCrW4X5gEJNFfuXkG4ObuUirlVduRENevid111P7lI6B49NEgIZMSTUmrdi6y5z5_f2GA1_BxrWtxmRA3lBerUCFq7A6wU7-Yp4P2imvnuxLcbGVgfkTrQey9ZIDqek8BFDtKJhNyLtXEaa3OySD19Z10Td2HbbtHXoaxSFdGvDIuGBbvyAQn8CiSz1C2cVo6xcsya2cdnUwzv5DNpwTx_BV1WF60gdIg7sQoqIpu-0vhThhlDWsX4Mt7a-OyWbow8Cb9NAM2qTc9-cm2zd3uy0v4ZyaFc2J5bQOm71I9NWs_cLh8A0h44aGb13zdNZi95G2B6_e8InQc1c0Dfd4eFcDNv_aL9cqeFfceJ4kaLMewFOg_mDsJTZKMT94tGTfFFPq9i7zz3AFxzrju6-i6dayyzMYOngFodU80F2KGKO1llaqOKXuuJ40OzeaKygHGq6QECk8E3fEcmH4RDR1nPYzNzpzZpKFazf9_P-mjvhfYNnYXd9g
Requested by: Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s52-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

GET
H2 200 / Show response
track.adform.net/adfscript/ Frame 9624 1 KB
1 KB 19ms
19ms Script
text/javascript 37.157.2.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfscript/?bn=53729164;rtbwp=7DDE9F91DEB6C3F7;rtbdata=kRsV41d0BpNKZwVQwysKY6Oldzr5j8ew9IhSliWFSCMt7hUeM2ytdwlJnid6annQiqEoQrTCuFL5eQLPGHTDzAyfdoRZK4L1rl07sLSkPNw46vw7S28hgq_35TRm_Ns0lqTpsRkx1-_cje5pAP8VqMzcxBYx-O7HhC8l5s3Xfj3otK7K6Uq84I2nG0ZBi56yeTqcoE3up6M68Boj7Xsdo9yfptKDu5HwEUEZ7-nWDxEAzC3LgwsuWJu5VRlAN-NK9gYyx8qLj63P9cHKF25x5aZQiGTbLByitYdCxZrv2pW1L4JSv14j2okk17O1oB9jwymryPBEKDcOi0t7WJUc25yszGe83ZiV6rRtab0FSpIEejgpFobovFC21eWKiGjLTyX8aIgyoZvNqym4bE5yQIZk1uf4zETDapAnfZ7SEKyYzzCJYBns7J-4S0TaEX4BxIWIKvvW4yInoXqHoLzdc2T0lQkXAT8x0;OOBClickTrack=https://beacon-nf.rubiconproject.com/beacon/v2/t/0/620ef7ec-1e28-4309-aa10-e7b6bfb2ab49/

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

c2f4738678ac59ab1828d8ecb8bf741ce253652894c3197bcc1d7edd1176bf4a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:03 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 1172
expires: -1

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220324/r20110914/client/ Frame 9624 2 KB
1 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220324/r20110914/client/window_focus_fy2019.js

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 04:38:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1292
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Apr 2022 04:38:31 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9624 119 KB
36 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30de69c01f8eb6cb0ab7b040f02316728cb490669cbf084aad71c06a708ed1ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36904
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648035241783118"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 29 Mar 2022 05:00:03 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220324/r20110914/client/ Frame 9624 15 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220324/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 04:18:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2515
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6407
x-xss-protection: 0
server: cafe
etag: 6055885685211612390
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Apr 2022 04:18:08 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 9624 0
0 14ms
14ms Image
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRMqCccIL42YGHpc_X9N-Ok9Kdny41qdnsgZTVBSiBJ1pG6_VGEjuDQJDhAwcfgROBqixB5im_ljYElweQ4N3UNHKVJGA
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 9624 22 KB
7 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 06:52:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 79662
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 28 Mar 2023 06:52:21 GMT

GET
H3 200 i.match
a.tribalfusion.com/ Frame EBE9 43 B
708 B 226ms
203ms Image
image/gif 2606:4700::6812:d05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.tribalfusion.com/i.match?p=b6&u=CAESEL8szdDqTNSsjYvsbUo5CjE&google_cver=1&google_push=AYg5qPLEZurNk_-Sf9ZTWyluK2pkKEQHZlg6mY9kGtYZSELBdEDi6ChULwkD4owcWtLqT4qxNC8Rjxf3KSh8U2GQY2NRcOl9Npo&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPLEZurNk_-Sf9ZTWyluK2pkKEQHZlg6mY9kGtYZSELBdEDi6ChULwkD4owcWtLqT4qxNC8Rjxf3KSh8U2GQY2NRcOl9Npo%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:d05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:03 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 6f360a291c4ccc5a-ZRH
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
content-type: image/gif; charset=utf-8
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3 200 dot.gif
s0.2mdn.net/ Frame EBE9 43 B
72 B 22ms
18ms Image
image/gif 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif?google_gid=CAESEDzhUZhAkK12BwpRySEyrAA&google_cver=1&google_push=AYg5qPITycXX6Lln0h_rBaJJDzxhJk_I0-PKWIhABvDOJYweZhfa3_NsIpQXd8tXy4StflA-wM63Or6kt5zCP21XRAaC8Y_S-os

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:03 GMT
x-content-type-options: nosniff
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 30 Mar 2022 05:00:03 GMT

GET
H3 200 dds
rtb.openx.net/sync/ Frame EBE9 43 B
64 B 29ms
25ms Image
image/gif 35.186.253.211
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESECED7FIImwZphu3MRdAsccI&google_cver=1&google_push=AYg5qPLplF3qLP3i4J4Y9ry826xI91axTrLOgKiYIRBJOQJTizKpIC87Tz__Yhj13ozab79QSTOLi2Hy8xK43axgtKq2HnjyDCc
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: Cowboy /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:03 GMT
via: 1.1 google
server: Cowboy
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: null
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
x-request-id: 1erdlgdnnjesaj8q70cahgihh5a9mip6

GET

pixel
cm.g.doubleclick.net/ Frame EBE9
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEOfUcL-XSf_Qjblw5ye1KtU&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEOfUcL-XSf_Qjblw5ye1KtU&google_push=AY...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkKSU-M-BY1WVSBPYhwqxQAABFwAAAIB&google_gid=CAESEOfUcL-XSf_Qjblw5ye1KtU&google_cver=1&google_push=AYg5qPJ_-kXMwSd00uKoXlXVkF2XuLsPv27wc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkKSU-M-BY1WVSBPYhwqxQAABFwAAAIB&google_gid=CAESEOfUcL-XSf_Qjblw5ye1KtU&google_cver=1&google_push=AYg5qPJ_-kXMwSd00uKoXlXVkF2XuLsPv27wc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkKSU-M-BY1WVSBPYhwqxQAABFwAAAIB&google_gid=CAESEOfUcL-XSf_Qjblw5ye1KtU&google_cver=1&google_push=AYg5qPJ_-kXMwSd00uKoXlXVkF2XuLsPv27wc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkKSU-M-BY1WVSBPYhwqxQAABFwAAAIB&google_gid=CAESEOfUcL-XSf_Qjblw5ye1KtU&google_cver=1&google_push=AYg5qPJ_-kXMwSd00uKoXlXVkF2XuLsPv27wc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkKSU-M-BY1WVSBPYhwqxQAABFwAAAIB&google_gid=CAESEOfUcL-XSf_Qjblw5ye1KtU&google_cver=1&google_push=AYg5qPJ_-kXMwSd00uKoXlXVkF2XuLsPv27wc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkKSU-M-BY1WVSBPYhwqxQAABFwAAAIB&google_gid=CAESEOfUcL-XSf_Qjblw5ye1KtU&google_cver=1&google_push=AYg5qPJ_-kXMwSd00uKoXlXVkF2XuLsPv27wc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkKSU-M-BY1WVSBPYhwqxQAABFwAAAIB&google_gid=CAESEOfUcL-XSf_Qjblw5ye1KtU&google_cver=1&google_push=AYg5qPJ_-kXMwSd00uKoXlXVkF2XuLsPv27wc...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkKSU-M-BY1WVSBPYhwqxQAABFwAAAIB&google_gid=CAESEOfUcL-XSf_Qjblw5ye1KtU&google_cver=1&google_push=AYg5qPJ_-kXMwSd00uKoXlXVkF2XuLsPv27wc...

0
0

GET
H/1.1 200
OK sync
ssbsync.smartadserver.com/api/ Frame EBE9 0
75 B 363ms
23ms Image
text/plain 185.86.137.122

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEOJAqCvw7SmlLJ1PJ6-LgKQ&google_cver=1&google_push=AYg5qPIy8Pt8UQzB4eKarolcH6FeFjVsvL2RcZU0XxB1bSXJaLZ4lxDLhKlpGU2qZYNfxyfGSlivxA7fISYvEkB9F-dw4d0ZU9Y
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.137.122 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:02 GMT
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EBE9
Redirect Chain

https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEFSzoQWZQBE2CDRO3d8yWRQ&google_cver=1&google_push=AYg5qPI7VvhHlYzUitTrdjjg_r_p9B7-vRTahStpJ2XvUyVrom5H7gkG...
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEFSzoQWZQBE2CDRO3d8yWRQ&google_cver=1&google_push=AYg5qPI7VvhHlYzUitTrdjjg_r_p9B7-vRTahStpJ2XvUyVrom5H7g...
https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVAxNzY0M2JlYy1hZjFkLTExZWMtOTAwYy0wNmIwOTdmYzM5Yzg%3D&google_push=AYg5qPI7VvhHlYzUitTrdjjg_r_p9B7-vRTahStpJ2XvUyVrom5H7gkGncTavDdhTc...

170 B
188 B

19ms
19ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVAxNzY0M2JlYy1hZjFkLTExZWMtOTAwYy0wNmIwOTdmYzM5Yzg%3D&google_push=AYg5qPI7VvhHlYzUitTrdjjg_r_p9B7-vRTahStpJ2XvUyVrom5H7gkGncTavDdhTcbai5vDqWBbXLRyA213bfqUZdTZagTWhx3F

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:03 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVAxNzY0M2JlYy1hZjFkLTExZWMtOTAwYy0wNmIwOTdmYzM5Yzg%3D&google_push=AYg5qPI7VvhHlYzUitTrdjjg_r_p9B7-vRTahStpJ2XvUyVrom5H7gkGncTavDdhTcbai5vDqWBbXLRyA213bfqUZdTZagTWhx3F
date: Tue, 29 Mar 2022 05:00:03 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3 200 dot.gif
s0.2mdn.net/ Frame EBE9 43 B
72 B 21ms
17ms Image
image/gif 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif?google_gid=CAESEE0LJoR_XX48kjNPILkgQZ4&google_cver=1&google_push=AYg5qPI7fQW6pw3I_7EVjcUvQLvZDexTgF2ii--1Skt6BvOkq-MOWblUSlcAutxG2lCmfyHvOxvOSjdVNTEW9RlRElSmYysbc-P-

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:03 GMT
x-content-type-options: nosniff
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 30 Mar 2022 05:00:03 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame EBE9 0
12 B 19ms
16ms Image
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13K7OgvBGbcSe0YOIA2hP3loeopZt3qhMrqet_oJpYOueAnx-twJdLfHQLtc1R5Pr3ZDAh5DzdY

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:03 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 container.html Show response
d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame BE5A 6 KB
3 KB 8ms
7ms Document
text/html 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032103.js?cb=31065882

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 29 Mar 2022 05:00:00 GMT
expires: Wed, 29 Mar 2023 05:00:00 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 3
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 gwdpage_style.css
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 569C 55 B
115 B 9ms
9ms Stylesheet
text/css 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdpage_style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=IesEaISHTZ&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2afb3cf38deea01d461f29b961c8aab0da4f121a84a9c843f49dc7cced99b6a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=IesEaISHTZ&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 05:56:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 514999
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 74
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Mar 2023 05:56:44 GMT

GET
H3 200 gwdpagedeck_style.css
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 569C 731 B
275 B 9ms
9ms Stylesheet
text/css 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdpagedeck_style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=IesEaISHTZ&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3974624ff80521dbd81d3ed32f8ec10c7baef11c272f46626a6284538e90e44b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=IesEaISHTZ&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 22 Mar 2022 12:05:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 579275
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 234
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 22 Mar 2023 12:05:28 GMT

GET
H3 200 gwdgooglead_style.css
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 569C 24 B
84 B 10ms
9ms Stylesheet
text/css 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdgooglead_style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=IesEaISHTZ&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e52ad60cf8269c44381d5e0833e69b9b8f3b9f9346b7066b1dc5a52b390feedc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=IesEaISHTZ&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 07:01:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 511095
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Mar 2023 07:01:48 GMT

GET
H3 200 gwdimage_style.css
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 569C 281 B
199 B 10ms
9ms Stylesheet
text/css 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdimage_style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=IesEaISHTZ&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d3251d937d209def48e958bfeec683ca39dc0f15eb22f99bc3e7035995cd552

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=IesEaISHTZ&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 06:11:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 514109
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 158
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Mar 2023 06:11:34 GMT

GET
H3 200 gwdattached_style.css
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 569C 26 B
86 B 10ms
9ms Stylesheet
text/css 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdattached_style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=IesEaISHTZ&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fffa14e9a3c576087a9202af54e8f11669f29c37617df0c6f728ca24d95f60bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=IesEaISHTZ&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 18:05:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 471258
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Mar 2023 18:05:45 GMT

GET
H3 200 gwdtaparea_style.css
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 569C 157 B
156 B 10ms
9ms Stylesheet
text/css 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdtaparea_style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=IesEaISHTZ&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

20160b923de864cdf44fa26bfd6281a9e0aba7eb800fac86804d9a41a93c2394

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=IesEaISHTZ&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 18:42:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 469065
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 115
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Mar 2023 18:42:18 GMT

GET
H3 200 googbase_min.js Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 569C 400 B
317 B 11ms
8ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/googbase_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=IesEaISHTZ&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e13459782d7fc46c73821602bedc17cc2b3a2dc5ec07e91e30ed715193698a94

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=IesEaISHTZ&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 22 Mar 2022 15:23:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 567396
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 275
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 22 Mar 2023 15:23:27 GMT

GET
H3 200 gwd_webcomponents_v1_min.js Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 569C 20 KB
6 KB 11ms
8ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwd_webcomponents_v1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=IesEaISHTZ&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9c27626364eeaffb44ad2decb980dace7bedb3c8ea1575f81927fc9409cb5b49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=IesEaISHTZ&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 12:08:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 492720
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6276
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Mar 2023 12:08:03 GMT

GET
H3 200 gwdpage_min.js Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 569C 3 KB
1 KB 12ms
9ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdpage_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=IesEaISHTZ&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f3260225ba132e9bf8956514e81f6136265ee05250271a027bb2029cbbf4651d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=IesEaISHTZ&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 05:33:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 516386
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1308
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Mar 2023 05:33:37 GMT

GET
H3 200 gwdpagedeck_min.js Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 569C 8 KB
3 KB 12ms
8ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdpagedeck_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=IesEaISHTZ&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4eefdd923f73deeaec9e4ecb4cc3fae74379145f0fd3f5892165326bce8ed0ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=IesEaISHTZ&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 01:42:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 357463
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3191
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 25 Mar 2023 01:42:20 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 569C 118 KB
40 KB 13ms
8ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=IesEaISHTZ&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=IesEaISHTZ&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 08:58:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 72069
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 29 Mar 2022 08:58:54 GMT

GET
H3 200 gwdgooglead_min.js Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 569C 13 KB
4 KB 15ms
10ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdgooglead_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=IesEaISHTZ&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b671e2140966063715d21667867d60de45adc723cd1b31e0d2f7466105a90247

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=IesEaISHTZ&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 01:25:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 358500
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4481
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 25 Mar 2023 01:25:03 GMT

