creativedestructionmedia.com Open in urlscan Pro
2606:4700:3033::ac43:a2b4 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
Submission: On October 04 via api (October 4th 2021, 2:20:45 am UTC) from US — Scanned from DE

Summary HTTP 223 Redirects Behaviour Indicators

Summary

This website contacted 46 IPs in 12 countries across 60 domains to perform 223 HTTP transactions. The main IP is 2606:4700:3033::ac43:a2b4, located in United States and belongs to CLOUDFLARENET, US. The main domain is creativedestructionmedia.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 5th 2021. Valid for: a year.

This is the only time creativedestructionmedia.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
71	2606:4700:303... 2606:4700:3033::ac43:a2b4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:80e::200a	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6810:dd1d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
13	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
6	2606:4700::68... 2606:4700::6812:e234	13335 (CLOUDFLAR...) (CLOUDFLARENET)
13	2606:2800:234... 2606:2800:234:46c:e8b:1e2f:2bd:694	15133 (EDGECAST) (EDGECAST)
1	199.212.255.151 199.212.255.151	25948 (FHMNET) (FHMNET)
7	216.58.212.162 216.58.212.162	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:125e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	192.124.249.69 192.124.249.69	30148 (SUCURI-SEC) (SUCURI-SEC)
12	199.212.255.113 199.212.255.113	25948 (FHMNET) (FHMNET)
1	198.145.13.12 198.145.13.12	2044 (DF-PTL01) (DF-PTL01)
1	104.244.42.8 104.244.42.8	13414 (TWITTER) (TWITTER)
1	2606:2800:134... 2606:2800:134:1a0d:1429:742:782:b6	15133 (EDGECAST) (EDGECAST)
5 6	37.252.172.38 37.252.172.38	29990 (ASN-APPNEX) (ASN-APPNEX)
1 2	76.223.111.18 76.223.111.18	16509 (AMAZON-02) (AMAZON-02)
1	52.58.156.177 52.58.156.177	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700:10:... 2606:4700:10::6816:36ce	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:fa8:8806... 2a02:fa8:8806:13::1400	41041 (VCLK-EU-SE) (VCLK-EU-SE)
17	54.77.47.243 54.77.47.243	16509 (AMAZON-02) (AMAZON-02)
3 10	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
5 5	72.251.249.9 72.251.249.9	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
2	178.162.133.149 178.162.133.149	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
8 9	213.19.147.45 213.19.147.45	3356 (LEVEL3) (LEVEL3)
6 7	13.248.242.197 13.248.242.197	16509 (AMAZON-02) (AMAZON-02)
1 10	54.246.172.223 54.246.172.223	16509 (AMAZON-02) (AMAZON-02)
2 2	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
6 6	147.75.38.124 147.75.38.124	54825 (PACKET) (PACKET)
2	51.38.120.206 51.38.120.206	16276 (OVH) (OVH)
1	2620:1ec:46::44 2620:1ec:46::44	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	67.202.105.22 67.202.105.22	32748 (STEADFAST) (STEADFAST)
2	2.18.233.180 2.18.233.180	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	198.148.27.140 198.148.27.140	19189 (PULSEPOINT) (PULSEPOINT)
1 1	185.86.139.104 185.86.139.104	201081 (SMARTADSE...) (SMARTADSERVER)
4 6	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
1	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	37.252.173.22 37.252.173.22	29990 (ASN-APPNEX) (ASN-APPNEX)
3 3	35.157.0.85 35.157.0.85	16509 (AMAZON-02) (AMAZON-02)
2 2	35.210.53.219 35.210.53.219	19527 (GOOGLE-2) (GOOGLE-2)
1 1	54.175.198.118 54.175.198.118	14618 (AMAZON-AES) (AMAZON-AES)
1 1	64.202.112.95 64.202.112.95	23352 (SERVERCEN...) (SERVERCENTRAL)
1 1	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
1	2a00:1288:110... 2a00:1288:110:c305::8000	34010 (YAHOO-IRD) (YAHOO-IRD)
1 1	34.199.172.6 34.199.172.6	14618 (AMAZON-AES) (AMAZON-AES)
1	150.136.156.92 150.136.156.92	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
1	169.197.150.7 169.197.150.7	398989 (DEEPINTENT) (DEEPINTENT)
2 2	18.185.208.29 18.185.208.29	16509 (AMAZON-02) (AMAZON-02)
1 6	185.86.139.94 185.86.139.94	201081 (SMARTADSE...) (SMARTADSERVER)
1 1	2.19.35.65 2.19.35.65	16625 (AKAMAI-AS) (AKAMAI-AS)
2	104.109.78.125 104.109.78.125	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	185.29.132.241 185.29.132.241	30419 (MEDIAMATH...) (MEDIAMATH-INC)
2 2	151.101.66.49 151.101.66.49	54113 (FASTLY) (FASTLY)
1	18.195.155.181 18.195.155.181	16509 (AMAZON-02) (AMAZON-02)
1 1	124.146.215.45 124.146.215.45	2514 (INFOSPHER...) (INFOSPHERE NTT PC Communications)
2 2	193.0.160.128 193.0.160.128	54312 (ROCKETFUEL) (ROCKETFUEL)
2 2	185.184.8.65 185.184.8.65	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
1	54.173.185.122 54.173.185.122	14618 (AMAZON-AES) (AMAZON-AES)
1 1	88.214.206.247 88.214.206.247	46636 (NATCOWEB) (NATCOWEB)
1 1	82.145.213.8 82.145.213.8	39832 (NO-OPERA) (NO-OPERA)
1 2	209.54.177.54 209.54.177.54	16509 (AMAZON-02) (AMAZON-02)
1 1	2620:116:800d... 2620:116:800d:21:51e4:db4b:4436:b305	16509 (AMAZON-02) (AMAZON-02)
1	52.16.229.21 52.16.229.21	16509 (AMAZON-02) (AMAZON-02)
1 1	54.205.198.81 54.205.198.81	14618 (AMAZON-AES) (AMAZON-AES)
1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
1 1	66.155.71.150 66.155.71.150	13768 (COGECO-PEER1) (COGECO-PEER1)
2 2	37.157.4.24 37.157.4.24	198622 (ADFORM) (ADFORM)
1	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
10	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
1 3	2a00:1450:400... 2a00:1450:4001:802::2004	15169 (GOOGLE) (GOOGLE)
223	46

71 2606:4700:3033::ac43:a2b4 (United States)

ASN13335 (CLOUDFLARENET, US)

creativedestructionmedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:dd1d (United States)

ASN13335 (CLOUDFLARENET, US)

static.getclicky.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6812:e234 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
img.onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2606:2800:234:46c:e8b:1e2f:2bd:694 (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.212.255.151 (Canada)

ASN25948 (FHMNET, CA)

s.dblks.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 216.58.212.162 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.124.249.69 (Menifee, United States)

ASN30148 (SUCURI-SEC, US)
PTR: cloudproxy10069.sucuri.net

choiceclips.whatfinger.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 199.212.255.113 (Canada)

ASN25948 (FHMNET, CA)

s.0cf.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.145.13.12 (Portland, United States)

ASN2044 (DF-PTL01, US)
PTR: getclicky.com

in.getclicky.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.8 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:134:1a0d:1429:742:782:b6 (United States)

ASN15133 (EDGECAST, US)

cdn.syndication.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 37.252.172.38 (Frankfurt am Main, Germany) 5 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 76.223.111.18 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.58.156.177 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-58-156-177.eu-central-1.compute.amazonaws.com

prebid-server.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::6816:36ce (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.connectad.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync-eu.connectad.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:13::1400 (Singapore)

ASN41041 (VCLK-EU-SE, US)

prebid-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 54.77.47.243 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-77-47-243.eu-west-1.compute.amazonaws.com

rtb.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
g2.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2.18.234.21 (Frankfurt am Main, Germany) 3 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

ssum.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.227.252.103 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 72.251.249.9 (Amsterdam, Netherlands) 5 redirects

ASN29791 (VOXEL-DOT-NET, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.162.133.149 (Rotterdam, Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-sync.go.sonobi.com

sync.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 213.19.147.45 (United Kingdom) 8 redirects

ASN3356 (LEVEL3, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 13.248.242.197 (United States) 6 redirects

ASN16509 (AMAZON-02, US)
PTR: a97adde81b00f2ca4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 54.246.172.223 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-246-172-223.eu-west-1.compute.amazonaws.com

ads.servenobid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.126.56.137 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 147.75.38.124 (Amsterdam, Netherlands) 6 redirects

ASN54825 (PACKET, US)

prebid.a-mo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.38.120.206 (France)

ASN16276 (OVH, FR)
PTR: ip206.ip-51-38-120.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:46::44 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

public.servenobid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 67.202.105.22 (United States)

ASN32748 (STEADFAST, US)
PTR: ip22.67-202-105.static.steadfastdns.net

ssc-cms.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.233.180 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-180.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.148.27.140 (New York, United States) 2 redirects

ASN19189 (PULSEPOINT, US)

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.139.104 (France) 1 redirects

ASN201081 (SMARTADSERVER, FR)

ssbsync-global.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.185.66 (United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.190.78 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.252.173.22 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 536.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.157.0.85 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-0-85.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.210.53.219 (Brussels, Belgium) 2 redirects

ASN19527 (GOOGLE-2, US)
PTR: 219.53.210.35.bc.googleusercontent.com

pool.admedo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.175.198.118 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-175-198-118.compute-1.amazonaws.com

sync.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.202.112.95 (United States) 1 redirects

ASN23352 (SERVERCENTRAL, US)
PTR: ny.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.64.218 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:110:c305::8000 (Dublin, Ireland)

ASN34010 (YAHOO-IRD, GB)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.199.172.6 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-199-172-6.compute-1.amazonaws.com

sync.ipredictive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 150.136.156.92 (Ashburn, United States)

ASN31898 (ORACLE-BMC-31898, US)

sync.technoratimedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 169.197.150.7 (United States)

ASN398989 (DEEPINTENT, US)
PTR: g.deepintent.com

match.deepintent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.185.208.29 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-185-208-29.eu-central-1.compute.amazonaws.com

ad.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.86.139.94 (France) 1 redirects

ASN201081 (SMARTADSERVER, FR)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.19.35.65 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-19-35-65.deploy.static.akamaitechnologies.com

secure-assets.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.109.78.125 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-109-78-125.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.29.132.241 (United Kingdom) 2 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.66.49 (United States) 2 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.195.155.181 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-155-181.eu-central-1.compute.amazonaws.com

cs.emxdgt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 124.146.215.45 (Toshima, Japan) 1 redirects

ASN2514 (INFOSPHERE NTT PC Communications, Inc., JP)

tg.socdm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 193.0.160.128 (United States) 2 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.184.8.65 (Amsterdam, Netherlands) 2 redirects

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-65.rtbhouse.net

creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.173.185.122 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-173-185-122.compute-1.amazonaws.com

jadserve.postrelease.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 88.214.206.247 (United Kingdom) 1 redirects

ASN46636 (NATCOWEB, US)
PTR: buycheapfags.com

cs.admanmedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 82.145.213.8 (Norway) 1 redirects

ASN39832 (NO-OPERA, NO)
PTR: n-sysadmin-jumpbox-03.feednews.opera.technology

t.adx.opera.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 209.54.177.54 (Ashburn, United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:51e4:db4b:4436:b305 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.16.229.21 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-16-229-21.eu-west-1.compute.amazonaws.com

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.205.198.81 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-205-198-81.compute-1.amazonaws.com

sync.extend.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.155.71.150 (Portsmouth, United Kingdom) 1 redirects

ASN13768 (COGECO-PEER1, CA)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.4.24 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:802::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
71	creativedestructionmedia.com creativedestructionmedia.com	2 MB
17	gumgum.com rtb.gumgum.com g2.gumgum.com	5 KB
14	twitter.com platform.twitter.com syndication.twitter.com	378 KB
13	doubleclick.net 4 redirects securepubads.g.doubleclick.net cm.g.doubleclick.net googleads.g.doubleclick.net	200 KB
13	gstatic.com fonts.gstatic.com	274 KB
12	0cf.io s.0cf.io	116 KB
11	servenobid.com 1 redirects ads.servenobid.com public.servenobid.com	6 KB
10	casalemedia.com 3 redirects ssum.casalemedia.com ssum-sec.casalemedia.com Failed dsum-sec.casalemedia.com	9 KB
8	adnxs.com 7 redirects ib.adnxs.com secure.adnxs.com	7 KB
7	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	200 KB
7	smartadserver.com 2 redirects ssbsync-global.smartadserver.com ssbsync.smartadserver.com	4 KB
7	adsrvr.org 6 redirects match.adsrvr.org	3 KB
6	a-mo.net 6 redirects prebid.a-mo.net	2 KB
6	1rx.io 6 redirects sync.1rx.io	3 KB
6	onesignal.com cdn.onesignal.com onesignal.com img.onesignal.com	95 KB
5	ampproject.org cdn.ampproject.org	103 KB
5	lijit.com 5 redirects ap.lijit.com	3 KB
5	rubiconproject.com 1 redirects prebid-server.rubiconproject.com secure-assets.rubiconproject.com eus.rubiconproject.com token.rubiconproject.com	11 KB
4	google.com 1 redirects adservice.google.com www.google.com	666 B
3	bidswitch.net 3 redirects x.bidswitch.net	1 KB
3	pubmatic.com ads.pubmatic.com image6.pubmatic.com	11 KB
3	33across.com ssc-cms.33across.com pixel.33across.com
3	yahoo.com 2 redirects ups.analytics.yahoo.com pr-bh.ybp.yahoo.com	2 KB
3	unrulymedia.com 2 redirects sync.targeting.unrulymedia.com	1 KB
3	openx.net 3 redirects rtb.openx.net us-u.openx.net	999 B
3	getclicky.com static.getclicky.com in.getclicky.com	6 KB
2	adform.net 2 redirects c1.adform.net	1 KB
2	amazon-adsystem.com 1 redirects s.amazon-adsystem.com	1 KB
2	creativecdn.com 2 redirects creativecdn.com	695 B
2	rfihub.com 2 redirects p.rfihub.com	1 KB
2	everesttech.net 2 redirects sync-tm.everesttech.net	625 B
2	mathtag.com 2 redirects sync.mathtag.com	1 KB
2	360yield.com 2 redirects ad.360yield.com	617 B
2	admedo.com 2 redirects pool.admedo.com	715 B
2	contextweb.com 2 redirects bh.contextweb.com	788 B
2	onetag-sys.com onetag-sys.com	2 KB
2	sonobi.com sync.go.sonobi.com	991 B
2	connectad.io cdn.connectad.io sync-eu.connectad.io	935 B
2	3lift.com 1 redirects eb2.3lift.com	788 B
2	whatfinger.com choiceclips.whatfinger.com	13 KB
2	googleapis.com fonts.googleapis.com	4 KB
1	google.de adservice.google.de	853 B
1	sitescout.com 1 redirects pixel-sync.sitescout.com	313 B
1	extend.tv 1 redirects sync.extend.tv	546 B
1	bidr.io match.prod.bidr.io	430 B
1	quantserve.com 1 redirects pixel.quantserve.com	512 B
1	opera.com 1 redirects t.adx.opera.com	490 B
1	admanmedia.com 1 redirects cs.admanmedia.com	490 B
1	postrelease.com jadserve.postrelease.com	427 B
1	socdm.com 1 redirects tg.socdm.com	688 B
1	emxdgt.com cs.emxdgt.com
1	deepintent.com match.deepintent.com	44 B
1	technoratimedia.com sync.technoratimedia.com	293 B
1	ipredictive.com 1 redirects sync.ipredictive.com	428 B
1	zemanta.com 1 redirects b1sync.zemanta.com	303 B
1	stackadapt.com 1 redirects sync.srv.stackadapt.com	610 B
1	dotomi.com prebid-match.dotomi.com
1	twimg.com cdn.syndication.twimg.com	2 KB
1	cloudflare.com cdnjs.cloudflare.com	2 KB
1	dblks.net s.dblks.net	51 KB
223	60

	Domain	Requested by
71	creativedestructionmedia.com	creativedestructionmedia.com
16	rtb.gumgum.com	s.0cf.io rtb.gumgum.com
13	platform.twitter.com	creativedestructionmedia.com platform.twitter.com
13	fonts.gstatic.com	fonts.googleapis.com
12	s.0cf.io	s.dblks.net s.0cf.io onetag-sys.com rtb.gumgum.com public.servenobid.com
10	ads.servenobid.com	1 redirects s.0cf.io rtb.gumgum.com public.servenobid.com ssum-sec.casalemedia.com ssbsync.smartadserver.com
7	match.adsrvr.org	6 redirects ssum-sec.casalemedia.com
7	securepubads.g.doubleclick.net	creativedestructionmedia.com securepubads.g.doubleclick.net
6	ssbsync.smartadserver.com	1 redirects public.servenobid.com ssbsync.smartadserver.com
6	prebid.a-mo.net	6 redirects
6	sync.1rx.io	6 redirects
6	ib.adnxs.com	5 redirects
5	tpc.googlesyndication.com	creativedestructionmedia.com securepubads.g.doubleclick.net
5	cdn.ampproject.org	securepubads.g.doubleclick.net
5	cm.g.doubleclick.net	4 redirects rtb.gumgum.com
5	ap.lijit.com	5 redirects
4	dsum-sec.casalemedia.com	1 redirects ssum-sec.casalemedia.com
4	ssum.casalemedia.com	2 redirects s.0cf.io public.servenobid.com
3	www.google.com	1 redirects creativedestructionmedia.com
3	x.bidswitch.net	3 redirects
3	sync.targeting.unrulymedia.com	2 redirects public.servenobid.com
3	onesignal.com	cdn.onesignal.com
2	pagead2.googlesyndication.com	securepubads.g.doubleclick.net
2	c1.adform.net	2 redirects
2	s.amazon-adsystem.com	1 redirects ssum-sec.casalemedia.com
2	creativecdn.com	2 redirects
2	p.rfihub.com	2 redirects
2	sync-tm.everesttech.net	2 redirects ssum-sec.casalemedia.com
2	sync.mathtag.com	2 redirects
2	eus.rubiconproject.com	rtb.gumgum.com eus.rubiconproject.com
2	ad.360yield.com	2 redirects
2	ssum-sec.casalemedia.com	rtb.gumgum.com public.servenobid.com ssum-sec.casalemedia.com
2	pool.admedo.com	2 redirects
2	secure.adnxs.com	2 redirects
2	bh.contextweb.com	2 redirects
2	ads.pubmatic.com	s.0cf.io rtb.gumgum.com
2	ssc-cms.33across.com	s.0cf.io rtb.gumgum.com
2	onetag-sys.com	s.0cf.io public.servenobid.com
2	ups.analytics.yahoo.com	2 redirects
2	sync.go.sonobi.com	s.0cf.io public.servenobid.com
2	rtb.openx.net	2 redirects
2	eb2.3lift.com	1 redirects s.0cf.io
2	choiceclips.whatfinger.com	s.dblks.net choiceclips.whatfinger.com
2	cdn.onesignal.com	creativedestructionmedia.com cdn.onesignal.com
2	static.getclicky.com	creativedestructionmedia.com
2	fonts.googleapis.com	creativedestructionmedia.com
1	googleads.g.doubleclick.net	creativedestructionmedia.com
1	img.onesignal.com
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	pixel-sync.sitescout.com	1 redirects
1	token.rubiconproject.com	eus.rubiconproject.com
1	sync.extend.tv	1 redirects
1	match.prod.bidr.io	ssum-sec.casalemedia.com
1	pixel.quantserve.com	1 redirects
1	t.adx.opera.com	1 redirects
1	cs.admanmedia.com	1 redirects
1	jadserve.postrelease.com	public.servenobid.com
1	pixel.33across.com	public.servenobid.com
1	g2.gumgum.com	public.servenobid.com
1	tg.socdm.com	1 redirects
1	cs.emxdgt.com	rtb.gumgum.com
1	secure-assets.rubiconproject.com	1 redirects
1	match.deepintent.com	rtb.gumgum.com
1	sync.technoratimedia.com	rtb.gumgum.com
1	sync.ipredictive.com	1 redirects
1	pr-bh.ybp.yahoo.com	rtb.gumgum.com
1	us-u.openx.net	1 redirects
1	b1sync.zemanta.com	1 redirects
1	sync.srv.stackadapt.com	1 redirects
1	sync-eu.connectad.io	cdn.connectad.io
1	image6.pubmatic.com	ads.pubmatic.com
1	ssbsync-global.smartadserver.com	1 redirects
1	public.servenobid.com	s.0cf.io
1	prebid-match.dotomi.com	s.0cf.io
1	cdn.connectad.io	s.0cf.io
1	prebid-server.rubiconproject.com	s.0cf.io
1	cdn.syndication.twimg.com	platform.twitter.com
1	syndication.twitter.com	platform.twitter.com
1	in.getclicky.com	static.getclicky.com
1	cdnjs.cloudflare.com	creativedestructionmedia.com
1	s.dblks.net	creativedestructionmedia.com
223	82

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-05` - `2022-07-04`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2020-11-05` - `2021-11-09`	a year	crt.sh
s.dblks.net R3	`2021-09-10` - `2021-12-09`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
choiceclips.whatfinger.com Go Daddy Secure Certificate Authority - G2	`2021-08-06` - `2022-09-05`	a year	crt.sh
s.0cf.io R3	`2021-07-27` - `2021-10-25`	3 months	crt.sh
*.getclicky.com Sectigo RSA Domain Validation Secure Server CA	`2020-08-03` - `2022-08-03`	2 years	crt.sh
syndication.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-05` - `2022-02-04`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.3lift.com Amazon	`2021-06-12` - `2022-07-11`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2021-03-30` - `2022-04-04`	a year	crt.sh
connectad.io Cloudflare Inc ECC CA-3	`2021-05-16` - `2022-05-15`	a year	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2021-08-10` - `2022-09-11`	a year	crt.sh
*.gumgum.com Amazon	`2021-06-05` - `2022-07-04`	a year	crt.sh
*.go.sonobi.com Go Daddy Secure Certificate Authority - G2	`2020-12-06` - `2022-01-07`	a year	crt.sh
ads.servenobid.com Amazon	`2021-06-28` - `2022-07-27`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
onetag-sys.com R3	`2021-07-26` - `2021-10-24`	3 months	crt.sh
public.servenobid.com DigiCert TLS RSA SHA256 2020 CA1	`2021-05-22` - `2022-05-22`	a year	crt.sh
*.33across.com Sectigo RSA Domain Validation Secure Server CA	`2021-09-23` - `2022-09-30`	a year	crt.sh
*.pubmatic.com DigiCert SHA2 Secure Server CA	`2021-03-30` - `2022-04-04`	a year	crt.sh
*.pbp.bf2.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-08-18` - `2021-11-17`	3 months	crt.sh
*.technoratimedia.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-09-17` - `2022-10-05`	a year	crt.sh
*.deepintent.com Go Daddy Secure Certificate Authority - G2	`2020-04-09` - `2022-06-08`	2 years	crt.sh
*.emxdgt.com Go Daddy Secure Certificate Authority - G2	`2021-05-18` - `2022-06-19`	a year	crt.sh
*.smartadserver.com DigiCert ECC Secure Server CA	`2020-01-30` - `2022-02-03`	2 years	crt.sh
*.targeting.unrulymedia.com DigiCert SHA2 Secure Server CA	`2020-05-04` - `2022-05-09`	2 years	crt.sh
*.postrelease.com Amazon	`2021-01-28` - `2022-02-25`	a year	crt.sh
s.amazon-adsystem.com Amazon	`2021-07-14` - `2022-06-27`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
*.match.prod.bidr.io Amazon	`2021-02-26` - `2022-03-27`	a year	crt.sh
*.google.de GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
*.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh
www.google.com GTS CA 1C3	`2021-09-13` - `2021-11-20`	2 months	crt.sh

This page contains 40 frames:

Primary Page: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
Frame ID: 3407A150B3EFAB0758F48B413A8F87AF
Requests: 130 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.58065ae230495f5d9e4b6a916472b2c1.html?origin=https%3A%2F%2Fcreativedestructionmedia.com
Frame ID: 89F530BB7C0EED422AC3726DF25F91E3
Requests: 2 HTTP requests in this frame

Frame: https://s.0cf.io/?id=false
Frame ID: 6190CE18CD282C18A0D35AE412D6B0D8
Requests: 4 HTTP requests in this frame

Frame: https://platform.twitter.com/embed/Tweet.html?dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1328590759445078016&lang=en&origin=https%3A%2F%2Fcreativedestructionmedia.com%2Finvestigations%2F2020%2F12%2F02%2Fbiden-partners-and-sponsors-invested-in-dominion-voting-systems%2F&sessionId=cbb7237543ed83b17e837fec280b2343e99ebf01&theme=light&widgetsVersion=fcb1942%3A1632982954711&width=550px
Frame ID: 815E42DD33ED021BB862DCA0D75C49CD
Requests: 12 HTTP requests in this frame

Frame: https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D76%26uid%3D%24UID
Frame ID: B3DF2EE3E3EDFC4882B41385B3987A40
Requests: 1 HTTP requests in this frame

Frame: https://cdn.connectad.io/connectmyusers.php?gdpr=0&consent=0&us_privacy=0&cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D86%26uid%3D
Frame ID: 3B495A1502C70BE71551CBC42E55355A
Requests: 1 HTTP requests in this frame

Frame: https://prebid-match.dotomi.com/match/bounce/current?version=1&networkId=72582&rurl=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D10%26uid%3D
Frame ID: 09C513170A6CC42CF256D88EC1578B64
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D15%26uid%3D
Frame ID: 6D46462051E7312C514CD8A83F42F2D4
Requests: 15 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: 4149E312101787C9FBB3754CB081C621
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: 7383D5733941382370C97DCBDA11C12F
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: 2EBC111945B8EC5846DE151B7A463120
Requests: 1 HTTP requests in this frame

Frame: https://sync.go.sonobi.com/us.gif?loc=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D26%26uid%3D%5BUID%5D
Frame ID: F1738840DB521D8DAD630C2DCAD10FDA
Requests: 1 HTTP requests in this frame

Frame: https://ads.servenobid.com/sync?pid=321&uid=RX-fbf7ce1a-fb88-4262-834f-1e4765361acf-003
Frame ID: 374102E384137E795B5E4A4B3777ED6C
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: 25AC84CC7FF60480BFBB83777AB0E8DD
Requests: 1 HTTP requests in this frame

Frame: https://ssum.casalemedia.com/usermatchredir?s=191503&cb=https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F2%3FA%3D4767d6e5-825f-4738-a5e7-2a969a18822e%26bidder%3Dindex_rtb%26cbx%3DaHR0cHM6Ly9zLjBjZi5pby8jcHM9dHJ1ZSZkYmlkPWtGbE1oMTNPUm95bVRiXzZWQlF2aGctOTcxMjE5JmlkPTgxJnVpZD0%253D%26gdpr%3D0%26gdpr_consent%3D0%26uid%3D&gdpr=0&gdpr_consent=0
Frame ID: 612CA610281CB5F65DF98014BF6E395A
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?redir=https%3A%2F%2Fs.0cf.io%2Fps%2F%3Fps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D84%26uid%3D%24%7BUSER_TOKEN%7D
Frame ID: 4DD4048EFEFF2E7711F1AE2407A22B3C
Requests: 2 HTTP requests in this frame

Frame: https://public.servenobid.com/sync.html?gdpr=0&gdpr_consent=0&usp_consent=0&redirect=https%3A%2F%2Fs.0cf.io%2Fps%2F%3Fps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D85%26uid%3D%24UID
Frame ID: 0CB417DFD637FE5FEF7DA07D3F77AD97
Requests: 11 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?gdpr_58=&gdpr_consent=&ts=&ri=70&ru=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D1%26uid%3D33XUSERID33X
Frame ID: AD54D35788574AF07786133DD01F8CD6
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=0&us_privacy=0&predirect=https%3A%2F%2Fs.0cf.io%2Fps%2F%3Fps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D20%26uid%3D
Frame ID: A21F9F632A044E94A70F35ADFD3BBB56
Requests: 2 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: 81DA795B94497DD857EE476B27FAE4A4
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: C32AC532E251FE5E177D74BE4854251B
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/ps/?dbid=kFlMh13ORoymTb_6VBQvhg-971219&google_hm=2
Frame ID: 2890DD7FFEC366AE13727A87C1286DCB
Requests: 1 HTTP requests in this frame

Frame: https://sync-eu.connectad.io/syncer/1?gdpr=0&consent=0&us_privacy=0&cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D86%26uid%3D
Frame ID: 947E2312443E2BE66C13DBF6BFCE68A0
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=0
Frame ID: 0BF7C05F89221B081682974304B354DC
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=ttd&i=53d22381-4496-4355-a04c-e01fc336aea3&t=1635906038
Frame ID: B1CE2A8AC7C6D1011CDD8183B3352F50
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=gumgum
Frame ID: BD9C86A79BB79DE8B93960C5FD05C2FD
Requests: 3 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=mmh&i=af0e615a-64f6-4800-8cba-96b2e8a01908&gdpr=0&gdpr_consent=0
Frame ID: 448B73BF1F540782A537256E9CA0A80D
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=atm&i=YVpk9gAAAma-dgA6&gdpr=0&gdpr_consent=0&_test=YVpk9gAAAma-dgA6
Frame ID: 495655F222FF87A8E8BF6E9266D087F8
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV8yNmRhNzMwMC1iY2RhLTRmM2MtYmViNS1kZTk5NTU1ODY4MjA=&gdpr=0&gdpr_consent=0
Frame ID: 9E7071B89DD32D53FE19F2E9777F5291
Requests: 1 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Frame ID: C5FCF09D442EF51F69EBFC0F15B1A2FA
Requests: 1 HTTP requests in this frame

Frame: https://cs.emxdgt.com/um?redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
Frame ID: A757BBAC0AD46EC6C1CDA2B6EC73E2A4
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=sus&i=YVpk98Co8XwAAJZwEBcAAAAA
Frame ID: 782D9FBBA43F686DD88240972EF8A660
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=zet&i=1871597498527802062
Frame ID: D3DDF8A931CCE1AABAD5C5C9C9F85C43
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=rth&i=IjJGV7dw6vMrrZj1hj1i&pi=gumgum&tc=1
Frame ID: 168F08154A2ECB249D594DC3F5192C63
Requests: 1 HTTP requests in this frame

Frame: https://s.0cf.io/
Frame ID: A565BE3C44C7AB9C344D0F599C676369
Requests: 1 HTTP requests in this frame

Frame: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=0&us_privacy=0&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Frame ID: FE2C9D6418D553DBDA5DC212D471C1D4
Requests: 1 HTTP requests in this frame

Frame: https://pixel.33across.com/ps?m=xch&rt=html&id=0010b00002Mq2FYAAZ&ru=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D304%26uid%3D33XUSERID33X
Frame ID: AC95FE03D2DF98DABFB0B60BE38F2536
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=0&us_privacy=0&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Frame ID: F3B3C490C747BBCBD7E46A245D0E49B6
Requests: 1 HTTP requests in this frame

Frame: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=0&us_privacy=0&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Frame ID: 3A1F094D7A42AD96701A3C283DADE884
Requests: 6 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Frame ID: AFA835CF7876FDD6BC3857033B86D38B
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

223
Requests

98 %
HTTPS

24 %
IPv6

60
Domains

82
Subdomains

46
IPs

12
Countries

4070 kB
Transfer

8103 kB
Size

60
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 116

https://ib.adnxs.com/getuid?https://ib.adnxs.com/getuidj HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fib.adnxs.com%2Fgetuidj HTTP 302
https://ib.adnxs.com/getuidj

Request Chain 117

https://eb2.3lift.com/getuid?gdpr=&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D76%26uid%3D%24UID HTTP 302
https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D76%26uid%3D%24UID

Request Chain 122

https://ssum.casalemedia.com/usermatchredir?s=184932&cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D74%26uid%3D HTTP 302
https://ssum.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D74%26uid%3D&s=184932&C=1 HTTP 302
https://s.0cf.io/

Request Chain 123

https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D19%26uid%3D%24%7BUID%7D HTTP 302
https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D19%26uid%3D%24%7BUID%7D&ox_sc=1 HTTP 302
https://s.0cf.io/

Request Chain 124

https://ap.lijit.com/pixel?redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D25%26uid%3D%24UID HTTP 307
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D25%26uid%3D%24UID&sovrn_retry=true HTTP 307
https://s.0cf.io/

Request Chain 126

https://sync.1rx.io/usersync2/rmphb?gdpr=0&gdpr_consent=0&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D22%26uid%3D%5BRX_UUID%5D HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=7647422411 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=7647422411 HTTP 302
https://sync.1rx.io/usersync/tradedesk/79f4ca05-a807-4815-8779-028db98dbcd6 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-fbf7ce1a-fb88-4262-834f-1e4765361acf-003?redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3DRX-fbf7ce1a-fb88-4262-834f-1e4765361acf-003 HTTP 302
https://ads.servenobid.com/sync?pid=321&uid=RX-fbf7ce1a-fb88-4262-834f-1e4765361acf-003

Request Chain 127

https://ups.analytics.yahoo.com/ups/58448/occ?uid=kFlMh13ORoymTb_6VBQvhg-97121977%26uid%3D HTTP 302
https://ups.analytics.yahoo.com/ups/58448/occ?uid=kFlMh13ORoymTb_6VBQvhg-97121977%26uid%3D&verify=true HTTP 302
https://s.0cf.io/

Request Chain 128

https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=0&cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D81%26uid%3D HTTP 302
https://ib.adnxs.com/getuid?https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F0%3FA%3D4767d6e5-825f-4738-a5e7-2a969a18822e%26bidder%3Dappnexus%26cbx%3DaHR0cHM6Ly9zLjBjZi5pby8jcHM9dHJ1ZSZkYmlkPWtGbE1oMTNPUm95bVRiXzZWQlF2aGctOTcxMjE5JmlkPTgxJnVpZD0%253D%26gdpr%3D0%26gdpr_consent%3D0%26uid%3D$UID&gdpr=0&gdpr_consent=0 HTTP 302
https://prebid.a-mo.net/cchain/0?A=4767d6e5-825f-4738-a5e7-2a969a18822e&bidder=appnexus&cbx=aHR0cHM6Ly9zLjBjZi5pby8jcHM9dHJ1ZSZkYmlkPWtGbE1oMTNPUm95bVRiXzZWQlF2aGctOTcxMjE5JmlkPTgxJnVpZD0%3D&gdpr=0&gdpr_consent=0&uid=6976422120070589160&gdpr=0&gdpr_consent=0 HTTP 302
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F1%3FA%3D4767d6e5-825f-4738-a5e7-2a969a18822e%26bidder%3Dsovrn%26cbx%3DaHR0cHM6Ly9zLjBjZi5pby8jcHM9dHJ1ZSZkYmlkPWtGbE1oMTNPUm95bVRiXzZWQlF2aGctOTcxMjE5JmlkPTgxJnVpZD0%253D%26gdpr%3D0%26gdpr_consent%3D0%26uid%3D$UID&gdpr=0&gdpr_consent=0 HTTP 307
https://prebid.a-mo.net/cchain/1?A=4767d6e5-825f-4738-a5e7-2a969a18822e&bidder=sovrn&cbx=aHR0cHM6Ly9zLjBjZi5pby8jcHM9dHJ1ZSZkYmlkPWtGbE1oMTNPUm95bVRiXzZWQlF2aGctOTcxMjE5JmlkPTgxJnVpZD0=&gdpr=0&gdpr_consent=0&uid=fdb10802dd4dcfb7a17bb7b5 HTTP 302
https://ssum.casalemedia.com/usermatchredir?s=191503&cb=https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F2%3FA%3D4767d6e5-825f-4738-a5e7-2a969a18822e%26bidder%3Dindex_rtb%26cbx%3DaHR0cHM6Ly9zLjBjZi5pby8jcHM9dHJ1ZSZkYmlkPWtGbE1oMTNPUm95bVRiXzZWQlF2aGctOTcxMjE5JmlkPTgxJnVpZD0%253D%26gdpr%3D0%26gdpr_consent%3D0%26uid%3D&gdpr=0&gdpr_consent=0

Request Chain 133

https://bh.contextweb.com/rtset?pid=561205&ev=1&rurl=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D21%26uid%3D%25%25VGUID%25%25 HTTP 302
https://s.0cf.io/

Request Chain 134

https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=0&gdpr_consent=0&us_privacy=0&redirectUri=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D82%26uid%3D%5Bssb_sync_pid%5D HTTP 302
https://s.0cf.io/

Request Chain 135

https://cm.g.doubleclick.net/pixel?google_cm&google_nid=datablocks_inc&google_hm=kFlMh13ORoymTb_6VBQvhg-971219&dbid=kFlMh13ORoymTb_6VBQvhg-971219 HTTP 302
https://cm.g.doubleclick.net/pixel?google_cm=&google_nid=datablocks_inc&google_hm=kFlMh13ORoymTb_6VBQvhg-971219&dbid=kFlMh13ORoymTb_6VBQvhg-971219&google_tc= HTTP 302
https://s.0cf.io/ps/?dbid=kFlMh13ORoymTb_6VBQvhg-971219&google_hm=2

Request Chain 141

https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID HTTP 302
https://rtb.gumgum.com/usersync?b=apn&i=6976422120070589160

