m.1news.io Open in urlscan Pro
192.241.229.243 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://m.1news.io/
Effective URL:
https://m.1news.io/
Submission Tags: falconsandbox
Submission: On February 15 via api (February 15th 2023, 7:02:15 pm UTC) from US — Scanned from DE

Summary HTTP 196 Redirects Links 26 Behaviour Indicators

Summary

This website contacted 34 IPs in 8 countries across 25 domains to perform 196 HTTP transactions. The main IP is 192.241.229.243, located in San Francisco, United States and belongs to DIGITALOCEAN-ASN, US. The main domain is m.1news.io. The Cisco Umbrella rank of the primary domain is 294859.
TLS certificate: Issued by R3 on January 11th 2023. Valid for: 3 months.

This is the only time m.1news.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	192.241.228.85 192.241.228.85	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	192.241.229.243 192.241.229.243	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
5	2a00:1450:400... 2a00:1450:4001:800::200a	15169 (GOOGLE) (GOOGLE)
9	104.236.135.234 104.236.135.234	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
14	151.139.128.10 151.139.128.10	20446 (STACKPATH...) (STACKPATH-CDN)
2	2a00:1450:400... 2a00:1450:400d:806::200e	15169 (GOOGLE) (GOOGLE)
1	23.35.236.6 23.35.236.6	16625 (AKAMAI-AS) (AKAMAI-AS)
1	152.199.19.160 152.199.19.160	15133 (EDGECAST) (EDGECAST)
32	2a00:1450:400... 2a00:1450:400d:804::2002	15169 (GOOGLE) (GOOGLE)
11	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
18	2a02:26f0:11a... 2a02:26f0:11a::217:9a40	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
5	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
19	2a00:1450:400... 2a00:1450:400d:803::2001	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400d:80d::2004	15169 (GOOGLE) (GOOGLE)
9 12	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
6 12	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
6 9	37.252.171.149 37.252.171.149	29990 (ASN-APPNEX) (ASN-APPNEX)
12	138.201.63.165 138.201.63.165	24940 (HETZNER-AS) (HETZNER-AS)
1 4	144.76.238.55 144.76.238.55	24940 (HETZNER-AS) (HETZNER-AS)
1 4	138.201.84.245 138.201.84.245	24940 (HETZNER-AS) (HETZNER-AS)
1 4	144.76.91.199 144.76.91.199	24940 (HETZNER-AS) (HETZNER-AS)
3	2a0b:4d07:102::1 2a0b:4d07:102::1	44239 (PROINITY ...) (PROINITY PROINITY)
6 6	145.239.193.130 145.239.193.130	16276 (OVH) (OVH)
3	88.198.250.30 88.198.250.30	24940 (HETZNER-AS) (HETZNER-AS)
3	18.168.165.36 18.168.165.36	16509 (AMAZON-02) (AMAZON-02)
3 6	172.217.20.6 172.217.20.6	15169 (GOOGLE) (GOOGLE)
3 3	94.23.99.218 94.23.99.218	16276 (OVH) (OVH)
3	54.76.176.197 54.76.176.197	16509 (AMAZON-02) (AMAZON-02)
3 3	35.186.231.97 35.186.231.97	15169 (GOOGLE) (GOOGLE)
3	65.9.66.127 65.9.66.127	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:400d:808::2008	15169 (GOOGLE) (GOOGLE)
3	65.9.66.42 65.9.66.42	16509 (AMAZON-02) (AMAZON-02)
3	99.86.4.53 99.86.4.53	16509 (AMAZON-02) (AMAZON-02)
6	18.169.219.247 18.169.219.247	16509 (AMAZON-02) (AMAZON-02)
196	34

1 192.241.228.85 (San Francisco, United States) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

m.1news.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.241.229.243 (San Francisco, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

m.1news.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:800::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 104.236.135.234 (San Francisco, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

api.airfind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 151.139.128.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map3.hwcdn.net

cdn.airfind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400d:806::200e (Ireland)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.35.236.6 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-236-6.deploy.static.akamaitechnologies.com

h6.msn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 152.199.19.160 (United States)

ASN15133 (EDGECAST, US)

ajax.aspnetcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 2a00:1450:400d:804::2002 (Ireland)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a02:26f0:11a::217:9a40 (Vienna, Austria)

ASN20940 (AKAMAI-ASN1, NL)

img-s-msn-com.akamaized.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a00:1450:400d:803::2001 (Ireland)

ASN15169 (GOOGLE, US)

e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:80d::2004 (Ireland)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 142.250.186.98 (United States) 9 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 185.80.39.216 (Canada) 6 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 37.252.171.149 (Frankfurt am Main, Germany) 6 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 138.201.63.165 (Böblingen, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.165.63.201.138.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 144.76.238.55 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.55.238.76.144.clients.your-server.de

hal900021.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 138.201.84.245 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.245.84.201.138.clients.your-server.de

hal900025.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 144.76.91.199 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.199.91.76.144.clients.your-server.de

hal900018.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a0b:4d07:102::1 (Switzerland)

ASN44239 (PROINITY PROINITY, CH)

adv.office-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 145.239.193.130 (France) 6 redirects

ASN16276 (OVH, FR)

pv.medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 88.198.250.30 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.88-198-250-30.clients.your-server.de

pb.media01.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.168.165.36 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-168-165-36.eu-west-2.compute.amazonaws.com

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 172.217.20.6 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: bud02s28-in-f6.1e100.net

5994599.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 94.23.99.218 (France) 3 redirects

ASN16276 (OVH, FR)
PTR: ip218.ip-94-23-99.eu

medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.76.176.197 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com

ad-server.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.186.231.97 (Kansas City, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 97.231.186.35.bc.googleusercontent.com

impfr.tradedoubler.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 65.9.66.127 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-127.fra56.r.cloudfront.net

img.tradedoubler.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400d:808::2008 (Ireland)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 65.9.66.42 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-42.fra56.r.cloudfront.net

analytics.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 99.86.4.53 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-53.fra6.r.cloudfront.net

cdn.track.production.webgains.team	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 18.169.219.247 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-169-219-247.eu-west-2.compute.amazonaws.com

api.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
47	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 111 e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 144	271 KB
29	doubleclick.net 12 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 195 googleads.g.doubleclick.net — Cisco Umbrella Rank: 43 cm.g.doubleclick.net — Cisco Umbrella Rank: 224 5994599.fls.doubleclick.net — Cisco Umbrella Rank: 204565	193 KB
24	redintelligence.net 3 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 33260 hal900021.redintelligence.net — Cisco Umbrella Rank: 296762 hal900025.redintelligence.net — Cisco Umbrella Rank: 264655 hal900018.redintelligence.net — Cisco Umbrella Rank: 254256	164 KB
23	airfind.com api.airfind.com — Cisco Umbrella Rank: 44679 cdn.airfind.com — Cisco Umbrella Rank: 59618	302 KB
18	akamaized.net img-s-msn-com.akamaized.net — Cisco Umbrella Rank: 382	255 KB
12	casalemedia.com 6 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 585	9 KB
11	gstatic.com fonts.gstatic.com	261 KB
9	webgains.io analytics.webgains.io — Cisco Umbrella Rank: 16939 api.webgains.io — Cisco Umbrella Rank: 46748	94 KB
9	medialead.de 9 redirects pv.medialead.de — Cisco Umbrella Rank: 46073 medialead.de — Cisco Umbrella Rank: 45765	3 KB
9	adnxs.com 6 redirects ib.adnxs.com — Cisco Umbrella Rank: 225	10 KB
6	tradedoubler.com 3 redirects impfr.tradedoubler.com — Cisco Umbrella Rank: 84146 img.tradedoubler.com — Cisco Umbrella Rank: 85684	3 KB
5	google.com adservice.google.com — Cisco Umbrella Rank: 85 www.google.com — Cisco Umbrella Rank: 2	2 KB
5	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 54	4 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 193	170 KB
3	webgains.team cdn.track.production.webgains.team — Cisco Umbrella Rank: 45339	4 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 66	120 KB
3	ad-server.eu ad-server.eu — Cisco Umbrella Rank: 101963	936 B
3	webgains.com track.webgains.com — Cisco Umbrella Rank: 37424	5 KB
3	media01.eu pb.media01.eu — Cisco Umbrella Rank: 46670	784 B
3	office-partner.de adv.office-partner.de — Cisco Umbrella Rank: 140417	3 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 41	21 KB
2	1news.io 1 redirects m.1news.io — Cisco Umbrella Rank: 294859	3 KB
1	google.de adservice.google.de — Cisco Umbrella Rank: 7767	531 B
1	aspnetcdn.com ajax.aspnetcdn.com — Cisco Umbrella Rank: 1668	38 KB
1	msn.com h6.msn.com — Cisco Umbrella Rank: 37311	5 KB
196	25

	Domain	Requested by
28	pagead2.googlesyndication.com	securepubads.g.doubleclick.net e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com
18	img-s-msn-com.akamaized.net
15	tpc.googlesyndication.com	securepubads.g.doubleclick.net e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net
14	cdn.airfind.com	m.1news.io cdn.airfind.com
12	hal9000.redintelligence.net	e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com hal900025.redintelligence.net hal900021.redintelligence.net hal900018.redintelligence.net
12	dsum-sec.casalemedia.com	6 redirects googleads.g.doubleclick.net
12	cm.g.doubleclick.net	9 redirects googleads.g.doubleclick.net
11	fonts.gstatic.com	fonts.googleapis.com
9	ib.adnxs.com	6 redirects googleads.g.doubleclick.net
9	api.airfind.com	m.1news.io cdn.airfind.com
6	api.webgains.io	analytics.webgains.io
6	5994599.fls.doubleclick.net	3 redirects m.1news.io
6	pv.medialead.de	6 redirects
6	googleads.g.doubleclick.net	e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com pagead2.googlesyndication.com
5	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net
5	fonts.googleapis.com	m.1news.io hal900025.redintelligence.net hal900021.redintelligence.net hal900018.redintelligence.net
4	hal900018.redintelligence.net	1 redirects e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com hal900018.redintelligence.net
4	hal900025.redintelligence.net	1 redirects e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com hal900025.redintelligence.net
4	hal900021.redintelligence.net	1 redirects e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com hal900021.redintelligence.net
4	e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
4	adservice.google.com	securepubads.g.doubleclick.net 5994599.fls.doubleclick.net
4	www.googletagservices.com	cdn.airfind.com e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com
3	cdn.track.production.webgains.team	e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com track.webgains.com
3	analytics.webgains.io	track.webgains.com
3	www.googletagmanager.com	adv.office-partner.de
3	img.tradedoubler.com	e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com
3	impfr.tradedoubler.com	3 redirects
3	ad-server.eu	e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com
3	medialead.de	3 redirects
3	track.webgains.com	m.1news.io
3	pb.media01.eu	hal900025.redintelligence.net hal900021.redintelligence.net hal900018.redintelligence.net
3	adv.office-partner.de	hal900025.redintelligence.net hal900021.redintelligence.net hal900018.redintelligence.net
2	www.google-analytics.com	m.1news.io www.google-analytics.com
2	m.1news.io	1 redirects
1	www.google.com	tpc.googlesyndication.com
1	adservice.google.de	securepubads.g.doubleclick.net
1	ajax.aspnetcdn.com	m.1news.io
1	h6.msn.com	m.1news.io
196	38

This site contains links to these domains. Also see Links.

Domain
api.airfind.com

Subject Issuer	Validity	Valid
m.1news.io R3	`2023-01-11` - `2023-04-11`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
api.airfind.com Sectigo RSA Domain Validation Secure Server CA	`2022-11-10` - `2023-12-11`	a year	crt.sh
cdn.airfind.com Sectigo RSA Domain Validation Secure Server CA	`2022-11-10` - `2023-11-10`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
*.msn.com Microsoft Azure TLS Issuing CA 01	`2022-10-24` - `2023-10-19`	a year	crt.sh
*.vo.msecnd.net DigiCert SHA2 Secure Server CA	`2022-07-11` - `2023-07-11`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
a248.e.akamai.net DigiCert TLS RSA SHA256 2020 CA1	`2022-06-28` - `2023-06-30`	a year	crt.sh
*.google.de GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
redintelligence.net R3	`2023-02-08` - `2023-05-09`	3 months	crt.sh
adv.office-partner.de R3	`2023-01-01` - `2023-04-01`	3 months	crt.sh
*.media01.eu RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2022-05-20` - `2023-05-21`	a year	crt.sh
*.webgains.com Amazon	`2022-06-14` - `2023-07-13`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-01-31` - `2023-04-25`	3 months	crt.sh
*.webgains.io Amazon	`2022-08-23` - `2023-09-21`	a year	crt.sh
cdn.track.production.webgains.team Amazon	`2022-09-29` - `2023-10-28`	a year	crt.sh

This page contains 25 frames:

Primary Page: https://m.1news.io/
Frame ID: 6CA3141A289F43226882A2FEE779C710
Requests: 64 HTTP requests in this frame

Frame: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: E32B1C7D7B16D22FFAE0DB3BFC316607
Requests: 1 HTTP requests in this frame

Frame: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: A2AC7A52E2AA3445F7DB0C1FBA4C3812
Requests: 21 HTTP requests in this frame

Frame: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 9D27109A27344097F4891E3BC39AB48A
Requests: 21 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNVRTyTupPnqPXCTnokQKuYp2WAvB-mlZ7qYJNV8HEPQ_25fc3ytZoF5HLRdXFgUN90jTdmyrwPaWY4yI9WjiWNzSgV7nuuxlyRDQRzWfhjVg8QRT-TC0_vu2cJksopPMjd4mujn03zBLqK6WTu9J8o18rd_Ft8Ze3s0ejcScXjpMQv-0aI
Frame ID: CB997B6BEA6E5883C9BDF86735185F8D
Requests: 5 HTTP requests in this frame

Frame: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: EDF1AFE0008E1965065BD2298EE43AFB
Requests: 21 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNVDH-9jCrAlbEFBiZPlCKIAyUfw8RPYoGa2VDkclqJisp_lIujA7EYyh3Fqyz54ON1skOFMaQN64NdtZiyMBgDyw1zDYRLahUoDyumvtSprLDmIqu_ImyIwRHFlPa2SYKNvpNMDt6mjCCeijzYxgydm4iK9ze7tv2Ov_XpvHkiaszE-mjg
Frame ID: 3E291203705484475E4D971FC8B6CC3D
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 4E589BD72097F0D58860D7D1865D595D
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 226920DA1AD6EB5C50200774B7E84ED7
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNUmXOM3K5igROqxuH4omgZW8nS65RnEGwb0eFSJRkRED_wFHToNdE13NF2fyH32zARGmQEmY1JROSLLyRq8wQdaK7kO15IN6h2XXOvKHoHytfBZ8wAi5l3Xq99oxHDwNPr7G8GhjGnzw10qdU4cLxmY5JJ_ku8buMrIax3ZD9MDc11_mDE
Frame ID: 392A08F7A527BA63BC716BF1C6F65D99
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 9F6649F9CD1C33DDD32BD9AD0F8F8254
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 710D0AB3F61A1BDAB651AA753485C3D3
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 07E0E71A2C65C3EC8F0CC766378B0B84
Requests: 3 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: 4CDF06C2660DFFD159E90FA8DB7C3669
Requests: 2 HTTP requests in this frame

Frame: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=32370600137523104444554012236025&actionid=981741&produktid=&dt_url=
Frame ID: 30A3039EF54466C5BF0F942FCE7A2EBB
Requests: 1 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=CI2GgL2bmP0CFc3gsgodo0AAeA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5098058904691.731
Frame ID: 97F3FDC176109F4B4622D9D91466C525
Requests: 2 HTTP requests in this frame

Frame: https://hal900025.redintelligence.net/request_content.php?s=32370600137523104444554012236025&a=d102dade
Frame ID: EB857D060A6F8BC538C73B305659398A
Requests: 8 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: FC6C4BE7EAD9B94BE8B478B5D54B82E4
Requests: 2 HTTP requests in this frame

Frame: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=81219600145809304444554012236021&actionid=981741&produktid=&dt_url=
Frame ID: 81B1A80163105BFF6D8226668E3BF15E
Requests: 1 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=CIKGgL2bmP0CFcVLkQUdf_8OQA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=950976410367.7499
Frame ID: 87A77F911164527719B3B59D51F9EB90
Requests: 2 HTTP requests in this frame

Frame: https://hal900021.redintelligence.net/request_content.php?s=81219600145809304444554012236021&a=0040a3e5
Frame ID: 86C7514B641EDCDC4C88A549D084B0FF
Requests: 8 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: 40EAD52A1A320ED801BF0F816A247674
Requests: 2 HTTP requests in this frame

Frame: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=48180000130097204444554012236018&actionid=981741&produktid=&dt_url=
Frame ID: 51F3154DB51995B6380053797E3FA0EA
Requests: 1 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=CPm9ir2bmP0CFcFJkQUdG40A9w;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6372379860788.509
Frame ID: 66D17C04CDEA88D1F821E121DCBB4D5D
Requests: 2 HTTP requests in this frame

Frame: https://hal900018.redintelligence.net/request_content.php?s=48180000130097204444554012236018&a=c8deb07d
Frame ID: C5DBF3CD41E5A11EF0B4C9B6F1F46345
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

1 News

Page URL History Show full URLs

http://m.1news.io/ HTTP 301
https://m.1news.io/ Page URL

Detected technologies

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

Webgains (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

analytics\.webgains\.io

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

196
Requests

89 %
HTTPS

35 %
IPv6

25
Domains

38
Subdomains

34
IPs

8
Countries

1917 kB
Transfer

4863 kB
Size

22
Cookies

26 Outgoing links

These are links going to different origins than the main page.