GET
H3 200 gwdimage_min.js Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 569C 5 KB
2 KB 16ms
11ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdimage_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=IesEaISHTZ&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

32ab0a5c85cabdb695704b5128a8fb7c9a8dfa3242cc36ceda6bb0650a45b35f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=IesEaISHTZ&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 11:52:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 493663
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2014
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Mar 2023 11:52:20 GMT

GET
H3 200 gwdattached_min.js Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 569C 1 KB
632 B 17ms
13ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdattached_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=IesEaISHTZ&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dd50ba290f74d344ad0d04ade63c55b02360bf4db99c0a2749f34deb0c8dcec9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=IesEaISHTZ&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Thu, 24 Mar 2022 19:52:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 378469
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 590
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Mar 2023 19:52:14 GMT

GET
H3 200 gwdtexthelper_min.js Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 569C 7 KB
3 KB 17ms
13ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdtexthelper_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=IesEaISHTZ&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dea5d8ba9e54379b26e109f61ceba20a0781d4f80eed75fce6ad0993d4784195

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=IesEaISHTZ&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 07:24:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 509761
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2823
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Mar 2023 07:24:02 GMT

GET
H3 200 gwdtaparea_min.js Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 569C 3 KB
1 KB 18ms
13ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdtaparea_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=IesEaISHTZ&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0f2aac94d011ec45570ef1245e5fc8df73ebd09b1c6859c5a8393df5336e01b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=IesEaISHTZ&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 05:34:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 516318
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1356
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Mar 2023 05:34:45 GMT

GET
H3 200 gwdgpadataprovider_min.js Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 569C 3 KB
1 KB 18ms
13ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwdgpadataprovider_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=IesEaISHTZ&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8a170f5913eecb1afeda4cccca5d5b9589c8f068a04ae2c517b602e1484982b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=IesEaISHTZ&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Wed, 23 Mar 2022 07:14:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 510337
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1293
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Mar 2023 07:14:26 GMT

GET
H3 200 gwddatabinder_min.js Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 569C 5 KB
2 KB 17ms
12ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwddatabinder_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=IesEaISHTZ&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d3460d76a3013a4bb9c689877b41f3eadbf5e780ed9230fb8f8bbd16fcc59842

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=IesEaISHTZ&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Fri, 25 Mar 2022 13:10:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 316161
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2351
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 25 Mar 2023 13:10:42 GMT

GET
H3 200 gwd-dynamic-binders.js Show response
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 569C 23 KB
9 KB 17ms
12ms Script
application/x-javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/gwd-dynamic-binders.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=IesEaISHTZ&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

df544db2e8b010512a5ec168d3a9b91355c7197d04a1b29325510e29405e6e0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=IesEaISHTZ&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 22 Mar 2022 11:52:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 580026
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9229
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 22 Mar 2023 11:52:57 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D03C 0
21 B 44ms
43ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BGdh8UpJCYr-hA5eJ7_UP3pursAEAAAAAOAHgBAI&bg=!m5ilmNzNAAbzJazn0yU7ACkAdvg8WuHmUhZX8jLmKd0PT0HBW_NNmlOVDVoIJnghRG1bJNo1ONSBGwIAAAGLUgAAAAJoAQeZAyyVKhy0tbkfrxnRh8hdCLA9zK6l9KxecpPqRk4uz5D6DnjCMuoRqYEGjgUyP7MsxJSiSNEU-VpNDA5VPEy45UqU2CUjBY0yiarTlWRr66_J6IUlhxQ5-RJ45kHdtZEkByAkSeZU1iNxahqT5vZ6oxZkCLbMzzAjkgW4KObL0Xol7zteVPQw07Wi8N1J1sXg8Y7U0vQLdHAqicjAEZ5KASU3ARzEt2klG9zjjvDambf_CJyY-UAo8DB-Y6joYrSsG4RasqtgPaZHDdPv98Jd4-T4xWeEiAZyKX6AFlnp7nfDnzoy9VVS4THowPkd33Xt0_Wmh3l7-g6GX4DhepR_JsqWVzWvExyvMp6km9DtWpL3gd81BVNpqAimXx5gJuyHhoGz1nI-0H7qfCcStXYcQOTd5zRNvlPOn5uMGcObj4GUaiKy0Ylwl7d3hlqUBjQdpzgELmPoD3_MwMtQzKLkR9Xpv8sEolT_ly2O0Egqh54fonUigSpan2c6eIEpQSoa8pmyAZW1N1OXtXmbKmpjGWjPUqYjVW1EQ-CE1BIdrUly9VhNbH34h7ylUPvQ1XBH-WTY2MqHvleuv15890pD_wu4izcMEYs6quR0zo3Cmfr1WaBRm1XaRXSQW5676bADQgh_2HVbnjXBvsogVu1eIE9dn0rp6OoMiKys2nk3zn2tuf9on8eSFzfJv0OccOEEY-4BFzpWkY-JbbX21vC93XlsyOqOaNjyaZ2AMvX3ZCNzGh4EiN_5MEGlcjJrruEhi8GZfIbouM2Ei71_5yZVao0WQlqSFfhHIPpPlc11uJm71aa-N3DcspZmjzeeSNvb4oOKC6w_2F38ZqVciWcDQ65_H3gr1yUn1nYmRUpurAG9BFP1skd2RIxKolJ4I3YhZ4rpou_yfVCV41d2MXviURYq0qDPGCDcL-jXjOzJoN6ES-jTSx9mLcy4jDahDYxzQKGbm5OyJKXS_HjmklZI8a4q7nafhKUCGUtnO6Wq8oLDLMDmTWSuZAL_Yh3UbtmhGvKPjDu2x4FkhIHAjtb5tzZCWeRxW2x-e5xoj_qqcxoJCInctuzqSaEvKItc9A

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK postback Show response
s.update.adsrvr.org/2/2.52.0/357427/ASvT-7gQEeWhgXSd/ Frame F8A3 0
145 B 32ms
31ms XHR
text/plain 18.203.209.222
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.adsrvr.org/2/2.52.0/357427/ASvT-7gQEeWhgXSd/postback?de=2&dt=3574271504888517674019&pp=21468&dm=300x250&di=mustsharenews.com&md=1&ac=0a7a8j6&cb=1648530000&r7=&to=3&sr=rubicon&ci=357427&ap=&pv=940ddcb5-57e2-4786-a3f1-2dc32de7d904&pd=avt&ui=&ti=09b98f2a-9940-4e5b-9ae1-8a4570d2a377&sid=ASvT-7gQEeWhgXSd&oz_sc=2d7a79eaccfd3e89a25e8df4&oz_df=1648530003404&oz_l=43&cv=3
Requested by: Host: s.update.adsrvr.org
URL: https://s.update.adsrvr.org/2/2.52.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 18.203.209.222 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-203-209-222.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 29 Mar 2022 05:00:03 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H2 200 bootstrap.js Show response
s1.adform.net/stoat/626/s1.adform.net/ Frame 9624 33 KB
16 KB 20ms
20ms Script
text/javascript 37.157.5.71
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by: Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=53729164;rtbwp=7DDE9F91DEB6C3F7;rtbdata=kRsV41d0BpNKZwVQwysKY6Oldzr5j8ew9IhSliWFSCMt7hUeM2ytdwlJnid6annQiqEoQrTCuFL5eQLPGHTDzAyfdoRZK4L1rl07sLSkPNw46vw7S28hgq_35TRm_Ns0lqTpsRkx1-_cje5pAP8VqMzcxBYx-O7HhC8l5s3Xfj3otK7K6Uq84I2nG0ZBi56yeTqcoE3up6M68Boj7Xsdo9yfptKDu5HwEUEZ7-nWDxEAzC3LgwsuWJu5VRlAN-NK9gYyx8qLj63P9cHKF25x5aZQiGTbLByitYdCxZrv2pW1L4JSv14j2okk17O1oB9jwymryPBEKDcOi0t7WJUc25yszGe83ZiV6rRtab0FSpIEejgpFobovFC21eWKiGjLTyX8aIgyoZvNqym4bE5yQIZk1uf4zETDapAnfZ7SEKyYzzCJYBns7J-4S0TaEX4BxIWIKvvW4yInoXqHoLzdc2T0lQkXAT8x0;OOBClickTrack=https://beacon-nf.rubiconproject.com/beacon/v2/t/0/620ef7ec-1e28-4309-aa10-e7b6bfb2ab49/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.71 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 3d0bf782b47dcd079eedf6bb34ecb0742c114a4e4b90e37a58a412482101b475

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:03 GMT
content-encoding: gzip
last-modified: Thu, 10 Feb 2022 15:16:56 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Wed, 30 Mar 2022 08:01:10 GMT

GET
H2 200 ca Show response
choices.trustarc.com/ Frame B736 7 KB
3 KB 12ms
12ms Script
text/javascript 108.157.4.14
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.trustarc.com/ca?aid=tradedesk01&pid=tradedesk01&cid=0a7a8j6_a99jcch_1e7nlzp2&w=300&h=250&c=tradedesk01cont1&js=pmw1&base=te-clr1-d5f8f0b5-d1d2-49a8-9a6e-46616bbab1d2&sid=0
Requested by: Host: choices.truste.com
URL: https://choices.truste.com/ca?pid=tradedesk01&aid=tradedesk01&cid=0a7a8j6_a99jcch_1e7nlzp2&c=tradedesk01cont1&js=pmw0&w=300&h=250&sid=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-14.dus51.r.cloudfront.net
Software: nginx /
Resource Hash: 05e94fcdf9b29839aed8b4cfb8d7b948f45626b2ace35103e52450b0a9460d11

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Mar 2022 22:54:05 GMT
content-encoding: gzip
server: nginx
age: 21958
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 347732911156afff87ff95b6d55b9278.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-amz-cf-pop: DUS51-P2
content-length: 2480
x-amz-cf-id: fXUNjEChyvSUu4MWp1Shxd9R9CJgc7XS6kbRMHlXTL9MDK5-ZpQsKA==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 ca Show response
choices.trustarc.com/ Frame B736 38 KB
11 KB 11ms
11ms Script
text/javascript 108.157.4.14
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.trustarc.com/ca?aid=tradedesk01&pid=tradedesk01&cid=0a7a8j6_a99jcch_1e7nlzp2&w=300&h=250&c=tradedesk01cont1&js=pmw2
Requested by: Host: choices.truste.com
URL: https://choices.truste.com/ca?pid=tradedesk01&aid=tradedesk01&cid=0a7a8j6_a99jcch_1e7nlzp2&c=tradedesk01cont1&js=pmw0&w=300&h=250&sid=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-14.dus51.r.cloudfront.net
Software: nginx /
Resource Hash: e15a095adc9899b592ceccdd4885a3be3674a6bf6ec4be762566360424deb1f3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Mar 2022 23:57:54 GMT
content-encoding: gzip
server: nginx
age: 18129
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 347732911156afff87ff95b6d55b9278.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: sslERqpmj42NmsSEYC17c0QjH8w4BIGTF1GGVkirfLwhNj1JLo8msA==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 cap
choices.trustarc.com/ Frame B736 43 B
395 B 135ms
135ms Image
image/gif 108.157.4.14
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://choices.trustarc.com/cap?aid=tradedesk01&pid=tradedesk01&cid=0a7a8j6_a99jcch_1e7nlzp2&w=300&h=250&c=aad0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-14.dus51.r.cloudfront.net
Software: nginx /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:03 GMT
via: 1.1 347732911156afff87ff95b6d55b9278.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: DUS51-P2
vary: Origin
x-cache: Miss from cloudfront
content-type: image/gif
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 43
x-amz-cf-id: 5UATh9IVTESTaR5eatrPqCY0Y2SXie7NTK9c78bM0qiiKAh3dme5fA==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame CED1 0
0 126ms
126ms Image
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220324&jk=3246387072062102&rc=05ACxne1P61EPHaWUMNz8UZEYbLCJ4pp_P92M0-A5LQ6tvFQbBKJ7b-LHWmVt1bMvCI_HvIpGFmWZIumPTDCYNgewpNH8t-ddGadKsH3mqxJySUre2Of-RhOVoEf0-9f8FKD-naGPGMHvmYPQ89O7CDuI4hIkuyCGalF1QFw4Mqj9dw1dyt1YGlMVgZ4PSiaXCyAuNhIF-AxUU-EYova2Qzg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

POST
H/1.1 200
OK postback Show response
s.update.rubiconproject.com/2/2.52.0/873648/ASvT-_UOEPR8frgV/ Frame B736 0
145 B 35ms
34ms XHR
text/plain 34.240.117.131
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.rubiconproject.com/2/2.52.0/873648/ASvT-_UOEPR8frgV/postback?di=mustsharenews.com&pv=2e16d238-2d55-453f-8e0d-015d0562875f&c2=15&si=284364&ap=&ui=L1BO75U0-1C-2UKP&pp=21468&gt=de&c1=1422796&sr=magnite.com&dt=8736481481318196516000&ci=873648&sid=ASvT-_UOEPR8frgV&oz_sc=c2f9589ca866abf3344f77b8&oz_df=1648530003444&oz_l=5687&cv=3
Requested by: Host: s.update.rubiconproject.com
URL: https://s.update.rubiconproject.com/2/2.52.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 34.240.117.131 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-240-117-131.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 29 Mar 2022 05:00:02 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H3 200 National2-Medium.woff
s0.2mdn.net/creatives/assets/4372196/ Frame 569C 45 KB
45 KB 9ms
8ms Font
font/woff 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4372196/National2-Medium.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=IesEaISHTZ&t=4&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

66e6fad9e5ec87bcda3f169e68173f0d99c792ec94f8586d7df8a4edb540d1e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=IesEaISHTZ&t=4&renderingType=2
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 04:55:15 GMT
x-content-type-options: nosniff
age: 288
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46308
x-xss-protection: 0
last-modified: Tue, 30 Nov 2021 12:01:18 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 29 Mar 2022 05:10:15 GMT

GET
H3 200 vukqqZMEwiKfO5iIQC2Qvig_P1EBwRi6HH-n7W3xhSE.js Show response
pagead2.googlesyndication.com/bg/ Frame D586 35 KB
13 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/vukqqZMEwiKfO5iIQC2Qvig_P1EBwRi6HH-n7W3xhSE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bee92aa99304c2229f3b9888402d90be283f3f5101c118ba1c7fa7ed6df18521

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 06:38:22 GMT
content-encoding: br
x-content-type-options: nosniff
age: 80501
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13603
x-xss-protection: 0
last-modified: Tue, 22 Mar 2022 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 28 Mar 2023 06:38:22 GMT

GET
H3 200 CGHVXjYJRnLTYRF6fgor0GmLhTjmHb-GVf8novFL6vc.js Show response
pagead2.googlesyndication.com/bg/ Frame 0603 35 KB
14 KB 12ms
12ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CGHVXjYJRnLTYRF6fgor0GmLhTjmHb-GVf8novFL6vc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0861d55e36094672d361117a7e0a2bd0698b8538e61dbf8655ff27a2f14beaf7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 21:17:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27725
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13806
x-xss-protection: 0
last-modified: Tue, 22 Mar 2022 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 28 Mar 2023 21:17:58 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 6AA6 0
9 B 7ms
7ms Image
text/plain 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?LMa88w
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:03 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 1FFC 0
23 B 32ms
32ms Ping
image/gif 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu93TP8Iwg_8XHg9UweAs-QGJ0TT2qGpfncsnRZs_9iLy115Tm8aVfw99d6b_FotAV3xQnK8QGDlayLI7l_fLk_4Tb5udnZdNGthlgjUII3W_c9zqZqzdVeeVq9GYUThziArpFrGLMD5DO8a0pTYrHy9ow&sig=Cg0ArKJSzLp3LyXHg734EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=466&vt=11&dtpt=307&dett=3&cstd=156&cisv=r20220324.17895&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 29 Mar 2022 05:00:03 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 569C 7 KB
6 KB 21ms
21ms XHR
application/json 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