Request Chain 142

https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_26da7300-bcda-4f3c-beb5-de9955586820&gdpr=0&gdpr_consent=0&us_privacy= HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=gumgum2&user_id=e_26da7300-bcda-4f3c-beb5-de9955586820&gdpr=0&gdpr_consent=0&us_privacy= HTTP 302
https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2&bsw_custom_parameter=a5309b56-cc85-45fe-82e2-5c893a541cbf HTTP 302
https://pool.admedo.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2&bsw_custom_parameter=a5309b56-cc85-45fe-82e2-5c893a541cbf HTTP 302
https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=3cb9eabd-909d-4d16-b6fa-85218ce65ce1&user_group=1&ssp=gumgum2&bsw_param=a5309b56-cc85-45fe-82e2-5c893a541cbf HTTP 302
https://rtb.gumgum.com/usersync?b=bsw&i=a5309b56-cc85-45fe-82e2-5c893a541cbf

Request Chain 143

https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=0 HTTP 302
https://rtb.gumgum.com/usersync?b=sta&i=0-5019fba8-ef97-4f3c-694b-4c6bf9966140$ip$78.47.208.28

Request Chain 144

https://b1sync.zemanta.com/usersync/gumgum/?puid=e_26da7300-bcda-4f3c-beb5-de9955586820&gdpr=0&gdpr_consent=0&us_privacy= HTTP 302
https://rtb.gumgum.com/usersync?b=zem&i=&gdpr=0&gdpr_consent=0

Request Chain 145

https://sync.1rx.io/usersync2/floor6&gdpr=0&gdpr_consent=0 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=8869049199 HTTP 302
https://sync.1rx.io/usersync/tradedesk/79f4ca05-a807-4815-8779-028db98dbcd6 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-fbf7ce1a-fb88-4262-834f-1e4765361acf-003?redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3DRX-fbf7ce1a-fb88-4262-834f-1e4765361acf-003 HTTP 302
https://ads.servenobid.com/sync?pid=321&uid=RX-fbf7ce1a-fb88-4262-834f-1e4765361acf-003

Request Chain 146

https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25 HTTP 302
https://rtb.gumgum.com/usersync?b=pln&i=kDCiRvrt21BS&ev=1&pid=558355

Request Chain 147

https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=0&platformRdUrl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D HTTP 302
https://rtb.gumgum.com/usersync?b=obn&i=ENC%28iiHhxQVwBrfSZx2MzKLNClLP8nRtEML-J6RlY0LzTjDpHGP__P7RzO00thQS45LU%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26platformUid%3D%7Bplatform_uid%7D%26obuid%3DENC%28iiHhxQVwBrfSZx2MzKLNClLP8nRtEML-J6RlY0LzTjDpHGP__P7RzO00thQS45LU%29 HTTP 302
https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=e_26da7300-bcda-4f3c-beb5-de9955586820&obuid=ENC(iiHhxQVwBrfSZx2MzKLNClLP8nRtEML-J6RlY0LzTjDpHGP__P7RzO00thQS45LU) HTTP 302
https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51 HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=193091&cb=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dindxexcg%26uid%3D%24%7BUSER%7D%26obUid%3DiiHhxQVwBrfSZx2MzKLNClLP8nRtEML-J6RlY0LzTjDpHGP__P7RzO00thQS45LU

Request Chain 148

https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=0&us_privacy=&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
https://rtb.gumgum.com/usersync?b=opx&i=61b68a6d-160b-4e02-9bdb-66f6cfb4e65c&gdpr=0&gdpr_consent=0&gdpr=0&gdpr_consent=0

Request Chain 150

https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=0&us_privacy=&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dvnt%26i%3D HTTP 302
https://rtb.gumgum.com/usersync?b=vnt&i=aa6fb5f6-24b9-11ec-89be-9dff15d95565

Request Chain 153

https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D HTTP 302
https://rtb.gumgum.com/usersync?b=idi&i=98f4ca42-0951-4365-95ed-a425e8bb3373

Request Chain 154

https://ssbsync.smartadserver.com/api/sync?callerId=15 HTTP 302
https://rtb.gumgum.com/usersync?b=sad&i=2909481528823893178&gdpr=1&gdpr_consent=

Request Chain 156

https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=0 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=0 HTTP 302
https://rtb.gumgum.com/usersync?b=ttd&i=53d22381-4496-4355-a04c-e01fc336aea3&t=1635906038

Request Chain 157

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum HTTP 301
https://eus.rubiconproject.com/usync.html?p=gumgum

Request Chain 158

https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=0&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d HTTP 302
https://rtb.gumgum.com/usersync?b=mmh&i=af0e615a-64f6-4800-8cba-96b2e8a01908&gdpr=0&gdpr_consent=0

Request Chain 159

https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=0 HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=0&_test=YVpk9gAAAma-dgA6 HTTP 302
https://rtb.gumgum.com/usersync?b=atm&i=YVpk9gAAAma-dgA6&gdpr=0&gdpr_consent=0&_test=YVpk9gAAAma-dgA6

Request Chain 163

https://tg.socdm.com/aux/idsync?proto=gumgum HTTP 302
https://rtb.gumgum.com/usersync?b=sus&i=YVpk98Co8XwAAJZwEBcAAAAA

Request Chain 164

https://p.rfihub.com/cm?pub=42796&in=1 HTTP 302
https://rtb.gumgum.com/usersync?b=zet&i=1871597498527802062

Request Chain 165

https://creativecdn.com/cm-notify?pi=gumgum HTTP 302
https://creativecdn.com/cm-notify?pi=gumgum&tc=1 HTTP 302
https://rtb.gumgum.com/usersync?b=rth&i=IjJGV7dw6vMrrZj1hj1i&pi=gumgum&tc=1

Request Chain 172

https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID HTTP 302
https://ads.servenobid.com/sync?pid=312&uid=6976422120070589160

Request Chain 173

https://ap.lijit.com/pixel?redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%24UID HTTP 307
https://ads.servenobid.com/sync?pid=310&uid=fdb10802dd4dcfb7a17bb7b5

Request Chain 174

https://sync.1rx.io/usersync2/rmpssp?sub=duration&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=8301246104 HTTP 302
https://sync.1rx.io/usersync/tradedesk/53d22381-4496-4355-a04c-e01fc336aea3 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-fbf7ce1a-fb88-4262-834f-1e4765361acf-003

Request Chain 176

https://cs.admanmedia.com/sync/durationmedia?redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D328%26uid%3D%7B%24UID%7D HTTP 302
https://ads.servenobid.com/sync?pid=328&uid=c670bc1db7b3ed1d5f9fcb1f26b01d93bb1181d0

Request Chain 177

https://p.rfihub.com/cm?pub=44007&in=1 HTTP 302
https://ads.servenobid.com/sync?pid=324&uid=1875819623002229802

Request Chain 179

https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=0&us_privacy=0&&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D327%26uid%3D HTTP 302
https://ib.adnxs.com/getuid?https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F0%3FA%3D70bac03d-c247-4caa-b5f0-f9680f29f7a7%26bidder%3Dappnexus%26cbx%3DaHR0cHM6Ly9hZHMuc2VydmVub2JpZC5jb20vc3luYz9waWQ9MzI3JnVpZD0%253D%26gdpr%3D0%26gdpr_consent%3D0%26uid%3D$UID&gdpr=0&gdpr_consent=0 HTTP 302
https://prebid.a-mo.net/cchain/0?A=70bac03d-c247-4caa-b5f0-f9680f29f7a7&bidder=appnexus&cbx=aHR0cHM6Ly9hZHMuc2VydmVub2JpZC5jb20vc3luYz9waWQ9MzI3JnVpZD0%3D&gdpr=0&gdpr_consent=0&uid=6976422120070589160&gdpr=0&gdpr_consent=0 HTTP 302
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F1%3FA%3D70bac03d-c247-4caa-b5f0-f9680f29f7a7%26bidder%3Dsovrn%26cbx%3DaHR0cHM6Ly9hZHMuc2VydmVub2JpZC5jb20vc3luYz9waWQ9MzI3JnVpZD0%253D%26gdpr%3D0%26gdpr_consent%3D0%26uid%3D$UID&gdpr=0&gdpr_consent=0 HTTP 307
https://prebid.a-mo.net/cchain/1?A=70bac03d-c247-4caa-b5f0-f9680f29f7a7&bidder=sovrn&cbx=aHR0cHM6Ly9hZHMuc2VydmVub2JpZC5jb20vc3luYz9waWQ9MzI3JnVpZD0=&gdpr=0&gdpr_consent=0&uid=fdb10802dd4dcfb7a17bb7b5 HTTP 302
https://ssum.casalemedia.com/usermatchredir?s=191503&cb=https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F2%3FA%3D70bac03d-c247-4caa-b5f0-f9680f29f7a7%26bidder%3Dindex_rtb%26cbx%3DaHR0cHM6Ly9hZHMuc2VydmVub2JpZC5jb20vc3luYz9waWQ9MzI3JnVpZD0%253D%26gdpr%3D0%26gdpr_consent%3D0%26uid%3D&gdpr=0&gdpr_consent=0

Request Chain 180

https://t.adx.opera.com/pub/sync?r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D335%26uid%3D HTTP 302
https://ads.servenobid.com/sync?operaUid=07468273133d427a85a0fae77a4d154c&pid=335&uid=

Request Chain 181

https://ads.servenobid.com/getsync?redirect=https%3A%2F%2Fs.0cf.io%2Fps%2F%3Fps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D85%26uid%3D%24UID HTTP 302
https://s.0cf.io/ps/?ps=true&dbid=kFlMh13ORoymTb_6VBQvhg-971219&id=85&uid=

Request Chain 182

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YVpk9vsuBh6aPyyq-RArPAAABIcAAAIB HTTP 302
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YVpk9vsuBh6aPyyq-RArPAAABIcAAAIB&dcc=t

Request Chain 183

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YVpk9vsuBh6aPyyq-RArPAAABIcAAAIB&gdpr_consent=&us_privacy=&gdpr=1 HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEKvJCC-FNA9aQnytYJnSrT4&google_cver=1

Request Chain 185

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YVpk9vsuBh6aPyyq.RArPAAA HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESELJDTz35n-SQYGvzSR_yZMQ&google_cver=1&gdpr=1&google_hm=2

Request Chain 186

https://pixel.quantserve.com/pixel/p-Z8PuJEk6U7Hyq.gif?idmatch=0&gdpr=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&gdpr=1&external_user_id=xe1MlsXoH8He5R_EkrhUxJXuHMDe7x_OkOjC8eKY

Request Chain 188

https://sync.extend.tv/r.gif?exchange=index HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=2788cad2-fcfe-41d7-be90-014dadeff662

Request Chain 194

https://secure.adnxs.com/getuid?https%3A%2F%2Fssbsync.smartadserver.com%2Fapi%2Fsync%3Fcallerid%3D9%26gdpr%3D0%26gdpr_consent%3D0%26partnerid%3D86%26buid%3D$UID&gdpr=0&gdpr_consent=0 HTTP 302
https://ssbsync.smartadserver.com/api/sync?callerid=9&gdpr=0&gdpr_consent=0&partnerid=86&buid=6976422120070589160&gdpr=0&gdpr_consent=0

Request Chain 195

https://pixel-sync.sitescout.com/dmp/pixelSync?gdpr=0&gdpr_consent=0&nid=64&redir=https%3A%2F%2Fssbsync.smartadserver.com%2Fapi%2Fsync%3Fcallerid%3D9%26gdpr%3D0%26gdpr_consent%3D0%26partnerid%3D68%26partneruserid%3D%7BuserId%7D HTTP 302
https://ssbsync.smartadserver.com/api/sync?callerid=9&gdpr=0&gdpr_consent=0&partnerid=68&partneruserid=no-consent

Request Chain 196

https://sync.mathtag.com/sync/img?gdpr=0&gdpr_consent=0&mt_exid=39&redir=https%3A%2F%2Fssbsync.smartadserver.com%2Fapi%2Fsync%3Fcallerid%3D9%26gdpr%3D0%26gdpr_consent%3D0%26partnerid%3D25%26partneruserid%3D%5BMM_UUID%5D HTTP 302
https://ssbsync.smartadserver.com/api/sync?callerid=9&gdpr=0&gdpr_consent=0&partnerid=25&partneruserid=af0e615a-64f6-4800-8cba-96b2e8a01908

Request Chain 197

https://c1.adform.net/serving/cookie/match?gdpr=0&gdpr_consent=0&party=10&sspurl=https%3A%2F%2Fssbsync.smartadserver.com%2Fapi%2Fsync%3Fcallerid%3D9%26gdpr%3D0%26gdpr_consent%3D0%26partnerid%3D22%26buid%3DYOUR_USER_ID HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&gdpr=0&gdpr_consent=0&party=10&sspurl=https%3A%2F%2Fssbsync.smartadserver.com%2Fapi%2Fsync%3Fcallerid%3D9%26gdpr%3D0%26gdpr_consent%3D0%26partnerid%3D22%26buid%3DYOUR_USER_ID HTTP 302
https://ssbsync.smartadserver.com/api/sync?callerid=9&gdpr=0&gdpr_consent=0&partnerid=22&buid=5836818027542155553&gdpr=0&gdpr_consent=0

Request Chain 223

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

223 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/ 227 KB
41 KB 1043ms
1015ms Document
text/html 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 445a2a94630e3335b5e2e53a6c914ad5aa9d96fdd7b2c76bd56646aeba083a1d

Request headers

:method: GET
:authority: creativedestructionmedia.com
:scheme: https
:path: /investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Mon, 04 Oct 2021 02:20:36 GMT
content-type: text/html; charset=UTF-8
link: <https://creativedestructionmedia.com/wp-json/>; rel="https://api.w.org/", <https://creativedestructionmedia.com/wp-json/wp/v2/posts/21932>; rel="alternate"; type="application/json", <https://cdm.press/mF>; rel=shortlink
set-cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475; expires=Mon, 04-Oct-2021 02:50:35 GMT; Max-Age=1800; path=/
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1RihvJ4G07zTyn3HS4qZ4ZoqMsHHvEYpaPASe%2FC1mFHrcAGQO49w4sS0Cv518KLjUbTAnkZAEgjDRrT09OMPVD0fJGX3Pckhzpkl1Duvi5YWud65iG1Ul%2BNbaKU9vvhPgm%2FdJCmh43E55Ko1zPve5bXAkjOjo5HbPaLJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 698aee91a98ed6c1-FRA
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 style.min.css
creativedestructionmedia.com/wp-includes/css/dist/block-library/ 79 KB
11 KB 360ms
360ms Stylesheet
text/css 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://creativedestructionmedia.com/wp-includes/css/dist/block-library/style.min.css?ver=5.8.1
Requested by: Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a

Request headers

:path: /wp-includes/css/dist/block-library/style.min.css?ver=5.8.1
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:36 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Fri, 13 Aug 2021 12:41:42 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WlnlUtHbtARAIlimbMP8icbosN45tZV79bUf%2B9PKKl3x6xhfA8nlHzeYJ5Pq8TadoO%2BRKz8mPPw279su2FF310fQQ67VwglHzhFg0AdM1iEeGcmVFN7BmOmwOhrYeJn2KHFMfRexIMQ%2Blg4kmkmfxNtl%2Bz1fN5L9FOgC"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 698aee989ca4d6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 single-shortcode.css
creativedestructionmedia.com/wp-content/plugins/penci-framework/assets/css/ 27 KB
4 KB 351ms
350ms Stylesheet
text/css 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://creativedestructionmedia.com/wp-content/plugins/penci-framework/assets/css/single-shortcode.css?ver=5.8.1
Requested by: Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 71d67862610b80dc5c9a9ceb03f4bf2e2e6305b17e490a32fec5139c40b00ba1

Request headers

:path: /wp-content/plugins/penci-framework/assets/css/single-shortcode.css?ver=5.8.1
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:36 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Tue, 26 Jan 2021 06:46:17 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dGsqcOMI4Q1bpI%2FMlvV29cJwirVdeZWyNtSFMJwX7h7wCmEDQAxhjWbjVqip5dga77voF4y6gzpO5wN7IKsjXjZdIRNmJBmy5ynOa4%2FCsYgVp9TqEEWTSQH9ufR3cnr32vOFz3C7va4iPO0LeasNdPci7eoWE9nMYb0U"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 698aee98acaad6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 theme.css
creativedestructionmedia.com/wp-content/plugins/popup-builder/public/css/ 70 KB
11 KB 351ms
350ms Stylesheet
text/css 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://creativedestructionmedia.com/wp-content/plugins/popup-builder/public/css/theme.css?ver=4.0.4
Requested by: Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 96344c48276b6477946734dfa6f60c187fa33d371c0f4bc2156edc0e2868617c

Request headers

:path: /wp-content/plugins/popup-builder/public/css/theme.css?ver=4.0.4
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:36 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Thu, 09 Sep 2021 15:04:07 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SI%2BCYS%2F2SSIfc60MdPRzdw0ZlZqbiC17OIgSYbbH2kw3AXQNfwm0RjSdYeBGzP8yikyZoXt1aAB91RvY%2F2m%2Bfhop9pwAWB6lxD0FYmo27RIbNP%2FsQmAh6rVjW6fI0otwLR5yrZKTCbGz%2BFx3yR05lqUpd4Q%2FhaArStKt"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 698aee98acacd6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 frontend.min.css
creativedestructionmedia.com/wp-content/plugins/wp-user-avatar/assets/css/ 70 KB
11 KB 355ms
354ms Stylesheet
text/css 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://creativedestructionmedia.com/wp-content/plugins/wp-user-avatar/assets/css/frontend.min.css?ver=3.1.18
Requested by: Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8adc377a6a5c1d3a9ab10793c57b6dc6fdfcff0de61f52dda905da037d1c1e7c

Request headers

:path: /wp-content/plugins/wp-user-avatar/assets/css/frontend.min.css?ver=3.1.18
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:36 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Thu, 09 Sep 2021 15:04:09 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N4uZF3k%2FOXZ04pMV9AA0k46p9CcuM0C8Qh5uuexttJGQeu3m6VRhb24Sm%2BrUWyeIIMpd75rnMqnAyvm21lglpM9u%2FrpD760AwSNwQG9j39UFSJ5cO2r%2FmOGNMCb5hkO915CPygcN2pGLMHyxoJBXbOO5UWeuU87WxzDx"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 698aee98acadd6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 flatpickr.min.css
creativedestructionmedia.com/wp-content/plugins/wp-user-avatar/assets/flatpickr/ 16 KB
3 KB 354ms
353ms Stylesheet
text/css 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://creativedestructionmedia.com/wp-content/plugins/wp-user-avatar/assets/flatpickr/flatpickr.min.css?ver=3.1.18
Requested by: Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 661e00570c65c29528d9ce6ee19e5e9939986716c293def67b07f8b6a191b018

Request headers

:path: /wp-content/plugins/wp-user-avatar/assets/flatpickr/flatpickr.min.css?ver=3.1.18
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:36 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Thu, 09 Sep 2021 15:04:09 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E5UsgMjPmmkNs50Leawy9cmFB62JU2wslOlTtCc9Un8IhVqIcNttTwYEcvxuPE2Ed1lSFa%2FSapsQuaslUU9giquiMvTPQj6d0FDxrC288NHy2N43x44gXvL4nabRRQaAAO%2BdoFHcZyza1xe6pjpkBsEUASE4%2FUoSK9F7"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 698aee98acaed6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 select2.min.css
creativedestructionmedia.com/wp-content/plugins/wp-user-avatar/assets/select2/ 15 KB
2 KB 364ms
363ms Stylesheet
text/css 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://creativedestructionmedia.com/wp-content/plugins/wp-user-avatar/assets/select2/select2.min.css?ver=5.8.1
Requested by: Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 044efea78208376302aad3808aaabdf3c2f7bdd80ba9d55c9e0e4d3baa7a3908

Request headers

:path: /wp-content/plugins/wp-user-avatar/assets/select2/select2.min.css?ver=5.8.1
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:36 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Thu, 09 Sep 2021 15:04:09 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a0f6zshJ04PI4RNHJikIow3%2F7S0VdZrmqiwKRTLwc2frNL8Q29%2BDfrVZUdbWrKV9McFcUpP2AyC5lUn%2FMGBkQ2OCY1MXI%2Fd%2BMRbS3On287LgSKb3GT5hCMUwpCAxTjZ63c%2F%2Bpu1LsM0aZSIUVwiJqhhXMC6gH8D2NYFW"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 698aee98acafd6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 font-awesome.min.css
creativedestructionmedia.com/wp-content/themes/pennews/css/ 33 KB
8 KB 364ms
363ms Stylesheet
text/css 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://creativedestructionmedia.com/wp-content/themes/pennews/css/font-awesome.min.css?ver=4.5.2
Requested by: Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 74a67b8c7ae08c6d59dc50172516683401d19b8495c83b3be490ea3dce522193

Request headers

:path: /wp-content/themes/pennews/css/font-awesome.min.css?ver=4.5.2
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:36 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Tue, 26 Jan 2021 06:45:52 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xvOv3HFkTojFAb1xGH2OWsiQB6hqVOVOXTFhlzWxPm4wbKOuFQ8lWXxADamGhmio0bBfkbzoHNjxD3BdnyFe0mMhwulyjhtDhfNm120lzt8JsPL69AJgGIOuqSTZtmih4iYw1MItoHJbotyGgmlSzEaL6BY%2B9HKL4yfg"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 698aee98acb0d6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 css
fonts.googleapis.com/ 71 KB
3 KB 42ms
20ms Stylesheet
text/css 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C700%2C700italic%2C800%2C800italic%7CMukta+Vaani%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C700%2C700italic%2C800%2C800italic%7COswald%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C700%2C700italic%2C800%2C800italic%7CTeko%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C700%2C700italic%2C800%2C800italic%7CUltra%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C700%2C700italic%2C800%2C800italic%7CVollkorn%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C700%2C700italic%2C800%2C800italic%7COpen+Sans%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C700%2C700italic%2C800%2C800italic%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C700%2C700italic%2C800%2C800italic%26subset%3Dcyrillic%2Ccyrillic-ext%2Cgreek%2Cgreek-ext%2Clatin-ext

Requested by

Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d8cf31a944f541412d8104a1cd4fdb03456cc84b1372366d48a1f23e63f5ed5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 04 Oct 2021 02:20:36 GMT
server: ESF
date: Mon, 04 Oct 2021 02:20:36 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"
expires: Mon, 04 Oct 2021 02:20:36 GMT

GET
H2 200 portfolio.css
creativedestructionmedia.com/wp-content/themes/pennews/css/ 22 KB
4 KB 353ms
353ms Stylesheet
text/css 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://creativedestructionmedia.com/wp-content/themes/pennews/css/portfolio.css?ver=6.6.0
Requested by: Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 487ef2c201c33553c12eb0d7b9360be8e16ee7770aa7b9b42368e4a442df53fc

Request headers

:path: /wp-content/themes/pennews/css/portfolio.css?ver=6.6.0
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:36 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Tue, 26 Jan 2021 06:45:52 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x2r27gbEJgERaRHI5JKqrQnAqFLwsqplQRVt3F%2BhJ1uqX5TW%2B8JY28dHXdXZwsEoxyZdW%2F7Z884%2BZzO3kLtLTcF2DHrBWDtwN1pmTDb8gPxcNYtHqW11VTlWp2pcQAf8N6mkt9orx8ZkU8REKrsu9QegZkbQ7C5AbIEA"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 698aee98acb1d6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 style.css
creativedestructionmedia.com/wp-content/themes/pennews/ 1 MB
111 KB 356ms
356ms Stylesheet
text/css 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://creativedestructionmedia.com/wp-content/themes/pennews/style.css?ver=6.6.0
Requested by: Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7978f600c21a2f4c699ce636d2754ed0acfa27d6f04686c3f835bd5b92110ad6

Request headers

:path: /wp-content/themes/pennews/style.css?ver=6.6.0
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:36 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Tue, 26 Jan 2021 06:45:52 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ETPGlvTcfTdmcR2bcde1XJyG7BiAB20AywKmjCa5%2FNF48fBy2F7WCxaqVGecqJm74myedWZ0KMEQk074SenHCFp6GWT%2BaKHQV2ROmNwwTBw5bVYDfc3DSDJy7vymaDbdXhRHvhWh4OQrqHSdww4iKnfoHo4mCSbfps3x"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 698aee98acb3d6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 style.css
creativedestructionmedia.com/wp-content/plugins/newsletter/ 6 KB
2 KB 348ms
347ms Stylesheet
text/css 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://creativedestructionmedia.com/wp-content/plugins/newsletter/style.css?ver=7.2.5
Requested by: Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff7cbd7d791c0f01f1b7db211981bb0506701f663e9e41422586b9e625753ba3

Request headers

:path: /wp-content/plugins/newsletter/style.css?ver=7.2.5
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Thu, 09 Sep 2021 15:04:02 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2PAP1Y54qeHRmIb2%2BPE5pchtKq85hnXpD3YPQSKJhRINnGDMAemDUIR7s59uEWfqYKvfesUYi6CxTYue%2BXzYR%2F%2Bibme%2BCCvarSh8Hq0E1ll5mjPgBKVE4iP3JKS6H9m%2BdlKp%2F1PD5W64Ed221%2Fyku3Em1iRg0uyy1G90"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 698aee994cf2d6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 leads.css
creativedestructionmedia.com/wp-content/plugins/newsletter-leads/css/ 7 KB
2 KB 345ms
345ms Stylesheet
text/css 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://creativedestructionmedia.com/wp-content/plugins/newsletter-leads/css/leads.css?ver=1.2.6
Requested by: Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b3f0ed765c9f657feebd39a591a59fee3dbd0708c98c25bfcba474dd735774cd

Request headers

:path: /wp-content/plugins/newsletter-leads/css/leads.css?ver=1.2.6
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Thu, 09 Sep 2021 15:04:05 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tzNqUSiIshcbA%2F%2FfcK6c1gqNPiWzp6MLmUgjbVYPw8F3KL50r006kmsYc04gHy1tw9b67ZhjK3ogBxMNKdYovcFSG388Z9FD%2F9igAwr3Pr69eyOnC0tsJFAj%2BOZm7OrPCzGKDdRkZ%2Fm7GrjBXvlXHsBFfrryNW0U5zHQ"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 698aee994cf3d6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 email-decode.min.js Show response
creativedestructionmedia.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 9ms
9ms Script
application/javascript 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://creativedestructionmedia.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 29 Sep 2021 11:33:04 GMT
server: cloudflare
etag: W/"61544ef0-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oYF8JONf%2BvRIbGtEpe%2FDfOAB8XA6MQRbCeCmLS542rqmRYZy5RJmU%2FitePDNkHkpI5Yi49v8EQPV0p6eeONgUagHeh2kLeY36vl4%2Bt8IYAOT6%2BepKr440z1sonyD0mXp%2BzhUTAslv9EDnaKmE1BuFNgqhq4BkRmesSrb"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800 public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 698aee994cf4d6c1-FRA
vary: Accept-Encoding
expires: Wed, 06 Oct 2021 02:20:36 GMT

GET
H2 200 Color-209x45.png
creativedestructionmedia.com/wp-content/uploads/2019/02/ 9 KB
9 KB 14ms
13ms Image
image/png 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://creativedestructionmedia.com/wp-content/uploads/2019/02/Color-209x45.png
Requested by: Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f407a07bbc292cdf43c203945bfa640c114c28a0ff126611a134180e17617e5c

Request headers

:path: /wp-content/uploads/2019/02/Color-209x45.png
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:36 GMT
cf-cache-status: HIT
last-modified: Sat, 09 Feb 2019 14:52:53 GMT
server: cloudflare
age: 5142
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XChtjVSYOV6nfYFrw3k5hbZHCQObdGqUDAfjTd82v2xHtMQIoELo0VsNCxk%2FE%2Br4TnEMwaMQ40ESopCwU3UFDosD808LEddKGbiHtVX2BgFpPZWrwT7Iqu%2FQlNpRi1mnR5jdzs7jaR0%2BnhQO0Cg9zeRfrpboJkES%2B8Nq"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 698aee99fd3ed6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 8809

GET
H2 200 GE-150x150.jpg
creativedestructionmedia.com/wp-content/uploads/2020/09/ 5 KB
6 KB 354ms
354ms Image
image/jpeg 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://creativedestructionmedia.com/wp-content/uploads/2020/09/GE-150x150.jpg
Requested by: Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3a6f4aedd821d08de014b311e9a9a6208499b5c461e49f0fb769e77495564b91

Request headers

:path: /wp-content/uploads/2020/09/GE-150x150.jpg
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
cf-cache-status: REVALIDATED
last-modified: Fri, 18 Sep 2020 17:03:23 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3kgv46ixe5bxt0Mk14PhQO1jhfUS475ivM027356HWLaFgapouk%2Bibch5Of2%2BRFyJGrgNHXHalQ1VYXSL4WeWZkoj0u0%2BEXK11APO2KJyyi6BqXIFyq9lWmC7ms7viDt0EKdU2AR9K9h6N1s3ZONiJE2ImjavJiG5vCv"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 698aee99fd41d6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 5552

GET
H2 200 Icon-512x512-50x50.jpg
creativedestructionmedia.com/wp-content/uploads/2019/02/ 2 KB
2 KB 16ms
15ms Image
image/jpeg 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://creativedestructionmedia.com/wp-content/uploads/2019/02/Icon-512x512-50x50.jpg
Requested by: Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 348526eb2bc1407316f8c681d30513df971b67b83fb57cdcd32c4e461ea56d49

Request headers

:path: /wp-content/uploads/2019/02/Icon-512x512-50x50.jpg
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:36 GMT
cf-cache-status: HIT
last-modified: Sun, 10 Feb 2019 15:48:19 GMT
server: cloudflare
age: 2631
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0M7vmYHITxhZw99kLtuyH7R%2F4zPGO7saKLA4p2F2BSkYRLHJU22BjUXXB0aaeqQ%2FGszlZiAgqIWrMf3sgjgcNt2xXl%2BjTHJ%2FNjjtRaoQ%2BDLlOfHpigVebShngdUqqexrBnk76Lop6cz%2BrS0oWPfyY9yebt93ZS4FumgT"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 698aee9a0d42d6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 1573

GET
H2 200 Color-417x90.png
creativedestructionmedia.com/wp-content/uploads/2019/02/ 17 KB
17 KB 19ms
18ms Image
image/png 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://creativedestructionmedia.com/wp-content/uploads/2019/02/Color-417x90.png
Requested by: Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f5e031863afc70ff89bde055fe5405cc8758808cfa3629d997adbb2acf6bd5cf

Request headers

:path: /wp-content/uploads/2019/02/Color-417x90.png
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:36 GMT
cf-cache-status: HIT
last-modified: Sun, 10 Feb 2019 14:46:56 GMT
server: cloudflare
age: 5142
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B90F4PPC0GIq6GFDYNqfE7Mo%2FZG6lq7890m%2FwZDhjyryyEEo96%2Fnm1N61D%2B4xpk%2FJdpopZwc8idkt7xr4xwbbpJSfPYXD5%2BMTHo%2Fo%2Fwe3ts52Vuop%2B0PfmU7MhRV4GlrmfPuLgAjbK%2BkYLQKU5A%2FT3GZQySOgWYRGpWt"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 698aee9a0d44d6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 17401

GET
H2 200 Color-116x25.png
creativedestructionmedia.com/wp-content/uploads/2019/02/ 5 KB
5 KB 15ms
14ms Image
image/png 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://creativedestructionmedia.com/wp-content/uploads/2019/02/Color-116x25.png
Requested by: Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 29442b94e9fb88ea19926e07a72876dffccfaeb76782f69a2037576e3b415c26

Request headers

:path: /wp-content/uploads/2019/02/Color-116x25.png
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:36 GMT
cf-cache-status: HIT
last-modified: Sun, 10 Feb 2019 14:59:54 GMT
server: cloudflare
age: 5142
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JsS35fxwoVP7plmYKnsF7pqqYKEANLcxk5mCeYdNi1Ql8C%2BlCml0ywE4D8bSNjsCKXKBQYV2anTx9%2FQYGIGQoiqn1i7kq1dNL70KzYmAH5nd1MZRv62bqTQBDJUeCnTpbo9VY0XMn9SbWey7NS1DUxKNGgMTrqgnuVt7"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 698aee9a0d45d6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 4612

GET
H2 200 css
fonts.googleapis.com/ 2 KB
595 B 21ms
19ms Stylesheet
text/css 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Vollkorn&ver=5.8.1

Requested by

Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3c9f560c4ac439b04894d5fcaf686d6b8d6bbf852c23553a82b663c114d9d29

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 04 Oct 2021 02:20:36 GMT
server: ESF
date: Mon, 04 Oct 2021 02:20:36 GMT
x-frame-options: SAMEORIGIN
report-to: {"group":"AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"}]}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only: same-origin; report-to="AZM8iraMxxUfRnRum-EGst9UuHcPNVSf9Kp1_90wIgU"
expires: Mon, 04 Oct 2021 02:20:36 GMT

GET
H2 200 badge.gif
static.getclicky.com/media/links/ 241 B
631 B 45ms
17ms Image
image/gif 2606:4700::6810:dd1d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.getclicky.com/media/links/badge.gif
Requested by: Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:dd1d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c93b5f9c2d83611b9a9ba0333b0b499b385cdce2aee9edaac6daf8a134cf5555

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:36 GMT
cf-cache-status: HIT
age: 19793
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 241
last-modified: Wed, 13 Apr 2016 00:13:35 GMT
server: cloudflare
etag: "570d8f2f-f1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 698aee9aca6b4e38-FRA
x-proxy-cache: HIT
expires: Mon, 11 Oct 2021 02:20:36 GMT

GET
H2 200 rocket-loader.min.js Show response
creativedestructionmedia.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 16ms
16ms Script
application/javascript 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://creativedestructionmedia.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 29 Sep 2021 11:33:04 GMT
server: cloudflare
etag: W/"61544ef0-302c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=39GLufo2orxUKGV2HgVIHmtJrrWTe3Pup08fR%2FeXyDc0xZc5g8O75hEiYGxJUn%2BcTsLKDDLvBSxQJNVs32xVnv4VmlxdQ3rNYkp8GuvZkwg33h%2FEDTCqs8h9ROWB4QhqqpHxybIItopy0RtJOr1HwWsPj1KdyVxXqJq4"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800 public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 698aee9aada1d6c1-FRA
vary: Accept-Encoding
expires: Wed, 06 Oct 2021 02:20:36 GMT

GET
H2 200 weathericons-regular-webfont.woff2
creativedestructionmedia.com/wp-content/themes/pennews/fonts/ 44 KB
44 KB 17ms
15ms Font
font/woff2 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://creativedestructionmedia.com/wp-content/themes/pennews/fonts/weathericons-regular-webfont.woff2
Requested by: Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/wp-content/themes/pennews/css/font-awesome.min.css?ver=4.5.2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9327647771c09df82095dba3591c77cca41a9cedca948ae01e7fb70c690dcbd5

Request headers

sec-fetch-mode: cors
origin: https://creativedestructionmedia.com
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
sec-fetch-dest: font
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
:path: /wp-content/themes/pennews/fonts/weathericons-regular-webfont.woff2
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept: */*
cache-control: no-cache
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/wp-content/themes/pennews/css/font-awesome.min.css?ver=4.5.2
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://creativedestructionmedia.com/wp-content/themes/pennews/css/font-awesome.min.css?ver=4.5.2
Origin: https://creativedestructionmedia.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
cf-cache-status: HIT
last-modified: Tue, 26 Jan 2021 06:45:52 GMT
server: cloudflare
age: 3581
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3ErhGjY48NMdhkAJl%2Bbb607v5yOY0Xdl8doaBx%2BxWu3QEOUSAHoDtUOSz%2BpcjNiUDc%2BoNhMZsXFVOW73Uv1VknJdLZR7Hb7nk45UpH9OTjXonnrL3MtTPNqP50aHEWqiJ8x5aNObZE%2FRVBI8GxAe4I%2BmzZKZkYEr52wf"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 698aee9b9e03d6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 44720

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 15 KB
16 KB 38ms
6ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C700%2C700italic%2C800%2C800italic%7CMukta+Vaani%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C700%2C700italic%2C800%2C800italic%7COswald%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C700%2C700italic%2C800%2C800italic%7CTeko%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C700%2C700italic%2C800%2C800italic%7CUltra%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C700%2C700italic%2C800%2C800italic%7CVollkorn%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C700%2C700italic%2C800%2C800italic%7COpen+Sans%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C700%2C700italic%2C800%2C800italic%3A300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C700%2C700italic%2C800%2C800italic%26subset%3Dcyrillic%2Ccyrillic-ext%2Cgreek%2Cgreek-ext%2Clatin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://creativedestructionmedia.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 16:31:40 GMT
x-content-type-options: nosniff
age: 380937
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:28 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 29 Sep 2022 16:31:40 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 16 KB
16 KB 43ms
11ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://creativedestructionmedia.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 16:31:43 GMT
x-content-type-options: nosniff
age: 380934
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:21 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 29 Sep 2022 16:31:43 GMT