URL: https://api.airfind.com/d2s/v1/click?clientId=50012&position=0&redirectURL=https%3A%2F%2Fn.safeads.co%2F_search%3Fvariant%3D4%26nocache%3D1%26search_term%3DCheapest%20Mortgage%20Deals&visitorId=20728cbf-8081-4f40-b47f-ecdba1c3c956&provider=bing&brand=ChMoDe&adUnitId=&categoryId=IAB5-1C
Title: Cheapest Mortgage Deals

Search URL Search Domain Scan URL

URL: https://api.airfind.com/d2s/v1/click?clientId=50012&position=1&redirectURL=https%3A%2F%2Fn.safeads.co%2F_search%3Fvariant%3D4%26nocache%3D1%26search_term%3DWeight%20Loss%20For%20Women&visitorId=20728cbf-8081-4f40-b47f-ecdba1c3c956&provider=bing&brand=WeLoFoWo&adUnitId=&categoryId=IAB5-1C
Title: Weight Loss For Women

Search URL Search Domain Scan URL

URL: https://api.airfind.com/d2s/v1/click?clientId=50012&position=2&redirectURL=https%3A%2F%2Fn.safeads.co%2F_search%3Fvariant%3D4%26nocache%3D1%26search_term%3DCheap%20Hotels&visitorId=20728cbf-8081-4f40-b47f-ecdba1c3c956&provider=bing&brand=ChHo&adUnitId=&categoryId=IAB5-1C
Title: Cheap Hotels

Search URL Search Domain Scan URL

URL: https://api.airfind.com/d2s/v1/click?clientId=50012&position=3&redirectURL=https%3A%2F%2Fn.safeads.co%2F_search%3Fvariant%3D4%26nocache%3D1%26search_term%3DTerm%20Life%20Insurance&visitorId=20728cbf-8081-4f40-b47f-ecdba1c3c956&provider=bing&brand=TeLiIn&adUnitId=&categoryId=IAB5-1C
Title: Term Life Insurance

Search URL Search Domain Scan URL

URL: https://api.airfind.com/d2s/v1/click?clientId=50012&position=4&redirectURL=https%3A%2F%2Fn.safeads.co%2F_search%3Fvariant%3D4%26nocache%3D1%26search_term%3DLife%20Insurance%20Reviews%20Online&visitorId=20728cbf-8081-4f40-b47f-ecdba1c3c956&provider=bing&brand=LiInReOn&adUnitId=&categoryId=IAB5-1C
Title: Life Insurance Reviews Online

Search URL Search Domain Scan URL

URL: https://api.airfind.com/d2s/v1/click?clientId=50012&position=5&redirectURL=https%3A%2F%2Fn.safeads.co%2F_search%3Fvariant%3D4%26nocache%3D1%26search_term%3DBest%20Senior%20Living%20Center%20Near%20Me&visitorId=20728cbf-8081-4f40-b47f-ecdba1c3c956&provider=bing&brand=BeSeLiCeNeMe&adUnitId=&categoryId=IAB5-1C
Title: Best Senior Living Center Near Me

Search URL Search Domain Scan URL

URL: https://api.airfind.com/d2s/v1/click?clientId=50012&position=6&redirectURL=https%3A%2F%2Fn.safeads.co%2F_search%3Fvariant%3D4%26nocache%3D1%26search_term%3DSenior%20Life%20Insurance&visitorId=20728cbf-8081-4f40-b47f-ecdba1c3c956&provider=bing&brand=SeLiIn&adUnitId=&categoryId=IAB5-1C
Title: Senior Life Insurance

Search URL Search Domain Scan URL

URL: https://api.airfind.com/d2s/v1/click?clientId=50012&position=7&redirectURL=https%3A%2F%2Fn.safeads.co%2F_search%3Fvariant%3D4%26nocache%3D1%26search_term%3DNo%20Closing%20Cost%20Refinance&visitorId=20728cbf-8081-4f40-b47f-ecdba1c3c956&provider=bing&brand=NoClCoRe&adUnitId=&categoryId=IAB5-1C
Title: No Closing Cost Refinance

Search URL Search Domain Scan URL

URL: https://api.airfind.com/stats/adrequest/v1?clientid=50229&type=click&adCampaign=msnNewsArticle-newspolitics&provider=msn&redirectURL=https%3A%2F%2Fwww.msn.com%2Fde-de%2Fnachrichten%2Fpolitik%2Fk%C3%B6nnte-die-unterst%C3%BCtzung-der-nato-f%C3%BCr-die-ukraine-zu-einem-krieg-mit-russland-f%C3%BChren%2Fss-AA17v5xO%3Focid%3Daf-1nws
Title: Könnte die Unterstützung der NATO für die Ukraine zu einem Krieg mit Russland führen?The Daily DigestLatest News1 hour ago

Search URL Search Domain Scan URL

URL: https://api.airfind.com/stats/adrequest/v1?clientid=50229&type=click&adCampaign=msnNewsArticle-newspanorama&provider=msn&redirectURL=https%3A%2F%2Fwww.msn.com%2Fde-de%2Fnachrichten%2Fpanorama%2Fprozess-in-m%C3%BCnchen-student-rast-mit-305-km-h-kumpel-tot-vor-gericht-bricht-er-in-tr%C3%A4nen-aus%2Far-AA17wXbj%3Focid%3Daf-1nws
Title: Prozess in München - Student rast mit 305 km/h Kumpel tot - vor Gericht bricht er in Tränen ausVor dem Amtsgericht München findet derzeit ein Prozess gegen einen Raser statt. Angeklagt ist ein 26-jähriger Student, der einen tödlichen Unfall verursachte. Bei der Verlesung seiner Stellungnahme brach er in Tränen aus. Der Bruder des Opfers verfolgt die Äußerungen sichtlich emotional.FOCUS onlineLatest News1 hour ago

Search URL Search Domain Scan URL

URL: https://api.airfind.com/stats/adrequest/v1?clientid=50229&type=click&adCampaign=msnNewsArticle-newspanorama&provider=msn&redirectURL=https%3A%2F%2Fwww.msn.com%2Fde-de%2Fnachrichten%2Fpanorama%2Funfall-drama-auf-firmengel%C3%A4nde-lkw-%C3%BCberrollt-mitarbeiter-58%2Far-AA17wKyF%3Focid%3Daf-1nws
Title: Unfall-Drama auf Firmengelände: Lkw überrollt Mitarbeiter (†58)Ein 58-jähriger Mann ist auf einem Firmengelände in Hannover von einem Lkw überfahren und tödlich verletzt worden.TAG24Latest News2 hours ago

Search URL Search Domain Scan URL

URL: https://api.airfind.com/stats/adrequest/v1?clientid=50229&type=click&adCampaign=msnNewsArticle-newspanorama&provider=msn&redirectURL=https%3A%2F%2Fwww.msn.com%2Fde-de%2Fnachrichten%2Fpanorama%2Fversuchter-mord-in-trier-junger-fu%C3%9Fg%C3%A4nger-bei-r%C3%A4tselhafter-attacke-schwer-verletzt%2Far-AA17wBT1%3Focid%3Daf-1nws
Title: Versuchter Mord in Trier? Junger Fußgänger bei rätselhafter Attacke schwer verletztIn der Brotstraße in Trier kam es in der Nacht zum heutigen Mittwoch zu einem Angriff gegen einen Fußgänger, der 20-Jährige wurde schwer verletzt.TAG24Latest News1 hour ago

Search URL Search Domain Scan URL

URL: https://api.airfind.com/stats/adrequest/v1?clientid=50229&type=click&adCampaign=msnNewsArticle-tv&provider=msn&redirectURL=https%3A%2F%2Fwww.msn.com%2Fde-de%2Funterhaltung%2Ftv%2Fanna-ermakowa-boris-beckers-tochter-erstmals-im-deutschen-fernsehen-bei-let-s-dance%2Fss-AA17v2x7%3Focid%3Daf-1nws
Title: Anna Ermakowa: Boris Beckers Tochter erstmals im deutschen Fernsehen bei 'Let's Dance'Showbizz DailyEntertainment1 hour ago

Search URL Search Domain Scan URL

URL: https://api.airfind.com/stats/adrequest/v1?clientid=50229&type=click&adCampaign=msnNewsArticle-lifestylelovesex&provider=msn&redirectURL=https%3A%2F%2Fwww.msn.com%2Fde-de%2Flifestyle%2Fliebe-beziehung%2Fanne-hathaway-das-macht-mich-sehr-traurig%2Fss-AA17wn7w%3Focid%3Daf-1nws
Title: Anne Hathaway: "Das macht mich sehr traurig"Anne Hathaway: "Das macht mich sehr traurig"Sbs-GermanyEntertainment4 hours ago

Search URL Search Domain Scan URL

URL: https://api.airfind.com/stats/adrequest/v1?clientid=50229&type=click&adCampaign=msnNewsArticle-movies&provider=msn&redirectURL=https%3A%2F%2Fwww.msn.com%2Fde-de%2Funterhaltung%2Fkino%2Fdiese-schauspieler-waren-eigentlich-viel-zu-alt-f%C3%BCr-ihre-rollen%2Fss-AA17vmRs%3Focid%3Daf-1nws
Title: Diese Schauspieler waren eigentlich viel zu alt für ihre RollenWer würde schon glauben, dass die Schauspielerin Bianca Lawson aus "Pretty Little Liars" bereits 43 Jahre alt ist? Eher kennt man sie durch ihre Rollen als Teenager – und das seit zwei Jahrzehnten! Doch Lawson ist nicht die einzige Schauspielerin, die anscheinend das Geheimnis für die ewige Jugend gefunden hat. Auch andere Stars spielten Charaktere, die viel jünger waren als sie selbst. Oder liegt vielleicht doch immer alles nur an einer guten Maske? Klicken Sie sich durch die Galerie und finden Sie es heraus.StarsInsiderEntertainment2 hours ago

Search URL Search Domain Scan URL

URL: https://api.airfind.com/stats/adrequest/v1?clientid=50229&type=click&adCampaign=msnNewsArticle-newsother&provider=msn&redirectURL=https%3A%2F%2Fwww.msn.com%2Fde-de%2Fnachrichten%2Fother%2Fso-verschleuderte-elvis-presley-seine-millionen%2Fss-AA17sPqU%3Focid%3Daf-1nws
Title: So verschleuderte Elvis Presley seine MillionenWie Elvis Presley reich wurde, wofür er sein Geld ausgab – und warum er eigentlich viel mehr Geld auf dem Konto hätte haben müssen.LovemoneyEntertainment5 hours ago

Search URL Search Domain Scan URL

URL: https://api.airfind.com/stats/adrequest/v1?clientid=50229&type=click&adCampaign=msnNewsArticle-music&provider=msn&redirectURL=https%3A%2F%2Fwww.msn.com%2Fde-de%2Funterhaltung%2Fmusik%2Fwiedervereinigung-von-bands-mal-grandioses-comeback-mal-gro%C3%9Fer-fehler%2Fss-AA12Seis%3Focid%3Daf-1nws
Title: Wiedervereinigung von Bands: Mal grandioses Comeback, mal großer FehlerDie beliebte britische Popgruppe S Club 7 landete in den 90er Jahren einen Hit nach dem anderen, doch in den Nullerjahren geriet sie in Vergessenheit – bis jetzt. Die Gruppe, bestehend aus Tina Barrett, Rachel Stevens, Jo O'Meara, Hannah Spearritt, Bradley McIntosh, Jon Lee und Paul Cattermole, kündigte an, dass sie sich im Herbst 2023 für eine Jubiläumstournee anlässlich des 25-jährigen Bestehens der Gruppe wieder zusammenfinden werden. "Wir freuen uns sehr, sagen zu können, dass wir im Oktober wieder auf Tour gehen werden", sagte Rachel am 13. Februar in der BBC-Sendung "The One Show". "Wir sind so aufgeregt, wieder da draußen zu sein und uns die Seele aus dem Leib zu singen". Bradley fügte hinzu, dass sie mit ihren klassischen Songs die Nostalgie der 90er Jahre wieder aufleben lassen werden. Wir werden abwarten müssen, ob es immer noch keine Party gibt wie eine S-Club-Party. Es gibt nichts Aufregenderes – und potenziell Enttäuschenderes – als den Moment, in dem eine Band, die man früher geliebt hat, die Wiedervereinigung ankündigt. Für mehr Storys wie diese, klicken Sie sich durch diese Galerie mit Bands, die ein Comeback feierten – ob das dann eine gute oder schlechte Idee war, bleibt in manchen Fällen fraglich.StarsInsiderEntertainment

Search URL Search Domain Scan URL

URL: https://api.airfind.com/stats/adrequest/v1?clientid=50229&type=click&adCampaign=msnNewsArticle-celebrity&provider=msn&redirectURL=https%3A%2F%2Fwww.msn.com%2Fde-de%2Funterhaltung%2Fother%2Fdie-unwahrscheinlichsten-promi-paare-der-letzten-zeit%2Fss-AAZeDQK%3Focid%3Daf-1nws
Title: Die unwahrscheinlichsten Promi-Paare der letzten ZeitHollywood ist scheinbar doch noch für Überraschungen gut, denn Prominente, von denen wir dachten, wir hätten sie endlich durchschaut, überqueren nun Grenzen von Ästhetik, Genres, Interessen und Generationen und überraschen uns mit berühmten Romanzen, die klingen, als wären sie zufällig aus dem Hut gezaubert worden. Einige der folgenden unwahrscheinlichen Beziehungen könnten ein Spiegelbild der völlig unvorhersehbaren Zeiten sein, in denen wir leben, in denen Situationen, in denen es um Leben und Tod geht, beängstigend nah gekommen sind, und in denen die Menschen keine Zeit mehr mit vorgefassten Meinungen und mit etwas anderem als dem, was ihnen ein gutes Gefühl gibt, verschwenden. Diese Prominenten verlieben sich in die ungewöhnlichsten Partner: Mal geben sie einer alten besten Freundin eine romantische Chance oder sie daten plötzlich jemandem, der völlig außerhalb ihres normalen Umfelds liegt. Von wem könnte die Rede sein? Das Model Emily Ratajkowski hat sich nach ihrer Scheidung von Sebastian Bear-McClard im Jahr 2022 wieder in die Öffentlichkeit gewagt. Es gab Gerüchte, dass sie mit Brad Pitt liiert sei, und natürlich wurde sie mit dem notorischen Romantiker Pete Davidson gesichtet. Jetzt ist sie offenbar mit dem Komiker Eric André zusammen, der für seine absurde Parodie-Serie "The Eric Andre Show" bekannt ist. Das Paar machte ihre Beziehung am Valentinstag auf Instagram offiziell, als André Fotos von sich teilte, auf denen er nackt auf einer Couch posiert, während Ratajkowski ebenfalls nackt in einem Spiegel zu sehen ist und das Foto macht. Dazu gibt es eine offene Flasche Wein und ihre Kleidung auf dem Boden, sowie einen Teppich und einen Kamin – sehr romantisch. Klicken Sie sich durch die Galerie, um die unerwartetsten Beziehungen der letzten Jahre zu entdecken.StarsInsiderEntertainment2 hours ago

Search URL Search Domain Scan URL

URL: https://api.airfind.com/stats/adrequest/v1?clientid=50229&type=click&adCampaign=msnNewsArticle-soccer&provider=msn&redirectURL=https%3A%2F%2Fwww.msn.com%2Fde-de%2Fsport%2Ffussball%2Fpsg-warren-zaire-emery-ist-bereits-geschichte%2Fss-AA17vxxU%3Focid%3Daf-1nws
Title: PSG: Warren Zaire-Emery ist bereits GeschichteDer Franzose aus dem Jahr 2006 war der jüngste Spieler, der in einem Champions-League-Spiel zum Einsatz kam.Sportal.euSports9 hours ago

Search URL Search Domain Scan URL

URL: https://api.airfind.com/stats/adrequest/v1?clientid=50229&type=click&adCampaign=msnNewsArticle-other&provider=msn&redirectURL=https%3A%2F%2Fwww.msn.com%2Fde-de%2Fsport%2Fother%2Fformel-1-2023-der-mercedes-w14-von-lewis-hamilton%2Fss-AA17vzxb%3Focid%3Daf-1nws
Title: Formel 1 2023: Der Mercedes W14 von Lewis HamiltonDas ist der Mercedes W14, mit dem Lewis Hamilton und George Russell 2023 in der Formel 1 um Siege und den WM-Titel kämpfen wollen 15.02.2023Formel1.deSports8 hours ago