963cd46f8c53a95e0c2529a14b663bf9cc323222dd6564e43232f96b11c8fc57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 29 Mar 2022 05:00:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5673
x-xss-protection: 0

GET
H3 200 ww-logo.svg
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 569C 864 B
524 B 8ms
7ms Image
image/svg+xml 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/ww-logo.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/gwdimage_min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c22e801148939673da59909834ef2cbd09855ab48ecfc7ee3e501bd25eec0102

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=IesEaISHTZ&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 22 Mar 2022 15:15:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 567882
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 485
x-xss-protection: 0
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 22 Mar 2023 15:15:21 GMT

GET
H3 200 60021267_20220317072610540_WW_2ndChance_NeuesLeben_Prospecting.jpg
s0.2mdn.net/ads/richmedia/studio/60021267/ Frame 569C 30 KB
30 KB 8ms
8ms Image
image/jpeg 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60021267/60021267_20220317072610540_WW_2ndChance_NeuesLeben_Prospecting.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6538174354311107868/gwdimage_min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

21066dd1052a0cc3cc6d40e20caadba8f798380d59166e9b5ea75f4a859a472c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=IesEaISHTZ&t=4&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 09:52:54 GMT
x-content-type-options: nosniff
age: 68829
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30753
x-xss-protection: 0
last-modified: Thu, 17 Mar 2022 14:26:10 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 29 Mar 2022 09:52:54 GMT

GET
H2 200 ca Show response
choices.trustarc.com/ Frame BDEF 7 KB
3 KB 12ms
12ms Script
text/javascript 108.157.4.14
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.trustarc.com/ca?aid=tradedesk01&pid=tradedesk01&cid=0a7a8j6_a99jcch_1e7nlzp2&w=300&h=250&c=tradedesk01cont1&js=pmw1&base=te-clr1-d5f8f0b5-d1d2-49a8-9a6e-46616bbab1d2&sid=0
Requested by: Host: choices.truste.com
URL: https://choices.truste.com/ca?pid=tradedesk01&aid=tradedesk01&cid=0a7a8j6_a99jcch_1e7nlzp2&c=tradedesk01cont1&js=pmw0&w=300&h=250&sid=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-14.dus51.r.cloudfront.net
Software: nginx /
Resource Hash: 05e94fcdf9b29839aed8b4cfb8d7b948f45626b2ace35103e52450b0a9460d11

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Mar 2022 22:54:05 GMT
content-encoding: gzip
server: nginx
age: 21958
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 347732911156afff87ff95b6d55b9278.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-amz-cf-pop: DUS51-P2
content-length: 2480
x-amz-cf-id: tC26igmxdxvGr7s7DIu49XiF5DBYuUi-Z0hqW_yo6WJjukVa3tJ2Ag==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 ca Show response
choices.trustarc.com/ Frame BDEF 38 KB
11 KB 14ms
14ms Script
text/javascript 108.157.4.14
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.trustarc.com/ca?aid=tradedesk01&pid=tradedesk01&cid=0a7a8j6_a99jcch_1e7nlzp2&w=300&h=250&c=tradedesk01cont1&js=pmw2
Requested by: Host: choices.truste.com
URL: https://choices.truste.com/ca?pid=tradedesk01&aid=tradedesk01&cid=0a7a8j6_a99jcch_1e7nlzp2&c=tradedesk01cont1&js=pmw0&w=300&h=250&sid=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-14.dus51.r.cloudfront.net
Software: nginx /
Resource Hash: e15a095adc9899b592ceccdd4885a3be3674a6bf6ec4be762566360424deb1f3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 28 Mar 2022 23:57:54 GMT
content-encoding: gzip
server: nginx
age: 18129
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 347732911156afff87ff95b6d55b9278.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: E0yTBZL6ji-Lln2E83-PIX1KS9E3KkjRZTTDLLEvczfA18PbPVLfkQ==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 cap
choices.trustarc.com/ Frame BDEF 43 B
397 B 168ms
168ms Image
image/gif 108.157.4.14
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://choices.trustarc.com/cap?aid=tradedesk01&pid=tradedesk01&cid=0a7a8j6_a99jcch_1e7nlzp2&w=300&h=250&c=3bf9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-14.dus51.r.cloudfront.net
Software: nginx /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:03 GMT
via: 1.1 347732911156afff87ff95b6d55b9278.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: DUS51-P2
vary: Origin
x-cache: Miss from cloudfront
content-type: image/gif
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 43
x-amz-cf-id: 1exbznWWQQKJgoLJWAdPJIa_FLFSldHTFH0EpseeZyHUV-UkNpOiFw==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 170A 0
0 20ms
19ms Fetch
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvzRoY86aYslDrvVr6Qkrydmp-_V1alBAYrd2GFzyZ6WMDNG-5G4MfwhPXlDdF_G1n8aqHGzGM9Bh4zXaHiLpXgbJdShLJR_j8q7c098GttCZrrCrkvDXQCI0vGc7V9taVDuuE-3ENcn74BEvBmkISMiZlIFv1_IyquGwBvQiI1cKFAYoKswlL_d9O-Up_iDpIVF36XOkturkQMBU7WlZyfPjhMCZRzHCf3sPT2xLWpAnx5c6uaYjbfcU24SVNVGJibe1bFQNU3KX7HZ4TDHrSbxs1Q6rPp3B3IrCVIEdr662Ujr80vbTUfplG-r1qjtgHQOf5FlC_h00IrvIL7TRjXYR-88L1-mUZAO0BER3SF0kCsAHgDSCbOAscYQZ821XRx3ErLLbhF&sig=Cg0ArKJSzN8ASVGlxv02EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 29 Mar 2022 05:00:03 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Tue, 29 Mar 2022 05:00:03 GMT

GET
DATA 200
OK truncated
/ Frame 170A 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bcc0d1413bd26c0ce49c964fb21d37b4886a66f5fe71c4ec6423f6fd1eb0294a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame BE5A 0
0 25ms
24ms Fetch
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C4R7sU5JCYumCBveV7_UPzY2u6Aj-0_evXM7PvdjqAsCNtwEQASAAYJWioIKwB4IBF2NhLXB1Yi05MDU4MjkxODU0NDQzODgxyAEJ4AIAqAMBqgTGAk_QbvQbwXx9HDLmAZ0LdGu-Z4txUgq123YeGlHrNwRL7Cy4uUMm7xcinOqSPIqwmHrWKGoREp1orZCYrBWFTkP62ZGRkwleEyC-7Yv74IHimRhSsIA2YDqElgMMRezHxpA7M28bahMuuaaX9u4abyCdm-TSr_z35lsNm7QPffpa9XGqHWxP6ka41sHgAi4i44bqLL1jR1hg3355E3Vnpm1s_G8s2dF9XTLfVRdJwpCcHrjgxg7YAQNedIpws6EwJ6CCwPoJsIyu7IRz3Hwojoiee0tiBm-wwGKlpT4xiRQfHlFlUVOFFNFi3AmIckZNTAudAVasL6VqHNRog6kOm8SDxpOgzza1fVLlwb60Lcl--JIOtdPAavkagi4EJzhEHvJkjgSnEhU4Y-w-faU3txRZ8ekTHonBBE1XCflha6zSxc6eqLBx4AQBgAb_3tqthLOumfsBoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAHyCBthZHgtc3Vic3luLTI4MDkyMDc3MzQ5MDYzNjmACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItOTA1ODI5MTg1NDQ0Mzg4MRi212k&sigh=1X_Qmycp8Og&uach_m=[UACH]&cid=CAQSPACNIrLMH2pzJk4pZAX59gCcJG-VgUlTiuSl_IjCaVQnkYlt5FsEiMJf54hRduCtL3PQpdM-HklTVvBNXRgB&tpd=AGWhJmseWTMuuKbqisTqucN-hcEEq4e7JJqUecYWAHRV275N3W5kmXt_8QkYYUJJLjNCSAegYQ0rGFy6Vk-38zbsG-XlBJeI193INrgBVJzqZVjqPxaFIWBcFGjJJXnD5fhWyDRivqvBBUfPy2mm8NIZ0FeCoCNL6YVHYDg6fNcUQsrIkeqCrBiJ6Ipi5lghI8wHjIqnrP4W7ve3QVYmefUcL4jVCbEDdhUXjcxrkyawT2BjWJ0xbazfd9xslywf6-Pxxrs-5LsCXw5GurbNChIWc6xMLTTR3QAq6GYYppxoUO1Zce_k-n9wNHDlLiYalOwLqvBQXaVEvK-5Sy2vy5uZvB6BjQ3DuMTGrrQ8LzjuQBms-OHM6UwP0lk-rJk6XkY6juNSnCwuXf87cFVZvCHeSa4QTlIjTV3seP3LEBgpXG0S8oh_RaLMnNsKi3L076dDXNokKwnL_DyPop_m9EWBzCR8uuqnjeGXnH3SagIxB__n-bLGT3eIsNOrUhA6Z14XsbQlyvXGiyZ4fFdE5AXyvygx1xNQ_ni8sJ3DDNZRUtKYVUVWZ48Dk5GJNWIusiy8uG2qywF4_b4GH9bH-3lwBK5_QwIet0aUEw3YjdKyTZ2rMgMV87M5ijVIk5KUEt7tj1nmgDZOkR64bLGh39wlOxDhzRxjc_9HlRoRIgPUm5GXcAnQMrcqRSdWfMuc_gsc8VO1x7rNGnUepITOD5QwAwAquqPvSS5tK7_rhMEqRxvbapQIya2YdpfVHVI8t7BhMgnTKha5QvbWT_Ze5NJW7KHKrv7_rjcwXwkV7VTG3gatOjt1pte5BP7IRFBMHACrtcwFRGbh-gOSlEWQomzq3JWk_RQaVOywNnIQXjiDjDa0oxAaoGPMCwP3cXL4XFGTQI3sgxMaqBThbpos9g
Requested by: Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s52-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

GET
H2

200

v2
odr.mookie1.com/t/ Frame BE5A
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=mookie-ps&ttd_tpi=1
https://odr.mookie1.com/t/v2?tagid=V2_2087&src.visitorId=514a4b88-0dfd-434d-a84a-f5d9ce432a25&gdpr=1&gdpr_consent=

43 B
106 B

16ms
16ms

Image
image/gif

34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2?tagid=V2_2087&src.visitorId=514a4b88-0dfd-434d-a84a-f5d9ce432a25&gdpr=1&gdpr_consent=
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:03 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:03 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://odr.mookie1.com/t/v2?tagid=V2_2087&src.visitorId=514a4b88-0dfd-434d-a84a-f5d9ce432a25&gdpr=1&gdpr_consent=
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 259

GET
H3 200 v4
metrics.getrockerbox.com/track/ Frame BE5A 44 B
515 B 124ms
123ms Image
image/gif 104.21.58.221
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://metrics.getrockerbox.com/track/v4?source=weight_watchers_subscription_germany&tier_one=ttd-display&tier_two=0a7a8j6&tier_three=a99jcch&tier_four=1e7nlzp2
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.58.221 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 039a8bb6d736466063dde3c2a80d71d54456a7875cb1654263058bc69c1c042d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:03 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=625YgHoLB2xUn0KVNl2UB6yTUDb1hBqiawstiSnyhCxtSe5YSADKw9guIt46FoQpqWLtagBcw1fHjX%2Bl4yH%2FoBArkZS%2FY2toVAGGq9BoCg5DoH0AC%2BbqTgZaJwdPpFlMihjAiRfr35Boe9g%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cf-ray: 6f360a2b3b0554e2-MAN
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 dcmads.js Show response
www.googletagservices.com/dcm/ Frame BE5A 11 KB
5 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

503a1dd70b8b9c286875f5f7de72bce93c664b79f3fcfeefa1150d2384df33a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 04:14:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2708
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5008
x-xss-protection: 0
last-modified: Thu, 24 Feb 2022 18:23:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 29 Mar 2022 05:14:55 GMT

GET
H/1.1 200
OK rubicon
de1-bid.adsrvr.org/bid/feedback/ Frame BE5A 807 B
1 KB 26ms
8ms Image
image/gif 13.248.151.244
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://de1-bid.adsrvr.org/bid/feedback/rubicon?t=1&iid=9fc85d4c-e998-4c6c-b6b1-96e2169a9a13&crid=1e7nlzp2&wp=D73D2D86FA739BE8&aid=1&wpc=USD&sfe=147a1253&puid=&tdid=&pid=vko50on&ag=a99jcch&adv=kywm6zw&sig=1C2EYfOJoihWL_ul0xgQ01zGISiRhBk9xsKcN5mjLMc0.&bp=0.11714023337993907983&cf=3176281&fq=0&td_s=mustsharenews.com&rcats=&mcat=&mste=&mfld=3&mssi=&mfsi=&uhow=55&agsa=&rgz=&svbttd=1&dt=PC&osf=Windows&os=Windows10&br=Chrome&rlangs=en&mlang=&svpid=21468&did=&rcxt=Other&lat=51.570000&lon=7.440000&tmpc=6.12&daid=&vp=0&osi=&osv=&mk=Google&mdl=Chrome%20-%20Windows&c=CgdHZXJtYW55GgA4AVAHgAEAiAEBkAEB&dur=CjAKDGNoYXJnZS1hbGwtMSIgCP___________wESE3R0ZF9kYXRhX2V4Y2x1c2lvbnMKOwodY2hhcmdlLWFsbFRUREN1c3RvbUNvbnRleHR1YWwiGgja__________8BEg10dGRjb250ZXh0dWFsCkgKIWNoYXJnZS1hbGxNb2F0Vmlld2FiaWxpdHlUcmFja2luZyIjCKX__________wESDm1vYXQtcmVwb3J0aW5nKgYIoI0GGAw.&durs=dwsLA4&crrelr=&ipl=/21622890900/SG_mustsharenews.com_res_article_bottom_300x250//336x280&pcm=1&grdc=CAEYASABKAFAAUgC&vc=3&cx=-5178883614526245302&said=a898730ca86bd8a7e172934303d2e30886db23e4&ict=Unknown&auct=1&cxlvs=0&im=1&mc=ec8ba4fc-052c-47ff-86ff-0d7df7787e6f&tail=1
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 13.248.151.244 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ad9411418cf2cdacd.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 3ca19e57c9a2465ae4df271316ba4d29e7ff7f113a2a2c5297780c0b7a0ac09d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:02 GMT
server: Kestrel
transfer-encoding: chunked
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
cache-control: must-revalidate, no-cache
connection: close
content-type: image/gif

GET
H2 200 ca Show response
choices.truste.com/ Frame BE5A 27 KB
10 KB 22ms
20ms Script
text/javascript 18.64.115.76
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.truste.com/ca?pid=tradedesk01&aid=tradedesk01&cid=0a7a8j6_a99jcch_1e7nlzp2&c=tradedesk01cont1&js=pmw0&w=300&h=250&sid=0
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.64.115.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-64-115-76.txl50.r.cloudfront.net
Software: nginx /
Resource Hash: 1e7f48b89d19cf8b368b05e374c9353785e0761a458b04f58126235998f08fbc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 04:10:13 GMT
content-encoding: gzip
server: nginx
age: 2990
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 f67cb1e6517f8abcedeb3b0734a257bc.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-amz-cf-pop: TXL50-P4
x-amz-cf-id: 7lXXnB5wOgFu4HTMuqBMnXGcknZgcsIdnXhVoXYBFhMgIi5H9kb4Wg==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220324/r20110914/client/ Frame BE5A 2 KB
1 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220324/r20110914/client/window_focus_fy2019.js