GET
H2 200 fontawesome-webfont.woff2
creativedestructionmedia.com/wp-content/themes/pennews/fonts/ 75 KB
76 KB 21ms
19ms Font
font/woff2 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://creativedestructionmedia.com/wp-content/themes/pennews/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/wp-content/themes/pennews/css/font-awesome.min.css?ver=4.5.2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

sec-fetch-mode: cors
origin: https://creativedestructionmedia.com
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
sec-fetch-dest: font
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
:path: /wp-content/themes/pennews/fonts/fontawesome-webfont.woff2?v=4.7.0
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept: */*
cache-control: no-cache
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/wp-content/themes/pennews/css/font-awesome.min.css?ver=4.5.2
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://creativedestructionmedia.com/wp-content/themes/pennews/css/font-awesome.min.css?ver=4.5.2
Origin: https://creativedestructionmedia.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
cf-cache-status: HIT
last-modified: Tue, 26 Jan 2021 06:45:52 GMT
server: cloudflare
age: 3581
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JRSBS4AztRiRqFyrM5Wn276P6J%2BVRyU%2BCRg0KMyKOwcu2c3hh2zzEd9GpQ446UH1pVXEEtYY9G%2FNdQ%2FYCplkb%2FA%2FbDBJK6SnEj%2FEPKlznn8ZGT6S%2F8DYsQBo%2BUP8whk0C%2B9GIy6zdkZJYg0TSBP7RrzSCZSwScx1S2S8"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 698aee9b9e04d6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 77160

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ 15 KB
15 KB 45ms
13ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://creativedestructionmedia.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 17:27:37 GMT
x-content-type-options: nosniff
age: 550380
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 27 Sep 2022 17:27:37 GMT

GET
H2 200 TK3iWkUHHAIjg752GT8G.woff2
fonts.gstatic.com/s/oswald/v40/ 31 KB
31 KB 47ms
16ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/oswald/v40/TK3iWkUHHAIjg752GT8G.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d287da709652059aee8af366398fb5597fa3bf2e9cbe53b7c8ffe3da44f19ff8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://creativedestructionmedia.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 03 Oct 2021 17:32:54 GMT
x-content-type-options: nosniff
age: 31663
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31624
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:16:38 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 03 Oct 2022 17:32:54 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v26/ 44 KB
44 KB 53ms
22ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v26/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

538dd4ff6e384a44155168326ac40a6c20a93cd212b1fbf88ae7b0c44f9ab0bd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://creativedestructionmedia.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Thu, 30 Sep 2021 17:04:31 GMT
x-content-type-options: nosniff
age: 292566
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44760
x-xss-protection: 0
last-modified: Thu, 23 Sep 2021 16:50:17 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Fri, 30 Sep 2022 17:04:31 GMT

GET
H2 200 0yb9GDoxxrvAnPhYGxkpaE0.woff2
fonts.gstatic.com/s/vollkorn/v13/ 44 KB
44 KB 56ms
25ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/vollkorn/v13/0yb9GDoxxrvAnPhYGxkpaE0.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fb0ad599d3809326fef11065865a13998fabbfbacea5700721592a37a54bc731

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://creativedestructionmedia.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Fri, 01 Oct 2021 13:47:05 GMT
x-content-type-options: nosniff
age: 218012
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44928
x-xss-protection: 0
last-modified: Thu, 28 Jan 2021 21:07:32 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 01 Oct 2022 13:47:05 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 15 KB
15 KB 40ms
20ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://creativedestructionmedia.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 16:31:40 GMT
x-content-type-options: nosniff
age: 380937
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15732
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:20 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 29 Sep 2022 16:31:40 GMT

GET
H2 200 Color-417x90-1.png
creativedestructionmedia.com/wp-content/uploads/2019/02/ 17 KB
17 KB 17ms
16ms Image
image/png 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://creativedestructionmedia.com/wp-content/uploads/2019/02/Color-417x90-1.png
Requested by: Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f5e031863afc70ff89bde055fe5405cc8758808cfa3629d997adbb2acf6bd5cf

Request headers

:path: /wp-content/uploads/2019/02/Color-417x90-1.png
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
cf-cache-status: HIT
last-modified: Sun, 10 Feb 2019 14:51:42 GMT
server: cloudflare
age: 4830
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yarfusNqjt%2FzUbCxDaqbOWnSG5gbuPPjuMPdxw16zS2aap55gZovfsyTVX%2B%2FcKbMQnYH9MQFLQSVJJ9pupRw2%2BTxy56kDj94XMsVk4NCKR7v3vlDJnkaemOz183VNB3xSu2VLAMRtoBiHczqPYN8JgR6O6LgE3L0s5fL"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 698aee9bce24d6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 17401

GET
H2 200 KFOkCnqEu92Fr1Mu51xIIzI.woff2
fonts.gstatic.com/s/roboto/v29/ 17 KB
17 KB 16ms
14ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOkCnqEu92Fr1Mu51xIIzI.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

46375ee9192c1e0f6eabe4d32b2a48b996b93037f7b4beb970df5b87359548fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://creativedestructionmedia.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 16:37:36 GMT
x-content-type-options: nosniff
age: 380581
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17304
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 29 Sep 2022 16:37:36 GMT

GET
H2 200 KFOjCnqEu92Fr1Mu51TzBic6CsQ.woff2
fonts.gstatic.com/s/roboto/v29/ 17 KB
17 KB 17ms
16ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOjCnqEu92Fr1Mu51TzBic6CsQ.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2a42cc82f30fbf25a268f6d5a10158e8312a838222da6847158ea4175fa289d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://creativedestructionmedia.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 16:37:36 GMT
x-content-type-options: nosniff
age: 380581
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17004
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:24 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 29 Sep 2022 16:37:36 GMT

GET
H2 200 line-awesome.woff2
creativedestructionmedia.com/wp-content/themes/pennews/fonts/ 44 KB
45 KB 19ms
19ms Font
font/woff2 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://creativedestructionmedia.com/wp-content/themes/pennews/fonts/line-awesome.woff2?v=1.1.
Requested by: Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/wp-content/themes/pennews/css/font-awesome.min.css?ver=4.5.2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 063a952901506e6cbcc2abdd1995ea387e4ae9138993f5517834a75faee165d0

Request headers

sec-fetch-mode: cors
origin: https://creativedestructionmedia.com
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
sec-fetch-dest: font
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
:path: /wp-content/themes/pennews/fonts/line-awesome.woff2?v=1.1.
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept: */*
cache-control: no-cache
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/wp-content/themes/pennews/css/font-awesome.min.css?ver=4.5.2
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://creativedestructionmedia.com/wp-content/themes/pennews/css/font-awesome.min.css?ver=4.5.2
Origin: https://creativedestructionmedia.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
cf-cache-status: HIT
last-modified: Tue, 26 Jan 2021 06:45:52 GMT
server: cloudflare
age: 3581
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3hDBfD%2BdqXtsE3alr7hcxDJ3iFykwn83Dz0s5dIj1RGn94o4J9BNdk2YogcuCRYm5AS0xlme5kbW1H2B6llCiqq6weB157ifmVAns%2FNV%2FyCHNbMLJItoH%2B%2FxewpQyn1qfNoYIrbBlCMLUzBG82CDl7hvA2tcNPMh5h2O"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 698aee9bee3ad6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 45108

GET
H2 200 b-1.jpg
creativedestructionmedia.com/wp-content/uploads/2020/12/ 87 KB
87 KB 17ms
17ms Image
image/jpeg 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://creativedestructionmedia.com/wp-content/uploads/2020/12/b-1.jpg
Requested by: Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8fb34e1ec0e1b071be842b29a45c1437096b7b2eccd1b1de90d87ed479d3e254

Request headers

:path: /wp-content/uploads/2020/12/b-1.jpg
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
cf-cache-status: HIT
last-modified: Wed, 02 Dec 2020 17:31:52 GMT
server: cloudflare
age: 4731
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7oiNOB9b0h%2B6TaOs8juyqJhGEoXl6oAdiugJqzijxWmZM2NCfFF3ntHPvtl9E5UiUNo%2FBnkn7h1pGPnkKpqHTsXRjnqPzFa6fnAMUVdFfP46FMk0AHHc9JWtPmoWtHWKb3tY8UUU1q3Swcwnv0jh0Uq3f59P1HXouXTN"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 698aee9c0e42d6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 89045

GET
H2 200 zOLy4prXmrtY-uT9wrI.woff2
fonts.gstatic.com/s/ultra/v13/ 13 KB
13 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ultra/v13/zOLy4prXmrtY-uT9wrI.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a515442e06d68ac60972b0e0f99195e0d27885218b3668004ef5c60e95e637c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://creativedestructionmedia.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 03 Oct 2021 17:36:41 GMT
x-content-type-options: nosniff
age: 31436
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13616
x-xss-protection: 0
last-modified: Tue, 01 Sep 2020 03:49:50 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 03 Oct 2022 17:36:41 GMT

GET
H2 200 3JnkSD_-ynaxmxnEfVHPIGW5U_BE8O4.woff2
fonts.gstatic.com/s/muktavaani/v8/ 21 KB
21 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/muktavaani/v8/3JnkSD_-ynaxmxnEfVHPIGW5U_BE8O4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

80ccae0c7abf01078d1634a24abb13e596838529b9731bd081d3a404d74c05fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://creativedestructionmedia.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 27 Sep 2021 04:45:32 GMT
x-content-type-options: nosniff
age: 596105
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21520
x-xss-protection: 0
last-modified: Thu, 01 Apr 2021 22:08:06 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 27 Sep 2022 04:45:32 GMT

GET
H2 200 101335412.js Show response
static.getclicky.com/ 15 KB
5 KB 14ms
11ms Script
text/javascript 2606:4700::6810:dd1d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.getclicky.com/101335412.js
Requested by: Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:dd1d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7d59d7cf6e18a61a053584ab8f7d36ea6876ae74d979b9e31986a1ff84c1fd4d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
content-encoding: gzip
cf-cache-status: HIT
server: cloudflare
age: 19192
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
expires: Mon, 11 Oct 2021 02:20:37 GMT
cache-control: public, max-age=604800
cf-ray: 698aee9c6b5b4e38-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-proxy-cache: HIT

GET
H2 200 form.js Show response
creativedestructionmedia.com/wp-content/plugins/akismet/_inc/ 700 B
594 B 360ms
357ms Script
application/javascript 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://creativedestructionmedia.com/wp-content/plugins/akismet/_inc/form.js?ver=4.1.12
Requested by: Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0515cbd1f8aee97e1c8e0d1d015ca96c86def13e90d2e73bf813072ccc23d531

Request headers

:path: /wp-content/plugins/akismet/_inc/form.js?ver=4.1.12
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Thu, 09 Sep 2021 15:04:02 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RHF9PURDwku7TkekD7QgGzW9C4kpPvClWuqJ0MSTm2JWL4pYyJpXAIwXvfS6YPT9IkxAmNySwlGDjVSY%2FISfHnRhMJKGmXlepkRnRdGkVNGHyDHTOBQZifMb99P4SzQqRoZTzNVDwt6sN6IG0zz0Ebte9%2B7z1RpueMdD"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 698aee9c6e71d6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 OneSignalSDK.js Show response
cdn.onesignal.com/sdks/ 9 KB
3 KB 46ms
16ms Script
application/javascript 2606:4700::6812:e234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js?ver=5.8.1
Requested by: Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8e72afcd1a38e3ab0bb322104a9238e75dda48df9c455e5471bbaaece5207d83

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
content-encoding: br
cf-cache-status: HIT
server: cloudflare
age: 1833
etag: W/"cf0cbe7aadaadd0a12673a93ac7780e1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 698aee9c9eb92bc6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Thu, 07 Oct 2021 02:20:37 GMT

GET
H2 200 wp-embed.min.js Show response
creativedestructionmedia.com/wp-includes/js/ 1 KB
1 KB 356ms
352ms Script
application/javascript 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://creativedestructionmedia.com/wp-includes/js/wp-embed.min.js?ver=5.8.1
Requested by: Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Request headers

:path: /wp-includes/js/wp-embed.min.js?ver=5.8.1
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Wed, 27 Jan 2021 01:48:34 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9bWG1WxI%2FGL0SagzRhI5Vyl8Yd3h%2FnZkiL4dQ4burM0ZKRdtEDXhKGz3Pf81egir9hZM%2BmRvVgwl5MqoGEfDxe3oIOmMSxOFWwMDDmGpxocyNZExETqJNq%2BDlVtfe6LC2WaVABveQNeLIBs%2B1J2%2FH1x%2FQy%2BbC8VC3QXE"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 698aee9c6e74d6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 jquery.simplemodal.js Show response
creativedestructionmedia.com/wp-content/plugins/newsletter-leads/libs/simplemodal/ 22 KB
7 KB 361ms
357ms Script
application/javascript 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://creativedestructionmedia.com/wp-content/plugins/newsletter-leads/libs/simplemodal/jquery.simplemodal.js?ver=1.2.6
Requested by: Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8d9af087f985d767f933637cb1a2c5f3f72734696a312d16dfbec9a6f419cb91

Request headers

:path: /wp-content/plugins/newsletter-leads/libs/simplemodal/jquery.simplemodal.js?ver=1.2.6
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Thu, 09 Sep 2021 15:04:05 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sDAlp6TsGPjSxVEb6Dzcc9h79FvmYMnRCGf1nQM63FnyzHcsFeMYgLcH9fLviVVlP9bjAMtf40V67wZ6yEgEz4q%2Fmmf%2BjuXUQTSmrUTm%2FfGHLvYtkf5%2F7Uf0%2FICQzBwARVqeJ8Og%2FvDNoEdsQocLJ1bFb0CZ%2BGfKu562"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 698aee9c6e76d6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 comment-reply.min.js Show response
creativedestructionmedia.com/wp-includes/js/ 3 KB
2 KB 349ms
345ms Script
application/javascript 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://creativedestructionmedia.com/wp-includes/js/comment-reply.min.js?ver=5.8.1
Requested by: Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 143ce443c390db3b8598f951de20bd04623859a581a15b8cde43ebfa1f8ec103

Request headers

:path: /wp-includes/js/comment-reply.min.js?ver=5.8.1
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Sat, 27 Mar 2021 02:53:20 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HJcFX0vX%2BnjIDBWoiy3gPJ1765k5o2HuVyB0U11FtlFUNC8KwT8W8XTs9lUt6P%2BcpnO4BLNvygvzEOFrwpc2hcYYtWXE7kKI5rXoW0yvgkjCBnMFMbWcwUQihhquZC%2BH%2BYpgG%2BVBlJu6Lg%2BgMGWyD6UwlA36vezhQk%2Bf"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 698aee9c6e77d6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 script.min.js Show response
creativedestructionmedia.com/wp-content/themes/pennews/js/ 468 KB
140 KB 364ms
360ms Script
application/javascript 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://creativedestructionmedia.com/wp-content/themes/pennews/js/script.min.js?ver=6.6.0
Requested by: Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0efe23cb23663e699a846045dda7cc34bb3ed8d2d2369c49e15cbe088d2bf5aa

Request headers

:path: /wp-content/themes/pennews/js/script.min.js?ver=6.6.0
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Tue, 26 Jan 2021 06:45:52 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UabwBTf0e7%2FY4WxSg%2BKgkVIFGMvMVEtL5g3BPxGK2EocgU6zjkaYTqa%2FXboQahmxiZHRjjwHqWA1g86yQ%2BIzuv7nYJQxeF%2F2cfBMiDOVDOaUc3z%2BZM5miAqPyQhw5T9wXa9fLyhdCLhWWaQuJLM0o4eJTsRDThM0ah8e"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 698aee9c6e78d6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 frontend.min.js Show response
creativedestructionmedia.com/wp-content/plugins/wp-user-avatar/assets/js/ 9 KB
3 KB 346ms
343ms Script
application/javascript 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://creativedestructionmedia.com/wp-content/plugins/wp-user-avatar/assets/js/frontend.min.js?ver=3.1.18
Requested by: Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 205988b80eeedc442aa4ba78fd4bda5b1b139415f3dc88043fc73adcd71cbae2

Request headers

:path: /wp-content/plugins/wp-user-avatar/assets/js/frontend.min.js?ver=3.1.18
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Thu, 09 Sep 2021 15:04:09 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4B%2BC9NsfQT1I6xrc3%2Bl0yzYX6I4OAEgEnd1ynDLI%2B0OdC4FcjafCQQVCm1xEHoKCWJZ7b62CJyeEk3ZPVn85%2BR2R10WiOOi6deeSrxybzEhzSd7tGgfpYXAfYdFsHb%2FyQyJ5UCbxgjbGMdrdRUy0FfyPmkqaBHYsrq2e"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 698aee9c6e79d6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 96 KB
29 KB 41ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67DF) /
Resource Hash: cfd3099998b0c37ace8024cbd802160585ba9be1c0047fefc172035184f074df

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 04 Oct 2021 02:20:37 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Age: 1310
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Content-Length: 28869
x-tw-cdn: VZ
Last-Modified: Thu, 30 Sep 2021 19:09:26 GMT
Server: ECS (frb/67DF)
Etag: "f9ab884058c9d8de47075baa622f0e7e+gzip"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800

GET
H/1.1 200
OK db.2659176.js Show response
s.dblks.net/ff/ 157 KB
51 KB 329ms
105ms Script
application/javascript 199.212.255.151
FHMNET

General

Check archive.org

Show headers Download Go to

Full URL: https://s.dblks.net/ff/db.2659176.js
Requested by: Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.212.255.151 , Canada, ASN25948 (FHMNET, CA),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash: 3a71555e852f7dbd934750a1c3badf11eefca66fa43d953207266d724d8f8852

Request headers

Referer: https://creativedestructionmedia.com/
Origin: https://creativedestructionmedia.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 04 Oct 2021 02:20:37 GMT
Content-Encoding: gzip
Last-Modified: Fri, 01 Oct 2021 20:52:20 GMT
Server: nginx/1.16.1
ETag: W/"61577504-274ad"
Transfer-Encoding: chunked
X-FW-Version: legacy
Content-Type: application/javascript
Access-Control-Allow-Origin: https://creativedestructionmedia.com
Cache-Control: max-age=600
Access-Control-Allow-Credentials: true
Connection: keep-alive

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 73 KB
26 KB 52ms
25ms Script
text/javascript 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

sffe /

Resource Hash

fdf620702b9482d223dd060b8b572884b74eb8ef3ce0903d8fa52cbd766fb4b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1005 / 856 of 1000 / last-modified: 1633126070"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25734
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 04 Oct 2021 02:20:37 GMT

GET
H2 200 select2.min.js Show response
creativedestructionmedia.com/wp-content/plugins/wp-user-avatar/assets/select2/ 69 KB
20 KB 353ms
351ms Script
application/javascript 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://creativedestructionmedia.com/wp-content/plugins/wp-user-avatar/assets/select2/select2.min.js?ver=5.8.1
Requested by: Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 00501810e93307a8882a74d864e7547fd1458deea539361dc1124ac133799a4b

Request headers

:path: /wp-content/plugins/wp-user-avatar/assets/select2/select2.min.js?ver=5.8.1
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Thu, 09 Sep 2021 15:04:09 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oNHtQ4OrL4Z0s%2F%2F%2FabzKXvLnwYcrIP2DnD6hDvqmGLACsUvKrmMNNy00xFYCIBKcM5lR3Hec1jbp52d2oQHN8rgSccrIYiKClnC9a07KFVwJYlL2g5paiOX1vYuJFq3wxRQpghoebgTVw8FpoIbY30tf6azccx9fv6r%2F"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 698aee9c6e7ad6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 flatpickr.min.js Show response
creativedestructionmedia.com/wp-content/plugins/wp-user-avatar/assets/flatpickr/ 47 KB
14 KB 357ms
354ms Script
application/javascript 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://creativedestructionmedia.com/wp-content/plugins/wp-user-avatar/assets/flatpickr/flatpickr.min.js?ver=5.8.1
Requested by: Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fe2ac5219992a3608a5c9e2bc4759fac8fb2189b88d7a674d395ff6c435da536

Request headers

:path: /wp-content/plugins/wp-user-avatar/assets/flatpickr/flatpickr.min.js?ver=5.8.1
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Thu, 09 Sep 2021 15:04:09 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4BNtSIE%2BIK3WUEg2CfyudjgZXWVH3x%2BSCP66v4mmXaBxKsmGXG5YThelMS9Exav4qiA0DJfEvc3beDWkKMPmaEmtfg8xM%2FUvWS%2BkIUI0PpM2ReWD6ig%2Br4%2Fz8F9VL9SeBuoN3awGNgJQnP%2FkLDAAfowrHbMBXgT5PQan"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 698aee9c6e7bd6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 ExitIntent.js Show response
creativedestructionmedia.com/wp-content/plugins/popupbuilder-exit-intent/public/javascript/ 7 KB
2 KB 128ms
125ms Script
application/javascript 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://creativedestructionmedia.com/wp-content/plugins/popupbuilder-exit-intent/public/javascript/ExitIntent.js?ver=4.0.4
Requested by: Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0a886b68ae530d4cc0fce59dcffb19554d695b868aa09014493b8fd1fb7425dc

Request headers

:path: /wp-content/plugins/popupbuilder-exit-intent/public/javascript/ExitIntent.js?ver=4.0.4
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Sun, 21 Feb 2021 19:06:03 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1ryrmJyYQHAymuNitIKCuWjqMoRqvrzSwJ3ozBFBBVbvXvhxW%2FaIgjV4e9TuIL5l1tD6cTkocmfv3ct%2FPtlzzzcEQ4bi4VkM5gqg6e0ha0OmfUp%2BluN%2Fuq%2BKSCejB8aP4t3p%2FeZ4i1HQnyzKz119S8Hsu5Vn2MrGioH9"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 698aee9c6e7cd6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 PopupBuilder.js Show response
creativedestructionmedia.com/wp-content/plugins/popup-builder/public/js/ 77 KB
17 KB 355ms
353ms Script
application/javascript 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://creativedestructionmedia.com/wp-content/plugins/popup-builder/public/js/PopupBuilder.js?ver=4.0.4
Requested by: Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e7807ef14bc588ca5643e017591d6a5fef4b4103bb50982dbf97123250e41f20

Request headers

:path: /wp-content/plugins/popup-builder/public/js/PopupBuilder.js?ver=4.0.4
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Thu, 09 Sep 2021 15:04:07 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZltgONgwteWTbDZ%2BGaCIbVd5Y%2Fiw2O51PH%2BJH8JGJo1ZsrsamiHy2USxOeCbhE%2BH7CARdxPC5WBEK7bibLUcEpmkKvO%2BBXX6JjJOqYh4KMldHAJp2txbEkDTZMGm3Z4JaSOOmL4bPXrdKvYidX%2BwqlZePejbtbtQb3tN"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 698aee9c6e7dd6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 PopupConfig.js Show response
creativedestructionmedia.com/wp-content/plugins/popup-builder/public/js/ 6 KB
2 KB 355ms
353ms Script
application/javascript 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://creativedestructionmedia.com/wp-content/plugins/popup-builder/public/js/PopupConfig.js?ver=4.0.4
Requested by: Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3fe8c79d67b21039a5d059ef40761950fb76e1d17933d61509f7eb3c68f5aeeb

Request headers

:path: /wp-content/plugins/popup-builder/public/js/PopupConfig.js?ver=4.0.4
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Thu, 09 Sep 2021 15:04:07 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KRAHZTw%2B0ivPw%2FlZ2L9Z%2BWDKV%2BQ8KwPuskfZ2HdihTbMuNS9fkoNlFHRUg4w%2FHeiIL6TfEnhFT5UjXU%2Bew816gtqKSl80M98CZT7EskXUmLTl7QPs%2F9aeT9CgiYOwEtadmBdsbp0AOARUmYVOr5YcwVpEaC8Bgqjaoa6"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 698aee9c6e7ed6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 Popup.js Show response
creativedestructionmedia.com/wp-content/plugins/popup-builder/public/js/ 38 KB
9 KB 374ms
372ms Script
application/javascript 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://creativedestructionmedia.com/wp-content/plugins/popup-builder/public/js/Popup.js?ver=4.0.4
Requested by: Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5d59372b6612612e1f165c140beb8e541b9becfa771862e2d61376252a2ba91f

Request headers

:path: /wp-content/plugins/popup-builder/public/js/Popup.js?ver=4.0.4
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Thu, 09 Sep 2021 15:04:07 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2zX5L%2Fi75t4Doe%2FWQV7HtXwevn3hT0rNaARGQTB6a2lmzU4g1YWxrJNcyYFSz3oaedixhGtS1RV0DJvolwxzmOjTQwgmIKYwJ4lj73K67YsHRSVFDu%2FUVLzb%2FtHusob%2BTffeDQzQ%2FRrpjHEetKr4XgbmoTk634dj0EdF"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 698aee9c6e7fd6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 jquery-migrate.min.js Show response
creativedestructionmedia.com/wp-includes/js/jquery/ 11 KB
4 KB 357ms
356ms Script
application/javascript 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://creativedestructionmedia.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by: Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

:path: /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Thu, 19 Nov 2020 20:01:14 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PuZGvWZaS7u71Z5LL674FuuU6bZIIJbAvR6iQpT6T%2FL52eXATLY13hCV0LLLss5OdUyebWzoDuYX%2F6etbhfWeb9iUZPAKlTAJd3lgNKS82ucnHi7wAFqnu0SXZx%2FrJl7VG%2BqLCr%2F0BTrUeeA1X2X1d21NUMvU4AeqE5D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 698aee9c6e81d6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 jquery.min.js Show response
creativedestructionmedia.com/wp-includes/js/jquery/ 87 KB
32 KB 349ms
348ms Script
application/javascript 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://creativedestructionmedia.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Requested by: Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Request headers

:path: /wp-includes/js/jquery/jquery.min.js?ver=3.6.0
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Fri, 13 Aug 2021 12:41:42 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lda1Y5YBy76%2FI3n3OkZzpXIpnpU5vHqoM7YpRNCqOIGoifV%2BFNSIbl6p8lVFbAVuB5vNaRSXqLH24jERZ0ckRiW9QWplZji1ZfXn4nKxzHhtyPx9X%2FEpdNUtItnGb4Q9k4FogwTdL6Pg9b1EWSFoUCUPJ3YXt%2Bqrk8MB"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 698aee9c6e82d6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 KFOmCnqEu92Fr1Mu7GxKOzY.woff2
fonts.gstatic.com/s/roboto/v29/ 12 KB
12 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu7GxKOzY.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4e959d9106d846030c0a62de668ec7c5810a3a1282c4f4ca98e1ea0756c75b8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://creativedestructionmedia.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Wed, 29 Sep 2021 16:33:20 GMT
x-content-type-options: nosniff
age: 380837
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11860
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:24 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 29 Sep 2022 16:33:20 GMT

GET
H2 200 LYjCdG7kmE0gdRhYsCRgqA.woff2
fonts.gstatic.com/s/teko/v10/ 13 KB
13 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/teko/v10/LYjCdG7kmE0gdRhYsCRgqA.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e3a8b7336bec502f846c8101cd4b1a751bdbf3d3fff3949949462517f27e1cec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://creativedestructionmedia.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 28 Sep 2021 08:48:24 GMT
x-content-type-options: nosniff
age: 495133
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12888
x-xss-protection: 0
last-modified: Tue, 01 Sep 2020 05:54:44 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 28 Sep 2022 08:48:24 GMT

GET
H2 200 wp-emoji-release.min.js Show response
creativedestructionmedia.com/wp-includes/js/ 18 KB
5 KB 18ms
17ms Script
application/javascript 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://creativedestructionmedia.com/wp-includes/js/wp-emoji-release.min.js?ver=5.8.1
Requested by: Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7

Request headers

:path: /wp-includes/js/wp-emoji-release.min.js?ver=5.8.1
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 13 Aug 2021 12:41:42 GMT
server: cloudflare
age: 3581
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ccnTyrBwpnGaU59vNsvaUOtt%2FwODcoyF6mab6sLIUuBHeJca%2BYuX90S4zmO9lfJuPAFfBDCDaNZxyKV%2FO%2FcIAwgHhmgKKTgL4c%2Bl%2BN4bsVbWhgp5VrO6Ua8jn8gc13OBaxf4FThXeJR%2BbNYjBeGWTKOofdAErDQHF5y6"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 698aee9ccea3d6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 pubads_impl_2021092301.js Show response
securepubads.g.doubleclick.net/gpt/ 338 KB
119 KB 15ms
15ms Script
text/javascript 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092301.js?31063001

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

sffe /

Resource Hash

d7f36354b34b6689975a55773065d0b9dc7ab48ef63ee6e8bb68f199bf7debbd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121150
x-xss-protection: 0
last-modified: Thu, 23 Sep 2021 08:34:35 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 04 Oct 2021 02:20:37 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 122 B
125 B 31ms
17ms XHR
application/json 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=creativedestructionmedia.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

da698734ed9c80552a862f904a7fab3d8b1219f764ce57f0f55f8f7c1908ef2f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Oct 2021 02:20:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0
expires: Mon, 04 Oct 2021 02:20:37 GMT

GET
H2 200 jquery.mousewheel.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/ 3 KB
2 KB 29ms
12ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.min.js

Requested by

Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e73a30d35c83ea6a597c3343324d2b7df097ad26e67b62efb5266ee12d317b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 984252
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 1046
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:11:46 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec2-ad3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lNWceHfZ7oSx3mI6CF6AoApTF64RY2OPX7PrReLfEIkk%2F3lVoVr0awaJffJeUZ4P03WWDy3elITlsu%2BcoKyQiFrVxvhgT%2FOzhLtZcZB4NZ74Te03IiMGdUPtWcxcuLVqI1pULXySmyYrHvTvUZHwxIiX"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 698aee9f5e2d1776-FRA
expires: Sat, 24 Sep 2022 02:20:37 GMT

GET
H2 200 OneSignalPageSDKES6.js Show response
cdn.onesignal.com/sdks/ 284 KB
68 KB 320ms
19ms Script
application/javascript 2606:4700::6812:e234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151508
Requested by: Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js?ver=5.8.1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b63fe792eca92d7cb67c652ddc4e76692c7f7f0899316ada620039b6438b8961

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
content-encoding: br
cf-cache-status: HIT
server: cloudflare
age: 1719
etag: W/"fff10df2ca37ad0e879283b24dd072d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 698aeea149232bc6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Thu, 07 Oct 2021 02:20:37 GMT

GET
H/1.1 200
OK widget_iframe.58065ae230495f5d9e4b6a916472b2c1.html Show response
platform.twitter.com/widgets/ Frame 89F5 319 KB
103 KB 7ms
7ms Document
text/html 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.58065ae230495f5d9e4b6a916472b2c1.html?origin=https%3A%2F%2Fcreativedestructionmedia.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67BE) /
Resource Hash: c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://creativedestructionmedia.com/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/

Response headers

Content-Encoding: gzip
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 284926
Cache-Control: public, max-age=315360000
Content-Type: text/html; charset=utf-8
Date: Mon, 04 Oct 2021 02:20:37 GMT
Etag: "8321d7cf58d70200c1423dfa0bca40f6+gzip"
Last-Modified: Thu, 30 Sep 2021 18:56:47 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/67BE)
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 105433

GET
H2 200 a-280x186.png
creativedestructionmedia.com/wp-content/uploads/2021/09/ 115 KB
115 KB 70ms
66ms Image
image/png 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://creativedestructionmedia.com/wp-content/uploads/2021/09/a-280x186.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f99e8c7aeb83ec8fbb0c9f9c3b5957beb0b66b02374166fe17ff06b02a844ba8

Request headers

:path: /wp-content/uploads/2021/09/a-280x186.png
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
cf-cache-status: HIT
last-modified: Sat, 04 Sep 2021 17:13:15 GMT
server: cloudflare
age: 4829
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QtBaHWkaB7jJxRKjDOX2gQJ9ExofbqzenOB%2BaV4DyHGqfDoVSnyygjIepYtEgcrfTfK%2F8%2FOE%2BEE1LPX4miqfJRSVsyxN9YnLdnOFYT731RxgQ%2BFFKt0Y875FwtquAN3Q0sqfhuAq7WxBjJAAuaSXcVlBOsN1GTUXzuj5"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 698aee9fffcfd6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 117627

GET
H2 200 Screen-Shot-2021-09-04-at-7.45.46-AM-280x186.png
creativedestructionmedia.com/wp-content/uploads/2021/09/ 101 KB
102 KB 59ms
54ms Image
image/png 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://creativedestructionmedia.com/wp-content/uploads/2021/09/Screen-Shot-2021-09-04-at-7.45.46-AM-280x186.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f4e99cbfa494398cf7e42b54e63c01c7da366f53017ca079090db6d5367d68c6

Request headers

:path: /wp-content/uploads/2021/09/Screen-Shot-2021-09-04-at-7.45.46-AM-280x186.png
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
cf-cache-status: HIT
last-modified: Sat, 04 Sep 2021 11:48:07 GMT
server: cloudflare
age: 4829
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sYvkgxVeUAJKnPqa3fGe9zpPTUKkMFkGyIHzbl%2FqrqtB8skmeRBLPiVwxLORsJmBxP0WKKax%2Fj3Eby3lk8i5jPmw78EgHCxCMZIMEqMamIFUulZ2BJWJ%2BKFCVAzVoL3kAC7SPx3bLGDtaTY%2BqwoLSqNgma%2Bxk7EnlNYG"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 698aee9fffd1d6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 103884

GET
H2 200 Screen-Shot-2021-08-30-at-9.54.58-AM-280x186.png
creativedestructionmedia.com/wp-content/uploads/2021/08/ 64 KB
65 KB 69ms
64ms Image
image/png 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://creativedestructionmedia.com/wp-content/uploads/2021/08/Screen-Shot-2021-08-30-at-9.54.58-AM-280x186.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 72445a462a64a77e0ed99b45eaf0a25a2ebbe408147929aaebae64d558f5d67d

Request headers

:path: /wp-content/uploads/2021/08/Screen-Shot-2021-08-30-at-9.54.58-AM-280x186.png
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
cf-cache-status: HIT
last-modified: Mon, 30 Aug 2021 13:56:22 GMT
server: cloudflare
age: 4829
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CTWv1IuA2HqrSTxxghNYFWLysrumJRIIFXGr4xMuSID3BaoCpzDcMMSGI7X5JhqavH7pCA%2BGhZGpVPKy6%2FenaqbIzqrh8qSstfpuaOYdIL6cDPGdtvxisNmoTG%2FEyr%2BTFzfSbN8d0Z0RopBVN%2Bph8Q%2B1vwMG70%2Frfy3w"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 698aee9fffd2d6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 65959

GET
H2 200 c-2-280x186.png
creativedestructionmedia.com/wp-content/uploads/2021/08/ 52 KB
52 KB 44ms
39ms Image
image/png 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://creativedestructionmedia.com/wp-content/uploads/2021/08/c-2-280x186.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2c59e362196a1af654d71ea600c3a5501f897ad99335c06adf95414d30f063f9

Request headers

:path: /wp-content/uploads/2021/08/c-2-280x186.png
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
cf-cache-status: HIT
last-modified: Sun, 22 Aug 2021 21:53:36 GMT
server: cloudflare
age: 4829
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BYmP2WNTotllbdAa1Mj%2B2qTIJnlVAujCxdFxy5yuAHRR2DYFZ4xh7w%2BOga9izhzElbK62E6FXyVBmytUps793TmTznsDm6WgkrP%2F7DBbeAfTr2tvDZghC%2FbL%2Fd6nLYhRowDlf9jUvK0900UOO55Q4yrbVorrE9RGo2nn"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 698aee9fffd3d6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 52839

GET
H2 200 s-4-184x186.jpg
creativedestructionmedia.com/wp-content/uploads/2021/09/ 6 KB
7 KB 33ms
28ms Image
image/jpeg 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://creativedestructionmedia.com/wp-content/uploads/2021/09/s-4-184x186.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f41fe8368ef8633d0409213bd644a7223ffb31d8932e38da77d5a1a83d0ee862

Request headers

:path: /wp-content/uploads/2021/09/s-4-184x186.jpg
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
cf-cache-status: HIT
last-modified: Mon, 20 Sep 2021 21:37:51 GMT
server: cloudflare
age: 4829
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5a11Xk%2Fc4V%2Ffx0tW1I%2Fi6eXueSg0Do2fhp0%2BZ%2Bnc%2Fy7CWH4yKdUKy6ZjR1PXcGapC%2BcbtPeMUSOJ1uUnM%2B2jT%2BL58PJXBcKST8Zt2vUA1XUpCzIjqr7BiFLilvy5jUT5AZ%2FDU%2BfZxUjxPILHMfUqivayNtXTlVdaKMpW"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 698aee9fffd4d6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 6326

GET
H2 200 t-280x186.png
creativedestructionmedia.com/wp-content/uploads/2021/09/ 99 KB
100 KB 39ms
34ms Image
image/png 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://creativedestructionmedia.com/wp-content/uploads/2021/09/t-280x186.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bc1f2a5c7bbdf09398951f67fd30214783da66a7b79e44ddabcf6b868ad88349

Request headers

:path: /wp-content/uploads/2021/09/t-280x186.png
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
cf-cache-status: HIT
last-modified: Fri, 17 Sep 2021 12:45:19 GMT
server: cloudflare
age: 4829
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5BniaP0qscZh1YEuM7prm4UC4%2FfAGYYrY%2BAnyyjvs7KK4%2FroKurDmhYqp%2B%2BsIYZUkN46%2Fpn%2F1A5XaBjRjbriODjsK7xEzEXl1AYf3dP7Z4RhkTVnNMmx6Ea45bsE%2F7s2ymt6SHvgYPmNKVNByz6Sy5j1tsdaXtBcrW1R"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 698aee9fffd5d6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 101836