Search URL Search Domain Scan URL

URL: https://api.airfind.com/stats/adrequest/v1?clientid=50229&type=click&adCampaign=msnNewsArticle-soccer&provider=msn&redirectURL=https%3A%2F%2Fwww.msn.com%2Fde-de%2Fsport%2Ffussball%2Fbayern-m%C3%BCnchens-leistung-die-bewertungen-der-mannschaft-von-nagelsmann%2Fss-AA17vlj2%3Focid%3Daf-1nws
Title: Bayern Münchens Leistung, die Bewertungen der Mannschaft von NagelsmannDie erste Hälfte ist eine territoriale Dominanz des Bayerns, der mehrmals versuchen, die Pariser Verteidigung zu durchbrechen, mit Flanken von Coman und Streifzügen von einem Choupo-Moting, großem ehemaligen der Herausforderung.Sports CitySports9 hours ago

Search URL Search Domain Scan URL

URL: https://api.airfind.com/stats/adrequest/v1?clientid=50229&type=click&adCampaign=msnNewsArticle-soccer&provider=msn&redirectURL=https%3A%2F%2Fwww.msn.com%2Fde-de%2Fsport%2Ffussball%2Fkicker-noten-duo-ragt-heraus-neymar-und-messi-schwach%2Fss-AA17vJsD%3Focid%3Daf-1nws
Title: kicker-Noten: Duo ragt heraus - Neymar und Messi schwachBeim Achtelfinal-Hinspiel der Champions League in Paris glänzte bei PSG nur ein Joker. Bayerns Abwehr und defensives Mittelfeld überzeugten, Coman holte sich die beste Bewertung ab. Die kicker-Noten.kickerSports8 hours ago

Search URL Search Domain Scan URL

URL: https://api.airfind.com/stats/adrequest/v1?clientid=50229&type=click&adCampaign=msnNewsArticle-soccer&provider=msn&redirectURL=https%3A%2F%2Fwww.msn.com%2Fde-de%2Fsport%2Ffussball%2Fdie-top-10-der-wertvollsten-fu%C3%9Fballvereine-der-welt%2Fss-AA17wjCM%3Focid%3Daf-1nws
Title: Die Top 10 der wertvollsten Fußballvereine der WeltKeine italienischen Unternehmen in dieser speziellen Rangliste, dafür aber mehrere englische.Sportal.euSports2 hours ago

Search URL Search Domain Scan URL

URL: https://api.airfind.com/stats/adrequest/v1?clientid=50229&type=click&adCampaign=msnNewsArticle-other&provider=msn&redirectURL=https%3A%2F%2Fwww.msn.com%2Fde-de%2Fsport%2Fother%2Fder-medaillenspiegel-der-biathlon-wm-2023%2Fss-AA16T7Ry%3Focid%3Daf-1nws
Title: Der Medaillenspiegel der Biathlon-WM 2023Welche Nation schneidet bei der Biathlon-WM 2023 in Oberhof am besten ab? Im Medaillenspiegel zur WM erfahren Sie es.RP ONLINESports3 hours ago

Search URL Search Domain Scan URL

URL: https://api.airfind.com/stats/adrequest/v1?clientid=50229&type=click&adCampaign=msnNewsArticle-soccer&provider=msn&redirectURL=https%3A%2F%2Fwww.msn.com%2Fde-de%2Fsport%2Ffussball%2Fein-bundesligist-unterbietet-alle-so-alt-sind-die-achtelfinalisten%2Fss-AA17wwVG%3Focid%3Daf-1nws
Title: Ein Bundesligist unterbietet alle: So alt sind die AchtelfinalistenVier Bundesligisten stehen im Champions-League-Achtelfinale - und einer stellt in Sachen Jugend schon jetzt alle anderen in den Schatten. Der Altersschnitt der Achtelfinalisten basierend auf den eingesetzten Spielern in der Gruppenphase.kickerSports4 hours ago

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://m.1news.io/ HTTP 301
https://m.1news.io/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 89

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBagCkIbp3-r2EvIJQpQ4QY&google_cver=1

Request Chain 90

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y.0sMfe.FPsdR4yCXzHdIQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELr45boJWrhRl6z0_PHVeY8&google_cver=1&google_hm=2

Request Chain 91

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEDHxoTbOuB4EDLY_Uj0eDSw&google_cver=1

Request Chain 92

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjM4MzE4ODkzNTAwNDgxMzM5MQ%3D%3D

Request Chain 93

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBagCkIbp3-r2EvIJQpQ4QY&google_cver=1

Request Chain 94

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y.0sMfe.FPsdR4yCXzHdIQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELr45boJWrhRl6z0_PHVeY8&google_cver=1&google_hm=2

Request Chain 95

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEDHxoTbOuB4EDLY_Uj0eDSw&google_cver=1

Request Chain 96

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDg5MjEwMDkxMjU0Nzg1MTc3Ng%3D%3D

Request Chain 99

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELr45boJWrhRl6z0_PHVeY8&google_cver=1

Request Chain 100

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y.0sMfe.FPsdR4yCXzHdIQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELr45boJWrhRl6z0_PHVeY8&google_cver=1&google_hm=2

Request Chain 101

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEHBkYOspEGxqtuUB_1D52PY&google_cver=1

Request Chain 102

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDk3Mjk2MDEzMjgyODc0NzA0NQ%3D%3D

Request Chain 119

https://hal900021.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=1d6ed175ee&subid=&uid=0a69cf01e8532c8d&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCuiMVMCztY5zdOrLD7_UPibaowAim5b2gaa2VnKfJD_AuEAEg9orHMGCV4pCCoAfIAQmpAgbogTyF5rE-qAMBqgTkAU_QL3CbsoDQ4uDtpwIv4rpBMTos2xiJzGoetrudPeipHLjLsBVKc08fssNxz5tYCNPt4yCtUxBXmlqpLqiGFWLeTUTtWWC1H2C98-QcszPhfxVTQd-_BIVnvB3SI48X2Ix_E-0rWws0UXTpYh7yOJUH-7ZUYsCfI_3hdupz3IlYfEuIlUkE4ZJebgll391xiEtfwinWbVD2sZ08ychDfbu8JgQ5aw9i3PxFfW5PHkjBvc8FbevCSgNfDIOYByDNjbTd4ecr1M8YNadf8GraXLRVbE8hYHSr85dDNxj93AqsoGpcOsAE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQIAKA5gLAcgLAYAMAbATj7XRDtATANgTA9gUAdAVAfgWAYAXAQ%26num%3D1%26cid%3DCAQSTADUE5ymbO6i06_HHDVvUmsHOJYg2BY8AXJJ7HoheChFyvd2825TySFfJmk0qEbVBItLAgBSTfCc9ibXCaeUYtVVLhCGrmwvCIbiLuMYAQ%26sig%3DAOD64_3T5ZoeqeDeeEtWGHrHUpBkIeSxaQ%26client%3Dca-pub-8964299718266508%26dbm_c%3DAKAmf-A_d5pyZ-IioB9iVnyB0JrWS_pU6yJopeXYkKYQZfRESasQATZkp3lhYgQEnc6d0r2Cel9OfIYPR5rVridh0lPkwHi4LbKe-RZ_Iu-LlUe9Ig4PGx76BsHbojJOCJ_87SCYs30kP7ZrQ5EqaNhH2r0pRc1UIfyFaQDjAN5OmCZXarWJ68k%26cry%3D1%26dbm_d%3DAKAmf-Ajs5p9am6kmvtDYaFJe6akxlLmygc8B58YFwuOTwYXk8pEJS3X8F3hzbjCZWFA9ZWm0V5_NPhf4MvP5H19WUrhb321GVtIrYwqfiEA6SY02JY91xdJzmAwo78V6MT84MtceddOC5LUPM5vTEDyo64W1Gx9RTILDLKA6h2sjL9_m0g6O41JU0V0mMJVSiCGqNHYqPLkWautqUEoIpQtXL672X2q_78XjCcFG6ju1TwyuhMDz060PQp4mIAxfuX54meMJiFHLf3oTCS-05VPuKEnAAgFVKFrhazk0dmMayuGgQJrMOVrVW25bm6Tkz1p7KD3RkfJyDCKajkLrT2GjsKW9JTFLF5XghZma4Hh3-Clyoc0UjDR8wJCOm_c1WgkVmFeb8KRxLA0t2_WHnm3ekZxPKgLk0HtOdZynaVzFcYOZnMmjeXfceChwDMQuZNK_VjJYNn1S0VYT7-JHnKiR5w1nPImV08dSMVMqiUsQ0nUkx-M7FQ%26adurl%3D&documentReferer=https%3A%2F%2Fm.1news.io%2F&ancestorOrigins=https%3A%2F%2Fm.1news.io&random=7316120749338&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900021.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=1d6ed175ee&subid=&uid=0a69cf01e8532c8d&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCuiMVMCztY5zdOrLD7_UPibaowAim5b2gaa2VnKfJD_AuEAEg9orHMGCV4pCCoAfIAQmpAgbogTyF5rE-qAMBqgTkAU_QL3CbsoDQ4uDtpwIv4rpBMTos2xiJzGoetrudPeipHLjLsBVKc08fssNxz5tYCNPt4yCtUxBXmlqpLqiGFWLeTUTtWWC1H2C98-QcszPhfxVTQd-_BIVnvB3SI48X2Ix_E-0rWws0UXTpYh7yOJUH-7ZUYsCfI_3hdupz3IlYfEuIlUkE4ZJebgll391xiEtfwinWbVD2sZ08ychDfbu8JgQ5aw9i3PxFfW5PHkjBvc8FbevCSgNfDIOYByDNjbTd4ecr1M8YNadf8GraXLRVbE8hYHSr85dDNxj93AqsoGpcOsAE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQIAKA5gLAcgLAYAMAbATj7XRDtATANgTA9gUAdAVAfgWAYAXAQ%26num%3D1%26cid%3DCAQSTADUE5ymbO6i06_HHDVvUmsHOJYg2BY8AXJJ7HoheChFyvd2825TySFfJmk0qEbVBItLAgBSTfCc9ibXCaeUYtVVLhCGrmwvCIbiLuMYAQ%26sig%3DAOD64_3T5ZoeqeDeeEtWGHrHUpBkIeSxaQ%26client%3Dca-pub-8964299718266508%26dbm_c%3DAKAmf-A_d5pyZ-IioB9iVnyB0JrWS_pU6yJopeXYkKYQZfRESasQATZkp3lhYgQEnc6d0r2Cel9OfIYPR5rVridh0lPkwHi4LbKe-RZ_Iu-LlUe9Ig4PGx76BsHbojJOCJ_87SCYs30kP7ZrQ5EqaNhH2r0pRc1UIfyFaQDjAN5OmCZXarWJ68k%26cry%3D1%26dbm_d%3DAKAmf-Ajs5p9am6kmvtDYaFJe6akxlLmygc8B58YFwuOTwYXk8pEJS3X8F3hzbjCZWFA9ZWm0V5_NPhf4MvP5H19WUrhb321GVtIrYwqfiEA6SY02JY91xdJzmAwo78V6MT84MtceddOC5LUPM5vTEDyo64W1Gx9RTILDLKA6h2sjL9_m0g6O41JU0V0mMJVSiCGqNHYqPLkWautqUEoIpQtXL672X2q_78XjCcFG6ju1TwyuhMDz060PQp4mIAxfuX54meMJiFHLf3oTCS-05VPuKEnAAgFVKFrhazk0dmMayuGgQJrMOVrVW25bm6Tkz1p7KD3RkfJyDCKajkLrT2GjsKW9JTFLF5XghZma4Hh3-Clyoc0UjDR8wJCOm_c1WgkVmFeb8KRxLA0t2_WHnm3ekZxPKgLk0HtOdZynaVzFcYOZnMmjeXfceChwDMQuZNK_VjJYNn1S0VYT7-JHnKiR5w1nPImV08dSMVMqiUsQ0nUkx-M7FQ%26adurl%3D&documentReferer=https%3A%2F%2Fm.1news.io%2F&ancestorOrigins=https%3A%2F%2Fm.1news.io&random=7316120749338&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 120

https://hal900025.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=9112260372&subid=&uid=5002fae36cfc198e&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCVVdmMCztY_3iOr7P7_UPlqOnsAWm5b2gaa2VnKfJD_AuEAEg9orHMGCV4pCCoAfIAQmpAgbogTyF5rE-qAMBqgTeAU_QGO0sB42ay6_DtPQMXOPQ7sqx8yJTkWBi_6MVOXlc9OV8t2PyxEgB8K2tL7BICyh7C5O9P_c4NaPAZ3OlAwyqkqUl05DwU_qs1kHUTxm3BfAJmiezaG7nNZ61zr9-DrkSVRwz90Yyc0TzOUIWcwzgDLYjjiiSoYaIClRrwL49Lpm5FEh20kDW3J7MvSkfx-XkRhHP_Vh9sSSMxikxz5U_IjzL8ezwJe638oGFisfsz3nv87nE8OdHqPUr2CDUd6PsWIvSUg14OlLEBIhJyYbS3XoAmQMaUeE3bXhKccAE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQIAKA5gLAcgLAYAMAbATj7XRDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTADUE5ymtOCcHHfih-9BnOgmJ1bzGjh5s9eylvIJLX1ybiXEJTSv-z3KRtaz2TIPAjh0C0p1RrwIRHIZZJjy-p3F-nOEZsqByOWK7WoYAQ%26sig%3DAOD64_03x4QWRXLZKfLp4lJRiFm50h2XPA%26client%3Dca-pub-8964299718266508%26dbm_c%3DAKAmf-Cs9Oy6vEWW4QD5zyuUuPEb7xVz6PxCNRZ2Aaof7udCDLnsTZeHs0u0kWaHh6umk2_LAkQoFyt9oQ6nveLfQuXbippSprrmkKNwIGs3eloryPoqzJypuos-ynJdePi-2mu6aDqzR8lpGL-_8wWlqMRGm5yNUKfU-BB9yedZnB42JBJZPSY%26cry%3D1%26dbm_d%3DAKAmf-AdYZwK_g1UtvMWhWX4w8y8arF9b5iFtJ0TNMrdry4P1fk-mqZtAzvjGIuRppHJ3A8-PL-GA5RQUivSKfSJt2KFCiUHR1cU0JFfO6m22IQjJ57VmJapXBvy19M30f8scQVWRZfkG98eeUNNNE3iwajesbcb3lMCjmOBRik0wKAbFd3LAjc6Ks9ha8L6VP6Lwep55qqvz72nU7Zg_1ROc1jZopBmfeaCm6YQj7OtshEJUV2LXhu-vQXlu-oLiim8fSckqPWkmnXbBU-kpx5F9-fk4kt-jo89rVVUeQygGpetkOfvbWIXAmK0365FD8bZ5wKSwNTau7mGMgkgCqBaeaXzAOtCfjdBU8iJyrX1Us5Q1mKCvhq3GwPr9EcoArLEb2XUPhfH5gC52RLIhP0Bfs6kYcGQeHEIb3ISj-K-ePqCKMUucILTsK4ZuQnPeumyX5CefvrOy7ld_98T6wMsa2bYMCvGvBuPi192r_hkboRv5RLjDEk%26adurl%3D&documentReferer=https%3A%2F%2Fm.1news.io%2F&ancestorOrigins=https%3A%2F%2Fm.1news.io&random=5217845308132&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900025.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=9112260372&subid=&uid=5002fae36cfc198e&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCVVdmMCztY_3iOr7P7_UPlqOnsAWm5b2gaa2VnKfJD_AuEAEg9orHMGCV4pCCoAfIAQmpAgbogTyF5rE-qAMBqgTeAU_QGO0sB42ay6_DtPQMXOPQ7sqx8yJTkWBi_6MVOXlc9OV8t2PyxEgB8K2tL7BICyh7C5O9P_c4NaPAZ3OlAwyqkqUl05DwU_qs1kHUTxm3BfAJmiezaG7nNZ61zr9-DrkSVRwz90Yyc0TzOUIWcwzgDLYjjiiSoYaIClRrwL49Lpm5FEh20kDW3J7MvSkfx-XkRhHP_Vh9sSSMxikxz5U_IjzL8ezwJe638oGFisfsz3nv87nE8OdHqPUr2CDUd6PsWIvSUg14OlLEBIhJyYbS3XoAmQMaUeE3bXhKccAE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQIAKA5gLAcgLAYAMAbATj7XRDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTADUE5ymtOCcHHfih-9BnOgmJ1bzGjh5s9eylvIJLX1ybiXEJTSv-z3KRtaz2TIPAjh0C0p1RrwIRHIZZJjy-p3F-nOEZsqByOWK7WoYAQ%26sig%3DAOD64_03x4QWRXLZKfLp4lJRiFm50h2XPA%26client%3Dca-pub-8964299718266508%26dbm_c%3DAKAmf-Cs9Oy6vEWW4QD5zyuUuPEb7xVz6PxCNRZ2Aaof7udCDLnsTZeHs0u0kWaHh6umk2_LAkQoFyt9oQ6nveLfQuXbippSprrmkKNwIGs3eloryPoqzJypuos-ynJdePi-2mu6aDqzR8lpGL-_8wWlqMRGm5yNUKfU-BB9yedZnB42JBJZPSY%26cry%3D1%26dbm_d%3DAKAmf-AdYZwK_g1UtvMWhWX4w8y8arF9b5iFtJ0TNMrdry4P1fk-mqZtAzvjGIuRppHJ3A8-PL-GA5RQUivSKfSJt2KFCiUHR1cU0JFfO6m22IQjJ57VmJapXBvy19M30f8scQVWRZfkG98eeUNNNE3iwajesbcb3lMCjmOBRik0wKAbFd3LAjc6Ks9ha8L6VP6Lwep55qqvz72nU7Zg_1ROc1jZopBmfeaCm6YQj7OtshEJUV2LXhu-vQXlu-oLiim8fSckqPWkmnXbBU-kpx5F9-fk4kt-jo89rVVUeQygGpetkOfvbWIXAmK0365FD8bZ5wKSwNTau7mGMgkgCqBaeaXzAOtCfjdBU8iJyrX1Us5Q1mKCvhq3GwPr9EcoArLEb2XUPhfH5gC52RLIhP0Bfs6kYcGQeHEIb3ISj-K-ePqCKMUucILTsK4ZuQnPeumyX5CefvrOy7ld_98T6wMsa2bYMCvGvBuPi192r_hkboRv5RLjDEk%26adurl%3D&documentReferer=https%3A%2F%2Fm.1news.io%2F&ancestorOrigins=https%3A%2F%2Fm.1news.io&random=5217845308132&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 124