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 04:38:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1292
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Apr 2022 04:38:31 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame BE5A 119 KB
36 KB 27ms
26ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30de69c01f8eb6cb0ab7b040f02316728cb490669cbf084aad71c06a708ed1ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36904
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1648035241783118"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 29 Mar 2022 05:00:03 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220324/r20110914/client/ Frame BE5A 15 KB
6 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220324/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 04:18:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2515
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6407
x-xss-protection: 0
server: cafe
etag: 6055885685211612390
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Apr 2022 04:18:08 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame BE5A 0
0 15ms
14ms Image
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQ_nAxWmbFyrox1qbTdOSQvvNyDNFX8vESeP8JIBy_wh8LJkRbVzUoZVZlNBiLYdsymUXY33hJ8qaghaLGqVq9EhQIwlg
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame BE5A 22 KB
7 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 06:52:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 79662
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 28 Mar 2023 06:52:21 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 569C 17 KB
6 KB 33ms
33ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 29 Mar 2022 05:00:03 GMT

GET
H2 200 ic5.php Show response
data00.adlooxtracking.com/ads/ Frame 170A 1 B
453 B 58ms
37ms XHR
text/plain 35.241.31.249

General

Check archive.org

Show headers Download Go to

Full URL: https://data00.adlooxtracking.com/ads/ic5.php?d1=%7B%22tag_hash%22%3A%22platform%3D78%26scriptname%3Dadl_152%26tagid%3D95%26typejs%3Dtvaf%26fwtype%3D2%26creatype%3D2%26targetelt%3D%26custom1area%3D50%26custom1sec%3D1%26custom2area%3D0%26custom2sec%3D0%26id11%3D%22%7D&adloox_io=1&client=adasia&campagne=152&banniere=0&visite_id=42064619445&seq=0&timezone=0&js=tfav_adl_152.js&date_regen=2021-12-14%2010%3A41%3A54&plat=78&tagid=95&fw=log&version=2&type_crea=2&sl=%22sm%22%3A%22browser%22&id1=4423307908&id2=2457250274&id3=21825867822&id4=21621840631&id5=138280972953&id20=614b730&p_d=0.101&d5=866&d3=1600x1200&d6=found-wabbit&d7=0&appname=Netscape&fai=google_ads_iframe_%2F21622890900%2C22537359798%2FSG_mustsharenews.com_res_article_leaderboard_728x90%2F%2F320x100%2F%2F320x50_0%40https%3A%2F%2Fmustsharenews.com%2Fspf-arrest-scams%2F%3FisentiaPostId%3Dpost-1&iframe=3&fake=000000&resolution=1600x1200&nav_lang=en-US&debug=7%3A%20top%20%21%3D%20window%20%26%20friendly%20-%3E%20GLOBAL.location.href%20&url_referrer=https%3A%2F%2Fmustsharenews.com%2Fspf-arrest-scams%2F%3FisentiaPostId%3Dpost-1&ao=https%3A%2F%2Fmustsharenews.com&nb_cpu=12&data=522662463ftttttttffffffttttftffffffffttttf&activetab=1
Requested by: Host: as.adlooxtracking.com
URL: https://as.adlooxtracking.com/ads/js/tfav_adl_152.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.31.249 -, , ASN (),
Reverse DNS
Software: nginx/1.19.8 / PHP/7.4.28
Resource Hash: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://mustsharenews.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:03 GMT
content-encoding: gzip
access-control-allow-origin: https://mustsharenews.com
x-powered-by: PHP/7.4.28
route: ads-prod-7898dcb597-sbht8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
pragma: no-cache
server: nginx/1.19.8
vary: Accept-Encoding
accept-ch-lifetime: 86400
content-type: text/plain; charset=utf-8
via: 1.1 google
cache-control: no-cache, no-store, must-revalidate
accept-ch: UA-Arch, UA-Model, UA-Platform, UA-Platform-Version, UA-Mobile, UA, Viewport-Width, DPR, Device-Memory, RTT, Downlink, ECT, Platform, Arch, Model, Mobile
timing-allow-origin: *
expires: 0

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame 9624 6 KB
3 KB 20ms
20ms Script
text/javascript 37.157.2.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?bn=53729164;rtbwp=7DDE9F91DEB6C3F7;rtbdata=kRsV41d0BpNKZwVQwysKY6Oldzr5j8ew9IhSliWFSCMt7hUeM2ytdwlJnid6annQiqEoQrTCuFL5eQLPGHTDzAyfdoRZK4L1rl07sLSkPNw46vw7S28hgq_35TRm_Ns0lqTpsRkx1-_cje5pAP8VqMzcxBYx-O7HhC8l5s3Xfj3otK7K6Uq84I2nG0ZBi56yeTqcoE3up6M68Boj7Xsdo9yfptKDu5HwEUEZ7-nWDxEAzC3LgwsuWJu5VRlAN-NK9gYyx8qLj63P9cHKF25x5aZQiGTbLByitYdCxZrv2pW1L4JSv14j2okk17O1oB9jwymryPBEKDcOi0t7WJUc25yszGe83ZiV6rRtab0FSpIEejgpFobovFC21eWKiGjLTyX8aIgyoZvNqym4bE5yQIZk1uf4zETDapAnfZ7SEKyYzzCJYBns7J-4S0TaEX4BxIWIKvvW4yInoXqHoLzdc2T0lQkXAT8x0;oobclicktrack=https%3a%2f%2fbeacon-nf.rubiconproject.com%2fbeacon%2fv2%2ft%2f0%2f620ef7ec-1e28-4309-aa10-e7b6bfb2ab49%2f;js=1;adfxid=2x;985;set=en-US|en-US|1600X1200|0|300|250|24|8|3|7|1|;fd=0|0&CREFURL=https%3A%2F%2Fmustsharenews.com

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8c8225d3f84062aaf1bccc0e7bf75b4013ad506217b3faed23dbc21aa5c7fa20

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:03 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/javascript; charset=utf-8
content-length: 2678
expires: -1

GET
H3 200 impl_v85.js Show response
www.googletagservices.com/dcm/ Frame BE5A 42 KB
17 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v85.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7337a38ce3a732e5243bd354ad12d96b4d5512e283a8dd70d129b730d7a5d3d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Sun, 27 Mar 2022 22:14:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 110708
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17382
x-xss-protection: 0
last-modified: Mon, 21 Feb 2022 17:13:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 27 Mar 2023 22:14:55 GMT

POST
H/1.1 200
OK postback Show response
s.update.rubiconproject.com/2/2.52.0/873648/ASvT-_UOEPR8frgV/ Frame B736 0
145 B 34ms
34ms XHR
text/plain 34.240.117.131
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.rubiconproject.com/2/2.52.0/873648/ASvT-_UOEPR8frgV/postback?di=mustsharenews.com&pv=2e16d238-2d55-453f-8e0d-015d0562875f&c2=15&si=284364&ap=&ui=L1BO75U0-1C-2UKP&pp=21468&gt=de&c1=1422796&sr=magnite.com&dt=8736481481318196516000&ci=873648&sid=ASvT-_UOEPR8frgV&oz_sc=c2f9589ca866abf3344f77b8&oz_df=1648530003772&oz_l=73&cv=3
Requested by: Host: s.update.rubiconproject.com
URL: https://s.update.rubiconproject.com/2/2.52.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 34.240.117.131 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-240-117-131.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 29 Mar 2022 05:00:02 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H3 200 CGHVXjYJRnLTYRF6fgor0GmLhTjmHb-GVf8novFL6vc.js Show response
pagead2.googlesyndication.com/bg/ Frame 5B02 35 KB
14 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CGHVXjYJRnLTYRF6fgor0GmLhTjmHb-GVf8novFL6vc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0861d55e36094672d361117a7e0a2bd0698b8538e61dbf8655ff27a2f14beaf7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 21:17:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27725
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13806
x-xss-protection: 0
last-modified: Tue, 22 Mar 2022 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 28 Mar 2023 21:17:58 GMT

GET
H2 200 get
choices.trustarc.com/ Frame B736 287 B
628 B 12ms
12ms Image
image/png 108.157.4.14
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://choices.trustarc.com/get?name=admarker-icon-tr.png
Requested by: Host: choices.trustarc.com
URL: https://choices.trustarc.com/ca?aid=tradedesk01&pid=tradedesk01&cid=0a7a8j6_a99jcch_1e7nlzp2&w=300&h=250&c=tradedesk01cont1&js=pmw2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-14.dus51.r.cloudfront.net
Software: nginx /
Resource Hash: 821262a8c32b52639f97ddf4f34c494e82156651752608fa6a23ffa3df2f84b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: public
date: Sat, 19 Mar 2022 06:28:21 GMT
via: 1.1 347732911156afff87ff95b6d55b9278.cloudfront.net (CloudFront)
server: nginx
age: 858702
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
x-amz-cf-pop: DUS51-P2
timing-allow-origin: *
content-length: 287
x-amz-cf-id: 5NSOzFqKMulJppenv_uUWJVoc9glMwADotrlf2f-SD45XES48li2uw==
expires: Mon, 18 Apr 2022 06:28:20 GMT

GET
H2 200 get
choices.trustarc.com/ Frame BDEF 287 B
629 B 9ms
9ms Image
image/png 108.157.4.14
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://choices.trustarc.com/get?name=admarker-icon-tr.png
Requested by: Host: choices.trustarc.com
URL: https://choices.trustarc.com/ca?aid=tradedesk01&pid=tradedesk01&cid=0a7a8j6_a99jcch_1e7nlzp2&w=300&h=250&c=tradedesk01cont1&js=pmw2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-14.dus51.r.cloudfront.net
Software: nginx /
Resource Hash: 821262a8c32b52639f97ddf4f34c494e82156651752608fa6a23ffa3df2f84b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: public
date: Sat, 19 Mar 2022 06:28:21 GMT
via: 1.1 347732911156afff87ff95b6d55b9278.cloudfront.net (CloudFront)
server: nginx
age: 858702
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
x-amz-cf-pop: DUS51-P2
timing-allow-origin: *
content-length: 287
x-amz-cf-id: z5EgiRECy_OjQ5m6OlpoB5qC7I1EzOrXf4BRtwI4UQ9tKqlkG9csGA==
expires: Mon, 18 Apr 2022 06:28:20 GMT

GET
H2 200 Standard Show response
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/ImageTag:types/ Frame 9624 85 KB
36 KB 21ms
20ms Script
text/javascript 37.157.5.71
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/ImageTag:types/Standard
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.71 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 40ab2b56907ff44c4370185a254dbd2ea8fc2ac40e6ab6050b93b986a2b43867

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:03 GMT
content-encoding: gzip
last-modified: Thu, 10 Feb 2022 15:16:56 GMT
server: nginx
x-cache-status: HIT
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Wed, 30 Mar 2022 08:02:03 GMT

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame D771 281 B
554 B 13ms
13ms Document
text/html 23.205.235.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?&gdpr=1&gdpr_consent=BPWmbc0PWmbc0__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU&geo=eu&co=de
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-235-133.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
ETag: "402b2-119-5d32342a551c0"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Tue, 29 Mar 2022 05:00:03 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 7986 1 KB
752 B 7ms
6ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Mon, 28 Mar 2022 13:26:12 GMT
expires: Tue, 29 Mar 2022 13:26:12 GMT
cache-control: public, max-age=86400
age: 56031
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 B26791739.320447811;dc_ver=85.248;sz=300x250;u_sd=1;kw=a99jcch;dc_adk=3674133236;ord=3qae4z;click=http%3A%2F%2Finsight.adsrvr.org%2Ftrack%2Fclk%3Fimp%3D9fc85d4c-e998-4c6c-b6b1-96e2169a9a13%26ag%3Da... Show response
ad.doubleclick.net/ddm/adj/N1549806.422087GROUPMCOMPETENCEC/ Frame BE5A 65 KB
26 KB 56ms
56ms Script
text/javascript 142.250.185.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/N1549806.422087GROUPMCOMPETENCEC/B26791739.320447811;dc_ver=85.248;sz=300x250;u_sd=1;kw=a99jcch;dc_adk=3674133236;ord=3qae4z;click=http%3A%2F%2Finsight.adsrvr.org%2Ftrack%2Fclk%3Fimp%3D9fc85d4c-e998-4c6c-b6b1-96e2169a9a13%26ag%3Da99jcch%26sfe%3D147a1253%26sig%3D7mSVJWQjmUGgm3YwvA0OSyzxuBHdQN6iYWiHIH_dnFY.%26crid%3D1e7nlzp2%26cf%3D3176281%26fq%3D0%26t%3D1%26td_s%3Dmustsharenews.com%26rcats%3D%26mcat%3D%26mste%3D%26mfld%3D3%26mssi%3D%26mfsi%3D%26sv%3Drubicon%26uhow%3D55%26agsa%3D%26wp%3DD73D2D86FA739BE8%26rgz%3D%26dt%3DPC%26osf%3DWindows%26os%3DWindows10%26br%3DChrome%26svpid%3D21468%26rlangs%3Den%26mlang%3D%26did%3D%26rcxt%3DOther%26tmpc%3D6.12%26vrtd%3D%26osi%3D%26osv%3D%26daid%3D%26dnr%3D0%26vpb%3D%26c%3DCgdHZXJtYW55GgA4AVAHgAEAiAEBkAEB%26dur%3DCjAKDGNoYXJnZS1hbGwtMSIgCP___________wESE3R0ZF9kYXRhX2V4Y2x1c2lvbnMKOwodY2hhcmdlLWFsbFRUREN1c3RvbUNvbnRleHR1YWwiGgja__________8BEg10dGRjb250ZXh0dWFsCkgKIWNoYXJnZS1hbGxNb2F0Vmlld2FiaWxpdHlUcmFja2luZyIjCKX__________wESDm1vYXQtcmVwb3J0aW5nKgYIoI0GGAw.%26durs%3DdwsLA4%26crrelr%3D%26npt%3D%26mk%3DGoogle%26mdl%3DChrome%2520-%2520Windows%26ipl%3D%2F21622890900%2FSG_mustsharenews.com_res_article_bottom_300x250%2F%2F336x280%26pcm%3D1%26ict%3DUnknown%26said%3Da898730ca86bd8a7e172934303d2e30886db23e4%26auct%3D1%26cxlvs%3D0%26grdc%3DCAEYASABKAFAAUgC%26tail%3D1%26r%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.;dc_rfl=1,https%3A%2F%2Fmustsharenews.com%2F$0;xdt=1;crlt=4pRk!D!Krl;sttr=125;prcl=s

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v85.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f6.1e100.net

Software

cafe /

Resource Hash

5c37fdb53d58b2ddc912ee29d758397d4b9b36bcabd7fe0524da09eba450b821

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:03 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27044
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 9624 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e099b6475b7af10762083c15fe694f3beff81a94230f4fc0830cbe68ccb1f662

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Content-Type: image/png

POST
H/1.1 200
OK postback Show response
s.update.rubiconproject.com/2/2.52.0/873648/ASvT-_UOEPR8frgV/ Frame B736 0
145 B 31ms
30ms XHR
text/plain 34.240.117.131
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.rubiconproject.com/2/2.52.0/873648/ASvT-_UOEPR8frgV/postback?di=mustsharenews.com&pv=2e16d238-2d55-453f-8e0d-015d0562875f&c2=15&si=284364&ap=&ui=L1BO75U0-1C-2UKP&pp=21468&gt=de&c1=1422796&sr=magnite.com&dt=8736481481318196516000&ci=873648&sid=ASvT-_UOEPR8frgV&oz_sc=c2f9589ca866abf3344f77b8&oz_df=1648530003965&oz_l=29&cv=3
Requested by: Host: s.update.rubiconproject.com
URL: https://s.update.rubiconproject.com/2/2.52.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 34.240.117.131 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-240-117-131.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 29 Mar 2022 05:00:03 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame D771 32 KB
10 KB 16ms
15ms Script
text/html 23.205.235.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&gdpr=1&gdpr_consent=BPWmbc0PWmbc0__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU&geo=eu&co=de
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-235-133.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 9ad1bb44af5999c63ca2cb0cc07b90c55f3f4752a55578ff5fb7e2e953161e61