GET
H2 200 o-280x186.jpg
creativedestructionmedia.com/wp-content/uploads/2021/09/ 11 KB
12 KB 43ms
39ms Image
image/jpeg 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://creativedestructionmedia.com/wp-content/uploads/2021/09/o-280x186.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f3bfe581d56d8903ed8c9c17f895df5ef864f30ca03e4a2f9f13a7df3fcd8be0

Request headers

:path: /wp-content/uploads/2021/09/o-280x186.jpg
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
cf-cache-status: HIT
last-modified: Sat, 04 Sep 2021 02:34:02 GMT
server: cloudflare
age: 4829
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ewv4%2Bb70CsFnnNKj%2FBXP6A0zjL5Lxg2ZCr7ZSWpk9Q0kFH4G59e1xzOwllPvGfxqFblKeYgczwPWBE%2FcMkaYHoZ0XbS3Irobsgo60Hnmiats2flIPRrHlWWMi6CBI%2BtksnEKGdtKSUSgt4%2FuPJ2Kf%2FqekJQOLurzc9Yg"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 698aee9fffd6d6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 11529

GET
H2 200 Screen-Shot-2021-08-16-at-8.51.35-PM-280x186.png
creativedestructionmedia.com/wp-content/uploads/2021/08/ 72 KB
72 KB 22ms
18ms Image
image/png 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://creativedestructionmedia.com/wp-content/uploads/2021/08/Screen-Shot-2021-08-16-at-8.51.35-PM-280x186.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 41b6320babb5fc808a2b815b62581902531d3fc4ee6a131ec24838374ac7b185

Request headers

:path: /wp-content/uploads/2021/08/Screen-Shot-2021-08-16-at-8.51.35-PM-280x186.png
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
cf-cache-status: HIT
last-modified: Tue, 17 Aug 2021 00:54:47 GMT
server: cloudflare
age: 4829
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wqbw9BT%2BQqJnyMg2yvLkM5azfTs05%2B2GMixvxHfpX8UDtSdDKyWBBJwsyhPEakcBUDTIlPkZ5zaMOkgF6NxiFMJPNKdDXw%2FMaNJpqeP4dez%2FMrNzLtq1IGHwpBeUlMUJvhYwVuGdrGpY5ai6kGCRaG9IH1JiXF2WLQOa"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 698aee9fffd8d6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 73399

GET
H2 200 c-4-280x186.jpg
creativedestructionmedia.com/wp-content/uploads/2021/08/ 15 KB
16 KB 43ms
40ms Image
image/jpeg 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://creativedestructionmedia.com/wp-content/uploads/2021/08/c-4-280x186.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d73b2b1ba10e4c227ab6e95fbf0efc972dbfecb9ce546302f1a7289fa9b8c3ff

Request headers

:path: /wp-content/uploads/2021/08/c-4-280x186.jpg
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
cf-cache-status: HIT
last-modified: Fri, 13 Aug 2021 12:54:52 GMT
server: cloudflare
age: 4829
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O3ezxir8IryhH6p%2BACcklciPsJeLak%2FFkM7XVj25rlgn0JJURMfEk0Czfppq0WccLnKhT2QxxHyhhEOPchthGSsvM1a2UZmSRwaK6ss5rgf2%2BAIg6KHJvZj7FKwrnUo8TignS6cg5S8l7W0W%2FjsnIT%2BQhj699SYlZkAG"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 698aee9fffd9d6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 15742

GET
H2 200 TAMPA1-280x186.png
creativedestructionmedia.com/wp-content/uploads/2021/10/ 80 KB
80 KB 375ms
372ms Image
image/png 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://creativedestructionmedia.com/wp-content/uploads/2021/10/TAMPA1-280x186.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9032bb4beb08ea990e43af68bb4a9ea4bb90064381d9ce45cc4822e32006ed7c

Request headers

:path: /wp-content/uploads/2021/10/TAMPA1-280x186.png
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:38 GMT
cf-cache-status: REVALIDATED
last-modified: Sun, 03 Oct 2021 03:27:53 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OdaFHnKnTcFPpkBhs0SXMR6n5bOwn5SozoeIOUmiL0RCwehVcCB8AsiL6R3gYb8f1pIMeT4SLYxWdce2ryoXmJAu3m2chydU98LLcLOTkirheiLzPFoMUvKfC8WS5vu0jCypTGzBbUaAcGTE27V01eAlqUCbS%2B0JCaNo"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 698aee9fffdad6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 81435

GET
H2 200 r-280x186.jpg
creativedestructionmedia.com/wp-content/uploads/2021/10/ 10 KB
10 KB 42ms
39ms Image
image/jpeg 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://creativedestructionmedia.com/wp-content/uploads/2021/10/r-280x186.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5a16a864cf4e1819359fcd505eb6edd52e296643accd1de8c123fba2ff82df25

Request headers

:path: /wp-content/uploads/2021/10/r-280x186.jpg
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
cf-cache-status: HIT
last-modified: Sat, 02 Oct 2021 23:12:03 GMT
server: cloudflare
age: 4829
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F4DnxNqAgV%2Bz5JIs8zmRP0i4FrOmaAO0NCxh79tSshGj4Af%2F%2BQCn%2BYUzKpWPCQUA%2Fo6pqGqvr11tVkFG6Pp3uXYAKAz%2BXqLxIuaOizJJxEYkOLYIkrdd93DcogXOYIWLjjTqzRcGQkZ80qO6p9fhhQ3LK6xv%2Fxsv9Juv"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 698aee9fffdbd6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 10079

GET
H2 200 io-63-280x186.png
creativedestructionmedia.com/wp-content/uploads/2021/09/ 68 KB
68 KB 31ms
28ms Image
image/png 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://creativedestructionmedia.com/wp-content/uploads/2021/09/io-63-280x186.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dcd112f1ccbeaf1fa9529110b70310abdb3e90578bddd84bbb50b36b0cb7438f

Request headers

:path: /wp-content/uploads/2021/09/io-63-280x186.png
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
cf-cache-status: HIT
last-modified: Thu, 30 Sep 2021 23:55:18 GMT
server: cloudflare
age: 4829
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BxyazRSsWxrNxzrMq8IBBjTzCgGK9YuNYv23ynf%2FDaFanwrU8lL%2FbKzrniXG7XEwvfiWAt5EA1qcf%2B4pANH6xx0KCCXU3yIJGRzcEd8gFO9hPCQ6lnvbEXUgzDIaEWUq80P10tvrAxQvfPQowI2NjyhLNhrL01xM4rdg"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 698aee9fffdcd6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 69583

GET
H2 200 p-2-280x186.jpg
creativedestructionmedia.com/wp-content/uploads/2021/09/ 13 KB
14 KB 17ms
14ms Image
image/jpeg 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://creativedestructionmedia.com/wp-content/uploads/2021/09/p-2-280x186.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 637e631be944c6bafbf155cb4f05a943eab41aaaa370941f415b52283a436cfc

Request headers

:path: /wp-content/uploads/2021/09/p-2-280x186.jpg
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
cf-cache-status: HIT
last-modified: Wed, 29 Sep 2021 18:12:19 GMT
server: cloudflare
age: 4829
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=htS97TW74fd%2FpUBRQ%2Bqg32HJ1njU52anEUHX8kNhp1HWH279w9kZByV9ihPic3lywPI5vfln2iRTNfQDlrezq1YyAArnhBuP5NHkrOBYCUNCfbzu%2Bv0uds%2BvHT088O4zIDQtCeQ3Ki6k4jrc6fRpH2gsEmSWjrxJW2im"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 698aee9fffddd6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 13611

GET
H2 200 m-4-280x186.jpg
creativedestructionmedia.com/wp-content/uploads/2021/09/ 9 KB
9 KB 35ms
33ms Image
image/jpeg 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://creativedestructionmedia.com/wp-content/uploads/2021/09/m-4-280x186.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b0a5ea26bf12f6cd99506b64e4ab95bfcdc775ea579cc8fbd03297d2a633d71c

Request headers

:path: /wp-content/uploads/2021/09/m-4-280x186.jpg
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
cf-cache-status: HIT
last-modified: Thu, 16 Sep 2021 12:24:38 GMT
server: cloudflare
age: 4829
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p0SoH7HCzpOulL9hA%2FICKzE9U2eDIZnVYoYqdHX0wf9cOzJUHW9i6X%2BBn6zDzPtMj6k6VEZuxabhkAVA4qyJ12cdOu3t5sdZUQVBgwQjvlCMdEJiWMhl%2BXBx4lOz3AHW%2FyTOBGr3cOCbSBxJIFiQBu1kY7xYRr1Sfzky"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 698aee9fffded6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 9047

GET
H2 200 z-280x186.jpg
creativedestructionmedia.com/wp-content/uploads/2021/09/ 13 KB
13 KB 34ms
32ms Image
image/jpeg 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://creativedestructionmedia.com/wp-content/uploads/2021/09/z-280x186.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 51464ec2f432f21d4cab8094393ea4ba38176ecf27f2813fdb73b05298b80480

Request headers

:path: /wp-content/uploads/2021/09/z-280x186.jpg
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
cf-cache-status: HIT
last-modified: Wed, 29 Sep 2021 11:57:49 GMT
server: cloudflare
age: 3834
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Dr5PNdHqaAASHicKKOZqk3r64ZA9FBN%2FFtvjYSDIhmx8AbEShGp2JAKE5Xyu%2Fe0c0XfPq8xxib950OLcVfRa2NHwISxX503FEFDmwYXrA%2F4eapsJsPiKdlPcdS%2FNYQt1agLNxSAI3Wk1i1AClI0O988z8AowXQ2GDBdC"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 698aee9fffdfd6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 12850

GET
H2 200 usa_flag_barbed_wire_flames-280x186.jpg
creativedestructionmedia.com/wp-content/uploads/2021/09/ 15 KB
15 KB 42ms
40ms Image
image/jpeg 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://creativedestructionmedia.com/wp-content/uploads/2021/09/usa_flag_barbed_wire_flames-280x186.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 662760efc14fd2fccfa072fcb11a48dc1757d3215adc3ea2ca2798079ac50b98

Request headers

:path: /wp-content/uploads/2021/09/usa_flag_barbed_wire_flames-280x186.jpg
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
cf-cache-status: HIT
last-modified: Tue, 28 Sep 2021 04:09:12 GMT
server: cloudflare
age: 3834
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oz5DMfZ%2FP0sQvbTELgs0axOm%2FQTkbnQiKgl8d4tzKiMgdcDrPIMfGJgjEjR9PuhRK0Q3W2KVE2Ybhy1luWx0thBZwZKF94MpQicHuQXteXrJWG2jT64xOxz0g2cENfLIW4eBh9nEBZAOR3QotkZNCTZ6Rb4IUpfZRuqm"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 698aee9fffe0d6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 15400

GET
H2 200 new-wfw.js Show response
choiceclips.whatfinger.com/widgets/ 9 KB
10 KB 390ms
117ms Script
application/javascript 192.124.249.69
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://choiceclips.whatfinger.com/widgets/new-wfw.js

Requested by

Host: s.dblks.net
URL: https://s.dblks.net/ff/db.2659176.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.69 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10069.sucuri.net

Software

nginx /

Resource Hash

2259c07dce919a5a3e58c30c794673d829e84bd00c760e3f7bacc0aacf610ab6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
x-content-type-options: nosniff
last-modified: Mon, 02 Aug 2021 15:45:36 GMT
server: nginx
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: *
x-sucuri-cache: HIT
cache-control: max-age=315360000
x-sucuri-id: 22019
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
content-length: 9493
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK / Show response
s.0cf.io/ Frame 6190 37 KB
13 KB 334ms
115ms Document
text/html 199.212.255.113
FHMNET

General

Check archive.org

Show headers Download Go to

Full URL

https://s.0cf.io/?id=false

Requested by

Host: s.dblks.net
URL: https://s.dblks.net/ff/db.2659176.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.212.255.113 , Canada, ASN25948 (FHMNET, CA),

Reverse DNS

Software

nginx/1.16.1 /

Resource Hash

9ab4ac8ac7a79af2b2505e885070cf5fcce690403d68bb5ca6dc137dda9aaddf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Host: s.0cf.io
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://creativedestructionmedia.com/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/

Response headers

Server: nginx/1.16.1
Date: Mon, 04 Oct 2021 02:20:38 GMT
Content-Type: text/html
Last-Modified: Fri, 01 Oct 2021 20:09:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"61576af7-933f"
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip

GET
H2 200 p-2-280x186.jpg
creativedestructionmedia.com/wp-content/uploads/2021/09/ 13 KB
14 KB 26ms
26ms Image
image/jpeg 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://creativedestructionmedia.com/wp-content/uploads/2021/09/p-2-280x186.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 637e631be944c6bafbf155cb4f05a943eab41aaaa370941f415b52283a436cfc

Request headers

:path: /wp-content/uploads/2021/09/p-2-280x186.jpg
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
cf-cache-status: HIT
last-modified: Wed, 29 Sep 2021 18:12:19 GMT
server: cloudflare
age: 4829
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ehz%2FKCGTBzlCQUPFXgK3%2BjHFXYtk1zjkBwar6xiDYSOMgwENnmk%2FCNEDYeknPCzaIvY2IlkyTGEOoRDcTiDziMvQaMABRYr%2FrmXakdwmdU9g8sIYuT%2Fz0ZYGjCCv2y8eaaOZXxNlok9I1QG3JpgfWeGhUzGEZSEohxHf"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 698aeea08817d6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 13611

GET
H2 200 s-4-184x186.jpg
creativedestructionmedia.com/wp-content/uploads/2021/09/ 6 KB
7 KB 16ms
16ms Image
image/jpeg 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://creativedestructionmedia.com/wp-content/uploads/2021/09/s-4-184x186.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f41fe8368ef8633d0409213bd644a7223ffb31d8932e38da77d5a1a83d0ee862

Request headers

:path: /wp-content/uploads/2021/09/s-4-184x186.jpg
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
cf-cache-status: HIT
last-modified: Mon, 20 Sep 2021 21:37:51 GMT
server: cloudflare
age: 4829
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A08WVvK512%2Fqi7BTMJoNfuBOLOXBJS1ortMVm5KeVN7vZmIsaKqVDBwVkIr2Ax2Ow2hdtJ6ulsWGl52mKHMddzwbQnW%2BrCGIuBu%2B%2FO0DD%2FRrtf6%2BFIPt%2BU8guCsoGunAPMVfDfXXWqgMcWlI4GSU%2B80qz7xuPJBrmnJu"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 698aeea0881ad6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 6326

GET
H2 200 z-280x186.jpg
creativedestructionmedia.com/wp-content/uploads/2021/09/ 13 KB
13 KB 18ms
18ms Image
image/jpeg 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://creativedestructionmedia.com/wp-content/uploads/2021/09/z-280x186.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 51464ec2f432f21d4cab8094393ea4ba38176ecf27f2813fdb73b05298b80480

Request headers

:path: /wp-content/uploads/2021/09/z-280x186.jpg
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
cf-cache-status: HIT
last-modified: Wed, 29 Sep 2021 11:57:49 GMT
server: cloudflare
age: 3834
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5uBuX1uPD%2F4EPjZpD%2FjGt3eRP6cCRPbV%2FELztPpasOT%2FPRlVceXtTe1xv8cb9kVz%2FOoG9YIZAw5Ma4uDmj8Zt6S%2BhkUr7KMGnM443znNHURZMZzMaJQXyX6IgSplckQ33zeGGoKboSEIUiLVMvMSEu8aFkJZtLBCwBhh"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 698aeea0881bd6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 12850

GET
H2 200 m-4-280x186.jpg
creativedestructionmedia.com/wp-content/uploads/2021/09/ 9 KB
9 KB 16ms
15ms Image
image/jpeg 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://creativedestructionmedia.com/wp-content/uploads/2021/09/m-4-280x186.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b0a5ea26bf12f6cd99506b64e4ab95bfcdc775ea579cc8fbd03297d2a633d71c

Request headers

:path: /wp-content/uploads/2021/09/m-4-280x186.jpg
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
cf-cache-status: HIT
last-modified: Thu, 16 Sep 2021 12:24:38 GMT
server: cloudflare
age: 4829
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yzxqyev92IuxX4NEK3TZzDOrq8syXmxKZskMIiKJBSPPkTaV%2BOlRkOvFayTxm5LViK7f6Sg0AwVV%2FsHgp3EjALSBZ5fyHTyeF%2BBNevvrycjPbx0urD4zwSqpKZ%2B3BJ0DvW3O1VGfQfRAMRTDoi5hr2900eSjU%2BZ9YM1g"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 698aeea0881cd6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 9047

GET
H2 200 c-2-280x186.png
creativedestructionmedia.com/wp-content/uploads/2021/08/ 52 KB
52 KB 14ms
14ms Image
image/png 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://creativedestructionmedia.com/wp-content/uploads/2021/08/c-2-280x186.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2c59e362196a1af654d71ea600c3a5501f897ad99335c06adf95414d30f063f9

Request headers

:path: /wp-content/uploads/2021/08/c-2-280x186.png
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
cf-cache-status: HIT
last-modified: Sun, 22 Aug 2021 21:53:36 GMT
server: cloudflare
age: 4829
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N7IraVp9Jwzs28SCy%2BDZO2n5wO9MklX0NMxNoNBpR9wsjK106HE337L9Xbg4SQ%2BcoyEdy2KeOSrb8VcZUDz67n6UfRxlSNwgV788yOSk5MnjAloz64Y30iBS3IVBBIP5PjWzvdkBDC0abVTNM71Ehqs6ekkNFy3kDB19"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 698aeea08820d6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 52839

GET
H2 200 r-280x186.jpg
creativedestructionmedia.com/wp-content/uploads/2021/10/ 10 KB
10 KB 20ms
20ms Image
image/jpeg 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://creativedestructionmedia.com/wp-content/uploads/2021/10/r-280x186.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5a16a864cf4e1819359fcd505eb6edd52e296643accd1de8c123fba2ff82df25

Request headers

:path: /wp-content/uploads/2021/10/r-280x186.jpg
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
cf-cache-status: HIT
last-modified: Sat, 02 Oct 2021 23:12:03 GMT
server: cloudflare
age: 4829
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mmuR%2BxL07hg4vDNAAHmlHh9OiJEXtlueiQYTTHZpZh4WUFE%2FGqwyiDLPfbt11AXXpDpYWT46X%2BUMS32CfxF8dp05tqYj2NUB5qYfSLB0DQIIxXH3TZ8sMwfh%2B2A%2BIh99W9CRwkeY4QgEZRhOtk1a9VcHRpP9J1UkxpjS"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 698aeea08821d6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 10079

GET
H2 200 o-280x186.jpg
creativedestructionmedia.com/wp-content/uploads/2021/09/ 11 KB
12 KB 19ms
19ms Image
image/jpeg 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://creativedestructionmedia.com/wp-content/uploads/2021/09/o-280x186.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f3bfe581d56d8903ed8c9c17f895df5ef864f30ca03e4a2f9f13a7df3fcd8be0

Request headers

:path: /wp-content/uploads/2021/09/o-280x186.jpg
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
cf-cache-status: HIT
last-modified: Sat, 04 Sep 2021 02:34:02 GMT
server: cloudflare
age: 4829
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t1lN%2F9Nl5zGehwF3bgWVYye9nhLX2O8RW8jIAosjcRdftI6RZ8AbGQH0r4yCrIA2SYJF0yLSZYqRjojlk7c%2FvrOEjJeetI%2FHZ%2BIvOTbP6C85bzgMHosjPVyxztTV3qXNESDs9SRQp9LlkeNY3V%2Fsxqeqsl7HOrEUn2Wo"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 698aeea08823d6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 11529

GET
H2 200 usa_flag_barbed_wire_flames-280x186.jpg
creativedestructionmedia.com/wp-content/uploads/2021/09/ 15 KB
15 KB 42ms
42ms Image
image/jpeg 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://creativedestructionmedia.com/wp-content/uploads/2021/09/usa_flag_barbed_wire_flames-280x186.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 662760efc14fd2fccfa072fcb11a48dc1757d3215adc3ea2ca2798079ac50b98

Request headers

:path: /wp-content/uploads/2021/09/usa_flag_barbed_wire_flames-280x186.jpg
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
cf-cache-status: HIT
last-modified: Tue, 28 Sep 2021 04:09:12 GMT
server: cloudflare
age: 3834
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uANZEb5LM3eWyRkX9C8pYvIQGW7oN5hBAWINQ2V7L5RWvD8saCdu7WswZCH1AMoZeob2NiSLhEap9faB%2FQnwZF1d3NIg3unHmaZI4jwhxHNj94qEADXOvzzwt5eL4p%2B4wSADEk1w%2FaJ7%2Fd86qu%2FTvhfK5%2BfSMGQHMtce"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 698aeea09827d6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 15400

GET
H2 200 c-4-280x186.jpg
creativedestructionmedia.com/wp-content/uploads/2021/08/ 15 KB
16 KB 43ms
43ms Image
image/jpeg 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://creativedestructionmedia.com/wp-content/uploads/2021/08/c-4-280x186.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d73b2b1ba10e4c227ab6e95fbf0efc972dbfecb9ce546302f1a7289fa9b8c3ff

Request headers

:path: /wp-content/uploads/2021/08/c-4-280x186.jpg
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
cf-cache-status: HIT
last-modified: Fri, 13 Aug 2021 12:54:52 GMT
server: cloudflare
age: 4829
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DPZEIkPgiyQQQst14rfEWVbuA14VKTz5M8kizOzIJVuy5w3AnyUpTxeyq0bJ7Wfml6xyqX2PEe%2BibcQFncTleZZpmQ%2BeYEHyCJBeAl%2FYdSIfrs5sR9a%2F9R5LNXPFDk2gXmlUI76g9NaCyJD%2FytAG3PsuIKejfSrlyMSq"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 698aeea09828d6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 15742

GET
H2 200 Screen-Shot-2021-08-16-at-8.51.35-PM-280x186.png
creativedestructionmedia.com/wp-content/uploads/2021/08/ 72 KB
72 KB 18ms
18ms Image
image/png 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://creativedestructionmedia.com/wp-content/uploads/2021/08/Screen-Shot-2021-08-16-at-8.51.35-PM-280x186.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 41b6320babb5fc808a2b815b62581902531d3fc4ee6a131ec24838374ac7b185

Request headers

:path: /wp-content/uploads/2021/08/Screen-Shot-2021-08-16-at-8.51.35-PM-280x186.png
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
cf-cache-status: HIT
last-modified: Tue, 17 Aug 2021 00:54:47 GMT
server: cloudflare
age: 4829
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pEOtPdJoFoq4HAKKTQlXfYxIxl3rmInNtdl9wCnnnMzKsd33OSFW78EbEt3Q2wxkY4DIYM%2B0PpWvq7OKpf3E7XIbUgQpOSF3ANbq6QieMaNUoYWSVMZRLVJFLrBHIXy2GlQy8dOHo4kNZQOjNOgFoGjC8EXe2pfc4vZO"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 698aeea0982ad6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 73399

GET
H2 200 io-63-280x186.png
creativedestructionmedia.com/wp-content/uploads/2021/09/ 68 KB
68 KB 34ms
34ms Image
image/png 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://creativedestructionmedia.com/wp-content/uploads/2021/09/io-63-280x186.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dcd112f1ccbeaf1fa9529110b70310abdb3e90578bddd84bbb50b36b0cb7438f

Request headers

:path: /wp-content/uploads/2021/09/io-63-280x186.png
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
cf-cache-status: HIT
last-modified: Thu, 30 Sep 2021 23:55:18 GMT
server: cloudflare
age: 4829
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BCP%2F4wuAsyb%2BTwnPvAdD5tpk4YVnSSD0C0loqbULqKzt%2FaYqQkaEMq39OZFuy%2F0tIWR6Xbe%2F%2BzzvTWMBDiw6dp8LQrjzv4mFOMsij5A4RQT%2FgZfC3YINRoJAkZBZ5he3I8XKUg5o2Pm1%2FXMBcX43q%2FzWCmeDGP6auUXd"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 698aeea0982bd6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 69583

GET
H2 200 t-280x186.png
creativedestructionmedia.com/wp-content/uploads/2021/09/ 99 KB
100 KB 24ms
24ms Image
image/png 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://creativedestructionmedia.com/wp-content/uploads/2021/09/t-280x186.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bc1f2a5c7bbdf09398951f67fd30214783da66a7b79e44ddabcf6b868ad88349

Request headers

:path: /wp-content/uploads/2021/09/t-280x186.png
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
cf-cache-status: HIT
last-modified: Fri, 17 Sep 2021 12:45:19 GMT
server: cloudflare
age: 4829
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AxLG8ckkU9fzXcre2r2iYZ1iw7mjhhwXymQoP6nWeG09OwC4zOQOE8V7Tgdgf6x9eruxEI8Z3xYplp%2FQimvQPP2agYz4nisIapfSM5eAKmaX26r6D3Su2Nph7DZJqVOiDCIglvVtgwI5r2XDKnhh4YWhL3OA%2BPqChO8j"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 698aeea0982cd6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 101836

GET
H2 200 Screen-Shot-2021-09-04-at-7.45.46-AM-280x186.png
creativedestructionmedia.com/wp-content/uploads/2021/09/ 101 KB
102 KB 47ms
47ms Image
image/png 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://creativedestructionmedia.com/wp-content/uploads/2021/09/Screen-Shot-2021-09-04-at-7.45.46-AM-280x186.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f4e99cbfa494398cf7e42b54e63c01c7da366f53017ca079090db6d5367d68c6

Request headers

:path: /wp-content/uploads/2021/09/Screen-Shot-2021-09-04-at-7.45.46-AM-280x186.png
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
cf-cache-status: HIT
last-modified: Sat, 04 Sep 2021 11:48:07 GMT
server: cloudflare
age: 4829
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0wxzk5s4be%2Fm79JiAFM3LnKupR7SkJn6LMAgv4KBJZvw3iDS%2BAUpKk%2FE%2B1sQ0%2BB8C2H4ejU1s8233jtkHnCR%2BX%2FFd3wPoOC5FPV2jBdiQfPmP7B6A5tpmp7jOlBfs78Fhw%2BwaRvWPw5VlA%2FQd6gCdCcO3HjHW1R%2FoupU"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 698aeea0a832d6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 103884

GET
H2 200 Screen-Shot-2021-08-30-at-9.54.58-AM-280x186.png
creativedestructionmedia.com/wp-content/uploads/2021/08/ 64 KB
65 KB 54ms
54ms Image
image/png 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://creativedestructionmedia.com/wp-content/uploads/2021/08/Screen-Shot-2021-08-30-at-9.54.58-AM-280x186.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 72445a462a64a77e0ed99b45eaf0a25a2ebbe408147929aaebae64d558f5d67d

Request headers

:path: /wp-content/uploads/2021/08/Screen-Shot-2021-08-30-at-9.54.58-AM-280x186.png
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
cf-cache-status: HIT
last-modified: Mon, 30 Aug 2021 13:56:22 GMT
server: cloudflare
age: 4829
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F0iBYr%2FDsNWi4ozTBKSSr5StkKuZq7dEnWnTiLJZnjVqfBy%2BN5dbi%2FbvThRA%2BNvDX1gq0CTCWGEv6bKMGZTUokcbdqLxLpQRhgtSQn%2BsvtosfpMn0AByd94wePbDIE4I3G3TsgDR64n%2FL56QXkv2igCS3Qs%2FBsEPnIca"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 698aeea0a833d6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 65959

GET
H2 200 a-280x186.png
creativedestructionmedia.com/wp-content/uploads/2021/09/ 115 KB
115 KB 36ms
35ms Image
image/png 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://creativedestructionmedia.com/wp-content/uploads/2021/09/a-280x186.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f99e8c7aeb83ec8fbb0c9f9c3b5957beb0b66b02374166fe17ff06b02a844ba8

Request headers

:path: /wp-content/uploads/2021/09/a-280x186.png
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
cf-cache-status: HIT
last-modified: Sat, 04 Sep 2021 17:13:15 GMT
server: cloudflare
age: 4829
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gkfZYhgHC9bMvITdaqd3okP8y0IY4hIwVBp0HsUtGVR4LfVcXzuPWBYiimZnqvCMve9uFN%2FR%2FG9I3z%2BRqhsUkGDCWtUyZ2emlI9ZhEp4X0U7Qy2ArsxjTv%2BLWI4s8X0Jut2vNX%2FHGStTSfkTEPQdDvxrKeVrbT0HKI9b"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 698aeea0a835d6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 117627

GET
H2 200 in.php Show response
in.getclicky.com/ 139 B
435 B 490ms
150ms Script
text/javascript 198.145.13.12
DF-PTL01

General

Check archive.org

Show headers Download Go to

Full URL: https://in.getclicky.com/in.php?site_id=101335412&type=pageview&href=%2Finvestigations%2F2020%2F12%2F02%2Fbiden-partners-and-sponsors-invested-in-dominion-voting-systems%2F&title=Biden%20Partners%20And%20Sponsors%20Invested%20In%20Dominion%20Voting%20Systems%20-%20CD%20Media&res=1600x1200&lang=en&jsuid=3238159130&mime=js&x=0.36394737341974737
Requested by: Host: static.getclicky.com
URL: https://static.getclicky.com/101335412.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.145.13.12 Portland, United States, ASN2044 (DF-PTL01, US),
Reverse DNS: getclicky.com
Software: nginx /
Resource Hash: 595b1b0ede11537a9117b24e1deac069ade077d6976e3119d901e5dba01f9c32

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:38 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, must-revalidate, post-check=0, pre-check=0
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 settings Show response
syndication.twitter.com/ Frame 89F5 232 B
431 B 155ms
111ms Fetch
application/json 104.244.42.8
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=cbb7237543ed83b17e837fec280b2343e99ebf01

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.58065ae230495f5d9e4b6a916472b2c1.html?origin=https%3A%2F%2Fcreativedestructionmedia.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.8 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

726906ee6ce6dfe1b6e35ddad151196c50277e31520de30e916e9cd9affc0ef3

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:37 GMT
content-encoding: gzip
last-modified: Mon, 04 Oct 2021 02:20:37 GMT
server: tsa_o
vary: Origin
strict-transport-security: max-age=631138519
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
x-connection-hash: 9ca4fefbc560ce33032b082b65bc7f62d8b40f64ebc8da1efc5aae84f79b2349
content-length: 166

GET
H2 200 web Show response
onesignal.com/api/v1/sync/18410033-97a0-42b0-8618-37cc421b8342/ 3 KB
2 KB 320ms
311ms Script
text/javascript 2606:4700::6812:e234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onesignal.com/api/v1/sync/18410033-97a0-42b0-8618-37cc421b8342/web?callback=__jp0

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151508

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9fd5c369e0a5452b060a8eb971e9c156fedd1f8261eebb90d07ca0f45468da92

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:38 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: EXPIRED
status: 200 OK
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: 4b01e2c3-0de9-4d0b-9a7f-6c3ebbc39bcd
x-runtime: 0.038337
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"9fd5c369e0a5452b060a8eb971e9c156"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600
cf-ray: 698aeea199502bc6-FRA
access-control-allow-headers: SDK-Version
expires: Mon, 04 Oct 2021 03:20:38 GMT

GET
H/1.1 200
OK horizon_tweet.0c307910a3b82b535f15af7aa5102a10.js Show response
platform.twitter.com/js/ 7 KB
3 KB 7ms
6ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/horizon_tweet.0c307910a3b82b535f15af7aa5102a10.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67D3) /
Resource Hash: bfe1c96d2b61be1e17839f9e3d734ba10701c7be4a38faff1a63f4aedc3d31de

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 04 Oct 2021 02:20:38 GMT
Content-Encoding: gzip
Last-Modified: Thu, 30 Sep 2021 18:56:34 GMT
Server: ECS (frb/67D3)
Age: 284956
Etag: "4985a73adee036c4a8fe64d49af6033a+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 2443

GET
H/1.1 200
OK Tweet.html Show response
platform.twitter.com/embed/ Frame 815E 487 B
1002 B 7ms
7ms Document
text/html 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/Tweet.html?dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1328590759445078016&lang=en&origin=https%3A%2F%2Fcreativedestructionmedia.com%2Finvestigations%2F2020%2F12%2F02%2Fbiden-partners-and-sponsors-invested-in-dominion-voting-systems%2F&sessionId=cbb7237543ed83b17e837fec280b2343e99ebf01&theme=light&widgetsVersion=fcb1942%3A1632982954711&width=550px
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6724) /
Resource Hash: fb945ebbec373fc6874ae979c49ef1e5ceb036f999f57f2c62f23470d0106d50

Request headers

Host: platform.twitter.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://creativedestructionmedia.com/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 3000
Age: 1345
Cache-Control: public, max-age=1800
Content-Type: text/html; charset=utf-8
Date: Mon, 04 Oct 2021 02:20:38 GMT
Etag: "24156a179a1bb41c7fa158bccbd4ba1c"
Last-Modified: Mon, 13 Sep 2021 21:58:35 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (frb/6724)
X-Cache: HIT
x-tw-cdn: VZ
Content-Length: 487

GET
H/1.1 200
OK embed.runtime.46cb517d8fc1d7c7990f.js Show response
platform.twitter.com/embed/ Frame 815E 8 KB
4 KB 13ms
12ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.runtime.46cb517d8fc1d7c7990f.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1328590759445078016&lang=en&origin=https%3A%2F%2Fcreativedestructionmedia.com%2Finvestigations%2F2020%2F12%2F02%2Fbiden-partners-and-sponsors-invested-in-dominion-voting-systems%2F&sessionId=cbb7237543ed83b17e837fec280b2343e99ebf01&theme=light&widgetsVersion=fcb1942%3A1632982954711&width=550px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6796) /
Resource Hash: 68cb22eeada6da0107da7828b0de8db34f6eceb449fbb079d719c146164ab947

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://platform.twitter.com/embed/Tweet.html?dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1328590759445078016&lang=en&origin=https%3A%2F%2Fcreativedestructionmedia.com%2Finvestigations%2F2020%2F12%2F02%2Fbiden-partners-and-sponsors-invested-in-dominion-voting-systems%2F&sessionId=cbb7237543ed83b17e837fec280b2343e99ebf01&theme=light&widgetsVersion=fcb1942%3A1632982954711&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 04 Oct 2021 02:20:38 GMT
Content-Encoding: gzip
Last-Modified: Mon, 13 Sep 2021 21:58:29 GMT
Server: ECS (frb/6796)
Age: 284956
Etag: "86f82fbda1a280a9369cd2fb430d6e67+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 3550

GET
H/1.1 200
OK embed.modules.3b04bfe3371598999823.js Show response
platform.twitter.com/embed/ Frame 815E 513 KB
161 KB 28ms
15ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.modules.3b04bfe3371598999823.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1328590759445078016&lang=en&origin=https%3A%2F%2Fcreativedestructionmedia.com%2Finvestigations%2F2020%2F12%2F02%2Fbiden-partners-and-sponsors-invested-in-dominion-voting-systems%2F&sessionId=cbb7237543ed83b17e837fec280b2343e99ebf01&theme=light&widgetsVersion=fcb1942%3A1632982954711&width=550px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67A7) /
Resource Hash: ee1d853a3f0f6ec8655c56c1ef060709131a77ed1a1896fb1c7327433417be24

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://platform.twitter.com/embed/Tweet.html?dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1328590759445078016&lang=en&origin=https%3A%2F%2Fcreativedestructionmedia.com%2Finvestigations%2F2020%2F12%2F02%2Fbiden-partners-and-sponsors-invested-in-dominion-voting-systems%2F&sessionId=cbb7237543ed83b17e837fec280b2343e99ebf01&theme=light&widgetsVersion=fcb1942%3A1632982954711&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 04 Oct 2021 02:20:38 GMT
Content-Encoding: gzip
Last-Modified: Mon, 13 Sep 2021 21:58:34 GMT
Server: ECS (frb/67A7)
Age: 284955
Etag: "dab78d98532bdc1925b3a9fbbc2b6103+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 164769

GET
H/1.1 200
OK embed.i18n.28f6d473b087998f7917.js Show response
platform.twitter.com/embed/ Frame 815E 146 B
651 B 66ms
27ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.i18n.28f6d473b087998f7917.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1328590759445078016&lang=en&origin=https%3A%2F%2Fcreativedestructionmedia.com%2Finvestigations%2F2020%2F12%2F02%2Fbiden-partners-and-sponsors-invested-in-dominion-voting-systems%2F&sessionId=cbb7237543ed83b17e837fec280b2343e99ebf01&theme=light&widgetsVersion=fcb1942%3A1632982954711&width=550px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67AA) /
Resource Hash: ef463dc4400b77b295460ed661ef77b24e420b82b5d5c613f6afa23de1cba444

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://platform.twitter.com/embed/Tweet.html?dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1328590759445078016&lang=en&origin=https%3A%2F%2Fcreativedestructionmedia.com%2Finvestigations%2F2020%2F12%2F02%2Fbiden-partners-and-sponsors-invested-in-dominion-voting-systems%2F&sessionId=cbb7237543ed83b17e837fec280b2343e99ebf01&theme=light&widgetsVersion=fcb1942%3A1632982954711&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 04 Oct 2021 02:20:38 GMT
Access-Control-Allow-Methods: GET
Last-Modified: Mon, 13 Sep 2021 21:58:29 GMT
Server: ECS (frb/67AA)
Age: 284956
Etag: "91e77079d645084eb1a5e19814e64f61"
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Accept-Ranges: bytes
Content-Type: application/javascript; charset=utf-8
Content-Length: 146