https://hal900018.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=e8113cb082&subid=&uid=0ef6324ecebe8b2b&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCEBGhMCztY6iHO-aF9u8Pzbyk4AWm5b2gaa2VnKfJD_AuEAEg9orHMGCV4pCCoAfIAQmpAgbogTyF5rE-qAMBqgTkAU_QhvajZ140DfCSqqXfueAg_TJfn5qK1Os8HzvQWIBFLhqcu5pQATmZ8QFl8HEp6oSVVetk4wXz14LZVovRCZ2qjWWFksFJMT3Jh7PJxMV014XQJU-ebqGUGxYw8JThq6ttTMIXCYqP_LX5wp7B0jqLCJINVDXEwsBRZtZBO1mIa89NgzqxkVJE8xIPOHrmpyRZ9mHv7R_zgR6cehWTikKAcgBylzaY4Lqh7lwQniGpdvUhMtKJDWdCH2akI8mUCu0otGfm24AAPgiHs4869YvzCF7Op5WVmTnwuaWX8V5fWaeR28AE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQIAKA5gLAcgLAYAMAbATj7XRDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSSwDUE5ymZdW0fuY9fKV2icij4hWLxEoPDjfFvvykvluPFrsbojdLvkqIlcrZx1VHmrpMjH6tKrZIpXlCfJVngC2nluXuOlMAL4Uj7RgB%26sig%3DAOD64_2yVp-lN1gnQBKrBbGrsgj6zFBtBg%26client%3Dca-pub-8964299718266508%26dbm_c%3DAKAmf-DIrTgenLCbylBBuvbNTzbWZ1yNHpNlYphWSHEEElv9lJyo-LlwMjxbepg85l-2yv7b9BY5ucviumcr60-mUVDVzHnXon9pq0VxvH4pyctpTxhuUI1BEP2hSinMenzH3djHfxBbKD4OF-qFnD21MmMIxEiiOJ_5_7907kSwoy6Q_4L_-fo%26cry%3D1%26dbm_d%3DAKAmf-BrXD0UVbAuUvKDVb4lEyyfkSq1bgZzyKfXVRu-rEO3fgRmuARTwo_9eia5R5TepuIpvXD5y090cjywnWw7LxUTgeog1F4-IWRGAreG5YXYNr5V-DGohsXouzlQoFuN-izeF2ZnYHZxrHNnGOS9yeWZptr5b40Yg2T-cSL2FmThjc8HUAba2U_7_twp-XzQwaRPNU6gYu4s2mNqvYY7kT8N2cukJLd8ZIT1LdG4mYD2G6Wwx9sbKnVi3LOSk7_KpXiQHdyWy15kBTHvi2aCA99Ko4uqS5Tfsg7NlRARjz91-HSDX0RJc9MAgoJSHB6j5WQ9x9dLaFM88vlxr6HywsYZU-_oQkGbXzOwU_vIzYclD4-4qmC4ZUgZSYk3CUjKmrBSpfujyqMCs3hpkrJ2jTEw83CPkcRIFFQ8CBFZPB3MW04ElteaZ9DV-GlM__WTVgmXOQZHjrVgL4vRqonhUMUfwbVg0tZ0PJlqiV7GBt_1HUCM3Qc%26adurl%3D&documentReferer=https%3A%2F%2Fm.1news.io%2F&ancestorOrigins=https%3A%2F%2Fm.1news.io&random=4506509189079&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900018.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=e8113cb082&subid=&uid=0ef6324ecebe8b2b&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCEBGhMCztY6iHO-aF9u8Pzbyk4AWm5b2gaa2VnKfJD_AuEAEg9orHMGCV4pCCoAfIAQmpAgbogTyF5rE-qAMBqgTkAU_QhvajZ140DfCSqqXfueAg_TJfn5qK1Os8HzvQWIBFLhqcu5pQATmZ8QFl8HEp6oSVVetk4wXz14LZVovRCZ2qjWWFksFJMT3Jh7PJxMV014XQJU-ebqGUGxYw8JThq6ttTMIXCYqP_LX5wp7B0jqLCJINVDXEwsBRZtZBO1mIa89NgzqxkVJE8xIPOHrmpyRZ9mHv7R_zgR6cehWTikKAcgBylzaY4Lqh7lwQniGpdvUhMtKJDWdCH2akI8mUCu0otGfm24AAPgiHs4869YvzCF7Op5WVmTnwuaWX8V5fWaeR28AE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQIAKA5gLAcgLAYAMAbATj7XRDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSSwDUE5ymZdW0fuY9fKV2icij4hWLxEoPDjfFvvykvluPFrsbojdLvkqIlcrZx1VHmrpMjH6tKrZIpXlCfJVngC2nluXuOlMAL4Uj7RgB%26sig%3DAOD64_2yVp-lN1gnQBKrBbGrsgj6zFBtBg%26client%3Dca-pub-8964299718266508%26dbm_c%3DAKAmf-DIrTgenLCbylBBuvbNTzbWZ1yNHpNlYphWSHEEElv9lJyo-LlwMjxbepg85l-2yv7b9BY5ucviumcr60-mUVDVzHnXon9pq0VxvH4pyctpTxhuUI1BEP2hSinMenzH3djHfxBbKD4OF-qFnD21MmMIxEiiOJ_5_7907kSwoy6Q_4L_-fo%26cry%3D1%26dbm_d%3DAKAmf-BrXD0UVbAuUvKDVb4lEyyfkSq1bgZzyKfXVRu-rEO3fgRmuARTwo_9eia5R5TepuIpvXD5y090cjywnWw7LxUTgeog1F4-IWRGAreG5YXYNr5V-DGohsXouzlQoFuN-izeF2ZnYHZxrHNnGOS9yeWZptr5b40Yg2T-cSL2FmThjc8HUAba2U_7_twp-XzQwaRPNU6gYu4s2mNqvYY7kT8N2cukJLd8ZIT1LdG4mYD2G6Wwx9sbKnVi3LOSk7_KpXiQHdyWy15kBTHvi2aCA99Ko4uqS5Tfsg7NlRARjz91-HSDX0RJc9MAgoJSHB6j5WQ9x9dLaFM88vlxr6HywsYZU-_oQkGbXzOwU_vIzYclD4-4qmC4ZUgZSYk3CUjKmrBSpfujyqMCs3hpkrJ2jTEw83CPkcRIFFQ8CBFZPB3MW04ElteaZ9DV-GlM__WTVgmXOQZHjrVgL4vRqonhUMUfwbVg0tZ0PJlqiV7GBt_1HUCM3Qc%26adurl%3D&documentReferer=https%3A%2F%2Fm.1news.io%2F&ancestorOrigins=https%3A%2F%2Fm.1news.io&random=4506509189079&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 130

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=32370600137523104444554012236025&t=htlp HTTP 302
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=32370600137523104444554012236025&actionid=981741&produktid=&dt_url=

Request Chain 132

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5098058904691.731 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=CI2GgL2bmP0CFc3gsgodo0AAeA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5098058904691.731

Request Chain 134

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=32370600137523104444554012236025 HTTP 302
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=32370600137523104444554012236025 HTTP 302
https://ad-server.eu/wm/pb/native.png

Request Chain 135

https://impfr.tradedoubler.com/imp?type(inv)g(24495172)a(1565155)epi(32370600137523104444554012236025)733249466 HTTP 302
https://img.tradedoubler.com/images/inv.gif

Request Chain 137

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=81219600145809304444554012236021&t=htlp HTTP 302
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=81219600145809304444554012236021&actionid=981741&produktid=&dt_url=

Request Chain 139

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=950976410367.7499 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=CIKGgL2bmP0CFcVLkQUdf_8OQA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=950976410367.7499

Request Chain 141

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=81219600145809304444554012236021 HTTP 302
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=81219600145809304444554012236021 HTTP 302
https://ad-server.eu/wm/pb/native.png

Request Chain 142

https://impfr.tradedoubler.com/imp?type(inv)g(24495172)a(1565155)epi(81219600145809304444554012236021)503747421 HTTP 302
https://img.tradedoubler.com/images/inv.gif

Request Chain 166

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=48180000130097204444554012236018&t=htlp HTTP 302
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=48180000130097204444554012236018&actionid=981741&produktid=&dt_url=

Request Chain 168

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6372379860788.509 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=CPm9ir2bmP0CFcFJkQUdG40A9w;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6372379860788.509

Request Chain 170

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=48180000130097204444554012236018 HTTP 302
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=48180000130097204444554012236018 HTTP 302
https://ad-server.eu/wm/pb/native.png

Request Chain 171

https://impfr.tradedoubler.com/imp?type(inv)g(24495172)a(1565155)epi(48180000130097204444554012236018)742007839 HTTP 302
https://img.tradedoubler.com/images/inv.gif

196 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
m.1news.io/
Redirect Chain

http://m.1news.io/
https://m.1news.io/

10 KB
3 KB

505ms
175ms

Document
text/html

192.241.229.243
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://m.1news.io/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.241.229.243 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx / Express
Resource Hash: 91956b2d59664d5dcbfe375ccf094cb16b8a63437109cb5244a40b9791b307f1

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-headers: Content-Type
access-control-allow-methods: GET,PUT,POST,DELETE
access-control-allow-origin: *
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Wed, 15 Feb 2023 19:02:07 GMT
server: nginx
vary: Accept-Encoding Accept-Encoding
x-powered-by: Express

Redirect headers

Connection: keep-alive
Content-Length: 162
Content-Type: text/html
Date: Wed, 15 Feb 2023 19:02:06 GMT
Location: https://m.1news.io/
Server: nginx

GET
H2 200 icon
fonts.googleapis.com/ 569 B
776 B 124ms
45ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/icon?family=Material+Icons

Requested by

Host: m.1news.io
URL: https://m.1news.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e2f2597386660b972fe84faa90af129a353e7e8f9990df6f3b14d0165468350f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 15 Feb 2023 19:02:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 15 Feb 2023 19:02:07 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 15 Feb 2023 19:02:07 GMT

GET
H2 200 css
fonts.googleapis.com/ 6 KB
740 B 130ms
52ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:400,500,700

Requested by

Host: m.1news.io
URL: https://m.1news.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7099b0a5636275b29bf77167ad5d60c566b1162e67cb1fe6e790a82a4cf9e791

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 15 Feb 2023 19:02:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 15 Feb 2023 18:10:38 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 15 Feb 2023 19:02:07 GMT

GET
H2 200 v1
api.airfind.com/stats/pageviews/ 48 B
260 B 609ms
168ms Image
image/gif 104.236.135.234
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://api.airfind.com/stats/pageviews/v1?clientId=50229&brand=&path=%2F
Requested by: Host: m.1news.io
URL: https://m.1news.io/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.236.135.234 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: 47d0230fc7603fa082f5a142aac786bf60f98d83e221775640a19a61fc2b693e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:08 GMT
cache-control: private, no-cache, proxy-revalidate, max-age=0
server: nginx
content-disposition: inline
content-length: 48
content-type: image/gif

GET
H2 200 vendors~core.js Show response
cdn.airfind.com/r/ 261 KB
82 KB 95ms
32ms Script
text/javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.airfind.com/r/vendors~core.js?cb=115c7c1
Requested by: Host: m.1news.io
URL: https://m.1news.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: Apache /
Resource Hash: cf441599ede6c555a6d391387439081802e284ca796c9b70e00583378afa289e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:07 GMT
content-encoding: gzip
x-sp-metadata: HS256.CL/0tJ8GEooBCiQ3NjM5ZmEzNi0wOGFiLTQ1NDUtOTA0Yi04YmEzZmU2MmI3ODYQiI2p4IfY+wIaBgiv2LSfBiIPMTg1LjIxMy4xNTUuMTYyKO6lAjADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIDNlOWIyMDYxMDA5OGI2YzliZmY5NTM4NTZlNTgwMTZhGiwIARIkOTYzODI1N2ItZDZhNC00Njc2LThkYzEtMWI3ZWJlYmY0ZTJiGNWPBSIYCAISFGNkczIwNC5hbTUuaHdjZG4ubmV0.mjrERDFFxq5pIKhBoo86P9dskDPH53OQK0tnBoqpmGM=
last-modified: Wed, 15 Feb 2023 10:33:45 GMT
server: Apache
etag: "41231-5f4ba9d665e51"
x-hw: 1676487727.cds256.am5.hn,1676487727.cds204.am5.c
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-length: 83925

GET
H2 200 core.js Show response
cdn.airfind.com/r/ 115 KB
26 KB 121ms
58ms Script
text/javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.airfind.com/r/core.js?cb=115c7c1
Requested by: Host: m.1news.io
URL: https://m.1news.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: Apache /
Resource Hash: 3cbd047480cfdbf8ba8e24878aaa6608fc1c990b518e5ce64a5588b6bb385952

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:07 GMT
content-encoding: gzip
x-sp-metadata: HS256.CL/0tJ8GEooBCiQ5YjE3ZDQ4OC1kYTA0LTQ2ZDAtODcwNC02YzRjMzNkYWY4NTcQiI2p4IfY+wIaBgiv2LSfBiIPMTg1LjIxMy4xNTUuMTYyKO6lAjADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIDNlOWIyMDYxMDA5OGI2YzliZmY5NTM4NTZlNTgwMTZhGiwIARIkMGQyZTZiYTctZTBhNy00YTFlLWEwMmMtY2JkNmQxOTg0NjkyGKjLASIYCAISFGNkczMyMS5hbTUuaHdjZG4ubmV0.AdlWvfA1oexkEfTkYxmm4UH6fPWFloBrI8qJPrQa++4=
last-modified: Wed, 15 Feb 2023 10:33:45 GMT
server: Apache
etag: "1ca74-5f4ba9d65e150"
x-hw: 1676487727.cds256.am5.hn,1676487727.cds321.am5.c
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-length: 26024

GET
H2 200 core.css
cdn.airfind.com/r/ 36 KB
5 KB 84ms
21ms Stylesheet
text/css 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.airfind.com/r/core.css?cb=115c7c1
Requested by: Host: m.1news.io
URL: https://m.1news.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: Apache /
Resource Hash: e52e4b4364ad2237928ec1fc6666689183be1b2248035be0845be794a2276028

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:07 GMT
content-encoding: gzip
x-sp-metadata: HS256.CL/0tJ8GEooBCiQ3YWZiM2JlZC01NTY3LTRmZGMtODc3Yi00MDA4N2JlOTRiMTIQiI2p4IfY+wIaBgiv2LSfBiIPMTg1LjIxMy4xNTUuMTYyKO6lAjADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIDNlOWIyMDYxMDA5OGI2YzliZmY5NTM4NTZlNTgwMTZhGisIARIkN2RlMDEyMzQtN2VhYy00ZGQxLTgxN2UtM2M4N2JlNmQ5Nzc3GJEoIhgIAhIUY2RzMjc5LmFtNS5od2Nkbi5uZXQ=.9B7AwWmEzPdwYWRMCvwFrLjaYjYtCoaFVhN3VIOUlgg=
last-modified: Wed, 15 Feb 2023 10:33:45 GMT
server: Apache
etag: "91f2-5f4ba9d65e150"
x-hw: 1676487727.cds256.am5.hn,1676487727.cds279.am5.c
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-length: 5137

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 163ms
47ms Script
text/javascript 2a00:1450:400d:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: m.1news.io
URL: https://m.1news.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 15 Feb 2023 17:12:08 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 6599
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20085
expires: Wed, 15 Feb 2023 19:12:08 GMT

GET
H/1.1 200
OK aria-webjs-compact-sdk-1.2.1.min.js
h6.msn.com/bingna/lib/aria-webjs-compact-sdk/ 0
5 KB 118ms
7ms Other
application/javascript 23.35.236.6
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://h6.msn.com/bingna/lib/aria-webjs-compact-sdk/aria-webjs-compact-sdk-1.2.1.min.js
Requested by: Host: m.1news.io
URL: https://m.1news.io/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 23.35.236.6 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-6.deploy.static.akamaitechnologies.com
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Unused62: 8096267
Content-Encoding: gzip
Date: Wed, 15 Feb 2023 19:02:07 GMT
Last-Modified: Wed, 07 Nov 2018 22:28:46 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: CS9zzcLon7hn7JZMenV37Q==
ETag: 0x8D6450061D8A4D4
Vary: Accept-Encoding
Content-Type: application/javascript
x-ms-request-id: ee1016d1-401e-006e-195c-76dab2000000
x-ms-version: 2009-09-19
Connection: keep-alive
Content-Length: 4823