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?&gdpr=1&gdpr_consent=BPWmbc0PWmbc0__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU&geo=eu&co=de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Date: Tue, 29 Mar 2022 05:00:04 GMT
Content-Encoding: gzip
Last-Modified: Wed, 02 Mar 2022 16:28:01 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=12990
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9540
Expires: Tue, 29 Mar 2022 08:36:34 GMT

POST
H/1.1 200
OK postback Show response
s.update.adsrvr.org/2/2.52.0/357427/ASvT-7gQEeWhgXSd/ Frame F8A3 0
145 B 29ms
28ms XHR
text/plain 18.203.209.222
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.adsrvr.org/2/2.52.0/357427/ASvT-7gQEeWhgXSd/postback?de=2&dt=3574271504888517674019&pp=21468&dm=300x250&di=mustsharenews.com&md=1&ac=0a7a8j6&cb=1648530000&r7=&to=3&sr=rubicon&ci=357427&ap=&pv=940ddcb5-57e2-4786-a3f1-2dc32de7d904&pd=avt&ui=&ti=09b98f2a-9940-4e5b-9ae1-8a4570d2a377&sid=ASvT-7gQEeWhgXSd&oz_sc=2d7a79eaccfd3e89a25e8df4&oz_df=1648530004000&oz_l=361&cv=3
Requested by: Host: s.update.adsrvr.org
URL: https://s.update.adsrvr.org/2/2.52.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 18.203.209.222 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-203-209-222.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 29 Mar 2022 05:00:03 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H2 200 get
choices.trustarc.com/ Frame 32F8 287 B
629 B 9ms
9ms Image
image/png 108.157.4.14
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://choices.trustarc.com/get?name=admarker-icon-tr.png
Requested by: Host: choices.trustarc.com
URL: https://choices.trustarc.com/ca?aid=tradedesk01&pid=tradedesk01&cid=0a7a8j6_a99jcch_1e7nlzp2&w=300&h=250&c=tradedesk01cont1&js=pmw2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-14.dus51.r.cloudfront.net
Software: nginx /
Resource Hash: 821262a8c32b52639f97ddf4f34c494e82156651752608fa6a23ffa3df2f84b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: public
date: Sat, 19 Mar 2022 06:28:21 GMT
via: 1.1 347732911156afff87ff95b6d55b9278.cloudfront.net (CloudFront)
server: nginx
age: 858703
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
x-amz-cf-pop: DUS51-P2
timing-allow-origin: *
content-length: 287
x-amz-cf-id: 5Z-re8oHvA6-mL_Bwo7YHyk1-xVPQ_cihkJroFumr1bCXvidFLMmXA==
expires: Mon, 18 Apr 2022 06:28:20 GMT

GET
H2 200 get
choices.trustarc.com/ Frame 32F8 739 B
1 KB 9ms
9ms Image
image/png 108.157.4.14
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://choices.trustarc.com/get?name=admarker-full-tr.png
Requested by: Host: choices.trustarc.com
URL: https://choices.trustarc.com/ca?aid=tradedesk01&pid=tradedesk01&cid=0a7a8j6_a99jcch_1e7nlzp2&w=300&h=250&c=tradedesk01cont1&js=pmw2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-14.dus51.r.cloudfront.net
Software: nginx /
Resource Hash: 093d94d4b660253c55e87d4503dffcb6cedc8f222f9d85d1faa68ff619ac9d3e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: public
date: Sun, 13 Mar 2022 13:36:21 GMT
via: 1.1 347732911156afff87ff95b6d55b9278.cloudfront.net (CloudFront)
server: nginx
age: 1351423
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
x-amz-cf-pop: DUS51-P2
timing-allow-origin: *
content-length: 739
x-amz-cf-id: rnyl7MVd8sRjQXpVjgUEaenva8QIBD6D1pzJzmUKv8Jk1cRGjBF5-A==
expires: Tue, 12 Apr 2022 13:36:20 GMT

GET
H2 200 get
choices.trustarc.com/ Frame 5E93 287 B
630 B 9ms
9ms Image
image/png 108.157.4.14
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://choices.trustarc.com/get?name=admarker-icon-tr.png
Requested by: Host: choices.trustarc.com
URL: https://choices.trustarc.com/ca?aid=tradedesk01&pid=tradedesk01&cid=0a7a8j6_a99jcch_1e7nlzp2&w=300&h=250&c=tradedesk01cont1&js=pmw2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-14.dus51.r.cloudfront.net
Software: nginx /
Resource Hash: 821262a8c32b52639f97ddf4f34c494e82156651752608fa6a23ffa3df2f84b1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: public
date: Sat, 19 Mar 2022 06:28:21 GMT
via: 1.1 347732911156afff87ff95b6d55b9278.cloudfront.net (CloudFront)
server: nginx
age: 858703
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
x-amz-cf-pop: DUS51-P2
timing-allow-origin: *
content-length: 287
x-amz-cf-id: euPVDGestvb0JInRRsxSyrm40mZZZ6XNkzeaVqH6_xo3MQpQuvyxZw==
expires: Mon, 18 Apr 2022 06:28:20 GMT

GET
H2 200 get
choices.trustarc.com/ Frame 5E93 739 B
1 KB 9ms
9ms Image
image/png 108.157.4.14
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://choices.trustarc.com/get?name=admarker-full-tr.png
Requested by: Host: choices.trustarc.com
URL: https://choices.trustarc.com/ca?aid=tradedesk01&pid=tradedesk01&cid=0a7a8j6_a99jcch_1e7nlzp2&w=300&h=250&c=tradedesk01cont1&js=pmw2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.14 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-14.dus51.r.cloudfront.net
Software: nginx /
Resource Hash: 093d94d4b660253c55e87d4503dffcb6cedc8f222f9d85d1faa68ff619ac9d3e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: public
date: Sun, 13 Mar 2022 13:36:21 GMT
via: 1.1 347732911156afff87ff95b6d55b9278.cloudfront.net (CloudFront)
server: nginx
age: 1351423
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
x-amz-cf-pop: DUS51-P2
timing-allow-origin: *
content-length: 739
x-amz-cf-id: y_eheMlNz17VPez4sVBblhxLbDGKaTLC7zl4rOjuByFzAxy2anp6iQ==
expires: Tue, 12 Apr 2022 13:36:20 GMT

GET
H2 200 52094395.jpg
s1.adform.net/Banners/52094395/ Frame 9624 128 KB
128 KB 26ms
25ms Image
image/jpeg 37.157.5.71
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s1.adform.net/Banners/52094395/52094395.jpg?bv=2

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.219/e/igSBggDQ/i/vCAv.IAAAAAoAA/r:AdConstructor:contents/ImageTag:types/Standard

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.5.71 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

3439a2147b7429c86c1dfb21e024da16f96b7e15cea79094a7f69bbab594755e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:04 GMT
last-modified: Wed, 09 Mar 2022 12:37:20 GMT
server: nginx
etag: "62289f80-1ff6b"
x-cache-status: HIT
strict-transport-security: max-age=0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
content-type: image/jpeg
content-length: 130923

POST
H2 200 /
track.adform.net/csimpr/ Frame 9624 35 B
503 B 19ms
19ms Ping
image/gif 37.157.2.235
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=53729164&csi=WpJXCRWLVz4XRiuacc83S0xkyOSwuvKS3jcb3uTycqTZKGWOLEEutt6vWmW1dlSa0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.2.235 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:04 GMT
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H3 200 html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame BE5A 169 KB
59 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Requested by

Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
Origin: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 19:19:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 34858
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60173
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:51 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 29 Mar 2022 19:19:06 GMT

GET
H3 200 omrhp.js
pagead2.googlesyndication.com/pagead/js/r20220324/r20110914/elements/html/ Frame BE5A 8 KB
3 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220324/r20110914/elements/html/omrhp.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N1549806.422087GROUPMCOMPETENCEC/B26791739.320447811;dc_ver=85.248;sz=300x250;u_sd=1;kw=a99jcch;dc_adk=3674133236;ord=3qae4z;click=http%3A%2F%2Finsight.adsrvr.org%2Ftrack%2Fclk%3Fimp%3D9fc85d4c-e998-4c6c-b6b1-96e2169a9a13%26ag%3Da99jcch%26sfe%3D147a1253%26sig%3D7mSVJWQjmUGgm3YwvA0OSyzxuBHdQN6iYWiHIH_dnFY.%26crid%3D1e7nlzp2%26cf%3D3176281%26fq%3D0%26t%3D1%26td_s%3Dmustsharenews.com%26rcats%3D%26mcat%3D%26mste%3D%26mfld%3D3%26mssi%3D%26mfsi%3D%26sv%3Drubicon%26uhow%3D55%26agsa%3D%26wp%3DD73D2D86FA739BE8%26rgz%3D%26dt%3DPC%26osf%3DWindows%26os%3DWindows10%26br%3DChrome%26svpid%3D21468%26rlangs%3Den%26mlang%3D%26did%3D%26rcxt%3DOther%26tmpc%3D6.12%26vrtd%3D%26osi%3D%26osv%3D%26daid%3D%26dnr%3D0%26vpb%3D%26c%3DCgdHZXJtYW55GgA4AVAHgAEAiAEBkAEB%26dur%3DCjAKDGNoYXJnZS1hbGwtMSIgCP___________wESE3R0ZF9kYXRhX2V4Y2x1c2lvbnMKOwodY2hhcmdlLWFsbFRUREN1c3RvbUNvbnRleHR1YWwiGgja__________8BEg10dGRjb250ZXh0dWFsCkgKIWNoYXJnZS1hbGxNb2F0Vmlld2FiaWxpdHlUcmFja2luZyIjCKX__________wESDm1vYXQtcmVwb3J0aW5nKgYIoI0GGAw.%26durs%3DdwsLA4%26crrelr%3D%26npt%3D%26mk%3DGoogle%26mdl%3DChrome%2520-%2520Windows%26ipl%3D%2F21622890900%2FSG_mustsharenews.com_res_article_bottom_300x250%2F%2F336x280%26pcm%3D1%26ict%3DUnknown%26said%3Da898730ca86bd8a7e172934303d2e30886db23e4%26auct%3D1%26cxlvs%3D0%26grdc%3DCAEYASABKAFAAUgC%26tail%3D1%26r%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.;dc_rfl=1,https%3A%2F%2Fmustsharenews.com%2F$0;xdt=1;crlt=4pRk!D!Krl;sttr=125;prcl=s

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 04:20:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2389
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Apr 2022 04:20:15 GMT

GET
H3 200 UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame BE5A 41 KB
15 KB 11ms
11ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: mustsharenews.com
URL: https://mustsharenews.com/spf-arrest-scams/?isentiaPostId=post-1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Mon, 28 Mar 2022 09:30:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 70178
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 28 Mar 2023 09:30:26 GMT

GET

pixel
cm.g.doubleclick.net/ Frame 7986
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEILWj41QOUVXpkIII3SyKYI&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEILWj41QOUVXpkIII3SyKYI&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=Y1hVS21YeEcxTnozWEM1&google_gid=CAESEILWj41QOUVXpkIII3SyKYI&google_cver=1&google_push=AYg5qPJ3c5QRqtu0RUVu3BVKsWPVcSayoIaeCVeinRF2y8o...

0
0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7986
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WWtLU1VnQUVYX1ViQVFBLQ==&google_gid=CAESEO21tyno6lWI--SZIxrwoz0&google_cver=1&google_push=AYg5qPJCepHAlv0OLsDTs0sryL4LVKifBj...

170 B
188 B

17ms
16ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WWtLU1VnQUVYX1ViQVFBLQ==&google_gid=CAESEO21tyno6lWI--SZIxrwoz0&google_cver=1&google_push=AYg5qPJCepHAlv0OLsDTs0sryL4LVKifBjzrMjars0dy812QJf_CIvmjm93-dSsiUPRQrp1AkwPbmFvlGsTbAQukS2NiG7JsIW3n

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:04 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1648530004.120718,VS0,VE0
x-served-by: cache-hhn4050-HHN
x-cache: HIT
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WWtLU1VnQUVYX1ViQVFBLQ==&google_gid=CAESEO21tyno6lWI--SZIxrwoz0&google_cver=1&google_push=AYg5qPJCepHAlv0OLsDTs0sryL4LVKifBjzrMjars0dy812QJf_CIvmjm93-dSsiUPRQrp1AkwPbmFvlGsTbAQukS2NiG7JsIW3n
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 7986 70 B
264 B 36ms
32ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEMPHGmrmwtyCrl7ucc2QcMU&google_cver=1&google_push=AYg5qPKFr-5gDRdT2X2nLuBQEUwEEV-Uljb8WT4fsRRh1iOrYKpGfHsnhRrnJZryzeBWJyreqmbN4Zy8f9CQUFCEPOQaKEbgRTus
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:04 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7986
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEJkg61R3c68iQqP5LUHGI0U&google_cver=1&google_push=AYg5qPKIfVeA2wfEIwwYI03RriPu00ebFxLFxQIx_8tDr1yh2YdocO7qdjgOFd5oEHLJRYNzW5qCZVs2...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODU3OTA0NTAwMzE2MTYwNTAxOA&google_push=AYg5qPKIfVeA2wfEIwwYI03RriPu00ebFxLFxQIx_8tDr1yh2YdocO7qdjgOFd5oEHLJRYNzW5qCZV...

170 B
188 B

15ms
15ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODU3OTA0NTAwMzE2MTYwNTAxOA&google_push=AYg5qPKIfVeA2wfEIwwYI03RriPu00ebFxLFxQIx_8tDr1yh2YdocO7qdjgOFd5oEHLJRYNzW5qCZVs2lH1zAeBQtPhPN2M1m0kh

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:04 GMT
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=ODU3OTA0NTAwMzE2MTYwNTAxOA&google_push=AYg5qPKIfVeA2wfEIwwYI03RriPu00ebFxLFxQIx_8tDr1yh2YdocO7qdjgOFd5oEHLJRYNzW5qCZVs2lH1zAeBQtPhPN2M1m0kh
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7986
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=1EIv93PATJy-agQ8xRwu3w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

17ms
16ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=1EIv93PATJy-agQ8xRwu3w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJ5c0bzrwZukFqUSn1SD-oT0lSZDFjmmNQavsJT5QQ-Tl2MyYan4XVCAxBjbqlBYK7TS2lYWSO--mL_fBrVFMndl-sXWAE

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Mar 2022 05:00:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=1EIv93PATJy-agQ8xRwu3w%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJ5c0bzrwZukFqUSn1SD-oT0lSZDFjmmNQavsJT5QQ-Tl2MyYan4XVCAxBjbqlBYK7TS2lYWSO--mL_fBrVFMndl-sXWAE
date: Tue, 29 Mar 2022 05:00:03 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET ebda
match.360yield.com/match/ Frame 7986 0
0

GET

pixel
cm.g.doubleclick.net/ Frame 7986
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEI...
https://sync.targeting.unrulymedia.com/csync/RX-8e8d7b9d-af80-4a7c-931d-748683170876-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAYg5qPIaTCKjr9AfwpxCda9Uw...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPIaTCKjr9AfwpxCda9UwGlNWJXwPi76mGk2UsSTpnXoouifitqB-JKGxThFEuiC0mScAE4cvDoVrt-EcPJviQ-PX4FLf63w&google_hm=A46Ne52vgEp8kx10hoMXCHY

0
0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 7986 0
12 B 18ms
15ms Image
text/html 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13K5gF6leXlmgsNj1zbQ8sR9E4w4Behq7VscZGJqYBcTDeByJvkws5_Bn2Az4QaPFjypjDUk