GET
H/1.1 200
OK embed.Tweet.1196d8a9c495b27853db.js Show response
platform.twitter.com/embed/ Frame 815E 16 KB
6 KB 67ms
25ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.Tweet.1196d8a9c495b27853db.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/Tweet.html?dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1328590759445078016&lang=en&origin=https%3A%2F%2Fcreativedestructionmedia.com%2Finvestigations%2F2020%2F12%2F02%2Fbiden-partners-and-sponsors-invested-in-dominion-voting-systems%2F&sessionId=cbb7237543ed83b17e837fec280b2343e99ebf01&theme=light&widgetsVersion=fcb1942%3A1632982954711&width=550px
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6796) /
Resource Hash: f8b409782883bf59fbbb55c76fdb402591441eb13b42264a57efa65a5a4158ec

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://platform.twitter.com/embed/Tweet.html?dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1328590759445078016&lang=en&origin=https%3A%2F%2Fcreativedestructionmedia.com%2Finvestigations%2F2020%2F12%2F02%2Fbiden-partners-and-sponsors-invested-in-dominion-voting-systems%2F&sessionId=cbb7237543ed83b17e837fec280b2343e99ebf01&theme=light&widgetsVersion=fcb1942%3A1632982954711&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 04 Oct 2021 02:20:38 GMT
Content-Encoding: gzip
Last-Modified: Mon, 13 Sep 2021 21:58:29 GMT
Server: ECS (frb/6796)
Age: 284955
Etag: "49c787cffe912fe06d8531a62e0a3b37+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 5726

GET
H2 200 TAMPA1-280x186.png
creativedestructionmedia.com/wp-content/uploads/2021/10/ 80 KB
80 KB 22ms
22ms Image
image/png 2606:4700:3033::ac43:a2b4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://creativedestructionmedia.com/wp-content/uploads/2021/10/TAMPA1-280x186.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3033::ac43:a2b4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9032bb4beb08ea990e43af68bb4a9ea4bb90064381d9ce45cc4822e32006ed7c

Request headers

:path: /wp-content/uploads/2021/10/TAMPA1-280x186.png
pragma: no-cache
cookie: ppwp_wp_session=673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475; _first_pageview=1; _jsuid=3238159130
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: creativedestructionmedia.com
referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:38 GMT
cf-cache-status: HIT
last-modified: Sun, 03 Oct 2021 03:27:53 GMT
server: cloudflare
age: 0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wa3UDiVNKPtKNkaFpUtHG1c9qs82We%2FhUmmvHHcvT9P%2BsN9Y2dzY4ND65ZpOdamkpdH%2BLvjE1Ieh6wcswk8Jc3vA4vRET3PQYcgDLryQh6oAfCTJHlCazLVXF8foUmXcxOBsApzeU%2BNv%2BSL4eTtChTt5%2FYWEdrB%2BJphr"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 698aeea25946d6c1-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 81435

GET
H/1.1 200
OK embed.vendors~ondemand.horizon-web.en-js.60847aef3cd2d92fa581.js Show response
platform.twitter.com/embed/ Frame 815E 28 KB
9 KB 8ms
8ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~ondemand.horizon-web.en-js.60847aef3cd2d92fa581.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.46cb517d8fc1d7c7990f.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/675D) /
Resource Hash: 1a09763158fa1dd846d425bec6eb6a6c181fab91076281b00a1abe0bac9107f5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://platform.twitter.com/embed/Tweet.html?dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1328590759445078016&lang=en&origin=https%3A%2F%2Fcreativedestructionmedia.com%2Finvestigations%2F2020%2F12%2F02%2Fbiden-partners-and-sponsors-invested-in-dominion-voting-systems%2F&sessionId=cbb7237543ed83b17e837fec280b2343e99ebf01&theme=light&widgetsVersion=fcb1942%3A1632982954711&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 04 Oct 2021 02:20:38 GMT
Content-Encoding: gzip
Last-Modified: Mon, 13 Sep 2021 21:58:30 GMT
Server: ECS (frb/675D)
Age: 284956
Etag: "ed9e41f7240f96db3c98924635a3b5bd+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 8783

GET
H/1.1 200
OK embed.ondemand.i18n.en-js.8f41b8dc12f7544a2fc8.js Show response
platform.twitter.com/embed/ Frame 815E 4 KB
3 KB 9ms
8ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.ondemand.i18n.en-js.8f41b8dc12f7544a2fc8.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.46cb517d8fc1d7c7990f.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67D5) /
Resource Hash: 2a46e6d23e7589261bafc7a2f846e0fc7a7240c1dca2f7a94632e1db39a02ca2

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://platform.twitter.com/embed/Tweet.html?dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1328590759445078016&lang=en&origin=https%3A%2F%2Fcreativedestructionmedia.com%2Finvestigations%2F2020%2F12%2F02%2Fbiden-partners-and-sponsors-invested-in-dominion-voting-systems%2F&sessionId=cbb7237543ed83b17e837fec280b2343e99ebf01&theme=light&widgetsVersion=fcb1942%3A1632982954711&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 04 Oct 2021 02:20:38 GMT
Content-Encoding: gzip
Last-Modified: Mon, 13 Sep 2021 21:58:29 GMT
Server: ECS (frb/67D5)
Age: 284955
Etag: "9ef2826375ff0324a15417e630138bd2+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 2088

GET
H/1.1 200
OK embed.vendors~ondemand.TimelineList~ondemand.TimelineProfile~ondemand.Tweet.0b2cb4b94d641352e854.js Show response
platform.twitter.com/embed/ Frame 815E 139 KB
39 KB 10ms
9ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~ondemand.TimelineList~ondemand.TimelineProfile~ondemand.Tweet.0b2cb4b94d641352e854.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.46cb517d8fc1d7c7990f.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/6796) /
Resource Hash: 63097abe81597c090e58ca736089f7b1ca03982148429b6ca59ba9506413c221

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://platform.twitter.com/embed/Tweet.html?dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1328590759445078016&lang=en&origin=https%3A%2F%2Fcreativedestructionmedia.com%2Finvestigations%2F2020%2F12%2F02%2Fbiden-partners-and-sponsors-invested-in-dominion-voting-systems%2F&sessionId=cbb7237543ed83b17e837fec280b2343e99ebf01&theme=light&widgetsVersion=fcb1942%3A1632982954711&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 04 Oct 2021 02:20:38 GMT
Content-Encoding: gzip
Last-Modified: Mon, 13 Sep 2021 21:58:32 GMT
Server: ECS (frb/6796)
Age: 284955
Etag: "e48198227c2b9edcab23f4ddac11f1ae+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 38938

GET
H/1.1 200
OK embed.vendors~ondemand.Tweet.b99020d3a43bb6fed741.js Show response
platform.twitter.com/embed/ Frame 815E 17 KB
6 KB 10ms
10ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.vendors~ondemand.Tweet.b99020d3a43bb6fed741.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.46cb517d8fc1d7c7990f.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/67D5) /
Resource Hash: ab8ce407dbde131da92f9b1f2bbb884c995efb49ba61b8d26ac03aed2b2b970f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://platform.twitter.com/embed/Tweet.html?dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1328590759445078016&lang=en&origin=https%3A%2F%2Fcreativedestructionmedia.com%2Finvestigations%2F2020%2F12%2F02%2Fbiden-partners-and-sponsors-invested-in-dominion-voting-systems%2F&sessionId=cbb7237543ed83b17e837fec280b2343e99ebf01&theme=light&widgetsVersion=fcb1942%3A1632982954711&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 04 Oct 2021 02:20:38 GMT
Content-Encoding: gzip
Last-Modified: Mon, 13 Sep 2021 21:58:29 GMT
Server: ECS (frb/67D5)
Age: 284955
Etag: "dce867877efe4149447b9d1353ebcc42+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 5872

GET
H/1.1 200
OK embed.ondemand.Tweet.6b7fb8e1466f07338f06.js Show response
platform.twitter.com/embed/ Frame 815E 55 KB
13 KB 10ms
10ms Script
application/javascript 2606:2800:234:46c:e8b:1e2f:2bd:694
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/embed/embed.ondemand.Tweet.6b7fb8e1466f07338f06.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.runtime.46cb517d8fc1d7c7990f.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:46c:e8b:1e2f:2bd:694 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (frb/668D) /
Resource Hash: 756e0e661c9311090f9f596a8c21ca34d8fe1265e6ddf6bec9afca292075a350

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://platform.twitter.com/embed/Tweet.html?dnt=true&embedId=twitter-widget-0&features=eyJ0ZndfZXhwZXJpbWVudHNfY29va2llX2V4cGlyYXRpb24iOnsiYnVja2V0IjoxMjA5NjAwLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X2hvcml6b25fdHdlZXRfZW1iZWRfOTU1NSI6eyJidWNrZXQiOiJodGUiLCJ2ZXJzaW9uIjpudWxsfSwidGZ3X3NwYWNlX2NhcmQiOnsiYnVja2V0Ijoib2ZmIiwidmVyc2lvbiI6bnVsbH19&frame=false&hideCard=false&hideThread=false&id=1328590759445078016&lang=en&origin=https%3A%2F%2Fcreativedestructionmedia.com%2Finvestigations%2F2020%2F12%2F02%2Fbiden-partners-and-sponsors-invested-in-dominion-voting-systems%2F&sessionId=cbb7237543ed83b17e837fec280b2343e99ebf01&theme=light&widgetsVersion=fcb1942%3A1632982954711&width=550px
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 04 Oct 2021 02:20:38 GMT
Content-Encoding: gzip
Last-Modified: Mon, 13 Sep 2021 21:58:30 GMT
Server: ECS (frb/668D)
Age: 284955
Etag: "4c75157123229d0503c61667d812891e+gzip"
Vary: Accept-Encoding
x-tw-cdn: VZ
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=315360000
X-Cache: HIT
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Content-Length: 12871

POST
H/1.1 200
OK get_id Show response
s.0cf.io/ Frame 6190 39 B
645 B 99ms
99ms Fetch
text/html 199.212.255.113
FHMNET

General

Check archive.org

Show headers Download Go to

Full URL

https://s.0cf.io/get_id

Requested by

Host: s.0cf.io
URL: https://s.0cf.io/?id=false

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.212.255.113 , Canada, ASN25948 (FHMNET, CA),

Reverse DNS

Software

nginx/1.16.1 / Express

Resource Hash

cb2cdbaadbaa8f952f2dfdd0483e148d8d65801ebb6516df87858607e4d0acf6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://s.0cf.io/?id=false
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
content-type: text/plain

Response headers

Date: Mon, 04 Oct 2021 02:20:38 GMT
Content-Encoding: gzip
Server: nginx/1.16.1
X-Powered-By: Express
ETag: W/"27-1FTo9OXmENjPqCUxvB3XtZouLDI"
Strict-Transport-Security: max-age=31536000
Content-Type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store, private
Transfer-Encoding: chunked
Connection: keep-alive
access-control-allow-credentials: true

GET
H2 404 tweet Show response
cdn.syndication.twimg.com/ Frame 815E 4 KB
2 KB 216ms
136ms XHR
text/html 2606:2800:134:1a0d:1429:742:782:b6
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.syndication.twimg.com/tweet?features=tfw_experiments_cookie_expiration%3A1209600%3Btfw_horizon_tweet_embed_9555%3Ahte%3Btfw_space_card%3Aoff&id=1328590759445078016&lang=en

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/embed/embed.modules.3b04bfe3371598999823.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:134:1a0d:1429:742:782:b6 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_f / Express

Resource Hash

383576f16a9b11bf23ca3df7a5357f7765a9842fb9f9a31bcaca3e2faf28b01c

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; img-src https://abs.twimg.com; script-src https://abs.twimg.com about:; style-src https://abs.twimg.com 'unsafe-inline'; font-src https://abs.twimg.com https://twitter.com; connect-src 'none'; object-src 'none'; media-src 'none'; frame-src 'none'; report-uri https://twitter.com/i/csp_report?a=ORTGK%3D%3D%3D&ro=false
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: default-src 'none'; img-src https://abs.twimg.com; script-src https://abs.twimg.com about:; style-src https://abs.twimg.com 'unsafe-inline'; font-src https://abs.twimg.com https://twitter.com; connect-src 'none'; object-src 'none'; media-src 'none'; frame-src 'none'; report-uri https://twitter.com/i/csp_report?a=ORTGK%3D%3D%3D&ro=false
content-encoding: gzip
etag: W/"16-LGRtdrPlUULfESdbhaic1Iw99do"
x-powered-by: Express
access-control-allow-methods: GET
strict-transport-security: max-age=631138519
content-length: 1723
x-xss-protection: 0
server: tsa_f
x-frame-options: SAMEORIGIN
date: Mon, 04 Oct 2021 02:20:38 GMT
vary: Origin, Accept-Encoding
x-tw-cdn: VZ, VZ
content-type: text/html;charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=1
access-control-allow-credentials: true
x-connection-hash: 3fe77a8d9441aefd3e3b54ad22ce1746357afe39c1770070efbf40b076e64cb8
x-content-type-options: nosniff
access-contol-allow-origin: platform.twitter.com

GET
H2 200 widget-videos.js Show response
choiceclips.whatfinger.com/widgets/server/ 3 KB
3 KB 1801ms
1560ms XHR
application/json 192.124.249.69
SUCURI-SEC

General

Check archive.org

Show headers Download Go to

Full URL

https://choiceclips.whatfinger.com/widgets/server/widget-videos.js?rows=0&cols=3&backgroundColor=rgb(240%2C%20240%2C%20240)&textColor=rgb(0%2C%200%2C%200)&borderColor=%23DDD&displayContent=0&contentSort=0&contentType=0&showTitle=1&showThumb=1&widgetID=wWidget_ef5b942b1f&layout=basic&test=tesst1&referer=https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/

Requested by

Host: choiceclips.whatfinger.com
URL: https://choiceclips.whatfinger.com/widgets/new-wfw.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.124.249.69 Menifee, United States, ASN30148 (SUCURI-SEC, US),

Reverse DNS

cloudproxy10069.sucuri.net

Software

nginx /

Resource Hash

8d82e6cd8f6d5b26e035588868934c55735d8a60c02c0fc08f4e0c60984f30c5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://creativedestructionmedia.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 04 Oct 2021 02:20:39 GMT
x-content-type-options: nosniff, nosniff
server: nginx
x-frame-options: SAMEORIGIN
access-control-allow-methods: POST, GET, OPTIONS
p3p: CP="CAO PSA OUR"
access-control-allow-origin: *
x-sucuri-cache: MISS
cache-control: max-age=315360000
x-sucuri-id: 22019
content-security-policy: upgrade-insecure-requests;
content-type: application/json; charset=utf-8
access-control-allow-headers: Origin,Content-Type
x-xss-protection: 1; mode=block
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 OneSignalSDKStyles.css
onesignal.com/sdks/ 82 KB
9 KB 15ms
14ms Stylesheet
text/css 2606:4700::6812:e234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://onesignal.com/sdks/OneSignalSDKStyles.css?v=2
Requested by: Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151508
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: db7e0b393e175f19922fefbdcaa2866fca209c521d01cc834ae06cbf8d0f91b7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:38 GMT
content-encoding: br
cf-cache-status: HIT
server: cloudflare
age: 1813
etag: W/"4e9aaefffd5f8ae7dc83361aa2294190"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=259200
cf-ray: 698aeea3aae72bc6-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Thu, 07 Oct 2021 02:20:38 GMT

GET
H/1.1

200
OK

getuidj Show response
ib.adnxs.com/ Frame 6190
Redirect Chain

https://ib.adnxs.com/getuid?https://ib.adnxs.com/getuidj
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fib.adnxs.com%2Fgetuidj
https://ib.adnxs.com/getuidj

29 B
853 B

6ms
6ms

Fetch
application/json

37.252.172.38
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/getuidj

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.38 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

690.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

93a3c50ed306ab4f8ef4b146934a1b4e320106ff8e230d01a029bebf6866f0f7

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s.0cf.io/?id=false
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 02:20:38 GMT
X-Proxy-Origin: 78.47.208.28; 78.47.208.28; 690.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 44cb7fce-05ca-41e1-b3ba-450a8d53ef85
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://s.0cf.io
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 29
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 02:20:38 GMT
X-Proxy-Origin: 78.47.208.28; 78.47.208.28; 690.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: c0a027a2-a923-47c9-8874-1fe1aee63828
Server: nginx/1.17.9
Access-Control-Allow-Origin: https://s.0cf.io
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/getuidj
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

400

getuid Show response
eb2.3lift.com/ Frame B3DF
Redirect Chain

https://eb2.3lift.com/getuid?gdpr=&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D76%26uid%3D%24UID
https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D76%26uid%3D%24UID

37 B
377 B

8ms
7ms

Document
image/gif

76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D76%26uid%3D%24UID
Requested by: Host: s.0cf.io
URL: https://s.0cf.io/?id=false
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

:method: GET
:authority: eb2.3lift.com
:scheme: https
:path: /getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D76%26uid%3D%24UID
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://s.0cf.io/
accept-encoding: gzip, deflate, br
cookie: tluid=2866256943208802815
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://s.0cf.io/

Response headers

date: Mon, 04 Oct 2021 02:20:38 GMT
content-type: image/gif
content-length: 37
set-cookie: tluid=2866256943208802815; Max-Age=7776000; Expires=Sun, 02 Jan 2022 02:20:38 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
cache-control: no-cache, no-store, must-revalidate
x-error: Unallowed sync domain
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

date: Mon, 04 Oct 2021 02:20:38 GMT
content-length: 0
set-cookie: tluid=2866256943208802815; Max-Age=7776000; Expires=Sun, 02 Jan 2022 02:20:38 GMT; Path=/; Domain=.3lift.com; SameSite=None; Secure
location: /getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D76%26uid%3D%24UID
cache-control: no-cache, no-store, must-revalidate
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 getuids Show response
prebid-server.rubiconproject.com/ Frame 6190 2 B
247 B 81ms
7ms Fetch
application/json 52.58.156.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-server.rubiconproject.com/getuids
Requested by: Host: s.0cf.io
URL: https://s.0cf.io/?id=false
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.58.156.177 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-58-156-177.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://s.0cf.io/?id=false
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
content-type: text/plain

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 02:20:38 GMT
content-encoding: gzip
content-type: application/json;charset=utf-8
access-control-allow-origin: https://s.0cf.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 28
expires: 0

GET
H2 200 connectmyusers.php Show response
cdn.connectad.io/ Frame 3B49 1 KB
935 B 49ms
23ms Document
text/html 2606:4700:10::6816:36ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.connectad.io/connectmyusers.php?gdpr=0&consent=0&us_privacy=0&cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D86%26uid%3D
Requested by: Host: s.0cf.io
URL: https://s.0cf.io/?id=false
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:36ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 08f0465386d9897c95370a004f5251b304dc4f94a73541cccd1ee87c02de2f60

Request headers

:method: GET
:authority: cdn.connectad.io
:scheme: https
:path: /connectmyusers.php?gdpr=0&consent=0&us_privacy=0&cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D86%26uid%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://s.0cf.io/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://s.0cf.io/

Response headers

date: Mon, 04 Oct 2021 02:20:38 GMT
content-type: text/html; charset=UTF-8
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 698aeea3ee226958-FRA
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 204 current
prebid-match.dotomi.com/match/bounce/ Frame 09C5 0
0 152ms
75ms Document
text/plain 2a02:fa8:8806:13::1400
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-match.dotomi.com/match/bounce/current?version=1&networkId=72582&rurl=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D10%26uid%3D
Requested by: Host: s.0cf.io
URL: https://s.0cf.io/?id=false
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:13::1400 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

:method: GET
:authority: prebid-match.dotomi.com
:scheme: https
:path: /match/bounce/current?version=1&networkId=72582&rurl=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D10%26uid%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://s.0cf.io/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://s.0cf.io/

Response headers

server: nginx
date: Mon, 04 Oct 2021 02:20:38 GMT
cache-control: no-cache, private, max-age=0, no-store
expires: 0
pragma: no-cache

GET
H2 200 prbds2s Show response
rtb.gumgum.com/usync/ Frame 6D46 4 KB
2 KB 121ms
32ms Document
text/html 54.77.47.243
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D15%26uid%3D
Requested by: Host: s.0cf.io
URL: https://s.0cf.io/?id=false
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.77.47.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-77-47-243.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 558131a6ab555865b33511074f1b8b90ce44fd07a57a1082eaceb305c86474bd

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D15%26uid%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://s.0cf.io/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://s.0cf.io/

Response headers

date: Mon, 04 Oct 2021 02:20:38 GMT
content-type: text/html;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
set-cookie: vst=e_26da7300-bcda-4f3c-beb5-de9955586820; Domain=.gumgum.com; Expires=Tue, 04-Oct-2022 02:20:38 GMT; Path=/; Secure; SameSite=None
etag: W/"0c317890e1e50e94d74c42ad2bc31fcdd"
timing-allow-origin: *
content-encoding: gzip

GET
H/1.1

200
OK

/ Show response
s.0cf.io/ Frame 4149
Redirect Chain

https://ssum.casalemedia.com/usermatchredir?s=184932&cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D74%26uid%3D
https://ssum.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D74%26uid%3D&s=184932&C=1
https://s.0cf.io/

37 KB
13 KB

289ms
102ms

Document
text/html

199.212.255.113
FHMNET

General

Check archive.org

Show headers Download Go to

Full URL

https://s.0cf.io/

Requested by

Host: s.0cf.io
URL: https://s.0cf.io/?id=false

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.212.255.113 , Canada, ASN25948 (FHMNET, CA),

Reverse DNS

Software

nginx/1.16.1 /

Resource Hash

9ab4ac8ac7a79af2b2505e885070cf5fcce690403d68bb5ca6dc137dda9aaddf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Host: s.0cf.io
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://s.0cf.io/
Accept-Encoding: gzip, deflate, br
Cookie: _dbid=kFlMh13ORoymTb_6VBQvhg-971219
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://s.0cf.io/

Response headers

Server: nginx/1.16.1
Date: Mon, 04 Oct 2021 02:20:38 GMT
Content-Type: text/html
Last-Modified: Fri, 01 Oct 2021 20:09:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"61576af7-933f"
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip

Redirect headers

Server: Apache
Content-Length: 298
Content-Type: text/html; charset=iso-8859-1
Location: https://s.0cf.io/#ps=true&dbid=kFlMh13ORoymTb_6VBQvhg-971219&id=74&uid=YVpk9vsuBh6aPyyq.RArPAAA%261159
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Expires: Mon, 04 Oct 2021 02:20:38 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 04 Oct 2021 02:20:38 GMT
Connection: keep-alive
Set-Cookie: CMID=YVpk9vsuBh6aPyyq.RArPAAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Tue, 04 Oct 2022 02:20:38 GMT CMPS=3177;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sun, 02 Jan 2022 02:20:38 GMT CMPRO=1159;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sun, 02 Jan 2022 02:20:38 GMT CMST=YVpk9mFaZPYA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Tue, 05 Oct 2021 02:20:38 GMT

GET
H/1.1

200
OK

/ Show response
s.0cf.io/ Frame 7383
Redirect Chain

https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D19%26uid%3D%24%7BUID%7D
https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D19%26uid%3D%24%7BUID%7D&ox_sc=1
https://s.0cf.io/

37 KB
13 KB

157ms
101ms

Document
text/html

199.212.255.113
FHMNET

General

Check archive.org

Show headers Download Go to

Full URL

https://s.0cf.io/

Requested by

Host: s.0cf.io
URL: https://s.0cf.io/?id=false

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.212.255.113 , Canada, ASN25948 (FHMNET, CA),

Reverse DNS

Software

nginx/1.16.1 /

Resource Hash

9ab4ac8ac7a79af2b2505e885070cf5fcce690403d68bb5ca6dc137dda9aaddf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Host: s.0cf.io
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://s.0cf.io/
Accept-Encoding: gzip, deflate, br
Cookie: _dbid=kFlMh13ORoymTb_6VBQvhg-971219
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://s.0cf.io/

Response headers

Server: nginx/1.16.1
Date: Mon, 04 Oct 2021 02:20:38 GMT
Content-Type: text/html
Last-Modified: Fri, 01 Oct 2021 20:09:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"61576af7-933f"
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip

Redirect headers

server: Cowboy
date: Mon, 04 Oct 2021 02:20:38 GMT
content-length: 0
cache-control: private, max-age=0, no-cache, must-revalidate
x-request-id: iag6uh4pmsle6g2jhmluquc1q544p40o
vary: Origin
access-control-allow-origin: null
access-control-expose-headers
access-control-allow-credentials: true
location: https://s.0cf.io/#ps=true&dbid=kFlMh13ORoymTb_6VBQvhg-971219&id=19&uid=af55a1d2-8781-45bd-972c-b60e86bf2597
pragma: no-cache
p3p: CP="CUR ADM OUR NOR STA NID"
via: 1.1 google
alt-svc: clear

GET
H/1.1

200
OK

/ Show response
s.0cf.io/ Frame 2EBC
Redirect Chain

https://ap.lijit.com/pixel?redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D25%26uid%3D%24UID
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D25%26uid%3D%24UID&sovrn_retry=true
https://s.0cf.io/

37 KB
13 KB

256ms
103ms

Document
text/html

199.212.255.113
FHMNET

General

Check archive.org

Show headers Download Go to

Full URL

https://s.0cf.io/

Requested by

Host: s.0cf.io
URL: https://s.0cf.io/?id=false

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.212.255.113 , Canada, ASN25948 (FHMNET, CA),

Reverse DNS

Software

nginx/1.16.1 /

Resource Hash

9ab4ac8ac7a79af2b2505e885070cf5fcce690403d68bb5ca6dc137dda9aaddf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Host: s.0cf.io
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://s.0cf.io/
Accept-Encoding: gzip, deflate, br
Cookie: _dbid=kFlMh13ORoymTb_6VBQvhg-971219
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://s.0cf.io/

Response headers

Server: nginx/1.16.1
Date: Mon, 04 Oct 2021 02:20:38 GMT
Content-Type: text/html
Last-Modified: Fri, 01 Oct 2021 20:09:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"61576af7-933f"
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip

Redirect headers

Connection: close
Date: Mon, 04 Oct 2021 02:20:38 GMT
Location: https://s.0cf.io/#ps=true&dbid=kFlMh13ORoymTb_6VBQvhg-971219&id=25&uid=fdb10802dd4dcfb7a17bb7b5
Set-Cookie: ljt_reader=fdb10802dd4dcfb7a17bb7b5;Version=1;Domain=.lijit.com;Path=/;Max-Age=31536000;Secure; SameSite=None;
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With, Content-Type
X-Sovrn-Pod: ad_ap3ams1

GET
H/1.1 200
OK Cookie set us.gif Show response
sync.go.sonobi.com/ Frame F173 49 B
513 B 68ms
15ms Document
image/gif 178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://sync.go.sonobi.com/us.gif?loc=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D26%26uid%3D%5BUID%5D

Requested by

Host: s.0cf.io
URL: https://s.0cf.io/?id=false

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 Rotterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Host: sync.go.sonobi.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://s.0cf.io/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://s.0cf.io/

Response headers

Date: Mon, 04 Oct 2021 02:20:38 GMT
Content-Type: image/gif
Content-Length: 49
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, no-store, private
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma: no-cache
Tcn: Choice
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
X-Xss-Protection: 0
Server: sonobi-go
Set-Cookie: HAPLB5S=s57129|YVpk+; path=/; domain=.go.sonobi.com

GET
H2

200

sync Show response
ads.servenobid.com/ Frame 3741
Redirect Chain

https://sync.1rx.io/usersync2/rmphb?gdpr=0&gdpr_consent=0&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D22%26uid%3D%5BRX_UUID%5D
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=7647422411
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=7647422411
https://sync.1rx.io/usersync/tradedesk/79f4ca05-a807-4815-8779-028db98dbcd6
https://sync.targeting.unrulymedia.com/csync/RX-fbf7ce1a-fb88-4262-834f-1e4765361acf-003?redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3DRX-fbf7ce1a-fb88-4262-834f-1e4765361acf-003
https://ads.servenobid.com/sync?pid=321&uid=RX-fbf7ce1a-fb88-4262-834f-1e4765361acf-003

0
360 B

31ms
31ms

Document
text/html

54.246.172.223
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.servenobid.com/sync?pid=321&uid=RX-fbf7ce1a-fb88-4262-834f-1e4765361acf-003
Requested by: Host: s.0cf.io
URL: https://s.0cf.io/?id=false
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.246.172.223 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-246-172-223.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method: GET
:authority: ads.servenobid.com
:scheme: https
:path: /sync?pid=321&uid=RX-fbf7ce1a-fb88-4262-834f-1e4765361acf-003
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://s.0cf.io/
accept-encoding: gzip, deflate, br
cookie: pid_310=fdb10802dd4dcfb7a17bb7b5
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://s.0cf.io/

Response headers

date: Mon, 04 Oct 2021 02:20:38 GMT
content-type: text/html;charset=ISO-8859-1
content-length: 0
set-cookie: pid_321=RX-fbf7ce1a-fb88-4262-834f-1e4765361acf-003; domain=servenobid.com; SameSite=None; Expires=Mon, 11 Oct 2021 02:20:38 GMT; secure
access-control-allow-origin: *
amp-access-control-allow-source-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
access-control-allow-credentials: true
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0

Redirect headers

server: Tengine
date: Mon, 04 Oct 2021 02:20:38 GMT
content-type: text/html
set-cookie: _rxuuid=%7B%22rx_uuid%22%3A%22RX-fbf7ce1a-fb88-4262-834f-1e4765361acf-003%22%7D; path=/; expires=Tue, 04 Oct 2022 02:20:38 GMT; domain=.targeting.unrulymedia.com; samesite=none; secure; httponly
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
location: https://ads.servenobid.com/sync?pid=321&uid=RX-fbf7ce1a-fb88-4262-834f-1e4765361acf-003
etag: RXfbf7ce1afb884262834f1e4765361acf003

GET
H/1.1

200
OK

/ Show response
s.0cf.io/ Frame 25AC
Redirect Chain

https://ups.analytics.yahoo.com/ups/58448/occ?uid=kFlMh13ORoymTb_6VBQvhg-97121977%26uid%3D
https://ups.analytics.yahoo.com/ups/58448/occ?uid=kFlMh13ORoymTb_6VBQvhg-97121977%26uid%3D&verify=true
https://s.0cf.io/

37 KB
13 KB

248ms
100ms

Document
text/html

199.212.255.113
FHMNET

General

Check archive.org

Show headers Download Go to

Full URL

https://s.0cf.io/

Requested by

Host: s.0cf.io
URL: https://s.0cf.io/?id=false

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.212.255.113 , Canada, ASN25948 (FHMNET, CA),

Reverse DNS

Software

nginx/1.16.1 /

Resource Hash

9ab4ac8ac7a79af2b2505e885070cf5fcce690403d68bb5ca6dc137dda9aaddf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Host: s.0cf.io
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://s.0cf.io/
Accept-Encoding: gzip, deflate, br
Cookie: _dbid=kFlMh13ORoymTb_6VBQvhg-971219
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://s.0cf.io/

Response headers

Server: nginx/1.16.1
Date: Mon, 04 Oct 2021 02:20:38 GMT
Content-Type: text/html
Last-Modified: Fri, 01 Oct 2021 20:09:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"61576af7-933f"
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip

Redirect headers

Date: Mon, 04 Oct 2021 02:20:38 GMT
Content-Length: 0
Strict-Transport-Security: max-age=31536000
Set-Cookie: IDSYNC=193k~20re;Version=1;Domain=.analytics.yahoo.com;Path=/;Max-Age=31622400;Expires=Wed, 05-Oct-2022 02:20:38 GMT;Secure;SameSite=None A3=d=AQABBPZkWmECEK9udweaUvuz2bYI4xwIg-cFEgEBAQG2W2FkYQAAAAAA_eMAAA&S=AQAAAqfsFOwGVCOucZSq5h_OhnI; Expires=Tue, 4 Oct 2022 08:20:38 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly B=ef0o83hglkp7m&b=3&s=fc; Expires=Tue, 4 Oct 2022 08:20:38 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://s.0cf.io/#ps=true&dbid=kFlMh13ORoymTb_6VBQvhg-97121977&uid=&id=77&uid=y-DeH5VRBE2uHxvkw2hU5IfUHGwgGL2GH7mVuMo4g-~A
Age: 0
Connection: keep-alive
Server: ATS/7.1.2.138

GET
H/1.1

200
OK

usermatchredir Show response
ssum.casalemedia.com/ Frame 612C
Redirect Chain

https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=0&cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D81%26uid%3D
https://ib.adnxs.com/getuid?https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F0%3FA%3D4767d6e5-825f-4738-a5e7-2a969a18822e%26bidder%3Dappnexus%26cbx%3DaHR0cHM6Ly9zLjBjZi5pby8jcHM9dHJ1ZSZkYmlkPWtGbE1oMTNPUm9...
https://prebid.a-mo.net/cchain/0?A=4767d6e5-825f-4738-a5e7-2a969a18822e&bidder=appnexus&cbx=aHR0cHM6Ly9zLjBjZi5pby8jcHM9dHJ1ZSZkYmlkPWtGbE1oMTNPUm95bVRiXzZWQlF2aGctOTcxMjE5JmlkPTgxJnVpZD0%3D&gdpr=0...
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F1%3FA%3D4767d6e5-825f-4738-a5e7-2a969a18822e%26bidder%3Dsovrn%26cbx%3DaHR0cHM6Ly9zLjBjZi5pby8jcHM9dHJ1ZSZkYmlkPWtGbE1oMTNPU...
https://prebid.a-mo.net/cchain/1?A=4767d6e5-825f-4738-a5e7-2a969a18822e&bidder=sovrn&cbx=aHR0cHM6Ly9zLjBjZi5pby8jcHM9dHJ1ZSZkYmlkPWtGbE1oMTNPUm95bVRiXzZWQlF2aGctOTcxMjE5JmlkPTgxJnVpZD0=&gdpr=0&gdpr...
https://ssum.casalemedia.com/usermatchredir?s=191503&cb=https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F2%3FA%3D4767d6e5-825f-4738-a5e7-2a969a18822e%26bidder%3Dindex_rtb%26cbx%3DaHR0cHM6Ly9zLjBjZi5pby8jcH...