GET
H2 200 jquery-3.1.0.min.js
ajax.aspnetcdn.com/ajax/jQuery/ 0
38 KB 38ms
9ms Other
application/javascript 152.199.19.160
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.1.0.min.js

Requested by

Host: m.1news.io
URL: https://m.1news.io/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.160 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4C8D) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 13290410
x-cache: HIT
content-length: 38649
x-xss-protection: 1; mode=block
last-modified: Mon, 31 Oct 2016 23:11:08 GMT
server: ECAcc (frc/4C8D)
etag: "a04ffffcc33d21:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 v2 Show response
api.airfind.com/content/ 8 KB
3 KB 517ms
183ms Fetch
application/json 104.236.135.234
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://api.airfind.com/content/v2?clientId=50229&variant=1&affiliateId=&userID=9a948edf-a92f-450f-9287-f8b098763739
Requested by: Host: cdn.airfind.com
URL: https://cdn.airfind.com/r/core.js?cb=115c7c1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.236.135.234 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: 68f6f3db3da255f07444a406ef0c9bc5b43af2c4a6533f65b288e614c6a940c4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:08 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET,PUT,POST,DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://m.1news.io
access-control-allow-credentials: true
access-control-allow-headers: Content-Type

GET
H2 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
1 KB 48ms
47ms Script
text/javascript 2a00:1450:400d:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 18:49:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 739
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 859
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 15 Feb 2023 19:49:48 GMT

GET
H2 200 vendors~custom.js Show response
cdn.airfind.com/rarch/161/archive/build/ 1 MB
136 KB 21ms
20ms Script
text/javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.airfind.com/rarch/161/archive/build/vendors~custom.js?cb=04340692e037b3f00ffa
Requested by: Host: cdn.airfind.com
URL: https://cdn.airfind.com/r/core.js?cb=115c7c1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: Apache /
Resource Hash: c5c975c413db100a7aaaaf9c4038956acfb898ceab3d38e36d24c1599bed1f1b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:08 GMT
content-encoding: gzip
x-sp-metadata: HS256.CMD0tJ8GEooBCiQyZDMzMTA2ZS02MDlkLTQzODctOGE4ZS1lZTIwZjk1ZDc5NmYQiI2p4IfY+wIaBgiw2LSfBiIPMTg1LjIxMy4xNTUuMTYyKO6lAjADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIDNlOWIyMDYxMDA5OGI2YzliZmY5NTM4NTZlNTgwMTZhGiwIARIkZmU3ZDk4NTYtNmIzMS00YzY2LTgzMDctY2VjOWRlNDRhNDcyGNm9CCIYCAISFGNkczAwNi5hbTUuaHdjZG4ubmV0.EJDLH/NZTtnf4cqqTeH2EO1pHaY0MKXHK4TdZKK+HGg=
last-modified: Wed, 15 Feb 2023 10:33:45 GMT
server: Apache
etag: "12abc2-5f4ba9d665e51"
x-hw: 1676487728.cds256.am5.hn,1676487728.cds006.am5.c
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-length: 138969

GET
H2 200 custom.css
cdn.airfind.com/rarch/161/archive/build/ 13 KB
3 KB 33ms
32ms Stylesheet
text/css 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.airfind.com/rarch/161/archive/build/custom.css?cb=04340692e037b3f00ffa
Requested by: Host: cdn.airfind.com
URL: https://cdn.airfind.com/r/core.js?cb=115c7c1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: Apache /
Resource Hash: 8a09b016c01a5603e76910083e4976a483ede1d85ef587473632a17669fe4c1a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:08 GMT
content-encoding: gzip
x-sp-metadata: HS256.CMD0tJ8GEooBCiQ3NmRmZjllNC05NmM3LTRlZmItYTJlNy1hZjE5OWQwM2UzYzQQiI2p4IfY+wIaBgiw2LSfBiIPMTg1LjIxMy4xNTUuMTYyKO6lAjADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIDNlOWIyMDYxMDA5OGI2YzliZmY5NTM4NTZlNTgwMTZhGisIARIkYmMxNThmMDMtZDRmMC00N2YyLWIzYzItZjQ2ZmVhMjBmMDM3GNgUIhgIAhIUY2RzMjEyLmFtNS5od2Nkbi5uZXQ=.9P99RNQfebruD8RaHbLdQzE9d8GllPFNcxmAMKRiCRw=
last-modified: Wed, 15 Feb 2023 10:28:16 GMT
server: Apache
etag: W/"3452-5f4ba9d65e150"
x-hw: 1676487728.cds256.am5.hn,1676487728.cds212.am5.c
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-length: 2648

GET
H2 200 custom.js Show response
cdn.airfind.com/rarch/161/archive/build/ 51 KB
14 KB 33ms
33ms Script
text/javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.airfind.com/rarch/161/archive/build/custom.js?cb=04340692e037b3f00ffa
Requested by: Host: cdn.airfind.com
URL: https://cdn.airfind.com/r/core.js?cb=115c7c1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: Apache /
Resource Hash: 3ca0609b9ca9d7237409cfeb9a3a2313616bf537ea196a4164267742fcb8738b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:08 GMT
content-encoding: gzip
x-sp-metadata: HS256.CMD0tJ8GEooBCiQ1ZTdhOTJhNS1lMjcyLTRmYTgtYjRmZS0yYTBkYmFmZTU4MTQQiI2p4IfY+wIaBgiw2LSfBiIPMTg1LjIxMy4xNTUuMTYyKO6lAjADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIDNlOWIyMDYxMDA5OGI2YzliZmY5NTM4NTZlNTgwMTZhGisIARIkZWZlMTJlNDgtYjk3NC00MjdhLWFjZjEtNGFiOGViN2M0YjY3GN5rIhgIAhIUY2RzMjY3LmFtNS5od2Nkbi5uZXQ=.Pe7dZVlOd6lmuTw1AV+6qCopgsa1kZwrEuR9BgL/7/Q=
last-modified: Wed, 15 Feb 2023 10:28:51 GMT
server: Apache
etag: W/"cc61-5f4ba9d65e150"
x-hw: 1676487728.cds256.am5.hn,1676487728.cds267.am5.c
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-length: 13790

GET
H2 200 news-feed.css
cdn.airfind.com/rarch/161/archive/build/ 272 B
608 B 30ms
28ms Stylesheet
text/css 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.airfind.com/rarch/161/archive/build/news-feed.css?cb=04340692e037b3f00ffa
Requested by: Host: cdn.airfind.com
URL: https://cdn.airfind.com/r/core.js?cb=115c7c1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: Apache /
Resource Hash: d5af876ef8430542c72007cf7b787eae177367697d340df5a99b3398f337a2b3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:08 GMT
content-encoding: gzip
x-sp-metadata: HS256.CMD0tJ8GEooBCiQzMjk2MWJiNS1iZjllLTRlOTgtYjE3OC1mYTY2OTdmYjQ3NWUQiI2p4IfY+wIaBgiw2LSfBiIPMTg1LjIxMy4xNTUuMTYyKO6lAjADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIDNlOWIyMDYxMDA5OGI2YzliZmY5NTM4NTZlNTgwMTZhGisIARIkNzk2MzczODgtOWE5Yi00MjNjLWFmODAtMzQ3ZjAyZDgzNDhhGNIBIhgIAhIUY2RzMTI0LmFtNS5od2Nkbi5uZXQ=.6oEJIPtYKREOouYP3ZSZ9Nl9qdEcjLpppXCgKd4vpu8=
last-modified: Wed, 15 Feb 2023 10:33:45 GMT
server: Apache
etag: "110-5f4ba9d65f0f0"
x-hw: 1676487728.cds256.am5.hn,1676487728.cds124.am5.c
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-length: 210

GET
H2 200 news-feed.js Show response
cdn.airfind.com/rarch/161/archive/build/ 2 KB
1 KB 31ms
29ms Script
text/javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.airfind.com/rarch/161/archive/build/news-feed.js?cb=04340692e037b3f00ffa
Requested by: Host: cdn.airfind.com
URL: https://cdn.airfind.com/r/core.js?cb=115c7c1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: Apache /
Resource Hash: 1310df84d86661af75c0dd31e09305268e78b73a8e7a06c654b47931a3c8fd43

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:08 GMT
content-encoding: gzip
x-sp-metadata: HS256.CMD0tJ8GEooBCiRlYzdhNTJlNi0yMWRlLTQzNTEtYmM2My05YTU4Y2Q2MTZhZjQQiI2p4IfY+wIaBgiw2LSfBiIPMTg1LjIxMy4xNTUuMTYyKO6lAjADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIDNlOWIyMDYxMDA5OGI2YzliZmY5NTM4NTZlNTgwMTZhGisIARIkYWJlMDg2NjItZjE3ZS00ZTI4LThmNjctNWEwZGM0OTBmMGVkGOoHIhgIAhIUY2RzMDAxLmFtNS5od2Nkbi5uZXQ=.4eo34PmemSmIGtd3cEaEZgMni1ul5QQ3xEqbQeo//Ac=
last-modified: Wed, 15 Feb 2023 10:33:45 GMT
server: Apache
etag: "781-5f4ba9d65f0f0"
x-hw: 1676487728.cds256.am5.hn,1676487728.cds001.am5.c
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-length: 1002

GET
H2 200 footer.css
cdn.airfind.com/rarch/161/archive/build/ 979 B
808 B 29ms
28ms Stylesheet
text/css 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.airfind.com/rarch/161/archive/build/footer.css?cb=04340692e037b3f00ffa
Requested by: Host: cdn.airfind.com
URL: https://cdn.airfind.com/r/core.js?cb=115c7c1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: Apache /
Resource Hash: e881a805e55a2412f8ad8af740cfea5cfb3cd2927bc5fac0b0039b557c8d75f7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:08 GMT
content-encoding: gzip
x-sp-metadata: HS256.CMD0tJ8GEooBCiQ5ZTFmNThiMS1jZDlmLTQ3YjctYjA5ZC01M2Y5NmZjN2E5MTQQiI2p4IfY+wIaBgiw2LSfBiIPMTg1LjIxMy4xNTUuMTYyKO6lAjADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIDNlOWIyMDYxMDA5OGI2YzliZmY5NTM4NTZlNTgwMTZhGisIARIkMDk2ZDNiYTQtYjlhYy00ZTFmLWI1YWQtNDI1MWRlODNkOGIwGJIDIhgIAhIUY2RzMzAwLmFtNS5od2Nkbi5uZXQ=.zltjj2sPc61ceFEUdPwrJkV2YGlxQdRMPKeBU8kDPHc=
last-modified: Wed, 15 Feb 2023 10:33:45 GMT
server: Apache
etag: "3d3-5f4ba9d65f0f0"
x-hw: 1676487728.cds256.am5.hn,1676487728.cds300.am5.c
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-length: 402

GET
H2 200 footer.js Show response
cdn.airfind.com/rarch/161/archive/build/ 1 KB
1 KB 30ms
30ms Script
text/javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.airfind.com/rarch/161/archive/build/footer.js?cb=04340692e037b3f00ffa
Requested by: Host: cdn.airfind.com
URL: https://cdn.airfind.com/r/core.js?cb=115c7c1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: Apache /
Resource Hash: 16cda90d3670cb127f01f5737fce9e862eb960617e496a951f9aa3e8026755e0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:08 GMT
content-encoding: gzip
x-sp-metadata: HS256.CMD0tJ8GEooBCiQzOWZkMTVkZi00MTBmLTQ0ZGItYWY1Ni1lOTVmZjVkNjViOTMQiI2p4IfY+wIaBgiw2LSfBiIPMTg1LjIxMy4xNTUuMTYyKO6lAjADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIDNlOWIyMDYxMDA5OGI2YzliZmY5NTM4NTZlNTgwMTZhGisIARIkODg5MTk5YzAtNWM4NS00ZDQyLTkzODAtNDk2NzVmYzMxMzBjGKEFIhgIAhIUY2RzMzIxLmFtNS5od2Nkbi5uZXQ=.hVYnLWh6vQKwVM1n5UaWykVZTnEhDV3EtxMgVAaIzzg=
last-modified: Wed, 15 Feb 2023 10:33:45 GMT
server: Apache
etag: "53d-5f4ba9d65f0f0"
x-hw: 1676487728.cds256.am5.hn,1676487728.cds321.am5.c
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-length: 673

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 76 KB
27 KB 283ms
80ms Script
text/javascript 2a00:1450:400d:804::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: cdn.airfind.com
URL: https://cdn.airfind.com/r/core.js?cb=115c7c1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:804::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92b45216fb09abf92170e3d95a1b411ffeef49a5b3137679df61d1b00f14e4f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26637
x-xss-protection: 0
server: sffe
etag: "1483 / 457 of 1000 / last-modified: 1676462809"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 15 Feb 2023 19:02:08 GMT

GET
H2 200 1554832467370-1N_Circular%20Icon_224x224.png
cdn.airfind.com/ext/50229/ 4 KB
5 KB 27ms
26ms Image
image/png 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.airfind.com/ext/50229/1554832467370-1N_Circular%20Icon_224x224.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: Apache /
Resource Hash: 8f2e082574c2291f27848049443b67d051338a396f11773a089fdf8849ad9fca

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:08 GMT
x-sp-metadata: HS256.CMD0tJ8GEooBCiQzMzI3OGE4YS1kNGRmLTQwOGMtYjhmZC1mZWMzNTI1ZGUwM2QQiI2p4IfY+wIaBgiw2LSfBiIPMTg1LjIxMy4xNTUuMTYyKO6lAjADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIDNlOWIyMDYxMDA5OGI2YzliZmY5NTM4NTZlNTgwMTZhGisIARIkNGFmNWM4ZjAtZjVhNi00YTkzLTkzMDgtZDk2YmFmNWY5ZjA1GOAhIhgIAhIUY2RzMjU0LmFtNS5od2Nkbi5uZXQ=.53oa1im0s1TKlO9YcTfBGC75+AMFkL61avr5zpUQQFo=
last-modified: Tue, 09 Apr 2019 17:54:27 GMT
server: Apache
etag: "10e0-5861ca4e7412d"
x-hw: 1676487728.cds256.am5.hn,1676487728.cds254.am5.c
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 4320

GET
H2 200 feed-block.css
cdn.airfind.com/rarch/161/archive/build/ 14 KB
3 KB 22ms
21ms Stylesheet
text/css 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.airfind.com/rarch/161/archive/build/feed-block.css?cb=04340692e037b3f00ffa
Requested by: Host: cdn.airfind.com
URL: https://cdn.airfind.com/r/core.js?cb=115c7c1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: Apache /
Resource Hash: 41145049ae46e5ccdeb2b41a28bb287b1aa5429a6707c570f2a7c75f77355629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:08 GMT
content-encoding: gzip
x-sp-metadata: HS256.CMD0tJ8GEooBCiQ0NDg4N2MxYy03ZWQzLTQwMzMtYTY5ZS1jMTgxMTQ1ZTY3YjgQiI2p4IfY+wIaBgiw2LSfBiIPMTg1LjIxMy4xNTUuMTYyKO6lAjADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIDNlOWIyMDYxMDA5OGI2YzliZmY5NTM4NTZlNTgwMTZhGisIARIkYjFhNzg0N2QtOTVhYS00ZGE4LTlmZmItZTRkZmY3ODFmN2NjGPIRIhgIAhIUY2RzMzEyLmFtNS5od2Nkbi5uZXQ=.YK3a1/avnZWjH7U65IjI9glua0JpZX9r0jXDlH2bbzY=
last-modified: Wed, 15 Feb 2023 10:33:31 GMT
server: Apache
etag: W/"37e5-5f4ba9d65e150"
x-hw: 1676487728.cds256.am5.hn,1676487728.cds312.am5.c
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-length: 2290

GET
H2 200 feed-block.js Show response
cdn.airfind.com/rarch/161/archive/build/ 26 KB
8 KB 22ms
22ms Script
text/javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.airfind.com/rarch/161/archive/build/feed-block.js?cb=04340692e037b3f00ffa
Requested by: Host: cdn.airfind.com
URL: https://cdn.airfind.com/r/core.js?cb=115c7c1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: Apache /
Resource Hash: 69fc98bb3c164169576ed9fe5ea71fb25523d11ce4af5601dc90ab814338ff72

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:08 GMT
content-encoding: gzip
x-sp-metadata: HS256.CMD0tJ8GEooBCiQ2M2Y1ODhlNy03MTY2LTQ5YTQtODdhMi05NzNlMTAxNmNjMWYQiI2p4IfY+wIaBgiw2LSfBiIPMTg1LjIxMy4xNTUuMTYyKO6lAjADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIDNlOWIyMDYxMDA5OGI2YzliZmY5NTM4NTZlNTgwMTZhGisIARIkNGRiMDA1MTctOGY4Mi00YWE0LTllYjItZGFlMzcxNWE3MmIwGJM8IhgIAhIUY2RzMjkwLmFtNS5od2Nkbi5uZXQ=.P+s90YnkVsxzG0/hOfmGAMjOoeF1Pqh93DbVNnc8M2A=
last-modified: Wed, 15 Feb 2023 10:33:45 GMT
server: Apache
etag: "6888-5f4ba9d65e150"
x-hw: 1676487728.cds256.am5.hn,1676487728.cds290.am5.c
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-length: 7699