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:04 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H/1.1 200
OK usync.html
eus.rubiconproject.com/ Frame 3685 281 B
0 13ms
13ms Document
text/html 23.205.235.133
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?&gdpr=1&gdpr_consent=BPWmbc-PWmbc-__AAA__DX-AAAAvlIPafYrCwoWQ3PJ5JgAgEK6BgQCFAAAACAAEQAIABSAACAUkgBAoiUAIAIRAAABARIJCAAgQAACSgAHAAAAIAggAAAAAAABAAQEAAAAAABAAAAAAAAAAAAAAAAAgAAAU&geo=eu&co=de
Requested by: Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.235.133 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-235-133.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
ETag: "402b2-119-5d32342a551c0"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Tue, 29 Mar 2022 05:00:04 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H3 200 cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 4783 1 KB
0 6ms
6ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
URL: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
date: Mon, 28 Mar 2022 13:26:12 GMT
expires: Tue, 29 Mar 2022 13:26:12 GMT
cache-control: public, max-age=86400
age: 56032
etag: 48472445140208031
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
BLOB 200
OK b04a8130-c968-4382-87d6-90c1fc99c6fd
https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/ Frame F8A3 772 B
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/b04a8130-c968-4382-87d6-90c1fc99c6fd
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 566b9670644559b5460f2b0e0f217709742edb5f53197b537e48c208fc698853

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Content-Length: 772

GET
DATA 200
OK truncated
/ Frame BE5A 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cbbea6095327783f193d1a0eb2a09495947b37a5de23bb86110424529be9d603

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

Content-Type: image/png

POST
H/1.1 200
OK postback
s.update.rubiconproject.com/2/2.52.0/873648/ASvT-_UOEPR8frgV/ Frame B736 0
145 B 30ms
30ms XHR
text/plain 34.240.117.131
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.rubiconproject.com/2/2.52.0/873648/ASvT-_UOEPR8frgV/postback?di=mustsharenews.com&pv=2e16d238-2d55-453f-8e0d-015d0562875f&c2=15&si=284364&ap=&ui=L1BO75U0-1C-2UKP&pp=21468&gt=de&c1=1422796&sr=magnite.com&dt=8736481481318196516000&ci=873648&sid=ASvT-_UOEPR8frgV&oz_sc=c2f9589ca866abf3344f77b8&oz_df=1648530004120&oz_l=106&cv=3
Requested by: Host: s.update.rubiconproject.com
URL: https://s.update.rubiconproject.com/2/2.52.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 34.240.117.131 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-240-117-131.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 29 Mar 2022 05:00:03 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 0603 0
9 B 6ms
6ms Image
text/plain 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?5DRC3g
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36

Response headers

date: Tue, 29 Mar 2022 05:00:04 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET usync.js
eus.rubiconproject.com/ Frame 3685 0
0

GET
H3 200 index.html
s0.2mdn.net/sadbundle/6538174354311107868/ Frame 00C2 0
0 17ms
17ms Document
text/html 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6538174354311107868/index.html?e=69&leftOffset=0&topOffset=0&c=D7xTRE99ic&t=4&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
date: Tue, 29 Mar 2022 05:00:04 GMT
expires: Wed, 29 Mar 2023 05:00:04 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 04 Feb 2022 13:09:33 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST view
googleads4.g.doubleclick.net/pcs/ Frame BE5A 0
0

GET gen_204
pagead2.googlesyndication.com/pagead/ Frame CD1C 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: hbopenbid.pubmatic.com
URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJb4Y_W5WC_GPuYj2z7ZHe5SIAZevJof0hx7zAxZUrANl8yEH_x4nKjpNfV_-ZGfS9jnMWNraAN5CK2g0EPGhO86M5VDIc4hQ

Domain: google2waycm.netmng.com
URL: https://google2waycm.netmng.com/cm/?google_gid=CAESEKMnl4n0jvwWt9Ou8I4jyRc&google_cver=1&google_push=AYg5qPIn7V7enrN41JuNY4g9zpFEysydeGKosG71i74fgAAngjJX8_4Ao56JWGj8hk_zFAqd9qrb38krEsB2aAe0CUZDp_8kkO4q

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXQfQZhrHx5ZFt5YjvugVZox6hPe7jFMTMf14aqv7VYrBzb89cX_gsGdSBOS4BWKAp3B_QFyXdHpeYZmJL5ye6DsGr6xHk

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkKSU-M-BY1WVSBPYhwqxQAABFwAAAIB&google_gid=CAESEOfUcL-XSf_Qjblw5ye1KtU&google_cver=1&google_push=AYg5qPJ_-kXMwSd00uKoXlXVkF2XuLsPv27wccfULWrvpTcmsb-Tr3xLuleZnTnhdQSmIbukpHNvKN8T2chEWZ22BRRnCvZw8w

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=Y1hVS21YeEcxTnozWEM1&google_gid=CAESEILWj41QOUVXpkIII3SyKYI&google_cver=1&google_push=AYg5qPJ3c5QRqtu0RUVu3BVKsWPVcSayoIaeCVeinRF2y8ovULiTulw8Ii7cZw4g_BOjq0aEv9H6pkNsKmkwjRCiueshbmrauJM

Domain: match.360yield.com
URL: https://match.360yield.com/match/ebda?google_gid=CAESEG0l-zJrjBffxuDmxghQbuo&google_cver=1&google_push=AYg5qPJ5sXjuO3H1ayD583trHQy9FZgoUAt18MiPb_m_hiGUZj2b_ZyIFw-HF4b9ZdP098yCVesZyVWfcSVlVv7TTl3ls8gO8AoD

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPIaTCKjr9AfwpxCda9UwGlNWJXwPi76mGk2UsSTpnXoouifitqB-JKGxThFEuiC0mScAE4cvDoVrt-EcPJviQ-PX4FLf63w&google_hm=A46Ne52vgEp8kx10hoMXCHY

Domain: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js

Domain: googleads4.g.doubleclick.net
URL: https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssky_omFpy9b-OzPdf8NpqiQt_b0YsfkG_DlFGrHPFgxS4SLVJsIFNQyvuvTDNzIVD9fLYUbct5JiBZLaRgd01sci4ldt6mMUBXbdkRwx_DwVg69P-NksUvRnfD8TmuIZ82WK0N6RP6CnnqwncGerC5E4Y&sig=Cg0ArKJSzMB4D5uxSdh9EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=157&cbvp=1&cstd=154&cisv=r20220324.16155&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gda_r20220324&jk=111525324806400&bg=!2Nul25_NAAbzJazn0yU7ACkAdvg8Wj7GMLq_0xEVaZ6WXZO6i95bgDOKDWfZoXnbpp7E1uy4qkbJVgIAAAGQUgAAAAJoAQcKAF6_KWA1ULAc99o5LbJqlG7JXMhbgqhGjs_BxXJWZeQ5rHzKStgN20PQFzyWsRgzcgDnF4xkybiLTivPe9YKBDcSF-Gk5ievSb7UbkskHm0a8xpRV41pWtCnkRhhztX2mQL2JnnjXDeeT1X9cnMP26uAhfSwxTYfVtY_P8ZNj5yTVoN70ga1EnqFsRFbEv8a6uleSuqxeBhv_qx7VVQ5K36VMcnalS3NTq7duaf14lHplgfKDwAegdUvl4aOQiOJFETbf2gm3qkkU-pc0sZ02lJCzm8JvtiR0s2PjIqFPDAGUiDL11o5Zt6IA9wIjejZ4FggT03FsuoXgeb1NXJyMvZJxwtqCLLeTkFFLwWl4NMmIqOLykmuzF4R2dx3enDH5T0jQyF6ez4cjklVFoC5y96EnViCq9ngkPJS1YSJLYWydkXFwuuotsTGg8WjYkCRt086KCT6_7UO3EgiTzdI3xUWPdEmtGuQ3XCPpXVzPI2XU7V3ZWmJR3MS8UgUKVuojAIHSlX1ZtEiwTa7ZOMPjuLBHzr6IHe20iUGuQjzfc86xmMv3Bcrq3eVN-W6OpQUrhG2yJqok0DuEhhuFDyWLawF3y5TYYeOqPEphzCXz4up66ckjVAsDTl-OnDFD0UzYyhuMmKQrsLy9iK5VR6dGz6Q18SEenJ_n4DIcW46eIKN5HFf3GHI1bWM-9gfB-BRsjbWir_aCa2gHmR-guHj5A1QQXmW1hviC-8FeUZhnYYi2c8zhChIHMymmiB2j5CZS5Yj_uuoW42Zkxnb6xX2IGAjgrUDdTTQzfcJvNl6x6Ym7yihMVUYz7RLSCJ0TOAZH7f0PQb-4F8QIravaw8uR8RDnyTErlEfvTd1Uxc90W8RHuwZXW27uHGGcRI2dJUq8id38xy0o75pCQwr82XbQIB3T6yMOezyDFLM3VzFXrQE6-SyuXAZdRCUvkF2D-UsuVXbxJbRQCS6mUYqy-tcgn1CWHv50HUCwOYoceqK6YwcH04yOs6AwzrEwa1pYfkrrvrNbXh3ov_Urwa3yfJ_aXAXa0A5UYL7gD8GDKqtUMxgxwm7rmG8COleFj9pbC7Z_9WzwKlLGbZ_5Z0hEJIy-o_LcA3DXFBVjKJyN9N_0QIY1Th0Vs5bXqQ

Verdicts & Comments Add Verdict or Comment

258 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

53 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.google.com/recaptcha	1970-01-20 06:14:41	Name: _GRECAPTCHA Value: 09ACxne1P98iSy58HlghKK2bXWdnyNivxZV-hXXfNVGgJ2xcrD4xuDyEtePSkwcSi1OCUp3U3UyeCsEE1n5kQv8K4
.3lift.com/sync	1970-01-20 04:05:06	Name: sync Value: CgoIoQEQsKKuoP0vCgoIgQIQsKKuoP0vCgoI4gEQsKKuoP0vCgoI5gEQsKKuoP0vCgoIhwIQsKKuoP0vCgkICRCwoq6g_S8KCQg6ELCirqD9LwoJCAsQsKKuoP0vCgoIjAIQsKKuoP0vCgkIXxCwoq6g_S8=
.mustsharenews.com/	1970-01-20 19:26:41	Name: _ga Value: GA1.2.1334310438.1648529998
.mustsharenews.com/	1970-01-20 01:56:56	Name: _gid Value: GA1.2.257472219.1648529998
.mustsharenews.com/	1970-01-20 01:55:30	Name: _gat Value: 1
mustsharenews.com/	1970-01-20 02:38:41	Name: _pbjs_userid_consent_data Value: 3524755945110770
.mustsharenews.com/	1970-01-20 06:14:41	Name: _pubcid Value: d7756682-ae6b-49b5-bff6-f42fc605b662
.mustsharenews.com/	1970-01-20 01:55:30	Name: _gat_gtag_UA_54789758_1 Value: 1
.mustsharenews.com/	1970-01-20 04:05:05	Name: _fbp Value: fb.1.1648529998374.1219241184
mustsharenews.com/	1970-01-20 11:17:05	Name: cto_bidid Value: -c1lhl9UWGN4Rkl6bUtrZkw0clUzQmZJdFExeGc0RDZJR2tOTXhraFB5Qm9LQTR6WWJPNGRxc2RqdEF2anJGSSUyRktBNGd1VFVaMFVJWGd4a0FrNVBTSjAxeElnJTNEJTNE
mustsharenews.com/	1970-01-20 11:17:05	Name: cto_bundle Value: G_qSll9zYVhNbGs2SVdJUFBwMG5jREpTUWtWQWR0Y21kTm4zaFFLTjQ1NE1RT1Z2OVJUcEJVS2laRmg5NjZCT3lqck9ZRlZqRVpqYUFGdU5oRzBrJTJGbiUyQk1XcTlpSzVDVGRWNFZSVmxkcmlPYWlyYjdMN2xucFRYY3VzMTQyUVZLRWF3UmQ
.rubiconproject.com/	1970-01-20 10:41:06	Name: khaos Value: L1BO747I-23-EOQ5
.facebook.com/	1970-01-20 19:26:41	Name: sb Value: T5JCYnEcc0z5axkxDCz1W8s8
.facebook.com/	1970-01-20 04:05:05	Name: fr Value: 0vhwjcN6ClALBCU7X..BiQpJO.4Y.AAA.0.0.BiQpJP.AWWAGILPlxo
.adsrvr.org/	1970-01-20 10:41:06	Name: TDID Value: 514a4b88-0dfd-434d-a84a-f5d9ce432a25
mustsharenews.com/	1970-01-20 03:21:54	Name: pubmatic-unifiedid Value: %7B%22TDID%22%3A%22514a4b88-0dfd-434d-a84a-f5d9ce432a25%22%2C%22TDID_LOOKUP%22%3A%22FALSE%22%2C%22TDID_CREATED_AT%22%3A%222022-03-29T05%3A00%3A00%22%7D
.adnxs.com/	1970-01-20 04:05:06	Name: uuid2 Value: 3274717522904464586
.adfarm1.adition.com/	1970-01-20 04:05:06	Name: UserID1 Value: 7080382440780724373
.simpli.fi/	1970-01-20 10:42:32	Name: suid Value: E4F8497C5FD740E193A9D9B8A4074E12
.yahoo.com/	1970-01-20 10:41:27	Name: A3 Value: d=AQABBFGSQmICEDpR0MISdIblSZFmiaULv9UFEgEBAQHjQ2JMYgAAAAAA_eMAAA&S=AQAAAumcNfuQ7T--jcgOU59pARE
.de17a.com/	1970-01-20 10:33:54	Name: guid2 Value: 1.6198356804290741703
.getrockerbox.com/	1970-01-20 02:38:42	Name: uuid Value: 3274717522904464586
.rlcdn.com/	1970-01-20 10:41:06	Name: rlas3 Value: BNcoOpivTtUjyZOKkGmYZvO3vC+p04MCTOS2OE3dpbc=
.rlcdn.com/	1970-01-20 03:21:54	Name: pxrc Value: CAA=
.1rx.io/	1970-01-20 10:41:06	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-8e8d7b9d-af80-4a7c-931d-748683170876-003%22%7D
.adform.net/	1970-01-20 02:40:08	Name: C Value: 1
.rubiconproject.com/	1970-01-20 10:41:06	Name: audit Value: 1\|naVuGyos1qrgSKfJgutcVCAkF7RiBdb4AgvEG2sPPZq/zJBpTbUTS9zgQrBBfdlTMsXEFL5ab9Gl2zc8aRh/hnKY++jymV4/ObTleGb6qyTZ07z1Q7uw3qT74sIpTwLwwH+vBB49WtYm1LRvd1CuP728dQ8fslSKJPKNNPmRnbL8ewi7LOaL5sp6NUwO8d8QnyFHID3hUmzI0ODs07Ox+mYZdxS8mnsGHP1fC/fWY3uMubqaWOC3Mz1gk67rADOGb6LmdIb7rzg4GJzz2IQs+zc2D8c8sh92TM6A1BodwYKU7IJddmKAo4wVLiKFihVRYf2LrWK/bnw=
.bidswitch.net/	1970-01-20 10:41:06	Name: tuuid Value: 1f554cb1-f262-4be5-8e8c-a88a6c12fca2
.bidswitch.net/	1970-01-20 10:41:06	Name: c Value: 1648530002
.bidswitch.net/	1970-01-20 10:41:06	Name: tuuid_lu Value: 1648530002
.adform.net/	1970-01-20 03:21:54	Name: uid Value: 8579045003161605018
.targeting.unrulymedia.com/	1970-01-20 10:41:06	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-8e8d7b9d-af80-4a7c-931d-748683170876-003%22%7D
.3lift.com/	1970-01-20 04:05:06	Name: tluid Value: 4345834287306255591475
.ctnsnet.com/	1970-01-20 10:41:06	Name: cid Value: 73d7e931c2fb4c628a8f81062c0a2793
.quantserve.com/	1970-01-20 04:05:06	Name: d Value: EF4BCQHjJYEA
.quantserve.com/	1970-01-20 11:25:44	Name: mc Value: 62429252-45131-15371-2e65c
.advertising.com/	1970-01-20 10:42:32	Name: APID Value: UP17643bec-af1d-11ec-900c-06b097fc39c8
.tribalfusion.com/	1970-01-20 04:05:06	Name: ANON_ID Value: adnseFuyTYFBErv6Yb8iiyudf9NOwZbkCqh5aFXOEGQUi7ERV3XGcoYN7jqxXZc9VmIcIZcFDV9H5yf6J84ZarEw
.everesttech.net/	1970-01-20 10:41:06	Name: everest_g_v2 Value: g_surferid~YkKSUgAEX_UbAQA-
.analytics.yahoo.com/	1970-01-20 10:41:06	Name: IDSYNC Value: "18yx~240s:18wq~240s"
.bing.com/	1970-01-20 11:17:06	Name: MUID Value: 2B900E7DA85A67F411A91F0BA93166FE
pool.admedo.com/	1970-01-20 10:41:06	Name: tuuid Value: 7b13d734-bcc6-4958-ac48-670cbdc5f20b
pool.admedo.com/	1970-01-20 10:41:06	Name: c Value: 1648530002
pool.admedo.com/	1970-01-20 10:41:06	Name: tuuid_lu Value: 1648530002
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 19:27:23	Name: bcookie Value: "v=2&7811181d-f6bb-4153-8d85-80a36262d29f"
.linkedin.com/	1970-01-20 19:26:07	Name: li_gc Value: MTswOzE2NDg1MzAwMDI7MjswMjH8V8uepN8wTUMD77R2bZuystmXe2HVoAOg6/FDbgySjQ==
.linkedin.com/	1970-01-20 01:56:56	Name: lidc Value: "b=TGST09:s=T:r=T:a=T:p=T:g=2262:u=1:x=1:i=1648530002:t=1648616402:v=2:sig=AQHDL1Jx68AlbeOrhvTYU7sMuSvIJRc9"
.adsrvr.org/	1970-01-20 10:41:06	Name: TDCPM Value: CAESGAoJbW9va2llLXBzEgsIhueTwuDSyDoQBRIWCgdydWJpY29uEgsI0OmBuuDSyDoQBRgBIAEoAjILCIbflu_20sg6EAU4AVoJbW9va2llLXBzYAI.
.pubmatic.com/	1970-01-20 01:56:56	Name: KTPCACOOKIE Value: YES
.pubmatic.com/	1970-01-20 04:05:06	Name: KADUSERCOOKIE Value: D4422FF7-73C0-4C9C-BE6A-043CC51C2EDF
.doubleclick.net/	1970-01-20 11:17:06	Name: IDE Value: AHWqTUkCpI3RaiD6GbEWaFnkMFBJ_a2DHdl_LkWF2qp_BtR09faqAwQLF8wFswZs5yg
.mustsharenews.com/	1970-01-20 11:17:05	Name: __gads Value: ID=b17120d3de7eb68d:T=1648529998:S=ALNI_MaBAz1-yu_vRHDLrRVeUX3V3blIsg