43 B
315 B

12ms
11ms

Document
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum.casalemedia.com/usermatchredir?s=191503&cb=https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F2%3FA%3D4767d6e5-825f-4738-a5e7-2a969a18822e%26bidder%3Dindex_rtb%26cbx%3DaHR0cHM6Ly9zLjBjZi5pby8jcHM9dHJ1ZSZkYmlkPWtGbE1oMTNPUm95bVRiXzZWQlF2aGctOTcxMjE5JmlkPTgxJnVpZD0%253D%26gdpr%3D0%26gdpr_consent%3D0%26uid%3D&gdpr=0&gdpr_consent=0
Requested by: Host: s.0cf.io
URL: https://s.0cf.io/?id=false
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Host: ssum.casalemedia.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://s.0cf.io/
Accept-Encoding: gzip, deflate, br
Cookie: CMID=YVpk9vsuBh6aPyyq.RArPAAA; CMPS=3177; CMPRO=1159; CMST=YVpk9mFaZPYA; CMRUM3=27615a64f60b40&2d615a64f62760CAESELJDTz35n-SQYGvzSR_yZMQ&51615a64f62760xe1MlsXoH8He5R_EkrhUxJXuHMDe7x_OkOjC8eKY&82615a64f6a8c0&58615a64f605a0&98615a64f605a00&e6615a64f62760&f1615a64f605a0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://s.0cf.io/

Response headers

Server: Apache
Content-Type: image/gif
Vary: Is-Traffic-Usersync
Content-Length: 43
Expires: Mon, 04 Oct 2021 02:20:38 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 04 Oct 2021 02:20:38 GMT
Connection: keep-alive

Redirect headers

cache-control: max-age=0, private, must-revalidate
content-length: 0
date: Mon, 04 Oct 2021 02:20:38 GMT
location: https://ssum.casalemedia.com/usermatchredir?s=191503&cb=https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F2%3FA%3D4767d6e5-825f-4738-a5e7-2a969a18822e%26bidder%3Dindex_rtb%26cbx%3DaHR0cHM6Ly9zLjBjZi5pby8jcHM9dHJ1ZSZkYmlkPWtGbE1oMTNPUm95bVRiXzZWQlF2aGctOTcxMjE5JmlkPTgxJnVpZD0%253D%26gdpr%3D0%26gdpr_consent%3D0%26uid%3D&gdpr=0&gdpr_consent=0
server: envoy
x-envoy-upstream-service-time: 4

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame 4DD4 2 KB
887 B 30ms
8ms Document
text/html 51.38.120.206
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?redir=https%3A%2F%2Fs.0cf.io%2Fps%2F%3Fps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D84%26uid%3D%24%7BUSER_TOKEN%7D

Requested by

Host: s.0cf.io
URL: https://s.0cf.io/?id=false

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.38.120.206 , France, ASN16276 (OVH, FR),

Reverse DNS

ip206.ip-51-38-120.eu

Software

Resource Hash

2af73f53a963946b70c1e7bfa9082f14ee6e0ed7abd71c51c49fe1ecf4d4ecc6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

:method: GET
:authority: onetag-sys.com
:scheme: https
:path: /usync/?redir=https%3A%2F%2Fs.0cf.io%2Fps%2F%3Fps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D84%26uid%3D%24%7BUSER_TOKEN%7D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://s.0cf.io/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://s.0cf.io/

Response headers

content-type: text/html
cache-control: no-transform, no-cache
content-encoding: gzip
content-length: 795
strict-transport-security: max-age=15552000

GET
H2 200 sync.html Show response
public.servenobid.com/ Frame 0CB4 6 KB
3 KB 108ms
9ms Document
text/html 2620:1ec:46::44
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://public.servenobid.com/sync.html?gdpr=0&gdpr_consent=0&usp_consent=0&redirect=https%3A%2F%2Fs.0cf.io%2Fps%2F%3Fps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D85%26uid%3D%24UID
Requested by: Host: s.0cf.io
URL: https://s.0cf.io/?id=false
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:46::44 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 61e3f7b4db3e4add72ed02ed34c271590730960cce19f3e9daba9f41f96deefd

Request headers

:method: GET
:authority: public.servenobid.com
:scheme: https
:path: /sync.html?gdpr=0&gdpr_consent=0&usp_consent=0&redirect=https%3A%2F%2Fs.0cf.io%2Fps%2F%3Fps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D85%26uid%3D%24UID
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://s.0cf.io/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://s.0cf.io/

Response headers

cache-control: max-age=86400
content-type: text/html
content-encoding: br
last-modified: Mon, 27 Sep 2021 23:16:04 GMT
accept-ranges: bytes
etag: "0c8fcfed372e8ea547fa4ee21b6dd863"
server: AmazonS3
x-cache: TCP_HIT
x-amz-id-2: 3mFPDQ5H0TRg6q9iN5imqyjcmibgNZ2FD3xTrQmtathHzGgE/MIWdsakD2z4tqch4DdQK1qf/+w=
x-amz-request-id: GHBVD2VFJSDD3H9C
x-amz-meta-codebuild-content-sha256: 01c540629e079d56520b7fa63083e9b37686f2aa5fb33e4aaa63b8fac2ea45d3
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:us-east-1:559734745816:build/adserver-public-prod:746d692d-bc29-4a9a-a625-c4ec9de0ecdc
x-amz-meta-codebuild-content-md5: 11f479d98d48c47263794a1ae04eb1b5
x-azure-ref-originshield: 0hF9ZYQAAAACERdOkFWPzQY9OsLJc1pg+TE9OMjFFREdFMTUxNAA4NGU3ZGZhMi0xNDQyLTQzMzQtYjM0Zi1lNDJkM2Y3ZGRhZDk=
x-azure-ref: 09mRaYQAAAAAqCCLeOPPGSLMjn9HTxbI5RlJBRURHRTEwMDkAODRlN2RmYTItMTQ0Mi00MzM0LWIzNGYtZTQyZDNmN2RkYWQ5
date: Mon, 04 Oct 2021 02:20:38 GMT

GET
H2 204 /
ssc-cms.33across.com/ps/ Frame AD54 0
0 320ms
103ms Document
text/plain 67.202.105.22
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc-cms.33across.com/ps/?gdpr_58=&gdpr_consent=&ts=&ri=70&ru=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D1%26uid%3D33XUSERID33X
Requested by: Host: s.0cf.io
URL: https://s.0cf.io/?id=false
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.22 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip22.67-202-105.static.steadfastdns.net
Software: 33XP004 /
Resource Hash

Request headers

:method: GET
:authority: ssc-cms.33across.com
:scheme: https
:path: /ps/?gdpr_58=&gdpr_consent=&ts=&ri=70&ru=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D1%26uid%3D33XUSERID33X
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://s.0cf.io/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://s.0cf.io/

Response headers

x-33x-status: 200000000000000002000208
server: 33XP004
date: Mon, 04 Oct 2021 02:20:38 GMT

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame A21F 14 KB
5 KB 39ms
7ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=0&us_privacy=0&predirect=https%3A%2F%2Fs.0cf.io%2Fps%2F%3Fps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D20%26uid%3D
Requested by: Host: s.0cf.io
URL: https://s.0cf.io/?id=false
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/user_sync.html?gdpr=0&gdpr_consent=0&us_privacy=0&predirect=https%3A%2F%2Fs.0cf.io%2Fps%2F%3Fps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D20%26uid%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://s.0cf.io/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://s.0cf.io/

Response headers

last-modified: Tue, 15 Jun 2021 06:08:03 GMT
etag: "1300708-3945-5c4c7cc02bd56"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5054
content-type: text/html; charset=UTF-8
cache-control: max-age=116001
expires: Tue, 05 Oct 2021 10:33:59 GMT
date: Mon, 04 Oct 2021 02:20:38 GMT
vary: Accept-Encoding

GET
H/1.1

200
OK

/ Show response
s.0cf.io/ Frame 81DA
Redirect Chain

https://bh.contextweb.com/rtset?pid=561205&ev=1&rurl=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D21%26uid%3D%25%25VGUID%25%25
https://s.0cf.io/

37 KB
13 KB

181ms
100ms

Document
text/html

199.212.255.113
FHMNET

General

Check archive.org

Show headers Download Go to

Full URL

https://s.0cf.io/

Requested by

Host: s.0cf.io
URL: https://s.0cf.io/?id=false

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.212.255.113 , Canada, ASN25948 (FHMNET, CA),

Reverse DNS

Software

nginx/1.16.1 /

Resource Hash

9ab4ac8ac7a79af2b2505e885070cf5fcce690403d68bb5ca6dc137dda9aaddf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Host: s.0cf.io
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://s.0cf.io/
Accept-Encoding: gzip, deflate, br
Cookie: _dbid=kFlMh13ORoymTb_6VBQvhg-971219
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://s.0cf.io/

Response headers

Server: nginx/1.16.1
Date: Mon, 04 Oct 2021 02:20:38 GMT
Content-Type: text/html
Last-Modified: Fri, 01 Oct 2021 20:09:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"61576af7-933f"
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip

Redirect headers

p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cw-server: bh-deployment-687fd8448f-jd9wf
cache-control: private, max-age=0, no-cache, no-store
expires: -1
content-language: de-DE
location: https://s.0cf.io/#ps=true&dbid=kFlMh13ORoymTb_6VBQvhg-971219&id=21&uid=ymVwcgJRzgXl&ev=1&pid=561205
server: Jetty(9.4.14.v20181114)
strict-transport-security: max-age=15768000
set-cookie: INGRESSCOOKIE=aacbc992707fdadb; path=/; HttpOnly; Secure; SameSite=None

GET
H/1.1

200
OK

/ Show response
s.0cf.io/ Frame C32A
Redirect Chain

https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=0&gdpr_consent=0&us_privacy=0&redirectUri=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D82%26...
https://s.0cf.io/

37 KB
13 KB

265ms
100ms

Document
text/html

199.212.255.113
FHMNET

General

Check archive.org

Show headers Download Go to

Full URL

https://s.0cf.io/

Requested by

Host: s.0cf.io
URL: https://s.0cf.io/?id=false

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.212.255.113 , Canada, ASN25948 (FHMNET, CA),

Reverse DNS

Software

nginx/1.16.1 /

Resource Hash

9ab4ac8ac7a79af2b2505e885070cf5fcce690403d68bb5ca6dc137dda9aaddf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Host: s.0cf.io
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://s.0cf.io/
Accept-Encoding: gzip, deflate, br
Cookie: _dbid=kFlMh13ORoymTb_6VBQvhg-971219
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://s.0cf.io/

Response headers

Server: nginx/1.16.1
Date: Mon, 04 Oct 2021 02:20:38 GMT
Content-Type: text/html
Last-Modified: Fri, 01 Oct 2021 20:09:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"61576af7-933f"
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip

Redirect headers

date: Mon, 04 Oct 2021 02:20:38 GMT
content-length: 0
location: https://s.0cf.io/#ps=true&dbid=kFlMh13ORoymTb_6VBQvhg-971219&id=82&uid=2909481528823893178
set-cookie: pid=2909481528823893178; expires=Fri, 04 Nov 2022 02:19:38 GMT; domain=smartadserver.com; path=/; samesite=None; secure; samesite=none

GET
H/1.1

200
OK

/ Show response
s.0cf.io/ps/ Frame 2890
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_cm&google_nid=datablocks_inc&google_hm=kFlMh13ORoymTb_6VBQvhg-971219&dbid=kFlMh13ORoymTb_6VBQvhg-971219
https://cm.g.doubleclick.net/pixel?google_cm=&google_nid=datablocks_inc&google_hm=kFlMh13ORoymTb_6VBQvhg-971219&dbid=kFlMh13ORoymTb_6VBQvhg-971219&google_tc=
https://s.0cf.io/ps/?dbid=kFlMh13ORoymTb_6VBQvhg-971219&google_hm=2

37 KB
13 KB

289ms
102ms

Document
text/html

199.212.255.113
FHMNET

General

Check archive.org

Show headers Download Go to

Full URL

https://s.0cf.io/ps/?dbid=kFlMh13ORoymTb_6VBQvhg-971219&google_hm=2

Requested by

Host: s.0cf.io
URL: https://s.0cf.io/?id=false

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.212.255.113 , Canada, ASN25948 (FHMNET, CA),

Reverse DNS

Software

nginx/1.16.1 / Express

Resource Hash

9ab4ac8ac7a79af2b2505e885070cf5fcce690403d68bb5ca6dc137dda9aaddf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Host: s.0cf.io
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://s.0cf.io/
Accept-Encoding: gzip, deflate, br
Cookie: _dbid=kFlMh13ORoymTb_6VBQvhg-971219
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://s.0cf.io/

Response headers

Server: nginx/1.16.1
Date: Mon, 04 Oct 2021 02:20:38 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
cache-control: max-age=87600
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Last-Modified: Fri, 01 Oct 2021 20:09:27 GMT
ETag: W/"933f-17c3d79d677"
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://s.0cf.io/ps/?dbid=kFlMh13ORoymTb_6VBQvhg-971219&google_hm=2#ps=true&id=666&uid=CAESEJibyhxjPwyimOr7ltNq-Zc&cver=1&error=
date: Mon, 04 Oct 2021 02:20:38 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)
content-length: 345
x-xss-protection: 0
set-cookie: IDE=AHWqTUloNQOlLEdd7GPsc_9LsJbOu6Rquq1TXLMeiyv6YUstkPy4lxTZBodssRt06sA; expires=Sat, 29-Oct-2022 02:20:38 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK /
s.0cf.io/ps/ Frame 4DD4 0
0 405ms
101ms Image
text/html 199.212.255.113
FHMNET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.0cf.io/ps/?ps=true&dbid=kFlMh13ORoymTb_6VBQvhg-971219&id=84&uid=
Requested by: Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?redir=https%3A%2F%2Fs.0cf.io%2Fps%2F%3Fps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D84%26uid%3D%24%7BUSER_TOKEN%7D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.212.255.113 , Canada, ASN25948 (FHMNET, CA),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame A21F 0
42 B 108ms
25ms Script
text/plain 185.64.190.78
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=74992948&p=0&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=1&gdpr_consent=0&us_privacy=0
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=0&us_privacy=0&predirect=https%3A%2F%2Fs.0cf.io%2Fps%2F%3Fps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D20%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:38 GMT
content-length: 0

GET
H2 204 1
sync-eu.connectad.io/syncer/ Frame 947E 0
0 31ms
22ms Document
text/plain 2606:4700:10::6816:36ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sync-eu.connectad.io/syncer/1?gdpr=0&consent=0&us_privacy=0&cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D86%26uid%3D
Requested by: Host: cdn.connectad.io
URL: https://cdn.connectad.io/connectmyusers.php?gdpr=0&consent=0&us_privacy=0&cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D86%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:36ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

:method: GET
:authority: sync-eu.connectad.io
:scheme: https
:path: /syncer/1?gdpr=0&consent=0&us_privacy=0&cb=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D86%26uid%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://cdn.connectad.io/
accept-encoding: gzip, deflate, br
cookie: cadsync
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://cdn.connectad.io/

Response headers

date: Mon, 04 Oct 2021 02:20:38 GMT
set-cookie: id=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.connectad.io; secure; SameSite=None uid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.connectad.io; secure; SameSite=None
cache-control: no-cache, private
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 698aeea46eca6958-FRA

GET
H2 200 icon Show response
onesignal.com/api/v1/apps/18410033-97a0-42b0-8618-37cc421b8342/ 176 B
704 B 306ms
290ms Fetch
application/json 2606:4700::6812:e234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onesignal.com/api/v1/apps/18410033-97a0-42b0-8618-37cc421b8342/icon

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151508

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Phusion Passenger(R)

Resource Hash

0ea4399322b476f7be24324722c9e3ed7ebfa5e97955bfd4d11a1792be303943

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:38 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
x-powered-by: Phusion Passenger(R)
status: 200 OK
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: d7995ac2-ac73-4c88-bbff-a130948efc27
x-runtime: 0.007731
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"0ea4399322b476f7be24324722c9e3ed"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=7200
cf-ray: 698aeea48bc6176a-FRA
access-control-allow-headers: SDK-Version
expires: Mon, 04 Oct 2021 04:20:38 GMT

GET jot
syndication.twitter.com/i/ Frame 815E 0
0

GET
H2

200

usersync
rtb.gumgum.com/ Frame 6D46
Redirect Chain

https://secure.adnxs.com/getuid?https://rtb.gumgum.com/usersync?b=apn&i=$UID
https://rtb.gumgum.com/usersync?b=apn&i=6976422120070589160

35 B
237 B

41ms
41ms

Image
image/gif

54.77.47.243
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=apn&i=6976422120070589160
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D15%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.77.47.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-77-47-243.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 02:20:38 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 02:20:38 GMT
X-Proxy-Origin: 78.47.208.28; 78.47.208.28; 536.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: a08e02f7-b5eb-40cc-8f7a-560a972dd258
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://rtb.gumgum.com/usersync?b=apn&i=6976422120070589160
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

usersync
rtb.gumgum.com/ Frame 6D46
Redirect Chain

https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_26da7300-bcda-4f3c-beb5-de9955586820&gdpr=0&gdpr_consent=0&us_privacy=
https://x.bidswitch.net/ul_cb/sync?ssp=gumgum2&user_id=e_26da7300-bcda-4f3c-beb5-de9955586820&gdpr=0&gdpr_consent=0&us_privacy=
https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2&bsw_custom_parameter=a5309b56-cc85-45fe-82e2-5c893a541cbf
https://pool.admedo.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=gumgum2&bsw_custom_parameter=a5309b56-cc85-45fe-82e2-5c893a541cbf
https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=3cb9eabd-909d-4d16-b6fa-85218ce65ce1&user_group=1&ssp=gumgum2&bsw_param=a5309b56-cc85-45fe-82e2-5c893a541cbf
https://rtb.gumgum.com/usersync?b=bsw&i=a5309b56-cc85-45fe-82e2-5c893a541cbf

35 B
237 B

39ms
38ms

Image
image/gif

54.77.47.243
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=bsw&i=a5309b56-cc85-45fe-82e2-5c893a541cbf
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D15%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.77.47.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-77-47-243.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 02:20:39 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

location: //rtb.gumgum.com/usersync?b=bsw&i=a5309b56-cc85-45fe-82e2-5c893a541cbf
date: Mon, 04 Oct 2021 02:20:39 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2

200

usersync
rtb.gumgum.com/ Frame 6D46
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=0
https://rtb.gumgum.com/usersync?b=sta&i=0-5019fba8-ef97-4f3c-694b-4c6bf9966140$ip$78.47.208.28

35 B
237 B

39ms
39ms

Image
image/gif

54.77.47.243
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=sta&i=0-5019fba8-ef97-4f3c-694b-4c6bf9966140$ip$78.47.208.28
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D15%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.77.47.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-77-47-243.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 02:20:38 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Location: https://rtb.gumgum.com/usersync?b=sta&i=0-5019fba8-ef97-4f3c-694b-4c6bf9966140$ip$78.47.208.28
Date: Mon, 04 Oct 2021 02:20:38 GMT
Connection: keep-alive
Content-Length: 121
Content-Type: text/html; charset=utf-8

GET
H2

200

usersync
rtb.gumgum.com/ Frame 6D46
Redirect Chain

https://b1sync.zemanta.com/usersync/gumgum/?puid=e_26da7300-bcda-4f3c-beb5-de9955586820&gdpr=0&gdpr_consent=0&us_privacy=
https://rtb.gumgum.com/usersync?b=zem&i=&gdpr=0&gdpr_consent=0

35 B
237 B

34ms
34ms

Image
image/gif

54.77.47.243
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=zem&i=&gdpr=0&gdpr_consent=0
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D15%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.77.47.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-77-47-243.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 02:20:38 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Location: https://rtb.gumgum.com/usersync?b=zem&i=&gdpr=0&gdpr_consent=0
Pragma: no-cache
Date: Mon, 04 Oct 2021 02:20:38 GMT
Cache-Control: no-cache, no-store, must-revalidate
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Content-Length: 97
Content-Type: text/html; charset=utf-8

GET
H2

200

sync
ads.servenobid.com/ Frame 6D46
Redirect Chain

https://sync.1rx.io/usersync2/floor6&gdpr=0&gdpr_consent=0
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=8869049199
https://sync.1rx.io/usersync/tradedesk/79f4ca05-a807-4815-8779-028db98dbcd6
https://sync.targeting.unrulymedia.com/csync/RX-fbf7ce1a-fb88-4262-834f-1e4765361acf-003?redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3DRX-fbf7ce1a-fb88-4262-834f-1e4765361acf-003
https://ads.servenobid.com/sync?pid=321&uid=RX-fbf7ce1a-fb88-4262-834f-1e4765361acf-003

0
361 B

31ms
31ms

Image
image/avif

54.246.172.223
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=321&uid=RX-fbf7ce1a-fb88-4262-834f-1e4765361acf-003
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D15%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.246.172.223 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-246-172-223.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:38 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

location: https://ads.servenobid.com/sync?pid=321&uid=RX-fbf7ce1a-fb88-4262-834f-1e4765361acf-003
date: Mon, 04 Oct 2021 02:20:38 GMT
server: Tengine
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RXfbf7ce1afb884262834f1e4765361acf003
content-type: text/html

GET
H2

200

usersync
rtb.gumgum.com/ Frame 6D46
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25
https://rtb.gumgum.com/usersync?b=pln&i=kDCiRvrt21BS&ev=1&pid=558355

35 B
237 B

38ms
38ms

Image
image/gif

54.77.47.243
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=pln&i=kDCiRvrt21BS&ev=1&pid=558355
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D15%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.77.47.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-77-47-243.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 02:20:38 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language: de-DE
location: https://rtb.gumgum.com/usersync?b=pln&i=kDCiRvrt21BS&ev=1&pid=558355
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-stage-0
expires: -1

GET

usermatchredir
ssum-sec.casalemedia.com/ Frame 6D46
Redirect Chain

https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=0&gdprConsent=0&platformRdUrl=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D
https://rtb.gumgum.com/usersync?b=obn&i=ENC%28iiHhxQVwBrfSZx2MzKLNClLP8nRtEML-J6RlY0LzTjDpHGP__P7RzO00thQS45LU%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26pla...
https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=e_26da7300-bcda-4f3c-beb5-de9955586820&obuid=ENC(iiHhxQVwBrfSZx2MzKLNClLP8nRtEML-J6RlY0LzTjDpHGP__P7RzO00thQS45LU)
https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51
https://ssum-sec.casalemedia.com/usermatchredir?s=193091&cb=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dindxexcg%26uid%3D%24%7BUSER%7D%26obUid%3DiiHhxQVwBrfSZx2MzKLNClLP8nRtEML-J6RlY0LzTjDp...

0
0

GET
H2

200

usersync
rtb.gumgum.com/ Frame 6D46
Redirect Chain

https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=0&us_privacy=&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
https://rtb.gumgum.com/usersync?b=opx&i=61b68a6d-160b-4e02-9bdb-66f6cfb4e65c&gdpr=0&gdpr_consent=0&gdpr=0&gdpr_consent=0

35 B
237 B

38ms
38ms

Image
image/gif

54.77.47.243
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=opx&i=61b68a6d-160b-4e02-9bdb-66f6cfb4e65c&gdpr=0&gdpr_consent=0&gdpr=0&gdpr_consent=0
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D15%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.77.47.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-77-47-243.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 02:20:38 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

date: Mon, 04 Oct 2021 02:20:38 GMT
content-encoding: gzip
server: OXGW/16.216.4
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://rtb.gumgum.com/usersync?b=opx&i=61b68a6d-160b-4e02-9bdb-66f6cfb4e65c&gdpr=0&gdpr_consent=0&gdpr=0&gdpr_consent=0
content-type: image/gif
alt-svc: clear
content-length: 0
via: 1.1 google

GET
H2 200 gumgum
pr-bh.ybp.yahoo.com/sync/ Frame 6D46 43 B
299 B 119ms
37ms Image
image/gif 2a00:1288:110:c305::8000
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent=0

Requested by

Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D15%26uid%3D

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1288:110:c305::8000 Dublin, Ireland, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:38 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff

GET
H2

200

usersync
rtb.gumgum.com/ Frame 6D46
Redirect Chain

https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=0&us_privacy=&redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb...
https://rtb.gumgum.com/usersync?b=vnt&i=aa6fb5f6-24b9-11ec-89be-9dff15d95565

35 B
237 B

39ms
38ms

Image
image/gif

54.77.47.243
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=vnt&i=aa6fb5f6-24b9-11ec-89be-9dff15d95565
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D15%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.77.47.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-77-47-243.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 02:20:38 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

Location: https://rtb.gumgum.com/usersync?b=vnt&i=aa6fb5f6-24b9-11ec-89be-9dff15d95565
Date: Mon, 04 Oct 2021 02:20:38 GMT
Server: Apache-Coyote/1.1
Connection: keep-alive
Content-Length: 0
X-CI-RTID: aa6fb5f7-24b9-11ec-89be-9dff15d95565

GET
H2 204 services
sync.technoratimedia.com/ Frame 6D46 0
293 B 334ms
104ms Image
text/plain 150.136.156.92
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.technoratimedia.com/services?srv=cs&pid=65&us_privacy=&cb=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dsnc%26i%3D%5BUSER_ID%5D
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D15%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 150.136.156.92 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:38 GMT
via: 1.1 varnish
server: nginx
age: 0
access-control-allow-methods: POST,GET,HEAD,OPTIONS
x-varnish: 312511895
access-control-allow-origin: https://rtb.gumgum.com/
access-control-allow-credentials: true

GET
H2 200 142
match.deepintent.com/usersync/ Frame 6D46 0
44 B 322ms
105ms Image
text/plain 169.197.150.7
DEEPINTENT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.deepintent.com/usersync/142
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D15%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 169.197.150.7 , United States, ASN398989 (DEEPINTENT, US),
Reverse DNS: g.deepintent.com
Software: a /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:38 GMT
content-length: 0
server: a

GET
H2

200

usersync
rtb.gumgum.com/ Frame 6D46
Redirect Chain

https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
https://ad.360yield.com/ul_cb/server_match?partner_id=N&r=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
https://rtb.gumgum.com/usersync?b=idi&i=98f4ca42-0951-4365-95ed-a425e8bb3373

35 B
237 B

39ms
39ms

Image
image/gif

54.77.47.243
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=idi&i=98f4ca42-0951-4365-95ed-a425e8bb3373
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D15%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.77.47.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-77-47-243.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 02:20:38 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

location: https://rtb.gumgum.com/usersync?b=idi&i=98f4ca42-0951-4365-95ed-a425e8bb3373
date: Mon, 04 Oct 2021 02:20:38 GMT
access-control-allow-origin: *
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H2

200

usersync
rtb.gumgum.com/ Frame 6D46
Redirect Chain

https://ssbsync.smartadserver.com/api/sync?callerId=15
https://rtb.gumgum.com/usersync?b=sad&i=2909481528823893178&gdpr=1&gdpr_consent=

35 B
237 B

38ms
38ms

Image
image/gif

54.77.47.243
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=sad&i=2909481528823893178&gdpr=1&gdpr_consent=
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D15%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.77.47.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-77-47-243.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 02:20:38 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

location: https://rtb.gumgum.com/usersync?b=sad&i=2909481528823893178&gdpr=1&gdpr_consent=
date: Mon, 04 Oct 2021 02:20:37 GMT
content-length: 0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 0BF7 14 KB
5 KB 7ms
6ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=0
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D15%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

:method: GET
:authority: ads.pubmatic.com
:scheme: https
:path: /AdServer/js/user_sync.html?predirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
cookie: KCCH=YES
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://rtb.gumgum.com/

Response headers

last-modified: Tue, 15 Jun 2021 06:08:03 GMT
etag: "1300708-3945-5c4c7cc02bd56"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 5054
content-type: text/html; charset=UTF-8
cache-control: max-age=116001
expires: Tue, 05 Oct 2021 10:33:59 GMT
date: Mon, 04 Oct 2021 02:20:38 GMT
vary: Accept-Encoding

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame B1CE
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=0
https://match.adsrvr.org/track/cmb/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=0
https://rtb.gumgum.com/usersync?b=ttd&i=53d22381-4496-4355-a04c-e01fc336aea3&t=1635906038

35 B
237 B

39ms
38ms

Document
image/gif

54.77.47.243
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=ttd&i=53d22381-4496-4355-a04c-e01fc336aea3&t=1635906038
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D15%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.77.47.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-77-47-243.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=ttd&i=53d22381-4496-4355-a04c-e01fc336aea3&t=1635906038
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
cookie: vst=e_26da7300-bcda-4f3c-beb5-de9955586820
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://rtb.gumgum.com/

Response headers

date: Mon, 04 Oct 2021 02:20:38 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

date: Mon, 04 Oct 2021 02:20:38 GMT
content-type: text/html
content-length: 209
location: https://rtb.gumgum.com/usersync?b=ttd&i=53d22381-4496-4355-a04c-e01fc336aea3&t=1635906038
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
set-cookie: TDID=53d22381-4496-4355-a04c-e01fc336aea3; domain=.adsrvr.org; expires=Tue, 04-Oct-2022 02:20:38 GMT; path=/; secure; SameSite=None TDCPM=CAEYBSABKAIyCwiWgtiYibqDOhAFOAE.; domain=.adsrvr.org; expires=Tue, 04-Oct-2022 02:20:38 GMT; path=/; secure; SameSite=None
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame BD9C
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum
https://eus.rubiconproject.com/usync.html?p=gumgum

281 B
554 B

62ms
8ms

Document
text/html

104.109.78.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D15%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-78-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Host: eus.rubiconproject.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://rtb.gumgum.com/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://rtb.gumgum.com/

Response headers

Server: Apache/2.2.15 (CentOS)
Last-Modified: Thu, 30 Sep 2021 18:24:26 GMT
ETag: "403b8-119-5cd3a8e7e6a80"
Accept-Ranges: bytes
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Mon, 04 Oct 2021 02:20:38 GMT
Connection: keep-alive
Vary: Accept-Encoding

Redirect headers

Server: AkamaiGHost
Content-Length: 0
Location: https://eus.rubiconproject.com/usync.html?p=gumgum
Date: Mon, 04 Oct 2021 02:20:38 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 448B
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=0&gdpr_consent=0&redir=https%3a%2f%2frtb.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d
https://rtb.gumgum.com/usersync?b=mmh&i=af0e615a-64f6-4800-8cba-96b2e8a01908&gdpr=0&gdpr_consent=0

35 B
237 B

38ms
38ms

Document
image/gif

54.77.47.243
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=mmh&i=af0e615a-64f6-4800-8cba-96b2e8a01908&gdpr=0&gdpr_consent=0
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D15%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.77.47.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-77-47-243.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=mmh&i=af0e615a-64f6-4800-8cba-96b2e8a01908&gdpr=0&gdpr_consent=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
cookie: vst=e_26da7300-bcda-4f3c-beb5-de9955586820
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://rtb.gumgum.com/

Response headers

date: Mon, 04 Oct 2021 02:20:38 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

Date: Mon, 04 Oct 2021 02:20:38 GMT
Content-Type: image/gif
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=360
Server: MT3 3984 0e3af3b master zrh-pixel-x5 config:1.0.0
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
set-cookie: uuid=af0e615a-64f6-4800-8cba-96b2e8a01908; domain=.mathtag.com; path=/; expires=Tue, 01-Nov-2022 02:20:38 GMT; SameSite=None; Secure
location: https://rtb.gumgum.com/usersync?b=mmh&i=af0e615a-64f6-4800-8cba-96b2e8a01908&gdpr=0&gdpr_consent=0
Expires: Mon, 04 Oct 2021 02:20:37 GMT

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 4956
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=0
https://sync-tm.everesttech.net/ct/upi/pid/URnmbSKM?redir=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=0&_test=YVpk9gAAAma-dgA6
https://rtb.gumgum.com/usersync?b=atm&i=YVpk9gAAAma-dgA6&gdpr=0&gdpr_consent=0&_test=YVpk9gAAAma-dgA6

35 B
237 B

40ms
40ms

Document
image/gif

54.77.47.243
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=atm&i=YVpk9gAAAma-dgA6&gdpr=0&gdpr_consent=0&_test=YVpk9gAAAma-dgA6
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D15%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.77.47.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-77-47-243.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=atm&i=YVpk9gAAAma-dgA6&gdpr=0&gdpr_consent=0&_test=YVpk9gAAAma-dgA6
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
cookie: vst=e_26da7300-bcda-4f3c-beb5-de9955586820
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://rtb.gumgum.com/

Response headers

date: Mon, 04 Oct 2021 02:20:38 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

server: Varnish
retry-after: 0
location: https://rtb.gumgum.com/usersync?b=atm&i=YVpk9gAAAma-dgA6&gdpr=0&gdpr_consent=0&_test=YVpk9gAAAma-dgA6
accept-ranges: bytes
date: Mon, 04 Oct 2021 02:20:38 GMT
via: 1.1 varnish
x-served-by: cache-fra19169-FRA
x-cache: HIT
x-cache-hits: 0
x-timer: S1633314039.671401,VS0,VE0
cache-control: no-cache
pragma: no-cache
content-length: 0

GET
H3 200 pixel Show response
cm.g.doubleclick.net/ Frame 9E70 170 B
188 B 18ms
17ms Document
image/png 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV8yNmRhNzMwMC1iY2RhLTRmM2MtYmViNS1kZTk5NTU1ODY4MjA=&gdpr=0&gdpr_consent=0

Requested by

Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D15%26uid%3D

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

:method: GET
:authority: cm.g.doubleclick.net
:scheme: https
:path: /pixel?google_nid=gumgum_dbm&google_hm=ZV8yNmRhNzMwMC1iY2RhLTRmM2MtYmViNS1kZTk5NTU1ODY4MjA=&gdpr=0&gdpr_consent=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
cookie: IDE=AHWqTUloNQOlLEdd7GPsc_9LsJbOu6Rquq1TXLMeiyv6YUstkPy4lxTZBodssRt06sA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://rtb.gumgum.com/

Response headers

content-type: image/png
date: Mon, 04 Oct 2021 02:20:38 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
server: HTTP server (unknown)
content-length: 170
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 204 /
ssc-cms.33across.com/ps/ Frame C5FC 0
0 176ms
103ms Document
text/plain 67.202.105.22
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D15%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.22 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip22.67-202-105.static.steadfastdns.net
Software: 33XP005 /
Resource Hash

Request headers

:method: GET
:authority: ssc-cms.33across.com
:scheme: https
:path: /ps/?m=xch&rt=html&id=0013300001r0t9mAAA&ru=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Dtta%26i%3D33XUSERID33X
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://rtb.gumgum.com/

Response headers

x-33x-status: 2000208
server: 33XP005
date: Mon, 04 Oct 2021 02:20:37 GMT

GET
H2 204 um
cs.emxdgt.com/ Frame A757 0
0 301ms
10ms Document
text/html 18.195.155.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cs.emxdgt.com/um?redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D15%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.155.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-155-181.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

:method: GET
:authority: cs.emxdgt.com
:scheme: https
:path: /um?redirect=https%3A%2F%2Frtb.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://rtb.gumgum.com/

Response headers

content-type: text/html
date: Mon, 04 Oct 2021 02:20:38 GMT
content-length: 0

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 782D
Redirect Chain

https://tg.socdm.com/aux/idsync?proto=gumgum
https://rtb.gumgum.com/usersync?b=sus&i=YVpk98Co8XwAAJZwEBcAAAAA

35 B
237 B

39ms
38ms

Document
image/gif

54.77.47.243
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=sus&i=YVpk98Co8XwAAJZwEBcAAAAA
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D15%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.77.47.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-77-47-243.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=sus&i=YVpk98Co8XwAAJZwEBcAAAAA
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
cookie: vst=e_26da7300-bcda-4f3c-beb5-de9955586820
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://rtb.gumgum.com/

Response headers

date: Mon, 04 Oct 2021 02:20:39 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

Server: nginx
Date: Mon, 04 Oct 2021 02:20:39 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: private
Location: https://rtb.gumgum.com/usersync?b=sus&i=YVpk98Co8XwAAJZwEBcAAAAA
P3P: CP="See also http://www.scaleout.jp/privacy/"
X-SO-Ads-Time: 3
X-SO-HostName: m-ad137.dc4p.scaleout.jp
X-SO-LB-Hostname: m-tgng24.dc4p.scaleout.jp
X-SO-LB-Data: {"ban":false,"clean_query":"\/aux\/idsync?proto=gumgum","cluster_id":20,"gdpr":true,"ipv4":"0.0.0.0","key":"YVpk98Co8XwAAJZwEBcAAAAA","privacy_sensitive":true,"uid":"","upstream_id":"m-ad137"}
X-SO-Key: YVpk98Co8XwAAJZwEBcAAAAA
X-SO-IP: 78.47.208.28
X-SO-Cluster-ID: 20
X-SO-Upstream-ID: m-ad137

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame D3DD
Redirect Chain

https://p.rfihub.com/cm?pub=42796&in=1
https://rtb.gumgum.com/usersync?b=zet&i=1871597498527802062

35 B
237 B

38ms
38ms

Document
image/gif

54.77.47.243
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=zet&i=1871597498527802062
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D15%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.77.47.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-77-47-243.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=zet&i=1871597498527802062
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
cookie: vst=e_26da7300-bcda-4f3c-beb5-de9955586820
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://rtb.gumgum.com/

Response headers

date: Mon, 04 Oct 2021 02:20:38 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

Date: Mon, 04 Oct 2021 02:20:38 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rud=H4sIAAAAAAAAAOMSNrQwNzS1NDextDA1MrcwMDIwMxLiM9Q1K4xy9TBNy04KT_KW4jU0MzY2NjQxMLYwMzMCAI72N5M0AAAA; Path=/; Domain=.rfihub.com; Expires=Sat, 29 Oct 2022 02:20:38 GMT; Secure; SameSite=None eud=H4sIAAAAAAAAAFslxmtoZmxsbGhiYGxhZmYEAKmNoSUQAAAA; Path=/; Domain=.rfihub.com; Expires=Sat, 29 Oct 2022 02:20:38 GMT; Secure; SameSite=None ruds=H4sIAAAAAAAAAOMSNrQwNzS1NDextDA1MrcwMDIwMxLiM9Q1K4xy9TBNy04KT_IGAD96BrQlAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None
Location: https://rtb.gumgum.com/usersync?b=zet&i=1871597498527802062
Content-Length: 0
Server: Jetty(9.3.29.v20201019)

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 168F
Redirect Chain

https://creativecdn.com/cm-notify?pi=gumgum
https://creativecdn.com/cm-notify?pi=gumgum&tc=1
https://rtb.gumgum.com/usersync?b=rth&i=IjJGV7dw6vMrrZj1hj1i&pi=gumgum&tc=1

35 B
237 B

42ms
41ms

Document
image/gif

54.77.47.243
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=rth&i=IjJGV7dw6vMrrZj1hj1i&pi=gumgum&tc=1
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D15%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.77.47.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-77-47-243.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

:method: GET
:authority: rtb.gumgum.com
:scheme: https
:path: /usersync?b=rth&i=IjJGV7dw6vMrrZj1hj1i&pi=gumgum&tc=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://rtb.gumgum.com/
accept-encoding: gzip, deflate, br
cookie: vst=e_26da7300-bcda-4f3c-beb5-de9955586820
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://rtb.gumgum.com/

Response headers

date: Mon, 04 Oct 2021 02:20:38 GMT
content-type: image/gif;charset=UTF-8
content-length: 35
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
expires: 0
pragma: no-cache
timing-allow-origin: *

Redirect headers

date: Mon, 04 Oct 2021 02:20:38 GMT Mon, 04 Oct 2021 02:20:38 GMT
location: https://rtb.gumgum.com/usersync?b=rth&i=IjJGV7dw6vMrrZj1hj1i&pi=gumgum&tc=1
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
content-length: 0

GET
H/1.1 200
OK / Show response
s.0cf.io/ Frame A565 37 KB
13 KB 255ms
102ms Document
text/html 199.212.255.113
FHMNET

General

Check archive.org

Show headers Download Go to

Full URL

https://s.0cf.io/

Requested by

Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/prbds2s?iframe=1&gdpr=0&gdpr_consent=0&r=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D15%26uid%3D