GET
H2 200 bundle.umd.js Show response
cdn.airfind.com/d2s/ 9 KB
4 KB 23ms
23ms Script
text/javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.airfind.com/d2s/bundle.umd.js?cb=FrfHue
Requested by: Host: cdn.airfind.com
URL: https://cdn.airfind.com/r/core.js?cb=115c7c1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: Apache /
Resource Hash: a20663c2fbe65b48d19148a3b5840da7a2e008c873e5f4190ba142989e4e640d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:08 GMT
content-encoding: gzip
x-sp-metadata: HS256.CMD0tJ8GEooBCiRhMTJhNWEyOS0xZDFiLTRjMmItOTk4ZS04ZGU0YmJmYjRhNzMQiI2p4IfY+wIaBgiw2LSfBiIPMTg1LjIxMy4xNTUuMTYyKO6lAjADOARCFlRMU19BRVNfMTI4X0dDTV9TSEEyNTZaIDNlOWIyMDYxMDA5OGI2YzliZmY5NTM4NTZlNTgwMTZhGisIARIkNDM4N2M4MjgtZGFjOS00NWUwLTgwNmMtMmRlNmQwZmM1ODBmGMMZIhgIAhIUY2RzMDA3LmFtNS5od2Nkbi5uZXQ=.fXmNsSbAK4FHsLy1e9jsLlRB1GdFKJPcJXjxtonsQ/0=
last-modified: Tue, 31 Jan 2023 11:59:14 GMT
server: Apache
etag: "245a-5f38e0f805731"
x-hw: 1676487728.cds256.am5.hn,1676487728.cds007.am5.c
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=604800
accept-ranges: bytes
content-length: 3267

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 16 KB
16 KB 117ms
36ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://m.1news.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 16:22:50 GMT
x-content-type-options: nosniff
age: 9558
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 15 Feb 2024 16:22:50 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
15 KB 126ms
46ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://m.1news.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Thu, 09 Feb 2023 14:05:36 GMT
x-content-type-options: nosniff
age: 536192
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 09 Feb 2024 14:05:36 GMT

GET
H2 200 v1 Show response
api.airfind.com/news/ 6 KB
2 KB 187ms
187ms Fetch
application/json 104.236.135.234
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://api.airfind.com/news/v1?pageViewId=rb1hvsrg&clientId=50229&affiliateId=&country=DE&repClientId=50229&includeDesc=true&category=top&feedStyle=small&limit=4&offset=0&userID=fb5c2bd889fd7557eef178d99b6c0abf
Requested by: Host: cdn.airfind.com
URL: https://cdn.airfind.com/r/core.js?cb=115c7c1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.236.135.234 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: 9bf0b0bd09f8e1730d70307a3949a517ce14082ade4bbd7d0165b30ae8334fbb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:08 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET,PUT,POST,DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://m.1news.io
access-control-allow-credentials: true
access-control-allow-headers: Content-Type

GET
H2 200 flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
fonts.gstatic.com/s/materialicons/v139/ 125 KB
126 KB 122ms
76ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/materialicons/v139/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/icon?family=Material+Icons

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://m.1news.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 14:24:34 GMT
x-content-type-options: nosniff
age: 103054
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 128352
x-xss-protection: 0
last-modified: Thu, 25 Aug 2022 00:26:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 14 Feb 2024 14:24:34 GMT

GET
H2 200 v1 Show response
api.airfind.com/news/ 12 KB
4 KB 179ms
179ms Fetch
application/json 104.236.135.234
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://api.airfind.com/news/v1?pageViewId=rb1hvsrg&clientId=50229&affiliateId=&country=DE&repClientId=50229&includeDesc=true&category=entertainment&feedStyle=small&limit=7&offset=0&userID=fb5c2bd889fd7557eef178d99b6c0abf
Requested by: Host: cdn.airfind.com
URL: https://cdn.airfind.com/r/core.js?cb=115c7c1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.236.135.234 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: f074e3cdb69fc0ce970d74c4ee63014e7ee35db3dad17fbe34f78f0717733068

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:08 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET,PUT,POST,DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://m.1news.io
access-control-allow-credentials: true
access-control-allow-headers: Content-Type

GET
H2 200 v1 Show response
api.airfind.com/news/ 9 KB
2 KB 213ms
213ms Fetch
application/json 104.236.135.234
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://api.airfind.com/news/v1?pageViewId=rb1hvsrg&clientId=50229&affiliateId=&country=DE&repClientId=50229&includeDesc=true&category=sports&feedStyle=small&limit=7&offset=0&userID=fb5c2bd889fd7557eef178d99b6c0abf
Requested by: Host: cdn.airfind.com
URL: https://cdn.airfind.com/r/core.js?cb=115c7c1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.236.135.234 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: 26347d5b24f37bb96410c90fb7695c1aa89619a3e8950bc7c4a22eafb139de27

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:08 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET,PUT,POST,DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://m.1news.io
access-control-allow-credentials: true
access-control-allow-headers: Content-Type

GET
H2 200 AA17vb4h.img
img-s-msn-com.akamaized.net/tenant/amp/entityid/ 8 KB
8 KB 127ms
39ms Image
image/jpeg 2a02:26f0:11a::217:9a40
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA17vb4h.img?w=150&h=150

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a02:26f0:11a::217:9a40 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

b70cb07b237716b049dc6a4dd75e87fae3a9923cc1c869e767bba43262978153

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:08 GMT
last-modified: Wed, 15 Feb 2023 07:24:48 GMT
x-resizerversion: 1.0
x-source-length: 250876
x-datacenter: eastus
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=390161
x-activityid: 8abf23d6-9915-41e6-81c6-2a61ba6b473d
content-location: https://img.s-msn.com/tenant/amp/entityid/AA17vb4h?w=150&h=150
timing-allow-origin: *
content-length: 8192
expires: Mon, 20 Feb 2023 07:24:49 GMT

GET
H2 200 AA17x2jr.img
img-s-msn-com.akamaized.net/tenant/amp/entityid/ 8 KB
8 KB 164ms
76ms Image
image/jpeg 2a02:26f0:11a::217:9a40
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA17x2jr.img?w=150&h=150

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a02:26f0:11a::217:9a40 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

c9f2ddaa18673e946f4cd471de9275210be34b80d975bd7a8aefb20238b80cf6

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:08 GMT
last-modified: Wed, 15 Feb 2023 18:03:19 GMT
x-resizerversion: 1.0
x-source-length: 74143
x-datacenter: eastus
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=428489
x-activityid: b7777f2e-0d76-415b-9810-ff0233a37d7d
content-location: https://img.s-msn.com/tenant/amp/entityid/AA17x2jr?w=150&h=150
timing-allow-origin: *
content-length: 8192
expires: Mon, 20 Feb 2023 18:03:37 GMT

GET
H2 200 AA17wP5b.img
img-s-msn-com.akamaized.net/tenant/amp/entityid/ 32 KB
32 KB 108ms
20ms Image
image/jpeg 2a02:26f0:11a::217:9a40
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA17wP5b.img?w=380&h=380

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a02:26f0:11a::217:9a40 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

ffca67ae0f466d918da85a2bc61ce877741c5a6321de76a8227eec930612453e

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:08 GMT
last-modified: Wed, 15 Feb 2023 17:25:55 GMT
x-resizerversion: 1.0
x-datacenter: eastap
x-source-length: 150914
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=426218
x-activityid: e944b4d1-0063-4808-8c6e-456043db10c2
content-location: https://img.s-msn.com/tenant/amp/entityid/AA17wP5b?w=380&h=380
timing-allow-origin: *
content-length: 32768
expires: Mon, 20 Feb 2023 17:25:46 GMT

GET
H2 200 AA17wDJf.img
img-s-msn-com.akamaized.net/tenant/amp/entityid/ 24 KB
25 KB 106ms
18ms Image
image/jpeg 2a02:26f0:11a::217:9a40
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA17wDJf.img?w=380&h=380

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a02:26f0:11a::217:9a40 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

b6c0e529a1abff26022fd083a058fedf78196bfe9c4c0d25f1eaff6bd0b8e711

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:08 GMT
last-modified: Wed, 15 Feb 2023 17:45:26 GMT
x-resizerversion: 1.0
x-source-length: 152834
x-datacenter: westus
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=427437
x-activityid: 1e001f5e-c003-4e86-8956-03d0e8d5bb12
content-location: https://img.s-msn.com/tenant/amp/entityid/AA17wDJf?w=380&h=380
timing-allow-origin: *
content-length: 24734
expires: Mon, 20 Feb 2023 17:46:05 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 36ms
35ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://m.1news.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 06:52:22 GMT
x-content-type-options: nosniff
age: 130186
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 14 Feb 2024 06:52:22 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2
fonts.gstatic.com/s/roboto/v30/ 12 KB
12 KB 36ms
35ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7f1c829b0c90fd664a03bb714a74f7d35d9e38ee1687104abc8ad5bd9c8ccb6c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://m.1news.io
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Thu, 09 Feb 2023 22:04:53 GMT
x-content-type-options: nosniff
age: 507435
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11800
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:25:05 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 09 Feb 2024 22:04:53 GMT

GET
H2 200 pubads_impl_2023021301.js Show response
securepubads.g.doubleclick.net/gpt/ 386 KB
131 KB 126ms
38ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023021301.js?cb=31072411

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0158a7a3fd4a43fd01c6051d73c8507d87989abb39e83b3dbb8e3fe806ef77cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 14:21:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16836
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 133267
x-xss-protection: 0
last-modified: Mon, 13 Feb 2023 09:35:24 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 15 Feb 2024 14:21:32 GMT

GET
H2 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 32 B
578 B 154ms
70ms XHR
application/json 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=m.1news.io

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ba75b30ff4a327fc2cad401244f2baae2008b8f35dffc5606402ed84960f0680

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:08 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 36
x-xss-protection: 0
expires: Wed, 15 Feb 2023 19:02:08 GMT

GET
H2 200 AA17vfav.img
img-s-msn-com.akamaized.net/tenant/amp/entityid/ 15 KB
15 KB 34ms
33ms Image
image/jpeg 2a02:26f0:11a::217:9a40
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA17vfav.img?w=380&h=380

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a02:26f0:11a::217:9a40 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

1ed4c4303f72a672fd5cc2d66e9d02d13f97bbacf8eafe09099824dddfb10a60

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:08 GMT
last-modified: Wed, 15 Feb 2023 07:35:47 GMT
x-resizerversion: 1.0
x-datacenter: westus
x-source-length: 229963
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=390801
x-activityid: 45218bdf-bfed-4a4f-bc33-d5a055fa4bc4
content-location: https://img.s-msn.com/tenant/amp/entityid/AA17vfav?w=380&h=380
timing-allow-origin: *
content-length: 15358
expires: Mon, 20 Feb 2023 07:35:29 GMT

GET
H2 200 AA17uNYi.img
img-s-msn-com.akamaized.net/tenant/amp/entityid/ 14 KB
15 KB 34ms
33ms Image
image/jpeg 2a02:26f0:11a::217:9a40
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA17uNYi.img?w=380&h=380

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a02:26f0:11a::217:9a40 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

a9cae479eeab8bda84a9dfe1d855de46cd415fd47709fde2f43bf32a32bed260

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:08 GMT
last-modified: Wed, 15 Feb 2023 08:11:51 GMT
x-resizerversion: 1.0
x-source-length: 218479
x-datacenter: northeu
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=392968
x-activityid: be634ee1-b9d8-4d2f-9d52-be20d30271cc
content-location: https://img.s-msn.com/tenant/amp/entityid/AA17uNYi?w=380&h=380
timing-allow-origin: *
content-length: 14682
expires: Mon, 20 Feb 2023 08:11:36 GMT

GET
H2 200 AA13MCk2.img
img-s-msn-com.akamaized.net/tenant/amp/entityid/ 16 KB
16 KB 79ms
78ms Image
image/jpeg 2a02:26f0:11a::217:9a40
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA13MCk2.img?w=380&h=380

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a02:26f0:11a::217:9a40 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

81b47d559768f38fdaa65b2fdb019733c59fd142b0c4c290d3fe4ed59cae7bf8

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:08 GMT
last-modified: Wed, 15 Feb 2023 15:32:52 GMT
x-resizerversion: 1.0
x-source-length: 559044
x-datacenter: westus
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=419426
x-activityid: 66949248-6ad3-498c-8d48-054fd2622c7e
content-location: https://img.s-msn.com/tenant/amp/entityid/AA13MCk2?w=380&h=380
timing-allow-origin: *
content-length: 16384
expires: Mon, 20 Feb 2023 15:32:34 GMT

GET
H2 200 AA17vihM.img
img-s-msn-com.akamaized.net/tenant/amp/entityid/ 8 KB
8 KB 36ms
35ms Image
image/jpeg 2a02:26f0:11a::217:9a40
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA17vihM.img?w=150&h=150

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a02:26f0:11a::217:9a40 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

0cc83a313a235229a8f43a19ad41feb5849f07ba686a525f5408ce5a5dc85485

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:08 GMT
last-modified: Wed, 15 Feb 2023 15:46:29 GMT
x-resizerversion: 1.0
x-datacenter: eastap
x-source-length: 404978
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=420253
x-activityid: b72fc395-9896-48e3-854e-c5932440799b
content-location: https://img.s-msn.com/tenant/amp/entityid/AA17vihM?w=150&h=150
timing-allow-origin: *
content-length: 8192
expires: Mon, 20 Feb 2023 15:46:21 GMT

GET
H2 200 AA17sPq1.img
img-s-msn-com.akamaized.net/tenant/amp/entityid/ 4 KB
5 KB 88ms
88ms Image
image/jpeg 2a02:26f0:11a::217:9a40
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA17sPq1.img?w=150&h=150

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a02:26f0:11a::217:9a40 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

dd6beef948a87ce490457e6aa508efb50cbd02569c230f49b79f7a500616ae2b

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:08 GMT
last-modified: Wed, 15 Feb 2023 15:46:29 GMT
x-resizerversion: 1.0
x-source-length: 167167
x-datacenter: westus
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=420228
x-activityid: 8cb6f29b-fcdf-4c17-88f1-56d295b1d527
content-location: https://img.s-msn.com/tenant/amp/entityid/AA17sPq1?w=150&h=150
timing-allow-origin: *
content-length: 4426
expires: Mon, 20 Feb 2023 15:45:56 GMT

GET
H2 200 AA17vUX4.img
img-s-msn-com.akamaized.net/tenant/amp/entityid/ 8 KB
8 KB 67ms
67ms Image
image/jpeg 2a02:26f0:11a::217:9a40
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA17vUX4.img?w=150&h=150

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a02:26f0:11a::217:9a40 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

73dbe52321b2c22f1d1101de99d698405db3ceff245c3407a16ee741266bb83b

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:08 GMT
last-modified: Wed, 15 Feb 2023 12:08:03 GMT
x-resizerversion: 1.0
x-source-length: 540986
x-datacenter: eastus
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=407098
x-activityid: 860a3f58-e8e5-4281-a89f-d44e547883b8
content-location: https://img.s-msn.com/tenant/amp/entityid/AA17vUX4?w=150&h=150
timing-allow-origin: *
content-length: 8192
expires: Mon, 20 Feb 2023 12:07:06 GMT

GET
H2 200 AA17vvsF.img
img-s-msn-com.akamaized.net/tenant/amp/entityid/ 8 KB
8 KB 129ms
128ms Image
image/jpeg 2a02:26f0:11a::217:9a40
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA17vvsF.img?w=150&h=150

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a02:26f0:11a::217:9a40 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

62f367169e5eb30ae4973188e73e672710e88768bb099bce8f9d0b98dbcc1a56

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:08 GMT
last-modified: Wed, 15 Feb 2023 10:40:44 GMT
x-resizerversion: 1.0
x-source-length: 337197
x-datacenter: eastap
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=402036
x-activityid: 5ff7f028-1085-4524-996a-f8a4941c0899
content-location: https://img.s-msn.com/tenant/amp/entityid/AA17vvsF?w=150&h=150
timing-allow-origin: *
content-length: 8192
expires: Mon, 20 Feb 2023 10:42:44 GMT

GET
H2 200 AA17vxwT.img
img-s-msn-com.akamaized.net/tenant/amp/entityid/ 17 KB
18 KB 39ms
36ms Image
image/jpeg 2a02:26f0:11a::217:9a40
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA17vxwT.img?w=380&h=380

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a02:26f0:11a::217:9a40 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

33a6f92f6ca4f2d842111c830b2457da96cbea308bea8127379b234854113a9f

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:08 GMT
last-modified: Wed, 15 Feb 2023 10:25:45 GMT
x-resizerversion: 1.0
x-datacenter: northeu
x-source-length: 181253
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=400941
x-activityid: 3c9b0f7a-12c8-472f-a47f-b1c2d35262ee
content-location: https://img.s-msn.com/tenant/amp/entityid/AA17vxwT?w=380&h=380
timing-allow-origin: *
content-length: 17675
expires: Mon, 20 Feb 2023 10:24:29 GMT

GET
H2 200 AA17vCev.img
img-s-msn-com.akamaized.net/tenant/amp/entityid/ 16 KB
16 KB 55ms
52ms Image
image/jpeg 2a02:26f0:11a::217:9a40
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA17vCev.img?w=380&h=380