17 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://prebid.ad.smaato.net/oapi/prebid Message: Failed to load resource: the server responded with a status of 400 ()
network	error	URL: https://prebid.ad.smaato.net/oapi/prebid Message: Failed to load resource: the server responded with a status of 400 ()
network	error	URL: https://prebid.ad.smaato.net/oapi/prebid Message: Failed to load resource: the server responded with a status of 400 ()
network	error	URL: https://prebid.ad.smaato.net/oapi/prebid Message: Failed to load resource: the server responded with a status of 400 ()
network	error	URL: https://prebid.ad.smaato.net/oapi/prebid Message: Failed to load resource: the server responded with a status of 400 ()
network	error	URL: https://prebid.ad.smaato.net/oapi/prebid Message: Failed to load resource: the server responded with a status of 400 ()
network	error	URL: https://prebid.ad.smaato.net/oapi/prebid Message: Failed to load resource: the server responded with a status of 400 ()
network	error	URL: https://prebid.ad.smaato.net/oapi/prebid Message: Failed to load resource: the server responded with a status of 400 ()
other	error	URL: chrome-error://chromewebdata/ Message: Refused to display 'https://www.facebook.com/' in a frame because it set 'X-Frame-Options' to 'deny'.
javascript	warning	URL: https://z.moatads.com/thetradedeskv275874568748/moatad.js(Line 135) Message: The deviceorientation events are blocked by permissions policy. See https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-features
worker	error	URL: blob:https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/1950d175-e026-432e-9e7c-bbb30321a938 Message: Mixed Content: The page at 'blob:https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/1950d175-e026-432e-9e7c-bbb30321a938' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'chrome-extension://eppiocemhmnlbhjplcgkofciiegomcon/content/safecheck-notification/notification-iframe/index.html'. This request has been blocked; the content must be served over HTTPS.
worker	error	URL: blob:https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/1950d175-e026-432e-9e7c-bbb30321a938 Message: Mixed Content: The page at 'blob:https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/1950d175-e026-432e-9e7c-bbb30321a938' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'chrome-extension://cplklnmnlbnpmjogncfgfijoopmnlemp/skin/logo24.png'. This request has been blocked; the content must be served over HTTPS.
worker	error	URL: blob:https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/fa8db22b-77c2-43eb-ad5b-b10b8e759893 Message: Mixed Content: The page at 'blob:https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/fa8db22b-77c2-43eb-ad5b-b10b8e759893' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'chrome-extension://eppiocemhmnlbhjplcgkofciiegomcon/content/safecheck-notification/notification-iframe/index.html'. This request has been blocked; the content must be served over HTTPS.
worker	error	URL: blob:https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/fa8db22b-77c2-43eb-ad5b-b10b8e759893 Message: Mixed Content: The page at 'blob:https://d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com/fa8db22b-77c2-43eb-ad5b-b10b8e759893' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'chrome-extension://cplklnmnlbnpmjogncfgfijoopmnlemp/skin/logo24.png'. This request has been blocked; the content must be served over HTTPS.
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPJb4Y_W5WC_GPuYj2z7ZHe5SIAZevJof0hx7zAxZUrANl8yEH_x4nKjpNfV_-ZGfS9jnMWNraAN5CK2g0EPGhO86M5VDIc4hQ Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_push=AYg5qPLXQfQZhrHx5ZFt5YjvugVZox6hPe7jFMTMf14aqv7VYrBzb89cX_gsGdSBOS4BWKAp3B_QFyXdHpeYZmJL5ye6DsGr6xHk Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network	error	URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YkKSU-M-BY1WVSBPYhwqxQAABFwAAAIB&google_gid=CAESEOfUcL-XSf_Qjblw5ye1KtU&google_cver=1&google_push=AYg5qPJ_-kXMwSd00uKoXlXVkF2XuLsPv27wccfULWrvpTcmsb-Tr3xLuleZnTnhdQSmIbukpHNvKN8T2chEWZ22BRRnCvZw8w Message: Failed to load resource: net::ERR_TOO_MANY_REDIRECTS