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.212.255.113 , Canada, ASN25948 (FHMNET, CA),

Reverse DNS

Software

nginx/1.16.1 /

Resource Hash

9ab4ac8ac7a79af2b2505e885070cf5fcce690403d68bb5ca6dc137dda9aaddf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Host: s.0cf.io
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://rtb.gumgum.com/
Accept-Encoding: gzip, deflate, br
Cookie: _dbid=kFlMh13ORoymTb_6VBQvhg-971219
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://rtb.gumgum.com/

Response headers

Server: nginx/1.16.1
Date: Mon, 04 Oct 2021 02:20:38 GMT
Content-Type: text/html
Last-Modified: Fri, 01 Oct 2021 20:09:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"61576af7-933f"
Strict-Transport-Security: max-age=31536000
Content-Encoding: gzip

GET
H2 200 13926 Show response
g2.gumgum.com/usync/ Frame FE2C 55 B
239 B 52ms
33ms Document
text/html 54.77.47.243
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=0&us_privacy=0&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html?gdpr=0&gdpr_consent=0&usp_consent=0&redirect=https%3A%2F%2Fs.0cf.io%2Fps%2F%3Fps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D85%26uid%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.77.47.243 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-77-47-243.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 74b03851b17506833b0506eb8292bd9842e5b32aaaccb1b5553fa967b65db792

Request headers

:method: GET
:authority: g2.gumgum.com
:scheme: https
:path: /usync/13926?gdpr=0&gdpr_consent=0&us_privacy=0&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://public.servenobid.com/
accept-encoding: gzip, deflate, br
cookie: vst=e_26da7300-bcda-4f3c-beb5-de9955586820
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/

Response headers

date: Mon, 04 Oct 2021 02:20:38 GMT
content-type: text/html;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
etag: W/"0656d408e84feebb88e950b10efb49503"
timing-allow-origin: *
content-encoding: gzip

GET
H2 204 ps
pixel.33across.com/ Frame AC95 0
0 303ms
101ms Document
text/plain 67.202.105.22
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.33across.com/ps?m=xch&rt=html&id=0010b00002Mq2FYAAZ&ru=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D304%26uid%3D33XUSERID33X
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html?gdpr=0&gdpr_consent=0&usp_consent=0&redirect=https%3A%2F%2Fs.0cf.io%2Fps%2F%3Fps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D85%26uid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.22 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip22.67-202-105.static.steadfastdns.net
Software: 33XP002 /
Resource Hash

Request headers

:method: GET
:authority: pixel.33across.com
:scheme: https
:path: /ps?m=xch&rt=html&id=0010b00002Mq2FYAAZ&ru=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D304%26uid%3D33XUSERID33X
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://public.servenobid.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/

Response headers

x-33x-status: 2000208
server: 33XP002
date: Mon, 04 Oct 2021 02:20:38 GMT

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame F3B3 2 KB
823 B 14ms
13ms Document
text/html 51.38.120.206
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=0&us_privacy=0&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D

Requested by

Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html?gdpr=0&gdpr_consent=0&usp_consent=0&redirect=https%3A%2F%2Fs.0cf.io%2Fps%2F%3Fps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D85%26uid%3D%24UID

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.38.120.206 , France, ASN16276 (OVH, FR),

Reverse DNS

ip206.ip-51-38-120.eu

Software

Resource Hash

37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

:method: GET
:authority: onetag-sys.com
:scheme: https
:path: /usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=0&us_privacy=0&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://public.servenobid.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/

Response headers

content-type: text/html
cache-control: no-transform, no-cache
content-encoding: gzip
content-length: 731
strict-transport-security: max-age=15552000

GET
H/1.1 200
OK sync Show response
ssbsync.smartadserver.com/api/ Frame 3A1F 1 KB
1 KB 165ms
22ms Document
text/html 185.86.139.94
SMARTADSERVER

General

Check archive.org

Show headers Download Go to

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=0&us_privacy=0&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html?gdpr=0&gdpr_consent=0&usp_consent=0&redirect=https%3A%2F%2Fs.0cf.io%2Fps%2F%3Fps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D85%26uid%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.94 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: 13b0688bedb0aba60dd269e206c7add6ba20d88b75fa2fec03d7815c806a86af

Request headers

Host: ssbsync.smartadserver.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://public.servenobid.com/
Accept-Encoding: gzip, deflate, br
Cookie: pid=2909481528823893178
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/

Response headers

date: Mon, 04 Oct 2021 02:20:38 GMT
content-type: text/html
content-length: 1039

GET
H/1.1 200
OK Cookie set usermatch Show response
ssum-sec.casalemedia.com/ Frame AFA8 2 KB
3 KB 48ms
16ms Document
text/html 2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html?gdpr=0&gdpr_consent=0&usp_consent=0&redirect=https%3A%2F%2Fs.0cf.io%2Fps%2F%3Fps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D85%26uid%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: a3057370707cab6d608cbc02c704d28fd209cebaa7d4aee40239b63151fe55cb

Request headers

Host: ssum-sec.casalemedia.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://public.servenobid.com/
Accept-Encoding: gzip, deflate, br
Cookie: CMID=YVpk9vsuBh6aPyyq.RArPAAA; CMPS=3177; CMPRO=1159; CMST=YVpk9mFaZPYA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/

Response headers

Server: Apache
Content-Type: text/html
Dropped-Udsids: 241|230|39|45|81|130|152|88
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Is-Traffic-Usersync
Content-Length: 1631
Expires: Mon, 04 Oct 2021 02:20:38 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 04 Oct 2021 02:20:38 GMT
Connection: keep-alive
Set-Cookie: CMID=YVpk9vsuBh6aPyyq.RArPAAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Tue, 04 Oct 2022 02:20:38 GMT CMPS=3177;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sun, 02 Jan 2022 02:20:38 GMT CMPRO=1159;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sun, 02 Jan 2022 02:20:38 GMT CMRUM3=98615a64f605a00&e6615a64f62760&f1615a64f605a0&2d615a64f605a0&27615a64f60b40&51615a64f605a0&82615a64f6a8c0&58615a64f605a0;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Tue, 04 Oct 2022 02:20:38 GMT

GET
H2

200

sync
ads.servenobid.com/ Frame 0CB4
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID
https://ads.servenobid.com/sync?pid=312&uid=6976422120070589160

0
343 B

119ms
53ms

Image
image/avif

54.246.172.223
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=312&uid=6976422120070589160
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html?gdpr=0&gdpr_consent=0&usp_consent=0&redirect=https%3A%2F%2Fs.0cf.io%2Fps%2F%3Fps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D85%26uid%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.246.172.223 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-246-172-223.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:38 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 02:20:38 GMT
X-Proxy-Origin: 78.47.208.28; 78.47.208.28; 690.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 79ba28df-30fb-4059-9eb3-025424c46561
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ads.servenobid.com/sync?pid=312&uid=6976422120070589160
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sync
ads.servenobid.com/ Frame 0CB4
Redirect Chain

https://ap.lijit.com/pixel?redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%24UID
https://ads.servenobid.com/sync?pid=310&uid=fdb10802dd4dcfb7a17bb7b5

0
347 B

32ms
31ms

Image
image/avif

54.246.172.223
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=310&uid=fdb10802dd4dcfb7a17bb7b5
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html?gdpr=0&gdpr_consent=0&usp_consent=0&redirect=https%3A%2F%2Fs.0cf.io%2Fps%2F%3Fps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D85%26uid%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.246.172.223 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-246-172-223.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:38 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

Date: Mon, 04 Oct 2021 02:20:38 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://ads.servenobid.com/sync?pid=310&uid=fdb10802dd4dcfb7a17bb7b5
Access-Control-Allow-Credentials: true
Connection: close
X-Sovrn-Pod: ad_ap3ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type

GET
H2

200

RX-fbf7ce1a-fb88-4262-834f-1e4765361acf-003
sync.targeting.unrulymedia.com/csync/ Frame 0CB4
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=duration&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=8301246104
https://sync.1rx.io/usersync/tradedesk/53d22381-4496-4355-a04c-e01fc336aea3
https://sync.targeting.unrulymedia.com/csync/RX-fbf7ce1a-fb88-4262-834f-1e4765361acf-003

43 B
395 B

30ms
13ms

Image
image/gif

213.19.147.45
LEVEL3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.targeting.unrulymedia.com/csync/RX-fbf7ce1a-fb88-4262-834f-1e4765361acf-003
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html?gdpr=0&gdpr_consent=0&usp_consent=0&redirect=https%3A%2F%2Fs.0cf.io%2Fps%2F%3Fps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D85%26uid%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.19.147.45 , United Kingdom, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Tengine /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:38 GMT
server: Tengine
content-length: 43
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"

Redirect headers

location: https://sync.targeting.unrulymedia.com/csync/RX-fbf7ce1a-fb88-4262-834f-1e4765361acf-003
pragma: no-cache
date: Mon, 04 Oct 2021 02:20:38 GMT
cache-control: no-store, no-cache, must-revalidate
server: Tengine
content-type: text/html
expires: 0

GET
H2 200 101954
jadserve.postrelease.com/suid/ Frame 0CB4 43 B
427 B 352ms
107ms Image
image/gif 54.173.185.122
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://jadserve.postrelease.com/suid/101954?ntv_r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D322%26uid%3DNTV_USER_ID
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html?gdpr=0&gdpr_consent=0&usp_consent=0&redirect=https%3A%2F%2Fs.0cf.io%2Fps%2F%3Fps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D85%26uid%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.173.185.122 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-173-185-122.compute-1.amazonaws.com
Software: nginx/1.12.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 02:20:38 GMT
server: nginx/1.12.1
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type: image/gif
content-length: 43
expires: Mon, 1 Jan 1990 12:00:00 GMT

GET
H2

200

sync
ads.servenobid.com/ Frame 0CB4
Redirect Chain

https://cs.admanmedia.com/sync/durationmedia?redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D328%26uid%3D%7B%24UID%7D
https://ads.servenobid.com/sync?pid=328&uid=c670bc1db7b3ed1d5f9fcb1f26b01d93bb1181d0

0
358 B

33ms
32ms

Image
image/avif

54.246.172.223
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=328&uid=c670bc1db7b3ed1d5f9fcb1f26b01d93bb1181d0
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html?gdpr=0&gdpr_consent=0&usp_consent=0&redirect=https%3A%2F%2Fs.0cf.io%2Fps%2F%3Fps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D85%26uid%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.246.172.223 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-246-172-223.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:38 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

Location: https://ads.servenobid.com/sync?pid=328&uid=c670bc1db7b3ed1d5f9fcb1f26b01d93bb1181d0
Date: Mon, 04 Oct 2021 02:20:38 GMT
Transfer-Encoding: chunked
Server: nginx
Connection: keep-alive
X-Frame-Options: DENY
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload

GET
H2

200

sync
ads.servenobid.com/ Frame 0CB4
Redirect Chain

https://p.rfihub.com/cm?pub=44007&in=1
https://ads.servenobid.com/sync?pid=324&uid=1875819623002229802

0
343 B

32ms
32ms

Image
image/avif

54.246.172.223
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=324&uid=1875819623002229802
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html?gdpr=0&gdpr_consent=0&usp_consent=0&redirect=https%3A%2F%2Fs.0cf.io%2Fps%2F%3Fps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D85%26uid%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.246.172.223 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-246-172-223.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:38 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

Location: https://ads.servenobid.com/sync?pid=324&uid=1875819623002229802
Date: Mon, 04 Oct 2021 02:20:38 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1 200
OK usa
sync.go.sonobi.com/ Frame 0CB4 0
478 B 35ms
32ms Image
text/plain 178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/usa?loc=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D332%26uid%3D

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 Rotterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 02:20:38 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: text/plain; charset=utf8
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H/1.1

200
OK

usermatchredir
ssum.casalemedia.com/ Frame 0CB4
Redirect Chain

https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=0&us_privacy=0&&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D327%26uid%3D
https://ib.adnxs.com/getuid?https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F0%3FA%3D70bac03d-c247-4caa-b5f0-f9680f29f7a7%26bidder%3Dappnexus%26cbx%3DaHR0cHM6Ly9hZHMuc2VydmVub2JpZC5jb20vc3luYz9waWQ9MzI3JnV...
https://prebid.a-mo.net/cchain/0?A=70bac03d-c247-4caa-b5f0-f9680f29f7a7&bidder=appnexus&cbx=aHR0cHM6Ly9hZHMuc2VydmVub2JpZC5jb20vc3luYz9waWQ9MzI3JnVpZD0%3D&gdpr=0&gdpr_consent=0&uid=6976422120070589...
https://ap.lijit.com/pixel?redir=https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F1%3FA%3D70bac03d-c247-4caa-b5f0-f9680f29f7a7%26bidder%3Dsovrn%26cbx%3DaHR0cHM6Ly9hZHMuc2VydmVub2JpZC5jb20vc3luYz9waWQ9MzI3J...
https://prebid.a-mo.net/cchain/1?A=70bac03d-c247-4caa-b5f0-f9680f29f7a7&bidder=sovrn&cbx=aHR0cHM6Ly9hZHMuc2VydmVub2JpZC5jb20vc3luYz9waWQ9MzI3JnVpZD0=&gdpr=0&gdpr_consent=0&uid=fdb10802dd4dcfb7a17bb7b5
https://ssum.casalemedia.com/usermatchredir?s=191503&cb=https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F2%3FA%3D70bac03d-c247-4caa-b5f0-f9680f29f7a7%26bidder%3Dindex_rtb%26cbx%3DaHR0cHM6Ly9hZHMuc2VydmVub2...

43 B
315 B

11ms
10ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssum.casalemedia.com/usermatchredir?s=191503&cb=https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F2%3FA%3D70bac03d-c247-4caa-b5f0-f9680f29f7a7%26bidder%3Dindex_rtb%26cbx%3DaHR0cHM6Ly9hZHMuc2VydmVub2JpZC5jb20vc3luYz9waWQ9MzI3JnVpZD0%253D%26gdpr%3D0%26gdpr_consent%3D0%26uid%3D&gdpr=0&gdpr_consent=0
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html?gdpr=0&gdpr_consent=0&usp_consent=0&redirect=https%3A%2F%2Fs.0cf.io%2Fps%2F%3Fps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D85%26uid%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 02:20:38 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Mon, 04 Oct 2021 02:20:38 GMT

Redirect headers

location: https://ssum.casalemedia.com/usermatchredir?s=191503&cb=https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F2%3FA%3D70bac03d-c247-4caa-b5f0-f9680f29f7a7%26bidder%3Dindex_rtb%26cbx%3DaHR0cHM6Ly9hZHMuc2VydmVub2JpZC5jb20vc3luYz9waWQ9MzI3JnVpZD0%253D%26gdpr%3D0%26gdpr_consent%3D0%26uid%3D&gdpr=0&gdpr_consent=0
date: Mon, 04 Oct 2021 02:20:38 GMT
cache-control: max-age=0, private, must-revalidate
x-envoy-upstream-service-time: 2
server: envoy
content-length: 0

GET
H2

200

sync
ads.servenobid.com/ Frame 0CB4
Redirect Chain

https://t.adx.opera.com/pub/sync?r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D335%26uid%3D
https://ads.servenobid.com/sync?operaUid=07468273133d427a85a0fae77a4d154c&pid=335&uid=

0
353 B

47ms
46ms

Image
image/avif

54.246.172.223
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?operaUid=07468273133d427a85a0fae77a4d154c&pid=335&uid=
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html?gdpr=0&gdpr_consent=0&usp_consent=0&redirect=https%3A%2F%2Fs.0cf.io%2Fps%2F%3Fps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D85%26uid%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.246.172.223 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-246-172-223.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:38 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

pragma: no-cache
date: Mon, 04 Oct 2021 02:20:38 GMT
server: Tengine
access-control-allow-origin: *
access-control-allow-methods: POST, GET
content-type: text/html; charset=utf-8
location: https://ads.servenobid.com/sync?operaUid=07468273133d427a85a0fae77a4d154c&pid=335&uid=
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
content-length: 117
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

/
s.0cf.io/ps/ Frame 0CB4
Redirect Chain

https://ads.servenobid.com/getsync?redirect=https%3A%2F%2Fs.0cf.io%2Fps%2F%3Fps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D85%26uid%3D%24UID
https://s.0cf.io/ps/?ps=true&dbid=kFlMh13ORoymTb_6VBQvhg-971219&id=85&uid=

0
0

202ms
101ms

Image
text/html

199.212.255.113
FHMNET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.0cf.io/ps/?ps=true&dbid=kFlMh13ORoymTb_6VBQvhg-971219&id=85&uid=
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html?gdpr=0&gdpr_consent=0&usp_consent=0&redirect=https%3A%2F%2Fs.0cf.io%2Fps%2F%3Fps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D85%26uid%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.212.255.113 , Canada, ASN25948 (FHMNET, CA),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true

Redirect headers

date: Mon, 04 Oct 2021 02:20:38 GMT
amp-access-control-allow-source-origin: *
location: https://s.0cf.io/ps/?ps=true&dbid=kFlMh13ORoymTb_6VBQvhg-971219&id=85&uid=
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

GET
H/1.1

200
OK

dcm
s.amazon-adsystem.com/ Frame AFA8
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YVpk9vsuBh6aPyyq-RArPAAABIcAAAIB
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YVpk9vsuBh6aPyyq-RArPAAABIcAAAIB&dcc=t

43 B
645 B

102ms
102ms

Image
image/gif

209.54.177.54
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YVpk9vsuBh6aPyyq-RArPAAABIcAAAIB&dcc=t

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

209.54.177.54 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 02:20:38 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: AGWX9P4NFVWPJ6MD41Y9
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 02:20:38 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 3H5M6AKK3SCNA87XTER9
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YVpk9vsuBh6aPyyq-RArPAAABIcAAAIB&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

usermatchredir
ssum-sec.casalemedia.com/ Frame AFA8
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YVpk9vsuBh6aPyyq-RArPAAABIcAAAIB&gdpr_consent=&us_privacy=&gdpr=1
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEKvJCC-FNA9aQnytYJnSrT4&google_cver=1

43 B
315 B

11ms
10ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEKvJCC-FNA9aQnytYJnSrT4&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 02:20:38 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Mon, 04 Oct 2021 02:20:38 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Oct 2021 02:20:38 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEKvJCC-FNA9aQnytYJnSrT4&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 343
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame AFA8 70 B
264 B 34ms
32ms Image
image/gif 13.248.242.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.242.197 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a97adde81b00f2ca4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 02:20:38 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame AFA8
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YVpk9vsuBh6aPyyq.RArPAAA
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESELJDTz35n-SQYGvzSR_yZMQ&google_cver=1&gdpr=1&google_hm=2

43 B
1 KB

16ms
16ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESELJDTz35n-SQYGvzSR_yZMQ&google_cver=1&gdpr=1&google_hm=2
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 02:20:38 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 04 Oct 2021 02:20:38 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Oct 2021 02:20:38 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESELJDTz35n-SQYGvzSR_yZMQ&google_cver=1&gdpr=1&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 341
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame AFA8
Redirect Chain

https://pixel.quantserve.com/pixel/p-Z8PuJEk6U7Hyq.gif?idmatch=0&gdpr=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&gdpr=1&external_user_id=xe1MlsXoH8He5R_EkrhUxJXuHMDe7x_OkOjC8eKY

43 B
1013 B

12ms
12ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&gdpr=1&external_user_id=xe1MlsXoH8He5R_EkrhUxJXuHMDe7x_OkOjC8eKY
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 02:20:38 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 04 Oct 2021 02:20:38 GMT

Redirect headers

pragma: no-cache
date: Mon, 04 Oct 2021 02:20:38 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&gdpr=1&external_user_id=xe1MlsXoH8He5R_EkrhUxJXuHMDe7x_OkOjC8eKY
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H/1.1 200
OK ie
match.prod.bidr.io/cookie-sync/ Frame AFA8 43 B
430 B 140ms
31ms Image
image/gif 52.16.229.21
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://match.prod.bidr.io/cookie-sync/ie?gdpr=1

Requested by

Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.16.229.21 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-16-229-21.eu-west-1.compute.amazonaws.com

Software

nginx /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
Date: Mon, 04 Oct 2021 02:20:38 GMT
Server: nginx
strict-transport-security: max-age=2592000; includeSubDomains
p3p: CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
cache-control: no-cache, must-revalidate
Connection: keep-alive
content-type: image/gif
Content-Length: 43
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame AFA8
Redirect Chain

https://sync.extend.tv/r.gif?exchange=index
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=2788cad2-fcfe-41d7-be90-014dadeff662

43 B
1 KB

13ms
13ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=2788cad2-fcfe-41d7-be90-014dadeff662
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 02:20:39 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 04 Oct 2021 02:20:39 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 02:20:39 GMT
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=utf-8
Location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=2788cad2-fcfe-41d7-be90-014dadeff662
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 132
Expires: Tue, 29 May 1984 15:00:00 GMT

GET ZMAwryCI
sync-tm.everesttech.net/upi/pid/ Frame AFA8 0
0

GET
H2 200 sync
ads.servenobid.com/ Frame AFA8 0
356 B 32ms
31ms Image
image/avif 54.246.172.223
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=333&uid=YVpk9vsuBh6aPyyq-RArPAAABIcAAAIB
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.246.172.223 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-246-172-223.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:38 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame BD9C 31 KB
9 KB 8ms
8ms Script
text/html 104.109.78.125
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.109.78.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-109-78-125.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 6eac4f1bf5bf8976cc74f9d784adc40029ac907cf2ba54cc3c5a50c8e38cd122

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=gumgum
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date: Mon, 04 Oct 2021 02:20:38 GMT
Content-Encoding: gzip
Last-Modified: Thu, 30 Sep 2021 18:24:26 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=48768
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9275
Expires: Mon, 04 Oct 2021 15:53:26 GMT

GET
H/1.1 200
OK khaos.jpg
token.rubiconproject.com/ Frame BD9C 284 B
536 B 64ms
8ms Image
image/jpg 69.173.144.138
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/khaos.jpg?
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: 492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 284
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
Content-Type: image/jpg

GET
H2 200 sync
ads.servenobid.com/ Frame 3A1F 0
344 B 32ms
32ms Image
image/avif 54.246.172.223
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=317&uid=2909481528823893178&gdpr=0&gdpr_consent=0
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=0&us_privacy=0&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.246.172.223 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-246-172-223.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:38 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

GET
H/1.1

200
OK

sync
ssbsync.smartadserver.com/api/ Frame 3A1F
Redirect Chain

https://secure.adnxs.com/getuid?https%3A%2F%2Fssbsync.smartadserver.com%2Fapi%2Fsync%3Fcallerid%3D9%26gdpr%3D0%26gdpr_consent%3D0%26partnerid%3D86%26buid%3D$UID&gdpr=0&gdpr_consent=0
https://ssbsync.smartadserver.com/api/sync?callerid=9&gdpr=0&gdpr_consent=0&partnerid=86&buid=6976422120070589160&gdpr=0&gdpr_consent=0

0
75 B

20ms
20ms

Image
text/plain

185.86.139.94
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerid=9&gdpr=0&gdpr_consent=0&partnerid=86&buid=6976422120070589160&gdpr=0&gdpr_consent=0
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=0&us_privacy=0&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.94 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:38 GMT
content-length: 0

Redirect headers

Pragma: no-cache
Date: Mon, 04 Oct 2021 02:20:38 GMT
X-Proxy-Origin: 78.47.208.28; 78.47.208.28; 536.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
AN-X-Request-Uuid: 8708f8f5-df4e-47a7-9447-9333d193dc4d
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ssbsync.smartadserver.com/api/sync?callerid=9&gdpr=0&gdpr_consent=0&partnerid=86&buid=6976422120070589160&gdpr=0&gdpr_consent=0
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

sync
ssbsync.smartadserver.com/api/ Frame 3A1F
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?gdpr=0&gdpr_consent=0&nid=64&redir=https%3A%2F%2Fssbsync.smartadserver.com%2Fapi%2Fsync%3Fcallerid%3D9%26gdpr%3D0%26gdpr_consent%3D0%26partnerid%3D68%...
https://ssbsync.smartadserver.com/api/sync?callerid=9&gdpr=0&gdpr_consent=0&partnerid=68&partneruserid=no-consent

1 KB
1 KB

21ms
20ms

Image
text/html

185.86.139.94
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerid=9&gdpr=0&gdpr_consent=0&partnerid=68&partneruserid=no-consent
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=0&us_privacy=0&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.94 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:38 GMT
content-length: 1039
content-type: text/html

Redirect headers

pragma: no-cache
date: Mon, 04 Oct 2021 02:20:38 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://ssbsync.smartadserver.com/api/sync?callerid=9&gdpr=0&gdpr_consent=0&partnerid=68&partneruserid=no-consent
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H/1.1

200
OK

sync
ssbsync.smartadserver.com/api/ Frame 3A1F
Redirect Chain

https://sync.mathtag.com/sync/img?gdpr=0&gdpr_consent=0&mt_exid=39&redir=https%3A%2F%2Fssbsync.smartadserver.com%2Fapi%2Fsync%3Fcallerid%3D9%26gdpr%3D0%26gdpr_consent%3D0%26partnerid%3D25%26partner...
https://ssbsync.smartadserver.com/api/sync?callerid=9&gdpr=0&gdpr_consent=0&partnerid=25&partneruserid=af0e615a-64f6-4800-8cba-96b2e8a01908

1 KB
1 KB

21ms
21ms

Image
text/html

185.86.139.94
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerid=9&gdpr=0&gdpr_consent=0&partnerid=25&partneruserid=af0e615a-64f6-4800-8cba-96b2e8a01908
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=0&us_privacy=0&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.94 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:38 GMT
content-length: 1039
content-type: text/html

Redirect headers

Date: Mon, 04 Oct 2021 02:20:38 GMT
Server: MT3 3984 0e3af3b master zrh-pixel-x27 config:1.0.0
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://ssbsync.smartadserver.com/api/sync?callerid=9&gdpr=0&gdpr_consent=0&partnerid=25&partneruserid=af0e615a-64f6-4800-8cba-96b2e8a01908
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Mon, 04 Oct 2021 02:20:37 GMT

GET
H/1.1

200
OK

sync
ssbsync.smartadserver.com/api/ Frame 3A1F
Redirect Chain

https://c1.adform.net/serving/cookie/match?gdpr=0&gdpr_consent=0&party=10&sspurl=https%3A%2F%2Fssbsync.smartadserver.com%2Fapi%2Fsync%3Fcallerid%3D9%26gdpr%3D0%26gdpr_consent%3D0%26partnerid%3D22%2...
https://c1.adform.net/serving/cookie/match?CC=1&gdpr=0&gdpr_consent=0&party=10&sspurl=https%3A%2F%2Fssbsync.smartadserver.com%2Fapi%2Fsync%3Fcallerid%3D9%26gdpr%3D0%26gdpr_consent%3D0%26partnerid%3...
https://ssbsync.smartadserver.com/api/sync?callerid=9&gdpr=0&gdpr_consent=0&partnerid=22&buid=5836818027542155553&gdpr=0&gdpr_consent=0

0
75 B

20ms
20ms

Image
text/plain

185.86.139.94
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerid=9&gdpr=0&gdpr_consent=0&partnerid=22&buid=5836818027542155553&gdpr=0&gdpr_consent=0
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=0&us_privacy=0&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.94 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:38 GMT
content-length: 0

Redirect headers

pragma: no-cache
date: Mon, 04 Oct 2021 02:20:38 GMT
server: nginx
location: https://ssbsync.smartadserver.com/api/sync?callerid=9&gdpr=0&gdpr_consent=0&partnerid=22&buid=5836818027542155553&gdpr=0&gdpr_consent=0
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
853 B 40ms
16ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=creativedestructionmedia.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092301.js?31063001

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Oct 2021 02:20:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
570 B 42ms
17ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=creativedestructionmedia.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092301.js?31063001

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Oct 2021 02:20:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads
securepubads.g.doubleclick.net/gampad/ 0
55 KB 542ms
540ms Other
application/webbundle 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=3560083303621572&correlator=1682408842691545&output=wbn&wbsu=978b2881-ae12-4d6e-8379-627edb7ad338&callback=googletag.wbn1&impl=fifs&eid=31063001%2C31060545%2C31062221%2C31062324%2C44748553&vrg=2021092301&ptt=17&sc=1&sfv=1-0-38&ecs=20211004&iu_parts=22255464506%2Ccdmedia_billboard_1%2Ccdmedia_sticky_box_1%2Ccdmedia_sticky_skyscraper_1%2Ccdmedia_sticky_footer%2Ccdmedia_in_content_box_1%2Ccdmedia_in_content_box_2%2Ccdmedia_in_comments_1&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5%2C%2F0%2F6%2C%2F0%2F7&prev_iu_szs=970x250%7C728x90%2C300x250%2C300x600%7C300x250%2C728x90%7C1x1%2C320x50%7C728x90%7C300x250%2C320x50%7C728x90%7C300x250%2C320x50%7C728x90%7C300x250&fluid=0%2C0%2C0%2C0%2Cheight%2Cheight%2Cheight&prev_scp=db_bid%3D0.00%26db_sourceid%3D2659176%26db_slot%3Dcdmedia_billboard_1%26db_sw%3Dfalse%26db_syncsno%3D0%26navigation_auction%3D1%7Cdb_bid%3D0.00%26db_sourceid%3D2659176%26db_slot%3Dcdmedia_sticky_box_1%26db_sw%3Dfalse%26db_syncsno%3D0%26navigation_auction%3D1%7Cdb_bid%3D0.00%26db_sourceid%3D2659176%26db_slot%3Dcdmedia_sticky_skyscraper_1%26db_sw%3Dfalse%26db_syncsno%3D0%26navigation_auction%3D1%7Cdb_bid%3D0.00%26db_sourceid%3D2659176%26db_slot%3Dcdmedia_sticky_footer%26db_sw%3Dfalse%26db_syncsno%3D0%26navigation_auction%3D1%7Cdb_bid%3D0.00%26db_sourceid%3D2659176%26db_slot%3Dcdmedia_in_content_box_1%26db_sw%3Dfalse%26db_syncsno%3D0%26navigation_auction%3D1%7Cdb_bid%3D0.00%26db_sourceid%3D2659176%26db_slot%3Dcdmedia_in_content_box_2%26db_sw%3Dfalse%26db_syncsno%3D0%26navigation_auction%3D1%7Cdb_bid%3D0.00%26db_sourceid%3D2659176%26db_slot%3Dcdmedia_in_comments_1%26db_sw%3Dfalse%26db_syncsno%3D0%26navigation_auction%3D1&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1633314038&dt=1633314038784&dlt=1633314036478&idt=1195&frm=20&biw=1600&bih=1200&oid=2&adxs=315%2C100%2C1200%2C436%2C420%2C420%2C420&adys=198%2C605%2C735%2C1108%2C1415%2C2607%2C4149&adks=765494606%2C3375678449%2C585897706%2C1400457944%2C1246010737%2C2724131558%2C4144568794&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fcreativedestructionmedia.com%2Finvestigations%2F2020%2F12%2F02%2Fbiden-partners-and-sponsors-invested-in-dominion-voting-systems%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x0%7C300x0%7C300x0%7C728x-1%7C760x2605%7C760x2605%7C760x5629&msz=1600x0%7C300x0%7C300x0%7C728x-1%7C760x0%7C760x0%7C760x0&ga_vid=1525069811.1633314039&ga_sid=1633314039&ga_hid=340939870&ga_fc=false&fws=4%2C4%2C4%2C516%2C4%2C4%2C4&ohw=1600%2C1600%2C1600%2C1600%2C1600%2C1600%2C1600&btvi=0%7C0%7C0%7C0%7C1%7C2%7C3&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092301.js?31063001

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:39 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56357
x-xss-protection: 0
google-lineitem-id: -1,-1,-1,-1,-1,-1,-1
pragma: no-cache
server: cafe
google-creative-id: -1,-1,-1,-1,-1,-1,-1
content-type: application/webbundle
access-control-allow-origin: https://creativedestructionmedia.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
URN 200
OK uuid:978b2881-ae12-4d6e-8379-627edb7ad338 Show response
/ 294 KB
294 KB 556ms
556ms Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL

urn:uuid:978b2881-ae12-4d6e-8379-627edb7ad338

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092301.js?31063001

Protocol

URN

Server

-, , ASN (),

Reverse DNS

Software

Resource Hash

fef78dcf6c855401ba1dae6249691366fc2cf15c22280571d2b4e4fc3648b83e

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

X-Content-Type-Options: nosniff, nosniff
content-type: text/javascript; charset=utf-8

GET
H2 200 33a98319-d93a-47fd-add8-19dd17d78e10.png
img.onesignal.com/t/ 12 KB
12 KB 461ms
450ms Image
image/png 2606:4700::6812:e234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.onesignal.com/t/33a98319-d93a-47fd-add8-19dd17d78e10.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ceba4a27d1d5b002e5f9cc114910456581da48b66753f5c133b6280057c11811

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Mon, 04 Oct 2021 02:20:39 GMT
cf-cache-status: REVALIDATED
x-amz-request-id: NKVPW1RMHF625V61
x-amz-meta-cache-control: public, maxage=604800
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 12376
x-amz-id-2: ePIdGJ2PFHx4uu8eh/W9QfeslPdr6v+mom1gAewRKgPkAoFheDDgpapHoZbQGDyznWpLmePX+3s=
last-modified: Sun, 21 Apr 2019 18:35:15 GMT
server: cloudflare
etag: "2cb20e96be0d57d9f3945cb5373ed552"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cache-control: public, max-age=2678400
accept-ranges: bytes
cf-ray: 698aeea6dd8f2bc6-FRA
expires: Thu, 04 Nov 2021 02:20:39 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
9 KB 48ms
23ms XHR
application/json 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021092301&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092301.js?31063001

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8860dea0d7d2a332fc65d3deafa42560b986bd672763d73925f1f869670b1827

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 04 Oct 2021 02:20:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8479
x-xss-protection: 0

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012109102127000/ 189 KB
55 KB 66ms
11ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012109102127000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092301.js?31063001

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ba870dd4f1f375d33aa3770685227bd38160d194969b3840232fad67c1989bb8

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 317817
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55506
x-xss-protection: 0
server: sffe
date: Thu, 30 Sep 2021 10:03:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c42e3b94efe0099e"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 30 Sep 2022 10:03:42 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012109102127000/v0/ 13 KB
5 KB 70ms
16ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012109102127000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092301.js?31063001

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

19ad029fe2230dc2b7eda8d3c2b8d872aae2e718c0209bcaec04cd51a04d9165

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 317817
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4995
x-xss-protection: 0
server: sffe
date: Thu, 30 Sep 2021 10:03:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "bc03df60ee69192f"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 30 Sep 2022 10:03:42 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012109102127000/v0/ 89 KB
28 KB 73ms
19ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012109102127000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092301.js?31063001

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d4cb8e3d3f1d9da69c5096249099aaa6ec5942dc20f922cc6c99f7b7b4557584

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 51070
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28507
x-xss-protection: 0
server: sffe
date: Sun, 03 Oct 2021 12:09:29 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "283b6526337df106"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Mon, 03 Oct 2022 12:09:29 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012109102127000/v0/ 4 KB
2 KB 74ms
20ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012109102127000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092301.js?31063001

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d50905d9c0e2c1f4a30e217e1eade952d04600860ccf4aec5240e6fd31eb9b29

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 317817
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1638
x-xss-protection: 0
server: sffe
date: Thu, 30 Sep 2021 10:03:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b3f838efba7b15f2"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 30 Sep 2022 10:03:42 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012109102127000/v0/ 40 KB
13 KB 75ms
21ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012109102127000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092301.js?31063001

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

235dd149eac993d9f773d67eb3432fda6c4d81c98d29c4fb150707fae2b59908

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 132112
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12820
x-xss-protection: 0
server: sffe
date: Sat, 02 Oct 2021 13:38:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "2e8049efde94274d"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sun, 02 Oct 2022 13:38:47 GMT

GET
DATA 200
OK truncated
/ 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1cbda14bc053adc73b55b52607e24eb2b98778b2f0d87b8c53760a72330dc785

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 10167518013778640810
tpc.googlesyndication.com/daca_images/simgad/ 104 KB
105 KB 31ms
7ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/10167518013778640810

Requested by

Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0e36043c69bea7a50bc693346182bbb062123d2307b7f0ef016f274061a5f1ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sat, 02 Oct 2021 22:39:56 GMT
x-content-type-options: nosniff
age: 99643
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 106798
x-xss-protection: 0
last-modified: Tue, 28 Sep 2021 08:14:50 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 02 Oct 2022 22:39:56 GMT

GET
H2 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ 2 KB
3 KB 30ms
6ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 03 Oct 2021 14:19:22 GMT
x-content-type-options: nosniff
server: cafe
age: 43277
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Mon, 04 Oct 2021 14:19:22 GMT

GET
H2 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ 295 B
399 B 30ms
7ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 03 Oct 2021 14:31:09 GMT
x-content-type-options: nosniff
server: cafe
age: 42570
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Mon, 04 Oct 2021 14:31:09 GMT