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a02:26f0:11a::217:9a40 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

923ee51e80dc8c59e467b1bac030ab66852340c5af70673698b908891da1ac40

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:08 GMT
last-modified: Wed, 15 Feb 2023 09:58:38 GMT
x-resizerversion: 1.0
x-source-length: 478358
x-datacenter: eastus
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=399291
x-activityid: 260755a0-29cd-4a0a-a467-632e7336f8ac
content-location: https://img.s-msn.com/tenant/amp/entityid/AA17vCev?w=380&h=380
timing-allow-origin: *
content-length: 16384
expires: Mon, 20 Feb 2023 09:56:59 GMT

GET
H2 200 AA17viHB.img
img-s-msn-com.akamaized.net/tenant/amp/entityid/ 18 KB
18 KB 38ms
35ms Image
image/jpeg 2a02:26f0:11a::217:9a40
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA17viHB.img?w=380&h=380

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a02:26f0:11a::217:9a40 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

440510ff75635e8f8ad083135f05dd2269fa227167bf75022cbbd7656113b6a6

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:08 GMT
last-modified: Wed, 15 Feb 2023 10:25:52 GMT
x-resizerversion: 1.0
x-datacenter: westus
x-source-length: 821192
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=400965
x-activityid: 2edbb94f-1c1e-4963-a308-11adfeab95db
content-location: https://img.s-msn.com/tenant/amp/entityid/AA17viHB?w=380&h=380
timing-allow-origin: *
content-length: 18422
expires: Mon, 20 Feb 2023 10:24:53 GMT

GET
H2 200 AA17vM2R.img
img-s-msn-com.akamaized.net/tenant/amp/entityid/ 8 KB
8 KB 39ms
38ms Image
image/jpeg 2a02:26f0:11a::217:9a40
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA17vM2R.img?w=150&h=150

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a02:26f0:11a::217:9a40 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

eb89647e3d903d6a5718e7c3dc33d63f8ad49394e2b011de5ec2452897690aaa

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:08 GMT
last-modified: Wed, 15 Feb 2023 11:09:22 GMT
x-resizerversion: 1.0
x-source-length: 406332
x-datacenter: eastap
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=403689
x-activityid: 486ca2ae-9247-4d17-b13d-28f33e4918a3
content-location: https://img.s-msn.com/tenant/amp/entityid/AA17vM2R?w=150&h=150
timing-allow-origin: *
content-length: 8192
expires: Mon, 20 Feb 2023 11:10:17 GMT

GET
H2 200 AA17wtOw.img
img-s-msn-com.akamaized.net/tenant/amp/entityid/ 8 KB
8 KB 67ms
65ms Image
image/jpeg 2a02:26f0:11a::217:9a40
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA17wtOw.img?w=150&h=150

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a02:26f0:11a::217:9a40 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

7d0b1002ba1cf50ba8782a769b282503801089417a1a414863ae776f883d355b

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:08 GMT
last-modified: Wed, 15 Feb 2023 18:58:45 GMT
x-resizerversion: 1.0
x-source-length: 263898
x-datacenter: eastus
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=431694
x-activityid: 6746cfd0-2c99-4f7e-b170-17dc0ee17876
content-location: https://img.s-msn.com/tenant/amp/entityid/AA17wtOw?w=150&h=150
timing-allow-origin: *
content-length: 8192
expires: Mon, 20 Feb 2023 18:57:02 GMT

GET
H2 200 AA16TmdM.img
img-s-msn-com.akamaized.net/tenant/amp/entityid/ 5 KB
5 KB 36ms
35ms Image
image/jpeg 2a02:26f0:11a::217:9a40
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA16TmdM.img?w=150&h=150

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a02:26f0:11a::217:9a40 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

1fd1d0da3e2c17d770a16dfbaedcd8d29a22873dcfd1678ad7f89600dc94ec8e

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:08 GMT
last-modified: Wed, 15 Feb 2023 15:44:46 GMT
x-resizerversion: 1.0
x-source-length: 1393473
x-datacenter: westus
x-frame-options: DENY
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=420203
x-activityid: 5372eb48-1e59-43d6-abdb-94635ed371c8
content-location: https://img.s-msn.com/tenant/amp/entityid/AA16TmdM?w=150&h=150
timing-allow-origin: *
content-length: 4751
expires: Mon, 20 Feb 2023 15:45:31 GMT

GET
H2 200 AA17wwSI.img
img-s-msn-com.akamaized.net/tenant/amp/entityid/ 31 KB
32 KB 89ms
88ms Image
image/png 2a02:26f0:11a::217:9a40
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA17wwSI.img?w=150&h=150

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a02:26f0:11a::217:9a40 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e959c880530dc1efe386060ed24463d8d3ca2128bfc013012669d9d9897aa40c

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:08 GMT
last-modified: Wed, 15 Feb 2023 15:21:33 GMT
x-resizerversion: 1.0
x-source-length: 570129
x-datacenter: westus
x-frame-options: DENY
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=418751
x-activityid: 94a58c9e-24aa-4bf0-9d0f-2f7a6a7ef2de
content-location: https://img.s-msn.com/tenant/amp/entityid/AA17wwSI?w=150&h=150
timing-allow-origin: *
content-length: 31963
expires: Mon, 20 Feb 2023 15:21:19 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
531 B 129ms
48ms Script
application/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=m.1news.io

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023021301.js?cb=31072411

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 126ms
46ms Script
application/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=m.1news.io

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023021301.js?cb=31072411

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 18 KB
8 KB 417ms
416ms XHR
text/plain 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3173225333372820&correlator=3663416964178128&eid=31072411%2C44761478%2C31072382%2C31072427&output=ldjh&gdfp_req=1&vrg=2023021301&ptt=17&impl=fif&iu_parts=231917939%2C1news_homepage_1&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C300x100%7C320x50&fluid=height&ifi=1&adks=3979803867&sfv=1-0-40&prev_scp=client%3D50229%26segment%3D%26variant%3D1%26browserTabStatus%3Dforeground&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1676487728908&lmt=1676487728&dlt=1676487727542&idt=1334&adxs=490&adys=968&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fm.1news.io%2F&frm=20&vis=1&psz=620x0&msz=620x0&fws=4&ohw=620&ga_vid=524181183.1676487728&ga_sid=1676487729&ga_hid=1085959388&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023021301.js?cb=31072411

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fd5df9e275319cc87651bfc1f2a887d0d1b9c7cba9a478eb1c3d4b0c9f1b3e62

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:09 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7634
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://m.1news.io
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 17 KB
8 KB 338ms
338ms XHR
text/plain 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3173225333372820&correlator=2816943422703714&eid=31072411%2C44761478%2C31072382%2C31072427&output=ldjh&gdfp_req=1&vrg=2023021301&ptt=17&impl=fif&iu_parts=231917939%2C1news_homepage_2&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C300x100%7C320x50&fluid=height&ifi=2&adks=3601387540&sfv=1-0-40&prev_scp=client%3D50229%26segment%3D%26variant%3D1%26browserTabStatus%3Dforeground&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1676487728915&lmt=1676487728&dlt=1676487727542&idt=1334&adxs=490&adys=2538&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fm.1news.io%2F&frm=20&vis=1&psz=620x0&msz=620x0&fws=4&ohw=620&ga_vid=524181183.1676487728&ga_sid=1676487729&ga_hid=1085959388&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023021301.js?cb=31072411

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

06f90727a223e816ebd38bf1b40c2544a8f696702efdfecfc40cdf7c47a8397d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:09 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7613
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://m.1news.io
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 18 KB
8 KB 296ms
296ms XHR
text/plain 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3173225333372820&correlator=1528389230058655&eid=31072411%2C44761478%2C31072382%2C31072427&output=ldjh&gdfp_req=1&vrg=2023021301&ptt=17&impl=fif&iu_parts=231917939%2C1news_homepage_3&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C300x100%7C320x50&fluid=height&ifi=3&adks=2290486425&sfv=1-0-40&prev_scp=client%3D50229%26segment%3D%26variant%3D1%26browserTabStatus%3Dforeground&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1676487728918&lmt=1676487728&dlt=1676487727542&idt=1334&adxs=490&adys=4047&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=2&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fm.1news.io%2F&frm=20&vis=1&psz=620x0&msz=620x0&fws=4&ohw=620&ga_vid=524181183.1676487728&ga_sid=1676487729&ga_hid=1085959388&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023021301.js?cb=31072411

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6cc9e249e893cefa3c20f161a61eee0b085a37e65e8acde9d4bb544b1e357dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:09 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7629
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://m.1news.io
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
11 KB 216ms
94ms XHR
application/json 2a00:1450:400d:804::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2023021301&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023021301.js?cb=31072411

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:804::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8c6c8e6283be32b393ff96d5d1178569b94d0e27c6fd7b586c3a7d2424a26ff5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:09 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11258
x-xss-protection: 0

GET
H2 200 container.html Show response
e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame E32B 6 KB
3 KB 320ms
80ms Document
text/html 2a00:1450:400d:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023021301.js?cb=31072411

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://m.1news.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 19:02:09 GMT
expires: Thu, 15 Feb 2024 19:02:09 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 d2s-labeller Show response
api.airfind.com/ 66 B
197 B 180ms
180ms Fetch
application/json 104.236.135.234
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://api.airfind.com/d2s-labeller
Requested by: Host: cdn.airfind.com
URL: https://cdn.airfind.com/d2s/bundle.umd.js?cb=FrfHue
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.236.135.234 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: 227e338bee797a90455672420557e82c8cf038b363d97b55ec3fd251d4213041

Request headers

Referer: https://m.1news.io/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: *
date: Wed, 15 Feb 2023 19:02:09 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: application/json

OPTIONS
H2 200 d2s-labeller
api.airfind.com/ Frame 0
0 171ms
170ms Preflight
text/plain 104.236.135.234
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://api.airfind.com/d2s-labeller
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.236.135.234 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://m.1news.io
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

access-control-allow-headers: Accept, Accept-Language, Content-Language, Content-Type, access-control-allow-origin, authorization, content-type
access-control-allow-methods: POST, GET
access-control-allow-origin: *
access-control-max-age: 600
content-length: 2
content-type: text/plain; charset=utf-8
date: Wed, 15 Feb 2023 19:02:09 GMT
server: nginx

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 214ms
98ms Script
text/javascript 2a00:1450:400d:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023021301.js?cb=31072411

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 15 Feb 2023 19:02:09 GMT

GET
H2 200 container.html Show response
e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame A2AC 6 KB
3 KB 51ms
50ms Document
text/html 2a00:1450:400d:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023021301.js?cb=31072411

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://m.1news.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 19:02:09 GMT
expires: Thu, 15 Feb 2024 19:02:09 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 9D27 6 KB
3 KB 56ms
55ms Document
text/html 2a00:1450:400d:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023021301.js?cb=31072411

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://m.1news.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 19:02:09 GMT
expires: Thu, 15 Feb 2024 19:02:09 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 v1 Show response
api.airfind.com/d2s/ 3 KB
1 KB 184ms
183ms Fetch
application/json 104.236.135.234
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://api.airfind.com/d2s/v1?categoryId=IAB5-1C&limit=8&clientId=50012&affiliateId=&urlPattern=m.1news.io&ua=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/110.0.5481.96%20Safari/537.36&d2sLandingPage=&searchTerm=
Requested by: Host: cdn.airfind.com
URL: https://cdn.airfind.com/d2s/bundle.umd.js?cb=FrfHue
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.236.135.234 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: cbef9eec9501c0e5eacff4f6a5a9f031b4015b76a2159440ba8c97861a36ba9f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:09 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET,PUT,POST,DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://m.1news.io
access-control-allow-credentials: true
access-control-allow-headers: Content-Type

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame CB99 624 B
504 B 162ms
74ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNVRTyTupPnqPXCTnokQKuYp2WAvB-mlZ7qYJNV8HEPQ_25fc3ytZoF5HLRdXFgUN90jTdmyrwPaWY4yI9WjiWNzSgV7nuuxlyRDQRzWfhjVg8QRT-TC0_vu2cJksopPMjd4mujn03zBLqK6WTu9J8o18rd_Ft8Ze3s0ejcScXjpMQv-0aI

Requested by

Host: e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com
URL: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 19:02:09 GMT
expires: Wed, 15 Feb 2023 19:02:09 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame A2AC 78 KB
27 KB 205ms
107ms Script
text/javascript 2a00:1450:400d:804::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com
URL: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:804::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1a9f51121ef00d4bc11c410113432813ddbdcd85c9f2aabbd2c2c23c87408e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:09 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27798
x-xss-protection: 0
server: cafe
etag: 12162329123218539290
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 15 Feb 2023 19:02:09 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame A2AC 42 B
63 B 182ms
85ms Image
image/gif 2a00:1450:400d:804::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DE_ezIteLnfGMx15M8hVFaOPxbE26ajlwOrEInbeZs4CVnSVwDngr6LiCqpSLFYUuF0Vd43Uz1D9ES1e-yeXYJQI7LJsiOp9u4D8Zi6_1DXjicEJ0

Requested by

Host: e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com
URL: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:804::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 19:02:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A2AC 0
20 B 183ms
85ms Image
image/gif 2a00:1450:400d:804::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=16828254459655857376&x=1&ct=77

Requested by

Host: e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com
URL: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:804::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 19:02:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame A2AC 3 KB
1 KB 57ms
56ms Script
text/javascript 2a00:1450:400d:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/window_focus_fy2021.js

Requested by

Host: e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com
URL: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 11:06:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 28538
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 11:06:31 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame A2AC 20 KB
9 KB 51ms
50ms Script
text/javascript 2a00:1450:400d:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com
URL: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2b4727366dbbf82f3dc7d48c30bc9444860158da542dcc4b04eeeb6e0a7b6d60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 11:06:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 28539
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8316
x-xss-protection: 0
server: cafe
etag: 7067238764211672077
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 11:06:30 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A2AC 156 KB
48 KB 102ms
101ms Script
text/javascript 2a00:1450:400d:804::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com
URL: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:804::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0937a8903ce9027c6f433ddda4c1c9df0c5e6d64aea3696396b0c22c0e85661a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48832
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1676324880006035"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 15 Feb 2023 19:02:09 GMT

GET
H2 200 container.html Show response
e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame EDF1 6 KB
3 KB 47ms
46ms Document
text/html 2a00:1450:400d:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023021301.js?cb=31072411

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://m.1news.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 19:02:09 GMT
expires: Thu, 15 Feb 2024 19:02:09 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 3E29 624 B
827 B 102ms
73ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNVDH-9jCrAlbEFBiZPlCKIAyUfw8RPYoGa2VDkclqJisp_lIujA7EYyh3Fqyz54ON1skOFMaQN64NdtZiyMBgDyw1zDYRLahUoDyumvtSprLDmIqu_ImyIwRHFlPa2SYKNvpNMDt6mjCCeijzYxgydm4iK9ze7tv2Ov_XpvHkiaszE-mjg

Requested by

Host: e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com
URL: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 19:02:09 GMT
expires: Wed, 15 Feb 2023 19:02:09 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 9D27 78 KB
27 KB 214ms
173ms Script
text/javascript 2a00:1450:400d:804::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com
URL: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:804::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

16b432ac8f43a6b2d8aa358f41ee60e2ef5923b2645bf2c37f3a06f8334b1557

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:09 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27790
x-xss-protection: 0
server: cafe
etag: 3677590245327912432
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 15 Feb 2023 19:02:09 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9D27 42 B
63 B 124ms
84ms Image
image/gif 2a00:1450:400d:804::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DeXtQutOGsxRKuI29gEEjKN7WJGpUTMdt3GfYWrCzT76CtK63ER9zPRQDjtP2qNhsCQkJ7_hZr-sXyujsDUnpK1L0CPxcQZL1dOQ34e-_QG4eURVM

Requested by

Host: e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com
URL: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:804::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 19:02:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9D27 0
20 B 124ms
86ms Image
image/gif 2a00:1450:400d:804::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=18437685158599474649&x=1&ct=77

Requested by

Host: e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com
URL: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:804::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 19:02:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame 9D27 3 KB
1 KB 62ms
54ms Script
text/javascript 2a00:1450:400d:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/window_focus_fy2021.js

Requested by

Host: e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com
URL: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 11:06:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 28538
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 11:06:31 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame 9D27 20 KB
8 KB 49ms
47ms Script
text/javascript 2a00:1450:400d:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com
URL: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2b4727366dbbf82f3dc7d48c30bc9444860158da542dcc4b04eeeb6e0a7b6d60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 11:06:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 28539
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8316
x-xss-protection: 0
server: cafe
etag: 7067238764211672077
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 11:06:30 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9D27 156 KB
48 KB 109ms
107ms Script
text/javascript 2a00:1450:400d:804::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com
URL: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:804::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0937a8903ce9027c6f433ddda4c1c9df0c5e6d64aea3696396b0c22c0e85661a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48832
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1676324880006035"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 15 Feb 2023 19:02:09 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 4E58 13 KB
5 KB 49ms
46ms Document
text/html 2a00:1450:400d:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://m.1news.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 28539
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 11:06:30 GMT
expires: Thu, 15 Feb 2024 11:06:30 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 2269 783 B
1 KB 187ms
70ms Document
text/html 2a00:1450:400d:80d::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2004 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

ac8f965903029128173d193f1e0268c1291cca25fa8c9f2a9e6b4fe5e772e10e

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-P9XpCPuJY1nMdMC0xlq71Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://m.1news.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-P9XpCPuJY1nMdMC0xlq71Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 19:02:09 GMT
expires: Wed, 15 Feb 2023 19:02:09 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 392A 624 B
505 B 82ms
80ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNUmXOM3K5igROqxuH4omgZW8nS65RnEGwb0eFSJRkRED_wFHToNdE13NF2fyH32zARGmQEmY1JROSLLyRq8wQdaK7kO15IN6h2XXOvKHoHytfBZ8wAi5l3Xq99oxHDwNPr7G8GhjGnzw10qdU4cLxmY5JJ_ku8buMrIax3ZD9MDc11_mDE