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.tribalfusion.com
aax-eu.amazon-adsystem.com
ad.doubleclick.net
adasia-d.openx.net
adnetwork.adasiaholdings.com
ads.pubmatic.com
ads.rubiconproject.com
ads.yahoo.com
adservice.google.com
adservice.google.de
anymind360.com
as.adlooxtracking.com
b1sync.zemanta.com
c.bing.com
c1.adform.net
cdn.ampproject.org
cdn.jsdelivr.net
ced.sascdn.com
choices.trustarc.com
choices.truste.com
cm.g.doubleclick.net
cms.quantserve.com
connect.facebook.net
d2c672184cd28386f1474b72da97280d.safeframe.googlesyndication.com
d5p.de17a.com
data00.adlooxtracking.com
de1-bid.adsrvr.org
dsp.adfarm1.adition.com
eb2.3lift.com
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
gcm.ctnsnet.com
geo.moatads.com
google2waycm.netmng.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gum.criteo.com
hbopenbid.pubmatic.com
htlb.casalemedia.com
i0.wp.com
ib.3lift.com
ib.adnxs.com
id.rlcdn.com
id5-sync.com
image6.pubmatic.com
insight.adsrvr.org
match.360yield.com
match.adsrvr.org
mb.moatads.com
metrics.getrockerbox.com
mug.criteo.com
mustsharenews.com
odr.mookie1.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.advertising.com
pixel.rubiconproject.com
pixel.wp.com
pool.admedo.com
pr-bh.ybp.yahoo.com
prebid.ad.smaato.net
prebid.media.net
prg.smartadserver.com
px.ads.linkedin.com
rtb.openx.net
s.amazon-adsystem.com
s.tribalfusion.com
s.update.adsrvr.org
s.update.rubiconproject.com
s0.2mdn.net
s1.adform.net
secure-assets.rubiconproject.com
secure.adnxs.com
securepubads.g.doubleclick.net
smarttag.rubiconproject.com
ssbsync.smartadserver.com
stats.g.doubleclick.net
stats.wp.com
sync-tm.everesttech.net
sync.1rx.io
sync.targeting.unrulymedia.com
tlx.3lift.com
token.rubiconproject.com
tpc.googlesyndication.com
track.adform.net
um.simpli.fi
ups.analytics.yahoo.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
z.moatads.com
cm.g.doubleclick.net
eus.rubiconproject.com
google2waycm.netmng.com
googleads4.g.doubleclick.net
hbopenbid.pubmatic.com
match.360yield.com
pagead2.googlesyndication.com
104.21.58.221
108.157.4.12
108.157.4.14
13.248.151.244
13.248.245.213
139.99.121.206
141.95.99.211
142.250.181.226
142.250.185.194
142.250.185.230
15.197.193.217
151.101.130.49
169.50.137.184
172.217.16.130
178.250.0.157
18.157.193.122
18.185.154.32
18.203.209.222
18.64.115.76
185.64.190.78
185.86.137.122
185.86.138.32
192.0.76.3
192.0.77.2
2.16.186.26
2.18.233.180
2.21.143.57
209.54.180.3
213.155.156.183
213.19.147.45
23.205.235.133
23.32.59.34
2602:803:c003:200::31
2602:803:c003:200::41
2606:4700:20::681a:d92
2606:4700::6810:5814
2606:4700::6812:d05
2620:116:800d:21:8c6e:cf2c:8d6:9fb5
2620:1ec:21::14
2620:1ec:c11::200
2a00:1288:80:807::2
2a00:1450:4001:800::2002
2a00:1450:4001:808::2003
2a00:1450:4001:808::200e
2a00:1450:4001:80e::2002
2a00:1450:4001:80f::2001
2a00:1450:4001:810::2003
2a00:1450:4001:811::2002
2a00:1450:4001:812::2002
2a00:1450:4001:827::2003
2a00:1450:4001:828::2006
2a00:1450:4001:82a::2001
2a00:1450:4001:82b::2002
2a00:1450:4001:82f::2004
2a00:1450:4001:82f::2008
2a00:1450:4001:830::200a
2a00:1450:400c:c06::9d
2a02:2638:1::13
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
2a04:4e42:200::645
2a05:d018:d29:3602:d715:9c64:5860:e3e3
3.120.46.78
3.126.56.137
34.107.148.139
34.240.117.131
34.98.64.218
34.98.67.61
35.186.193.173
35.186.253.211
35.210.53.219
35.241.31.249
35.244.174.68
37.157.2.235
37.157.4.39
37.157.5.71
37.252.173.215
37.252.173.62
47.74.174.177
52.56.234.21
52.95.125.22
54.76.152.190
64.202.112.223
69.173.144.138
69.173.144.165
85.114.159.118
96.16.141.156
0071fd6b2bd57ac47bfefa8744308f8fb5367192a787bb3ddca9c48e51ff3545
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
039a8bb6d736466063dde3c2a80d71d54456a7875cb1654263058bc69c1c042d
0451eb057f839276787041ff6afa9e97d2d815f21d46c22dfb3222bcc04956c5
0458df465ed91976d098c684ee1ece072857ec798dfa003f2d66f2702c8bf562
05e94fcdf9b29839aed8b4cfb8d7b948f45626b2ace35103e52450b0a9460d11
0746aa0afb2c133deb583b50dbde1ea6bef2b5371006723f7304f8dc5a11ad23
08285afd2f0c11a2a9d89f00dce769479e4d164e62caa39eceea9f1eb551afa9
0861d55e36094672d361117a7e0a2bd0698b8538e61dbf8655ff27a2f14beaf7
093d94d4b660253c55e87d4503dffcb6cedc8f222f9d85d1faa68ff619ac9d3e
0b26aba82da1d312d1dbc9358d949d7c63465f31da706b44aa0394f6bc70c0c3
0b5722a0cc75bae244d762078d4134a0e1a8de2f5628833114f64ae2a9c47777
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5
0ca392c46c706c47f0950f668c927c6d55fd4342aad0768a8c796c9dce7ae711
0ce5fc08d0f617e71e1d61bcd79fc7cc1855f4221945b0c09ac774685fe7f52c
0d7e2a922aa182391876c23887538233b24a77f8feff03968cfdba4d29e4b530
0d89581f2897bad3b14ec17b04c2e348cc1bcd5b063cecb317b6e13c53084cbe
0e60b35470004af5449971aaa63d505584bf7266da8dfb0e45821a7a1f41911e
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
0ee12b93ba50a11840fa569d1a4d299a2a044b0c4e16adc69e769c5846c22daa
0f2aac94d011ec45570ef1245e5fc8df73ebd09b1c6859c5a8393df5336e01b2
0fb6b4da6262188e5bf45853e853278c4d541f441989fb6e24705475df659e23
0fbd06b3bd014070a652478df9f409ab5ba0cd72176a21cbf7583700715e1c12
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
13a80b79e8a0a5d4cb08291bde60f19a17b1543ccebd2bc3c75c8dc34bd47756
16b602ead2a1b4f31efca9627e70bcbb98eb1b2287e04f3eb933d4a62aacfd51
177d03a93d5bcfcf091484b3da03592467931ab06aa64492c229c3b7e293470b
18e2827980bd296c951393b5330d12ae65cbe2079877421ca2d24a96d3159b15
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1d9b2d36253b07e95fcbb4abe1b6a32e8e155fcb8d91d30d2b6526e0ad2c0beb
1e7adc9a24a57746863ef54f2de5f8905c242ebc6d416713133ff989fb050222
1e7f48b89d19cf8b368b05e374c9353785e0761a458b04f58126235998f08fbc
20160b923de864cdf44fa26bfd6281a9e0aba7eb800fac86804d9a41a93c2394
20b40eb0180e01e389b252c7ea71410958e9e6243d2b8537a5c87678c8f17ca6
21066dd1052a0cc3cc6d40e20caadba8f798380d59166e9b5ea75f4a859a472c
22d020772d4885ac0ed5f7913304e8eb6e161eb32d3cc658e725959a0955a79e
230d8e0e7d6ac8e1689fff91448f4e4af5a7f2aa29bb27e5c04485a3ea4b7fe5
2648a1333fa24d383fd73a6beaac17156ae78f4267ff7407ad60e05a788df44c
2773645eaeb225561ef10338f25f7fb8f64ce08a3b19a0e81bd9b49ef307ccaa
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
293913879d30bab7499013e935009f5183facbddd63bfc9656a859622590b80b
29f65fbbbfc145c9ea7b6a97414a882f09caff018a57f3c2709b7135aed346d8
2afb3cf38deea01d461f29b961c8aab0da4f121a84a9c843f49dc7cced99b6a5
2b09833814ea726c1641113309aa9956eb47ec858bd3a62e33b195a7a45dfd21
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
2e4267cd6071f8c3fefce3cc1a3adef1dea699bcc1233b758bc26961a18d899f
2fd4c3ae6afc2b4026d9f0b64b8ff1110ecfcf47b90bc988c06e844b3921cbf6
30de69c01f8eb6cb0ab7b040f02316728cb490669cbf084aad71c06a708ed1ff
318997777ee62c83c0232c4e9a3925d5f18d781e0a26a3a5d8022f3ec297cb40
325e6a7b68748a169ffb84eef16a6aa2042e2fd8ee1819a61c7a5fb399ba5e54
32ab0a5c85cabdb695704b5128a8fb7c9a8dfa3242cc36ceda6bb0650a45b35f
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
33a63cfb377a89f683cf1b97f00a389264c1a86f96cff315175b5140a18de25b
3439a2147b7429c86c1dfb21e024da16f96b7e15cea79094a7f69bbab594755e
37ae0e5ace2ec8066810439183d348223decdd4b54dd943956c7b220d1a647af
385fa48bed8588a41246baa4d39433f452270af2335e7d4e6b6874ad01484b4b
3974624ff80521dbd81d3ed32f8ec10c7baef11c272f46626a6284538e90e44b
3ca19e57c9a2465ae4df271316ba4d29e7ff7f113a2a2c5297780c0b7a0ac09d
3d0bf782b47dcd079eedf6bb34ecb0742c114a4e4b90e37a58a412482101b475
3d3251d937d209def48e958bfeec683ca39dc0f15eb22f99bc3e7035995cd552
3e18d0e3dd548e9745884578e3cd9f0a492ddbb6f3b797db364b45bb16cadfb3
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
40ab2b56907ff44c4370185a254dbd2ea8fc2ac40e6ab6050b93b986a2b43867
41145ced93f800ad1b0345872a1e51275073a3cd9bc607d4d940d05454d87ef6
41c9b724c00dba4554fa04b5637b2fec7b9067f208d11a974cbc4dd608de787d
41f1190ed94dee899b6a685737c74c41616f7dc2b65f2a270e2212e39bbf80bc
42422463e81313e10d58d194b4915388a003ba4e6a8ac38e05c1a14a78d15f9b
436869c2a516d9d0cad4ed9948c123d10006e18c8214475dbdf0afa7e21fdd45
448cedfc3027af5a97cb35afd354c8aa47fa14b348e66228572aff751051ffdb
44f66a1b8aaba78fb07373997c1be870e96b71e6ea4cee0187b61f419d117d54
46375ee9192c1e0f6eabe4d32b2a48b996b93037f7b4beb970df5b87359548fd
470c5074c671f376d6f3ac789824ebf538f6188ae517f8495696d11d0ad351b5
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4be624c6915035ad35c909f2470e9002f2f81b6b719b991f3bfc32386e3bc6ea
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4eefdd923f73deeaec9e4ecb4cc3fae74379145f0fd3f5892165326bce8ed0ea
503a1dd70b8b9c286875f5f7de72bce93c664b79f3fcfeefa1150d2384df33a0
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
50fe61be4d5fc8bf8175e0062ec263533a760fa9acca89eff7487e9dd7db6b40
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55243e8ee850fcc3ba913136b7fd6fdb9b44ca42e473f5a6c5e47df0bb76f1cb
5525c29d96b58c5f887571a4c56d9b302db3caaa015913bed995fcfba7a90d78
5567a97dec3917add7dc46fe251ceb1e50cb4413b772875764c5e12e0e78ae8e
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
566b9670644559b5460f2b0e0f217709742edb5f53197b537e48c208fc698853
58a617d2c88d378bfd267e2817e2228e82ef0c3f28d8ac3458b18af77335c39e
58f4365bdb45a919178d903b4758e88723d885b27fc4f06bbb084564f715b0ec
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5b56f14bb63fc412aec1562ff5b4807919a486491f2e9a86054ef08922c634d1
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
5c37fdb53d58b2ddc912ee29d758397d4b9b36bcabd7fe0524da09eba450b821
5d1bde2a1374f603ad44618f045f9792fdf919fa792743355e0b254a63589358
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6423be11726e1e0b4634c6eff293988080151402a0b5fa202b0d3ba768053261
657739ccd32cecc6f31879cf180d72322699597c4aec63b3cc73c1ced7fbbbfd
66317b7d838b4368690c48517dd4e22cdf660e2b0152e607bf6664c2ca4cfa7e
6669956b5e05b886f6da152ec97fbf6b25f1ebe5625c9947ab2bbbd0e46dabfc
66e6fad9e5ec87bcda3f169e68173f0d99c792ec94f8586d7df8a4edb540d1e5
66f3053245163ba61eba3e89073a71b8b9b51689ce9f722873b7bc4c1d393c81
679e44f9b4bbbc2ad0c4000c1413fd3a88627d83f1cba8ebdac26f81bc7edb78
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
6d2e2a0cae053e9b8957b60fd6d5015308129cd0fc6ea89af4c398e7e77f1ba6
6f66745c86a33b23baeea300222be90f2ad8df1db9d9a45ce2c4664ff339f9a6
7337a38ce3a732e5243bd354ad12d96b4d5512e283a8dd70d129b730d7a5d3d3
73b76b2df4b5c17bb821b7d35a73bb35c2f0a2d3242042898af129b5d5638678
745caffca4b97cf5cf2374d82c6dfb6fb7c7b694e85432f92ec4dcb35f4418c9
7717c168fd31fdf0d2570a034cf1f419648556b8bbe9e081788df0f4e0fa60ad
77bdde4f18b06197f925b6e2e0ecb3dfe5f6f6e704bb381b6c69b4c2b161d8a6
781b0aebb68349b18b83b4e19968ee2e54f02c5ec8a83af982d3a30e3635cd27
78ee31e34b030570da7481530b0c087165e30d6c0338a3faab059cd78ec7836a
7913fb9d7def1ae9378f53170fef284b1a60ea25e25e3cfb7f65754377a768a6
7b2a1232083772850c42755ef33845516473d6c5b8e4669f500c448974c430b1
7ce9197a6c9a358e73b24c066102fbdc791bb6fe90b2e9550f31585a23c27055
7e6af3df03b61bcea56c617be2d257e08cd1b375ca0da8f42ee4dd767cb79ad4
815564293529e8a1273e2d86754ea536392b6bfa1e9d98dadd708d3268e30c21
821262a8c32b52639f97ddf4f34c494e82156651752608fa6a23ffa3df2f84b1
82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302
83195ec84a4f83775f22359f80b70633c4dac894c7bfec37d3c915f6f67c64c2
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
848fe19ed492948709b881f504ce2eb6274baa694606ca88eb9b2990a2460caf
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
871fc000f20714bb2b863f2aa0b1f3f653c91e1fab3d09df9ba59f0e30cec859
87c6aac23d0c0b018f8a94fbeeea65d4bf9ea0ca8649167664f27a58f7838027
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96
894b2d03f51d2dd9d0b7bfcb766ed71f003aff42736c2834a8d7dc893705e53a
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8a170f5913eecb1afeda4cccca5d5b9589c8f068a04ae2c517b602e1484982b4
8c6bc6804d1a8f7dfd6f739199f0c1b233778c8a06e4cea6fa42560332f2e6f1
8c8225d3f84062aaf1bccc0e7bf75b4013ad506217b3faed23dbc21aa5c7fa20
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a
93a99cc480b8baf469bfc9cc3774818ca053003ba12eb0b00c75044a66faa22b
950ca24dbd4302b6f0703d48e9ef36bd9f3aca7a218bd75a3bcd0e5cbefc21ae
963cd46f8c53a95e0c2529a14b663bf9cc323222dd6564e43232f96b11c8fc57
966ae054fb01b6518dd949476622ad377803b83ff8f0bc5bfd6fecfb91930068
98649db6545b06a2a826966cd0ccbb6bbafc823d48143295b97205f5407aaa61
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a4e1114258ebc7c5d03787c93a4f65c74ab07805b33a2cd06064e9ac81144ba
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9aaa9b664435c411b50baa77c6dc1b91f13cf69aebe60fc4a774512a49f3f171
9ad1bb44af5999c63ca2cb0cc07b90c55f3f4752a55578ff5fb7e2e953161e61
9bb55ad45493cd1322f344b00e81cd210b7347230e81c0ef0a24cfcdf18cb01e
9c27626364eeaffb44ad2decb980dace7bedb3c8ea1575f81927fc9409cb5b49
9d59079336062694297193c4fb15be6c649509dcbbd42e706e93da05e0add5d5
a0315120b66d5141c4d2e381fb5b33602ac16ae8a11d3f9b53073c04ed1e2082
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a185a2be00645eec4224d431d44ddc31aca353db9ef1c453d602c40269bd7362
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a4b423bd3e84385d2bb624a55cddfaafe863235df9791628cb4fc0a9472d3f76
a658b5f3ec0fd27f3c1500b420b2ed4ff557f5ddb65fbc83c21eae5cadc97dfb
a68a70f7be9281f3f7148b38d7f5971f1dc946d3034a40e55021d0fb6fb78d73
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a94a2d304e6118e1c1590a8a16ffe6a0a0f8a69fc9863623c56811ee78d756bb
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
af53b23110bef0f5e04eab1ff2db4a2c7836fb6aba6cb4eb240959b03dc49c7d
b0e5d4a0c56f2d100d4e4d5a8de61e5388ec801b5c914b8361b4a9ff8b9a8dd0
b2373c2055f7d790f590ed0e49b87cb740c2927a113eadc2140376cd62cbf395
b3802ba95862b1fad8da321f4079cbc476e5ddc09a7138d1244c61100111af8f
b671e2140966063715d21667867d60de45adc723cd1b31e0d2f7466105a90247
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
b7a69006970d4c5216660ed9393f078aa09041aad63530d1d0b30dde62e4611e
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
bcc0d1413bd26c0ce49c964fb21d37b4886a66f5fe71c4ec6423f6fd1eb0294a
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
bedd2d0cf34753a548f61ae2873658453e5ef3a26f82f4c9fb219c1bcb6807f3
bee92aa99304c2229f3b9888402d90be283f3f5101c118ba1c7fa7ed6df18521
bf7c39b1c04634e6ce785fdab6a4fb5708859c05afb6248d2803cfe5372f6f28
bff294b546a8a9150f689bdff5623cf1b6de772a2dffcc581542d14460071d97
c00a759275b8628823a9809f24cbeca08cb48b52713adf221f70284e66d9c82f
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c22e801148939673da59909834ef2cbd09855ab48ecfc7ee3e501bd25eec0102
c2f4738678ac59ab1828d8ecb8bf741ce253652894c3197bcc1d7edd1176bf4a
c47e3277e17f3fddae257e83adced71ea8eed89e4f58db09a7b34ce79ca035a9
cbbea6095327783f193d1a0eb2a09495947b37a5de23bb86110424529be9d603
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
ccaa51271b339a3d0f1c244e679e062d2664aa1db8b42ccec98f8fcfca18d16b
cccf30038abcbf4d0d612fc493c5bcd879dd1dd585ff7b3c7ca7295e73671da8
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d18ec92167044343d62b0bf3efc2518ce74fc10ae94f5792393d0bb9a55da98b
d1a0487fea35c3fd612d68397ae5c95e4b93cf09945d4378b45644d6282eaa9e
d3460d76a3013a4bb9c689877b41f3eadbf5e780ed9230fb8f8bbd16fcc59842
d35372eb43dde22c2b729cfd13376c853c0a44d60a478ac5167e57f8b7a4952d
d3fd2cc77501f1c42507cecfbb47d62c6652c5bc2e648db5d4a7ba0440ac1dbd
d6050a43ba7c560a579885d462f59dc67cec962bf0110d7b17069d9b2de24272
d6c1241b1c5497f12d290dfd7de52f24a6eebf67f66fa8a4b0ace4395d9f486f
daa9346d4445de08b9e12c573d88ec23c986a390c018b46bc2d0286ae4922b22
dd50ba290f74d344ad0d04ade63c55b02360bf4db99c0a2749f34deb0c8dcec9
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
dea5d8ba9e54379b26e109f61ceba20a0781d4f80eed75fce6ad0993d4784195
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
df544db2e8b010512a5ec168d3a9b91355c7197d04a1b29325510e29405e6e0f
e099b6475b7af10762083c15fe694f3beff81a94230f4fc0830cbe68ccb1f662
e13459782d7fc46c73821602bedc17cc2b3a2dc5ec07e91e30ed715193698a94
e15a095adc9899b592ceccdd4885a3be3674a6bf6ec4be762566360424deb1f3
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e52ad60cf8269c44381d5e0833e69b9b8f3b9f9346b7066b1dc5a52b390feedc
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e58c48ccab319c1743e68c1c2e40e5b1937bfcef3aa077d4d853ce1140a1b214
e5ecac81bed7e5fdbcd9b8d8caf945748cf52ec470f69451828579b97c29b78e
e87a1c5e24f9a7c7dcb437417f0b05b0a3c12947ce32d65c990c988a8b5ed4d7
eb3a5598948cbfab22be396b386d679372bb3cc702ca08b9394e454dc238b068
ebc1809c917b61781cda24334f55c7010d9bf8986b99ea3f59d049e78d491910
ec81b7c067d9329f867aaba45fbd6f41f71df292964bc54116bb6825195d93c3
ecc2e585ea072abb205881f3aad6f36e92d556537e7100a8a128ddbc75edb436
eeffbcdbda898801d1a243fc80b8c0cf32a9091380518cd6c169c14f5676f4f6
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f3260225ba132e9bf8956514e81f6136265ee05250271a027bb2029cbbf4651d
f3a0d186e152bbeeb7b23ff5a10baa2b10213413dd9b762e5398fe0108b2230e
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f550edcd8ddd3406cf76d5043489a7344ba8fac4a51a2e13bdd6eaeca5629369
f57a038a716263766ff4d7f7d8a6ea13b22701ae6fc91e8b1b52fd8784844d23
f65784e5e7332dc1e4bbeacbec70fdeef4a1bea84f16ce2ee144999719d195ce
f6914cddfb8fcc3e7d99864e104ebdb47934a357ef08d90f9e0acdf48433d6c9
f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48
f730ac7906b25410e1d42d28baef62103fb251ed8d86b1b43ebce610b527973a
f975e3c382920e40a147617caceddec0b5f1234552f8b8f415611c4b2976deca
f9e787c9d70e0c965c4443b288ca75dfed1d883fc3d9bbde05accb94e8c179c4
fb12708d973e6b9354f367a6780e5a166b0da7d2721d856da7f9d57130883eaa
fb5b54a4337366c1e6f2469c7033e6ab4c50d680d6df74e6d326f33ec3dcd9af
fc0daf43c2398393b4b614f18d2f739c22d6f99cffbd2516ffbe23e6f294470c
fc92bebac9e300f68255bec2b013d9ba71203677e22c434bee2b5affb0d67215
fcea1bbdca7df56358ed4cbedc9fad8c9371635f5ec082e7a0273471b1698968
fd10709b0625c4ac712608efa31aa9ee59ae1c38c373c92b700661f575ea545c
fe86a6db6afa6aa84da1009ce5672d790577db37855de180ca3bca783845020f
fed32a82c107a9c4ba81d67f00e6010857397349d45f131d9aef7321e6ba5b72
ff4832891f440eef69f6db3572ef7fc3e69f6635bf0d56af126b3930c0a5070e
fffa14e9a3c576087a9202af54e8f11669f29c37617df0c6f728ca24d95f60bc

mustsharenews.com Open in urlscan Pro 2606:4700:20::681a:d92 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

595 Requests

90 %HTTPS

34 %IPv6

59 Domains

98 Subdomains

74 IPs

11 Countries

5937 kBTransfer

14972 kBSize

53 Cookies

16 Outgoing links

Redirected requests

595 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 14 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

mustsharenews.com Open in urlscan Pro
2606:4700:20::681a:d92 Public Scan

Screenshot
Live screenshot

Full Image

595
Requests

90 %
HTTPS

34 %
IPv6

59
Domains

98
Subdomains

74
IPs

11
Countries

5937 kB
Transfer

14972 kB
Size

53
Cookies

595 HTTP transactions
14 data transactions