GET
H2 204 l
www.google.com/ads/measurement/ 0
0 38ms
15ms Image
text/html 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQRTdQe34UXDsBGUCqyaGJXkzUKZjHIGAXAKsjt9PvuwlrnFFk6Xmq5u402hipBkB5J8bpSfq1TpE6Wve11WAA7ZycAqA
Requested by: Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ 0
0 18ms
18ms Image
text/html 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CFqkw9mRaYdfaM5Hu3wON8Ze4COK97rpl7bWG-LsO3NkeEAEg8c6YdWCVioyCmAegAbKGrvQCyAEC4AIAqAMByAMIqgT_Ak_QB0efK8sjyUYjdf7O26MWShgawC8yFgO_clgfO9xZieZr6udggpY83-Hiakcd2gdRepbUm89JIW9lJRaSZ4P4VJTsC7faKp-JBYqRqbuke59rdRBT-rvjEcSp9xR79gYk-8BX_nFCOQDwpfwHxodbIyp9oBAHsnQPqPP7rKexJSy2aaY2J5vx0quv2bMPEsrbbpKxhwJpUj5fxlXaLgfPFa6gRFkSZ3YDe1COfZH3X72vN7apwSFDpSiH30U16xyLYw60D4gWZ9gfkSMxiP1X1O1tueIN8U1bOwipa0ZFqfvJzarF4VdqWUgYnuZB7KHOFcIfsuZe8R635Sbbz8sW711Hq2yQq8h2U96-kGPxQ5VOF9A0UmqLLFYqBzq6ryv1JthLEcY-Ohee8DWApy72Rf75RYb2W4fJ5K8GTXV5uygzA_m6iQMTcN1scAObDk4CmPLCVD02YeBLIHEQoFVI8KIEVhvK7eMTrG36CkGWXNj49aiHsTxZa-UKhimLwAT9queb0APgBAGSBQQIBBgBkgUECAUYBKAGAoAHocKrsgGoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB9XJG6gHpr4b2AcB8gcEEMT0F9IICQiA4YAQEAEYHfIIG2FkeC1zdWJzeW4tODMyNzg3OTUwNDQ2MzI0M4AKA8gLAdgTDdAVAYAXAbIXHgocCAASFHB1Yi00Mjc5MzE1MDY4NTgzNjk0GO-ceQ&sigh=QxESsl9_P8E
Requested by: Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: ams15s22-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 196901c2925903fc2921e2982df7d8f3311a53f039b66840b9e5e1efdcdb3c01

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 7148172792070689680
tpc.googlesyndication.com/simgad/ 41 KB
42 KB 47ms
31ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/7148172792070689680?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qmZ_52RxmRZ0ieEzFhNU5YxgAohYw

Requested by

Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb22ebf8b746288e13bf8fea00820859a1fc0585870226cdafb16930aa9ad8b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 03 Oct 2021 18:09:01 GMT
x-content-type-options: nosniff
age: 29498
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42447
x-xss-protection: 0
last-modified: Thu, 23 Sep 2021 12:27:22 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 03 Oct 2022 18:09:01 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ 0
0 19ms
18ms Image
text/html 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CuagF9mRaYdjaM5Hu3wON8Ze4COPLtq1l7dyd1K4O2Ky2lYsDEAEg8c6YdWCVioyCmAegAfnwyfkDyAECqQI0ttyhxLm2PuACAKgDAcgDCKoEhwNP0LCdNV7GhEuklJFkUmYbJ3tfPrp72Cb0tJczL4JgKYpJekOYysc9z9xuVRUjikjS8ziL7ibFNVsEAptApnH6CvjR0Ve8yu8c1U9KK_9UUaugHDivD0543vNMrT_FcloR6Ld1SjnIw7cZQzymHbXuckPVnBAlPEMuQVNjS3oeezo-RLQ1J71GuhIsPfvCGuivsUntCphkOBpFqO8SJJUSHSFaLImoBKywK08UIRUsS3AK4GmTeX0KeuHkMZoS2UE1vS_B4877PO2lwyFfjDDEZdG1a3SuZXluEA4f3vuaBEV7vdWAHlo2-B44nCP5930kJg2LIUlolb0cMcYVNaZV-efl3JBHD3mdTyeG5iYYPiu8-SeBuoRr6g-yuUWHX0oIIqdzRt2oHuVKUgJy1CSUuw_3NhLaoCcKCEMLdRvNk2aTPJCVponsYkMEZuXJrlhFe73c9c8Mavju0Ib31YFgmCjpTeATYKUM5fPb-orHLHCeszLBxlEUawAKoj5UE8lDBMEwvzIVwASQj7Wg8APgBAGSBQQIBBgBkgUECAUYBKAGAoAH3sWXN6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgH1ckbqAemvhvYBwHyBwQQjYQL0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi04MzI3ODc5NTA0NDYzMjQzgAoDyAsB2BMN0BUBgBcBshceChwIABIUcHViLTQyNzkzMTUwNjg1ODM2OTQY75x5&sigh=KomiweyAEZY
Requested by: Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: ams15s22-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d67d51c1ee851a00e860ab03f77b1dabb7e7c43d9526f2c582374b9d2c6d79cf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 2104358083251754191
tpc.googlesyndication.com/simgad/ 41 KB
41 KB 47ms
34ms Image
image/png 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/2104358083251754191?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qlc7-a-6xJB9l-MyYtZOMz2gOvtVw

Requested by

Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96b11c1f57cfe69aeecf2a819d7fd58bcfc2fea05045ba3d979edc47865288f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Sun, 03 Oct 2021 23:00:03 GMT
x-content-type-options: nosniff
age: 12036
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41685
x-xss-protection: 0
last-modified: Thu, 23 Sep 2021 12:27:20 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 03 Oct 2022 23:00:03 GMT

GET
H2 204 l
www.google.com/ads/measurement/ 0
0 28ms
15ms Image
text/html 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRgVlOeQiFOzsBsc3hyQiJJL1Gh6Wq4XDDDESvQ9CA5YNfMchXKOLeLUO85sRE0vTgRnc9znWg1P4J3CS8yGSPrQ7NGKA
Requested by: Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ 0
0 18ms
17ms Image
text/html 216.58.212.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CEoN39mRaYdnaM5Hu3wON8Ze4COPLtq1l_dqd1K4O2Ky2lYsDEAEg8c6YdWCVioyCmAegAfnwyfkDyAECqQI0ttyhxLm2PuACAKgDAcgDCKoEhANP0M2hRY-JoegMvu9_N42ZOfvuIDTzN5giBSkIdz8HpKK6y6l0ZGFDRzmw7QwvdlMF57d322ZOpjz3fLlmtDqxthU9RHup0pLagcciIdcPw4mwr3JX6Z9yhkACn9tuoigcLWJVp10jUiupZKDB59r_JWMn7seJqhto76GMPtMeLM05vFxDDbfcp1ckwmYX9Rk2kUxOcnyQKwze4IgVq2MDel3q6TKN1LiwNTHNDHkBB_9SeqfH0FAWtlrJKNDqJuNe1-PazX9lnZ0SRi7NcQP4iFSnokTGIfmrAWqiJ_9obBdJDEW1UMDKjJDRIAJ1bg1JxE8FydyMN9XVVgPehEY5AW68fISc3BjjtsI_q5KtoNlnJqXkntcKRzr2wDDhgg6La1FJ14NpAYyO6FLK_ZtauLbznyQzLRkI1dX4hVqgtzj4FAjpKHnuw9QR586Aw2PVa3dipAKSr0yMois49r-fCMSqOgco6zoseNmD_stC30LlllqvQLO46HIw3swFyhXNIIu7wASQj7Wg8APgBAGSBQQIBBgBkgUECAUYBKAGAoAH3sWXN6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgH1ckbqAemvhvYBwHyBwQQjbAQ0ggJCIDhgBAQARgd8ggbYWR4LXN1YnN5bi04MzI3ODc5NTA0NDYzMjQzgAoDyAsB2BMN0BUBgBcBshceChwIABIUcHViLTQyNzkzMTUwNjg1ODM2OTQY75x5&sigh=vVtBBzDBG0E
Requested by: Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 216.58.212.162 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: ams15s22-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

GET sodar2.js
tpc.googlesyndication.com/sodar/ 0
0

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

15ms
15ms

Image
text/html

142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Requested by: Host: creativedestructionmedia.com
URL: https://creativedestructionmedia.com/investigations/2020/12/02/biden-partners-and-sponsors-invested-in-dominion-voting-systems/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s48-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Redirect headers

date: Mon, 04 Oct 2021 02:20:39 GMT
x-content-type-options: nosniff
server: safe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H2 200 activeview
pagead2.googlesyndication.com/pcs/ 42 B
518 B 49ms
28ms Image
image/gif 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuEVXvBl4GjkYAk6VhF2MTfEWrkjzkE-8-QjxZHCvvnJsCiUPSXDZ9YIkp0iixxE8pQY1veiphN7rJGcCOt4hXPACE0gJaiXN74ZS5Q_lWamt-wyfvuig&sai=AMfl-YSIrJKDPMQe-Yh5hg1_k8LZdgtIpBLyvAORiohLnDyDCNk3r-fhrwhT62NdrUKJ1aHRu5gmiN7V0t87KJE1OYzhICGpZaeFJ83bxXZKgYnC307SZonRVa4sHB1w&sig=Cg0ArKJSzEWi2wiWKtnoEAE&cid=CAASF-Ro1wMSGM-_u1PUu7UjE1lLdqqsb5oF&id=ampim&o=0,0&d=1600,1200&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,1000,1000,1000&tos=0,0,1000,0,0&tfs=61&tls=1061&g=100&h=100&tt=1061&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&adk=585897706

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://creativedestructionmedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Oct 2021 02:20:40 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: syndication.twitter.com
URL: https://syndication.twitter.com/i/jot?l=%7B%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1633314038475%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22tweet%22%2C%22action%22%3A%22no-results%22%2C%22section%22%3A%22main%22%7D%2C%22context%22%3A%22horizon%22%2C%22client_version%22%3A%22fcb1942%3A1632982954711%22%2C%22dnt%22%3Atrue%2C%22widget_id%22%3A%22twitter-widget-0%22%2C%22widget_origin%22%3A%22https%3A%2F%2Fcreativedestructionmedia.com%2Finvestigations%2F2020%2F12%2F02%2Fbiden-partners-and-sponsors-invested-in-dominion-voting-systems%2F%22%2C%22widget_frame%22%3A%22false%22%2C%22widget_partner%22%3A%22%22%2C%22widget_site_screen_name%22%3A%22%22%2C%22widget_site_user_id%22%3A%22%22%2C%22widget_creator_screen_name%22%3A%22%22%2C%22widget_creator_user_id%22%3A%22%22%2C%22widget_iframe_version%22%3A%225f6722ab3f792%3A1631570296139%22%2C%22item_ids%22%3A%5B%221328590759445078016%22%5D%2C%22item_details%22%3A%7B%221328590759445078016%22%3A%7B%22item_type%22%3A0%7D%7D%7D&dnt=1

Domain: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatchredir?s=193091&cb=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dindxexcg%26uid%3D%24%7BUSER%7D%26obUid%3DiiHhxQVwBrfSZx2MzKLNClLP8nRtEML-J6RlY0LzTjDpHGP__P7RzO00thQS45LU

Domain: sync-tm.everesttech.net
URL: https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&gdpr=1

Domain: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

60 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
creativedestructionmedia.com/	1970-01-19 21:41:55	Name: ppwp_wp_session Value: 673dad8412269ba262091c2cae3f9ee9%7C%7C1633315835%7C%7C1633315475
.creativedestructionmedia.com/	1970-01-19 21:41:54	Name: _first_pageview Value: 1
.creativedestructionmedia.com/	1970-01-20 06:27:30	Name: _jsuid Value: 3238159130
.0cf.io/	1970-01-20 15:13:06	Name: _dbid Value: kFlMh13ORoymTb_6VBQvhg-971219
in.getclicky.com/	1970-01-20 06:27:30	Name: cluid Value: 3238159130
.adnxs.com/	1970-01-19 23:51:30	Name: uuid2 Value: 6976422120070589160
.3lift.com/	1970-01-19 23:51:30	Name: tluid Value: 2866256943208802815
.openx.net/	1970-01-20 06:27:30	Name: i Value: 45271144-9799-49a3-a676-bef363c3d4e7\|1633314038
.yahoo.com/	1970-01-20 06:27:51	Name: A3 Value: d=AQABBPZkWmECEK9udweaUvuz2bYI4xwIg-cFEgEBAQG2W2FkYQAAAAAA_eMAAA&S=AQAAAqfsFOwGVCOucZSq5h_OhnI
.analytics.yahoo.com/	1970-01-20 06:28:56	Name: IDSYNC Value: 193k~20re
.casalemedia.com/	1970-01-20 06:27:30	Name: CMID Value: YVpk9vsuBh6aPyyq.RArPAAA
.casalemedia.com/	1970-01-19 23:51:30	Name: CMPS Value: 3177
.lijit.com/	1970-01-20 06:27:30	Name: ljt_reader Value: fdb10802dd4dcfb7a17bb7b5
.casalemedia.com/	1970-01-19 23:51:30	Name: CMPRO Value: 1159
.doubleclick.net/	1970-01-20 07:03:30	Name: IDE Value: AHWqTUloNQOlLEdd7GPsc_9LsJbOu6Rquq1TXLMeiyv6YUstkPy4lxTZBodssRt06sA
.smartadserver.com/	1970-01-20 07:12:08	Name: pid Value: 2909481528823893178
.gumgum.com/	1970-01-20 06:27:30	Name: vst Value: e_26da7300-bcda-4f3c-beb5-de9955586820
.creativecdn.com/	1970-01-20 06:27:30	Name: u Value: IjJGV7dw6vMrrZj1hj1i
.creativecdn.com/	1970-01-20 06:27:30	Name: ts Value: 1633314038
.1rx.io/	1970-01-20 06:27:30	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-fbf7ce1a-fb88-4262-834f-1e4765361acf-003%22%7D
.adsrvr.org/	1970-01-20 06:27:30	Name: TDID Value: 53d22381-4496-4355-a04c-e01fc336aea3
.adsrvr.org/	1970-01-20 06:27:30	Name: TDCPM Value: CAEYASABKAIyCwi0w_SYibqDOhAFOAFaC2FkY29uZHVjdG9yYAI.
.mathtag.com/	1970-01-20 07:07:49	Name: uuid Value: af0e615a-64f6-4800-8cba-96b2e8a01908
.bidswitch.net/	1970-01-20 06:27:30	Name: tuuid Value: a5309b56-cc85-45fe-82e2-5c893a541cbf
.bidswitch.net/	1970-01-20 06:27:30	Name: c Value: 1633314038
.bidswitch.net/	1970-01-20 06:27:30	Name: tuuid_lu Value: 1633314038
.servenobid.com/	1970-01-19 21:51:58	Name: pid_310 Value: fdb10802dd4dcfb7a17bb7b5
.targeting.unrulymedia.com/	1970-01-20 06:27:30	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-fbf7ce1a-fb88-4262-834f-1e4765361acf-003%22%7D
.servenobid.com/	1970-01-19 21:51:58	Name: pid_333 Value: YVpk9vsuBh6aPyyq-RArPAAABIcAAAIB
.servenobid.com/	1970-01-19 21:51:58	Name: pid_335 Value: 07468273133d427a85a0fae77a4d154c
bh.contextweb.com/	1969-12-31 23:59:59	Name: INGRESSCOOKIE Value: aacbc992707fdadb
.servenobid.com/	1970-01-19 21:51:58	Name: pid_312 Value: 6976422120070589160
.quantserve.com/	1970-01-19 23:51:30	Name: d Value: EGwBDQGzJLjvsQA
.quantserve.com/	1970-01-20 07:12:08	Name: mc Value: 615a64f6-9f3ad-3f2e7-3f9c4
.360yield.com/	1970-01-19 23:51:30	Name: tuuid Value: 98f4ca42-0951-4365-95ed-a425e8bb3373
.360yield.com/	1970-01-19 23:51:30	Name: tuuid_lu Value: 1633314038
.everesttech.net/	1970-01-20 06:27:30	Name: everest_g_v2 Value: g_surferid~YVpk9gAAAma-dgA6
.servenobid.com/	1970-01-19 21:51:58	Name: pid_321 Value: RX-fbf7ce1a-fb88-4262-834f-1e4765361acf-003
.rfihub.com/	1970-01-20 07:03:30	Name: rud Value: H4sIAAAAAAAAAOMSNrQwN7UwtDQzMjYwMDIysrQwMBLiM9RN9DH2qHTOdE4uTymW4jU0MzY2NjQxMLYwMzMGAJ8QhRc0AAAA
.rfihub.com/	1970-01-20 07:03:30	Name: eud Value: H4sIAAAAAAAAADslzmtoZmxsbGhiYGxhZmYCAPN-eEwQAAAA
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAAAOMSNrQwN7UwtDQzMjYwMDIysrQwMBLiM9RN9DH2qHTOdE4uTykGADcNaEAlAAAA
.servenobid.com/	1970-01-19 21:51:58	Name: pid_324 Value: 1875819623002229802
.servenobid.com/	1970-01-19 21:51:58	Name: pid_317 Value: 2909481528823893178
.admanmedia.com/	1970-01-20 06:27:30	Name: admtr Value: c670bc1db7b3ed1d5f9fcb1f26b01d93bb1181d0
.adform.net/	1970-01-19 22:26:32	Name: C Value: 1
.technoratimedia.com/	1970-01-21 17:29:54	Name: tads_uid Value: GDPR
.adform.net/	1970-01-19 23:08:18	Name: uid Value: 5836818027542155553
.servenobid.com/	1970-01-19 21:51:58	Name: pid_328 Value: c670bc1db7b3ed1d5f9fcb1f26b01d93bb1181d0
.postrelease.com/	1970-01-20 06:27:30	Name: opt_out Value: 1
.outbrain.com/	1970-01-19 23:51:30	Name: obuid Value: 4e47e831-2c6e-4dc5-bbac-900d0527dd2c
.ipredictive.com/	1970-01-20 06:27:30	Name: cu Value: aa6fb5f6-24b9-11ec-89be-9dff15d95565\|1633314038864
sync.srv.stackadapt.com/	1970-01-20 06:27:30	Name: sa-user-id Value: s%3A0-5019fba8-ef97-4f3c-694b-4c6bf9966140.Fs44RHnKL09DQjd29a8LY4V7XSx2BcDqWuBl0115ovw
.srv.stackadapt.com/	1970-01-20 06:27:30	Name: sa-user-id-v2 Value: s%3A0-5019fba8-ef97-4f3c-694b-4c6bf9966140%24ip%2478.47.208.28.hbHQYG2%2FAkzxaN3pzSwaoClF1sEuDoBIrA%2Fg%2FhuEDJ4
pool.admedo.com/	1970-01-20 06:27:30	Name: tuuid Value: 3cb9eabd-909d-4d16-b6fa-85218ce65ce1
pool.admedo.com/	1970-01-20 06:27:30	Name: c Value: 1633314039
pool.admedo.com/	1970-01-20 06:27:30	Name: tuuid_lu Value: 1633314039
.casalemedia.com/	1970-01-19 21:43:20	Name: CMST Value: YVpk9mFaZPcA
.casalemedia.com/	1970-01-20 06:27:30	Name: CMRUM3 Value: e6615a64f62760&98615a64f727602788cad2-fcfe-41d7-be90-014dadeff662&f1615a64f605a0&27615a64f60b40&2d615a64f62760CAESELJDTz35n-SQYGvzSR_yZMQ&58615a64f605a0&82615a64f6a8c0&51615a64f62760xe1MlsXoH8He5R_EkrhUxJXuHMDe7x_OkOjC8eKY
.creativedestructionmedia.com/	1970-01-20 07:03:30	Name: __gads Value: ID=83020e71865f9c42:T=1633314038:S=ALNI_MYyV0EumKN91_OMDhohi4BYVYg1SA
.doubleclick.net/	1970-01-19 21:41:57	Name: DSID Value: NO_DATA

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fs.0cf.io%2F%23ps%3Dtrue%26dbid%3DkFlMh13ORoymTb_6VBQvhg-971219%26id%3D76%26uid%3D%24UID Message: Failed to load resource: the server responded with a status of 400 ()
network	error	URL: https://cdn.syndication.twimg.com/tweet?features=tfw_experiments_cookie_expiration%3A1209600%3Btfw_horizon_tweet_embed_9555%3Ahte%3Btfw_space_card%3Aoff&id=1328590759445078016&lang=en Message: Failed to load resource: the server responded with a status of 404 ()
security	error	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092301.js?31063001(Line 5) Message: Refused to load the script 'https://tpc.googlesyndication.com/sodar/sodar2.js' because it violates the following Content Security Policy directive: "script-src https://cdn.ampproject.org/". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092301.js?31063001(Line 5) Message: Refused to load the script 'https://tpc.googlesyndication.com/sodar/sodar2.js' because it violates the following Content Security Policy directive: "script-src https://cdn.ampproject.org/". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021092301.js?31063001(Line 5) Message: Refused to load the script 'https://tpc.googlesyndication.com/sodar/sodar2.js' because it violates the following Content Security Policy directive: "script-src https://cdn.ampproject.org/". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.360yield.com
ads.pubmatic.com
ads.servenobid.com
adservice.google.com
adservice.google.de
ap.lijit.com
b1sync.zemanta.com
bh.contextweb.com
c1.adform.net
cdn.ampproject.org
cdn.connectad.io
cdn.onesignal.com
cdn.syndication.twimg.com
cdnjs.cloudflare.com
choiceclips.whatfinger.com
cm.g.doubleclick.net
creativecdn.com
creativedestructionmedia.com
cs.admanmedia.com
cs.emxdgt.com
dsum-sec.casalemedia.com
eb2.3lift.com
eus.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
g2.gumgum.com
googleads.g.doubleclick.net
ib.adnxs.com
image6.pubmatic.com
img.onesignal.com
in.getclicky.com
jadserve.postrelease.com
match.adsrvr.org
match.deepintent.com
match.prod.bidr.io
onesignal.com
onetag-sys.com
p.rfihub.com
pagead2.googlesyndication.com
pixel-sync.sitescout.com
pixel.33across.com
pixel.quantserve.com
platform.twitter.com
pool.admedo.com
pr-bh.ybp.yahoo.com
prebid-match.dotomi.com
prebid-server.rubiconproject.com
prebid.a-mo.net
public.servenobid.com
rtb.gumgum.com
rtb.openx.net
s.0cf.io
s.amazon-adsystem.com
s.dblks.net
secure-assets.rubiconproject.com
secure.adnxs.com
securepubads.g.doubleclick.net
ssbsync-global.smartadserver.com
ssbsync.smartadserver.com
ssc-cms.33across.com
ssum-sec.casalemedia.com
ssum.casalemedia.com
static.getclicky.com
sync-eu.connectad.io
sync-tm.everesttech.net
sync.1rx.io
sync.extend.tv
sync.go.sonobi.com
sync.ipredictive.com
sync.mathtag.com
sync.srv.stackadapt.com
sync.targeting.unrulymedia.com
sync.technoratimedia.com
syndication.twitter.com
t.adx.opera.com
tg.socdm.com
token.rubiconproject.com
tpc.googlesyndication.com
ups.analytics.yahoo.com
us-u.openx.net
www.google.com
x.bidswitch.net
ssum-sec.casalemedia.com
sync-tm.everesttech.net
syndication.twitter.com
tpc.googlesyndication.com
104.109.78.125
104.244.42.8
124.146.215.45
13.248.242.197
142.250.185.66
147.75.38.124
150.136.156.92
151.101.66.49
169.197.150.7
178.162.133.149
18.185.208.29
18.195.155.181
185.184.8.65
185.29.132.241
185.64.190.78
185.86.139.104
185.86.139.94
192.124.249.69
193.0.160.128
198.145.13.12
198.148.27.140
199.212.255.113
199.212.255.151
2.18.233.180
2.18.234.21
2.19.35.65
209.54.177.54
213.19.147.45
216.58.212.162
2606:2800:134:1a0d:1429:742:782:b6
2606:2800:234:46c:e8b:1e2f:2bd:694
2606:4700:10::6816:36ce
2606:4700:3033::ac43:a2b4
2606:4700::6810:125e
2606:4700::6810:dd1d
2606:4700::6812:e234
2620:116:800d:21:51e4:db4b:4436:b305
2620:1ec:46::44
2a00:1288:110:c305::8000
2a00:1450:4001:802::2004
2a00:1450:4001:808::2002
2a00:1450:4001:80e::200a
2a00:1450:4001:813::2003
2a00:1450:4001:830::2001
2a00:1450:4001:830::2002
2a02:fa8:8806:13::1400
3.126.56.137
34.199.172.6
34.98.64.218
35.157.0.85
35.210.53.219
35.227.252.103
37.157.4.24
37.252.172.38
37.252.173.22
51.38.120.206
52.16.229.21
52.58.156.177
54.173.185.122
54.175.198.118
54.205.198.81
54.246.172.223
54.77.47.243
64.202.112.95
66.155.71.150
67.202.105.22
69.173.144.138
72.251.249.9
76.223.111.18
82.145.213.8
88.214.206.247
00501810e93307a8882a74d864e7547fd1458deea539361dc1124ac133799a4b
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
044efea78208376302aad3808aaabdf3c2f7bdd80ba9d55c9e0e4d3baa7a3908
0515cbd1f8aee97e1c8e0d1d015ca96c86def13e90d2e73bf813072ccc23d531
063a952901506e6cbcc2abdd1995ea387e4ae9138993f5517834a75faee165d0
08f0465386d9897c95370a004f5251b304dc4f94a73541cccd1ee87c02de2f60
0a886b68ae530d4cc0fce59dcffb19554d695b868aa09014493b8fd1fb7425dc
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0e36043c69bea7a50bc693346182bbb062123d2307b7f0ef016f274061a5f1ad
0ea4399322b476f7be24324722c9e3ed7ebfa5e97955bfd4d11a1792be303943
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
0efe23cb23663e699a846045dda7cc34bb3ed8d2d2369c49e15cbe088d2bf5aa
13b0688bedb0aba60dd269e206c7add6ba20d88b75fa2fec03d7815c806a86af
143ce443c390db3b8598f951de20bd04623859a581a15b8cde43ebfa1f8ec103
196901c2925903fc2921e2982df7d8f3311a53f039b66840b9e5e1efdcdb3c01
19ad029fe2230dc2b7eda8d3c2b8d872aae2e718c0209bcaec04cd51a04d9165
1a09763158fa1dd846d425bec6eb6a6c181fab91076281b00a1abe0bac9107f5
1cbda14bc053adc73b55b52607e24eb2b98778b2f0d87b8c53760a72330dc785
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4
205988b80eeedc442aa4ba78fd4bda5b1b139415f3dc88043fc73adcd71cbae2
2259c07dce919a5a3e58c30c794673d829e84bd00c760e3f7bacc0aacf610ab6
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba
235dd149eac993d9f773d67eb3432fda6c4d81c98d29c4fb150707fae2b59908
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
29442b94e9fb88ea19926e07a72876dffccfaeb76782f69a2037576e3b415c26
2a42cc82f30fbf25a268f6d5a10158e8312a838222da6847158ea4175fa289d4
2a46e6d23e7589261bafc7a2f846e0fc7a7240c1dca2f7a94632e1db39a02ca2
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2af73f53a963946b70c1e7bfa9082f14ee6e0ed7abd71c51c49fe1ecf4d4ecc6
2c59e362196a1af654d71ea600c3a5501f897ad99335c06adf95414d30f063f9
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
348526eb2bc1407316f8c681d30513df971b67b83fb57cdcd32c4e461ea56d49
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
383576f16a9b11bf23ca3df7a5357f7765a9842fb9f9a31bcaca3e2faf28b01c
3a6f4aedd821d08de014b311e9a9a6208499b5c461e49f0fb769e77495564b91
3a71555e852f7dbd934750a1c3badf11eefca66fa43d953207266d724d8f8852
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
3fe8c79d67b21039a5d059ef40761950fb76e1d17933d61509f7eb3c68f5aeeb
41b6320babb5fc808a2b815b62581902531d3fc4ee6a131ec24838374ac7b185
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
445a2a94630e3335b5e2e53a6c914ad5aa9d96fdd7b2c76bd56646aeba083a1d
46375ee9192c1e0f6eabe4d32b2a48b996b93037f7b4beb970df5b87359548fd
487ef2c201c33553c12eb0d7b9360be8e16ee7770aa7b9b42368e4a442df53fc
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032
4e959d9106d846030c0a62de668ec7c5810a3a1282c4f4ca98e1ea0756c75b8e
51464ec2f432f21d4cab8094393ea4ba38176ecf27f2813fdb73b05298b80480
538dd4ff6e384a44155168326ac40a6c20a93cd212b1fbf88ae7b0c44f9ab0bd
558131a6ab555865b33511074f1b8b90ce44fd07a57a1082eaceb305c86474bd
595b1b0ede11537a9117b24e1deac069ade077d6976e3119d901e5dba01f9c32
5a16a864cf4e1819359fcd505eb6edd52e296643accd1de8c123fba2ff82df25
5a515442e06d68ac60972b0e0f99195e0d27885218b3668004ef5c60e95e637c
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
5d59372b6612612e1f165c140beb8e541b9becfa771862e2d61376252a2ba91f
61e3f7b4db3e4add72ed02ed34c271590730960cce19f3e9daba9f41f96deefd
63097abe81597c090e58ca736089f7b1ca03982148429b6ca59ba9506413c221
637e631be944c6bafbf155cb4f05a943eab41aaaa370941f415b52283a436cfc
661e00570c65c29528d9ce6ee19e5e9939986716c293def67b07f8b6a191b018
662760efc14fd2fccfa072fcb11a48dc1757d3215adc3ea2ca2798079ac50b98
68cb22eeada6da0107da7828b0de8db34f6eceb449fbb079d719c146164ab947
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6eac4f1bf5bf8976cc74f9d784adc40029ac907cf2ba54cc3c5a50c8e38cd122
71d67862610b80dc5c9a9ceb03f4bf2e2e6305b17e490a32fec5139c40b00ba1
72445a462a64a77e0ed99b45eaf0a25a2ebbe408147929aaebae64d558f5d67d
726906ee6ce6dfe1b6e35ddad151196c50277e31520de30e916e9cd9affc0ef3
74a67b8c7ae08c6d59dc50172516683401d19b8495c83b3be490ea3dce522193
74b03851b17506833b0506eb8292bd9842e5b32aaaccb1b5553fa967b65db792
756e0e661c9311090f9f596a8c21ca34d8fe1265e6ddf6bec9afca292075a350
7978f600c21a2f4c699ce636d2754ed0acfa27d6f04686c3f835bd5b92110ad6
7d59d7cf6e18a61a053584ab8f7d36ea6876ae74d979b9e31986a1ff84c1fd4d
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
80ccae0c7abf01078d1634a24abb13e596838529b9731bd081d3a404d74c05fd
8860dea0d7d2a332fc65d3deafa42560b986bd672763d73925f1f869670b1827
8adc377a6a5c1d3a9ab10793c57b6dc6fdfcff0de61f52dda905da037d1c1e7c
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8d82e6cd8f6d5b26e035588868934c55735d8a60c02c0fc08f4e0c60984f30c5
8d9af087f985d767f933637cb1a2c5f3f72734696a312d16dfbec9a6f419cb91
8e72afcd1a38e3ab0bb322104a9238e75dda48df9c455e5471bbaaece5207d83
8e73a30d35c83ea6a597c3343324d2b7df097ad26e67b62efb5266ee12d317b5
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
8fb34e1ec0e1b071be842b29a45c1437096b7b2eccd1b1de90d87ed479d3e254
9032bb4beb08ea990e43af68bb4a9ea4bb90064381d9ce45cc4822e32006ed7c
9110fc122dda3067c424d9b8ff7747e2030b0bd9298f69a3683d399ad3373a6a
9327647771c09df82095dba3591c77cca41a9cedca948ae01e7fb70c690dcbd5
93a3c50ed306ab4f8ef4b146934a1b4e320106ff8e230d01a029bebf6866f0f7
96344c48276b6477946734dfa6f60c187fa33d371c0f4bc2156edc0e2868617c
96b11c1f57cfe69aeecf2a819d7fd58bcfc2fea05045ba3d979edc47865288f4
9ab4ac8ac7a79af2b2505e885070cf5fcce690403d68bb5ca6dc137dda9aaddf
9fd5c369e0a5452b060a8eb971e9c156fedd1f8261eebb90d07ca0f45468da92
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a3057370707cab6d608cbc02c704d28fd209cebaa7d4aee40239b63151fe55cb
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
ab8ce407dbde131da92f9b1f2bbb884c995efb49ba61b8d26ac03aed2b2b970f
b0a5ea26bf12f6cd99506b64e4ab95bfcdc775ea579cc8fbd03297d2a633d71c
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b3f0ed765c9f657feebd39a591a59fee3dbd0708c98c25bfcba474dd735774cd
b63fe792eca92d7cb67c652ddc4e76692c7f7f0899316ada620039b6438b8961
ba870dd4f1f375d33aa3770685227bd38160d194969b3840232fad67c1989bb8
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bb22ebf8b746288e13bf8fea00820859a1fc0585870226cdafb16930aa9ad8b9
bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f
bc1f2a5c7bbdf09398951f67fd30214783da66a7b79e44ddabcf6b868ad88349
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
bfe1c96d2b61be1e17839f9e3d734ba10701c7be4a38faff1a63f4aedc3d31de
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e
c93b5f9c2d83611b9a9ba0333b0b499b385cdce2aee9edaac6daf8a134cf5555
cb2cdbaadbaa8f952f2dfdd0483e148d8d65801ebb6516df87858607e4d0acf6
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
ceba4a27d1d5b002e5f9cc114910456581da48b66753f5c133b6280057c11811
cfd3099998b0c37ace8024cbd802160585ba9be1c0047fefc172035184f074df
d287da709652059aee8af366398fb5597fa3bf2e9cbe53b7c8ffe3da44f19ff8
d4cb8e3d3f1d9da69c5096249099aaa6ec5942dc20f922cc6c99f7b7b4557584
d50905d9c0e2c1f4a30e217e1eade952d04600860ccf4aec5240e6fd31eb9b29
d67d51c1ee851a00e860ab03f77b1dabb7e7c43d9526f2c582374b9d2c6d79cf
d73b2b1ba10e4c227ab6e95fbf0efc972dbfecb9ce546302f1a7289fa9b8c3ff
d7f36354b34b6689975a55773065d0b9dc7ab48ef63ee6e8bb68f199bf7debbd
d8cf31a944f541412d8104a1cd4fdb03456cc84b1372366d48a1f23e63f5ed5a
da698734ed9c80552a862f904a7fab3d8b1219f764ce57f0f55f8f7c1908ef2f
db7e0b393e175f19922fefbdcaa2866fca209c521d01cc834ae06cbf8d0f91b7
dcd112f1ccbeaf1fa9529110b70310abdb3e90578bddd84bbb50b36b0cb7438f
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
e3a8b7336bec502f846c8101cd4b1a751bdbf3d3fff3949949462517f27e1cec
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3c9f560c4ac439b04894d5fcaf686d6b8d6bbf852c23553a82b663c114d9d29
e7807ef14bc588ca5643e017591d6a5fef4b4103bb50982dbf97123250e41f20
ee1d853a3f0f6ec8655c56c1ef060709131a77ed1a1896fb1c7327433417be24
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef463dc4400b77b295460ed661ef77b24e420b82b5d5c613f6afa23de1cba444
f3bfe581d56d8903ed8c9c17f895df5ef864f30ca03e4a2f9f13a7df3fcd8be0
f407a07bbc292cdf43c203945bfa640c114c28a0ff126611a134180e17617e5c
f41fe8368ef8633d0409213bd644a7223ffb31d8932e38da77d5a1a83d0ee862
f4e99cbfa494398cf7e42b54e63c01c7da366f53017ca079090db6d5367d68c6
f5e031863afc70ff89bde055fe5405cc8758808cfa3629d997adbb2acf6bd5cf
f8b409782883bf59fbbb55c76fdb402591441eb13b42264a57efa65a5a4158ec
f99e8c7aeb83ec8fbb0c9f9c3b5957beb0b66b02374166fe17ff06b02a844ba8
fb0ad599d3809326fef11065865a13998fabbfbacea5700721592a37a54bc731
fb945ebbec373fc6874ae979c49ef1e5ceb036f999f57f2c62f23470d0106d50
fdf620702b9482d223dd060b8b572884b74eb8ef3ce0903d8fa52cbd766fb4b4
fe2ac5219992a3608a5c9e2bc4759fac8fb2189b88d7a674d395ff6c435da536
fef78dcf6c855401ba1dae6249691366fc2cf15c22280571d2b4e4fc3648b83e
ff7cbd7d791c0f01f1b7db211981bb0506701f663e9e41422586b9e625753ba3

creativedestructionmedia.com Open in urlscan Pro 2606:4700:3033::ac43:a2b4 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

223 Requests

98 %HTTPS

24 %IPv6

60 Domains

82 Subdomains

46 IPs

12 Countries

4070 kBTransfer

8103 kBSize

60 Cookies

0 Outgoing links

Redirected requests

223 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

creativedestructionmedia.com Open in urlscan Pro
2606:4700:3033::ac43:a2b4 Public Scan

Screenshot
Live screenshot

Full Image

223
Requests

98 %
HTTPS

24 %
IPv6

60
Domains

82
Subdomains

46
IPs

12
Countries

4070 kB
Transfer

8103 kB
Size

60
Cookies

223 HTTP transactions
3 data transactions