Requested by

Host: e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com
URL: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 19:02:09 GMT
expires: Wed, 15 Feb 2023 19:02:09 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame EDF1 78 KB
27 KB 211ms
210ms Script
text/javascript 2a00:1450:400d:804::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com
URL: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:804::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

16b432ac8f43a6b2d8aa358f41ee60e2ef5923b2645bf2c37f3a06f8334b1557

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:09 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27790
x-xss-protection: 0
server: cafe
etag: 3677590245327912432
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 15 Feb 2023 19:02:09 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame EDF1 42 B
63 B 80ms
79ms Image
image/gif 2a00:1450:400d:804::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CThTEZgKFj_GJSG1WNtRdGHNAl2Wbe8grmLh-KOzK_sgTsg9lobb5Hvz9AZ4ih8-gzDHzGYXNIdThy52aWL7WT1qrEv64y_eXOMxHVnfj1ppoOSHc

Requested by

Host: e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com
URL: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:804::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 19:02:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame EDF1 0
20 B 80ms
78ms Image
image/gif 2a00:1450:400d:804::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=2134767062722660783&x=1&ct=77

Requested by

Host: e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com
URL: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:804::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 19:02:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame EDF1 3 KB
1 KB 55ms
54ms Script
text/javascript 2a00:1450:400d:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/window_focus_fy2021.js

Requested by

Host: e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com
URL: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 11:06:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 28538
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 11:06:31 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/ Frame EDF1 20 KB
8 KB 49ms
48ms Script
text/javascript 2a00:1450:400d:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230213/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com
URL: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:803::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2b4727366dbbf82f3dc7d48c30bc9444860158da542dcc4b04eeeb6e0a7b6d60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 11:06:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 28539
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8316
x-xss-protection: 0
server: cafe
etag: 7067238764211672077
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 11:06:30 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame EDF1 156 KB
48 KB 111ms
110ms Script
text/javascript 2a00:1450:400d:804::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com
URL: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:804::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0937a8903ce9027c6f433ddda4c1c9df0c5e6d64aea3696396b0c22c0e85661a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48832
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1676324880006035"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 15 Feb 2023 19:02:09 GMT

GET
H3 200 6-mBnbZZAXMPHT3hzvxeUCpCwb2zquUgwTdAFaKOTjQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 4E58 36 KB
14 KB 48ms
47ms Script
text/javascript 2a00:1450:400d:804::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/6-mBnbZZAXMPHT3hzvxeUCpCwb2zquUgwTdAFaKOTjQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:804::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ebe9819db65901730f1d3de1cefc5e502a42c1bdb3aae520c1374015a28e4e34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 06:22:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 45596
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14458
x-xss-protection: 0
last-modified: Tue, 07 Feb 2023 17:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 15 Feb 2024 06:22:13 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 3E29
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBagCkIbp3-r2EvIJQpQ4QY&google_cver=1

43 B
632 B

21ms
21ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBagCkIbp3-r2EvIJQpQ4QY&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNVDH-9jCrAlbEFBiZPlCKIAyUfw8RPYoGa2VDkclqJisp_lIujA7EYyh3Fqyz54ON1skOFMaQN64NdtZiyMBgDyw1zDYRLahUoDyumvtSprLDmIqu_ImyIwRHFlPa2SYKNvpNMDt6mjCCeijzYxgydm4iK9ze7tv2Ov_XpvHkiaszE-mjg
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 15 Feb 2023 19:02:09 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 15 Feb 2023 19:02:09 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBagCkIbp3-r2EvIJQpQ4QY&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 3E29
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y.0sMfe.FPsdR4yCXzHdIQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELr45boJWrhRl6z0_PHVeY8&google_cver=1&google_hm=2

43 B
766 B

9ms
7ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELr45boJWrhRl6z0_PHVeY8&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNVDH-9jCrAlbEFBiZPlCKIAyUfw8RPYoGa2VDkclqJisp_lIujA7EYyh3Fqyz54ON1skOFMaQN64NdtZiyMBgDyw1zDYRLahUoDyumvtSprLDmIqu_ImyIwRHFlPa2SYKNvpNMDt6mjCCeijzYxgydm4iK9ze7tv2Ov_XpvHkiaszE-mjg
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 15 Feb 2023 19:02:09 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 15 Feb 2023 19:02:09 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELr45boJWrhRl6z0_PHVeY8&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 3E29
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEDHxoTbOuB4EDLY_Uj0eDSw&google_cver=1

43 B
1 KB

22ms
21ms

Image
image/gif

37.252.171.149
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEDHxoTbOuB4EDLY_Uj0eDSw&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNVDH-9jCrAlbEFBiZPlCKIAyUfw8RPYoGa2VDkclqJisp_lIujA7EYyh3Fqyz54ON1skOFMaQN64NdtZiyMBgDyw1zDYRLahUoDyumvtSprLDmIqu_ImyIwRHFlPa2SYKNvpNMDt6mjCCeijzYxgydm4iK9ze7tv2Ov_XpvHkiaszE-mjg

Protocol

HTTP/1.1

Server

37.252.171.149 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 15 Feb 2023 19:02:09 GMT
AN-X-Request-Uuid: b13d50c9-7e08-46f1-a7f5-319262ebad4d
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 15 Feb 2023 19:02:09 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEDHxoTbOuB4EDLY_Uj0eDSw&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 3E29
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjM4MzE4ODkzNTAwNDgxMzM5MQ%3D%3D

170 B
243 B

81ms
68ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjM4MzE4ODkzNTAwNDgxMzM5MQ%3D%3D

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 19:02:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 15 Feb 2023 19:02:09 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 934f4614-ccfb-4412-a4d9-daa5b4493a72
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NjM4MzE4ODkzNTAwNDgxMzM5MQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame CB99
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBagCkIbp3-r2EvIJQpQ4QY&google_cver=1

43 B
632 B

21ms
20ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBagCkIbp3-r2EvIJQpQ4QY&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNVRTyTupPnqPXCTnokQKuYp2WAvB-mlZ7qYJNV8HEPQ_25fc3ytZoF5HLRdXFgUN90jTdmyrwPaWY4yI9WjiWNzSgV7nuuxlyRDQRzWfhjVg8QRT-TC0_vu2cJksopPMjd4mujn03zBLqK6WTu9J8o18rd_Ft8Ze3s0ejcScXjpMQv-0aI
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 15 Feb 2023 19:02:09 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 15 Feb 2023 19:02:09 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBagCkIbp3-r2EvIJQpQ4QY&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame CB99
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y.0sMfe.FPsdR4yCXzHdIQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELr45boJWrhRl6z0_PHVeY8&google_cver=1&google_hm=2

43 B
632 B

9ms
8ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELr45boJWrhRl6z0_PHVeY8&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNVRTyTupPnqPXCTnokQKuYp2WAvB-mlZ7qYJNV8HEPQ_25fc3ytZoF5HLRdXFgUN90jTdmyrwPaWY4yI9WjiWNzSgV7nuuxlyRDQRzWfhjVg8QRT-TC0_vu2cJksopPMjd4mujn03zBLqK6WTu9J8o18rd_Ft8Ze3s0ejcScXjpMQv-0aI
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 15 Feb 2023 19:02:09 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 15 Feb 2023 19:02:09 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELr45boJWrhRl6z0_PHVeY8&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame CB99
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEDHxoTbOuB4EDLY_Uj0eDSw&google_cver=1

43 B
1 KB

30ms
30ms

Image
image/gif

37.252.171.149
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEDHxoTbOuB4EDLY_Uj0eDSw&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNVRTyTupPnqPXCTnokQKuYp2WAvB-mlZ7qYJNV8HEPQ_25fc3ytZoF5HLRdXFgUN90jTdmyrwPaWY4yI9WjiWNzSgV7nuuxlyRDQRzWfhjVg8QRT-TC0_vu2cJksopPMjd4mujn03zBLqK6WTu9J8o18rd_Ft8Ze3s0ejcScXjpMQv-0aI

Protocol

HTTP/1.1

Server

37.252.171.149 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 15 Feb 2023 19:02:09 GMT
AN-X-Request-Uuid: 6f3400da-1cdd-4166-9003-4872a6f3015a
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 15 Feb 2023 19:02:09 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEDHxoTbOuB4EDLY_Uj0eDSw&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame CB99
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDg5MjEwMDkxMjU0Nzg1MTc3Ng%3D%3D

170 B
232 B

87ms
87ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDg5MjEwMDkxMjU0Nzg1MTc3Ng%3D%3D

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 19:02:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 15 Feb 2023 19:02:09 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: b5dba006-bbcc-437f-a715-ca4e5bfe6246
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDg5MjEwMDkxMjU0Nzg1MTc3Ng%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 imp Show response
api.airfind.com/d2s/v1/ 48 B
389 B 192ms
190ms Fetch
image/gif 104.236.135.234
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://api.airfind.com/d2s/v1/imp?clientId=50012&visitorId=20728cbf-8081-4f40-b47f-ecdba1c3c956&brand=&adUnitId=&provider=bing&keywords=W3sia2V5d29yZCI6IkNoZWFwZXN0IE1vcnRnYWdlIERlYWxzIiwiY2F0ZWdvcnlJZCI6IklBQjUtMUMifSx7ImtleXdvcmQiOiJXZWlnaHQgTG9zcyBGb3IgV29tZW4iLCJjYXRlZ29yeUlkIjoiSUFCNS0xQyJ9LHsia2V5d29yZCI6IkNoZWFwIEhvdGVscyIsImNhdGVnb3J5SWQiOiJJQUI1LTFDIn0seyJrZXl3b3JkIjoiVGVybSBMaWZlIEluc3VyYW5jZSIsImNhdGVnb3J5SWQiOiJJQUI1LTFDIn0seyJrZXl3b3JkIjoiTGlmZSBJbnN1cmFuY2UgUmV2aWV3cyBPbmxpbmUiLCJjYXRlZ29yeUlkIjoiSUFCNS0xQyJ9LHsia2V5d29yZCI6IkJlc3QgU2VuaW9yIExpdmluZyBDZW50ZXIgTmVhciBNZSIsImNhdGVnb3J5SWQiOiJJQUI1LTFDIn0seyJrZXl3b3JkIjoiU2VuaW9yIExpZmUgSW5zdXJhbmNlIiwiY2F0ZWdvcnlJZCI6IklBQjUtMUMifSx7ImtleXdvcmQiOiJObyBDbG9zaW5nIENvc3QgUmVmaW5hbmNlIiwiY2F0ZWdvcnlJZCI6IklBQjUtMUMifV0
Requested by: Host: cdn.airfind.com
URL: https://cdn.airfind.com/d2s/bundle.umd.js?cb=FrfHue
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.236.135.234 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx /
Resource Hash: 47d0230fc7603fa082f5a142aac786bf60f98d83e221775640a19a61fc2b693e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:09 GMT
server: nginx
access-control-allow-methods: GET,PUT,POST,DELETE
content-type: image/gif
access-control-allow-origin: https://m.1news.io
cache-control: private, no-cache, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-disposition: inline
access-control-allow-headers: Content-Type
content-length: 48

GET
DATA 200
OK truncated
/ 412 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 813963dd0344093338a322842a0251436c4a75efee1eeb0d9f096f0e088d7713

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 392A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELr45boJWrhRl6z0_PHVeY8&google_cver=1

43 B
766 B

21ms
20ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELr45boJWrhRl6z0_PHVeY8&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNUmXOM3K5igROqxuH4omgZW8nS65RnEGwb0eFSJRkRED_wFHToNdE13NF2fyH32zARGmQEmY1JROSLLyRq8wQdaK7kO15IN6h2XXOvKHoHytfBZ8wAi5l3Xq99oxHDwNPr7G8GhjGnzw10qdU4cLxmY5JJ_ku8buMrIax3ZD9MDc11_mDE
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 15 Feb 2023 19:02:09 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 15 Feb 2023 19:02:09 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELr45boJWrhRl6z0_PHVeY8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 392A
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y.0sMfe.FPsdR4yCXzHdIQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELr45boJWrhRl6z0_PHVeY8&google_cver=1&google_hm=2

43 B
632 B

9ms
7ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELr45boJWrhRl6z0_PHVeY8&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNUmXOM3K5igROqxuH4omgZW8nS65RnEGwb0eFSJRkRED_wFHToNdE13NF2fyH32zARGmQEmY1JROSLLyRq8wQdaK7kO15IN6h2XXOvKHoHytfBZ8wAi5l3Xq99oxHDwNPr7G8GhjGnzw10qdU4cLxmY5JJ_ku8buMrIax3ZD9MDc11_mDE
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 15 Feb 2023 19:02:09 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 15 Feb 2023 19:02:09 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESELr45boJWrhRl6z0_PHVeY8&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 392A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEHBkYOspEGxqtuUB_1D52PY&google_cver=1

43 B
1 KB

193ms
192ms

Image
image/gif

37.252.171.149
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEHBkYOspEGxqtuUB_1D52PY&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNUmXOM3K5igROqxuH4omgZW8nS65RnEGwb0eFSJRkRED_wFHToNdE13NF2fyH32zARGmQEmY1JROSLLyRq8wQdaK7kO15IN6h2XXOvKHoHytfBZ8wAi5l3Xq99oxHDwNPr7G8GhjGnzw10qdU4cLxmY5JJ_ku8buMrIax3ZD9MDc11_mDE

Protocol

HTTP/1.1

Server

37.252.171.149 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 15 Feb 2023 19:02:09 GMT
AN-X-Request-Uuid: ce1ffe87-66af-423b-8cba-c204a08bee96
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 15 Feb 2023 19:02:09 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEHBkYOspEGxqtuUB_1D52PY&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 392A
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDk3Mjk2MDEzMjgyODc0NzA0NQ%3D%3D

170 B
232 B

68ms
68ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDk3Mjk2MDEzMjgyODc0NzA0NQ%3D%3D

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 19:02:09 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 15 Feb 2023 19:02:09 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 5cecb857-6124-4061-82c8-bc004acded2e
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDk3Mjk2MDEzMjgyODc0NzA0NQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A2AC 0
20 B 79ms
79ms Ping
image/gif 2a00:1450:400d:804::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=1675432102544&version=m202301300101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:804::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 19:02:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A2AC 0
20 B 93ms
93ms Ping
image/gif 2a00:1450:400d:804::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=1675432102544&version=m202301300101&ct=77&x=1&cor=16828254459655858000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:804::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 19:02:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame A2AC 15 KB
11 KB 67ms
66ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BjBQvS5Qarfi5fVV5K882JyXmqjc44tUKm8QEpWMz4GtU9n7_VPgNTCUBTBojulYdzgRFOPyjuLNbRzl7z__khOBGpKzPeM9_kXOwJhHGCEz-AlBqWMTNRXFkD5VbRNMHAZh06f0BG2HkUMNm1uYRdmOoTQ29IE8TwPifEi_xCTOeZSaA&cry=1&dbm_d=AKAmf-CNiz7qYkA_KB9zrvyOW5rTUR4CepFqr7J-8yqwB1a4g_G_wummu5T3QabSKm5sng9yssqgH5ohU74mT-v7QAuy8HnY8nt6rTBS_iOA96Uckgl7ejC4rGg035URPo8ymKjzUrcAuehOviZB6Gx4Sv9oV-V4gDDdyI2HMigf91OBIJYqJjlcsaD_EeUc91032etJ3-UzpmhhtnjpX4OWNkUraF6R6IhOumgTr9yS0q3MoL6e74LjBeAvNOJrJqLAgPHT9SpFlXcwbfdBbV6d3rN2udgKJpYekfisTyjvZocDPk58Mc2Z3zAYEtjUo8gSGuozQSy3tfi54Bl9oyKkd0wf38rLync8_CZy7ITC4BjJe-X5q5nVZ2Tqqvcu4UPOdyaKf9-nEvLoBRzXFZlEkTVTWI_LtO3fjqaC-CHaV_yBJ9KLBajfMED-FeZ4IPhCUSLquTvdIwZJo39SVEt0BIicxl26ulNJCI1XJV9z5CMoKFg9kZ0IPOH9X4DD3BUBPwt4RtEt7GtNZaGyzmKaiIyqv4WdIxQF3b8OCEAXaT1qnLjsf1FMv0FhLwsSQcHtrW_WfD-TUgznIeYxmF3DCuOIpCSQzDhP2PX38Zvf0d5VLnS1TwzLBBiGsooWMRYMpEabtXmyjiO5kg3IWd82DxKZCH1R5n0FQeRfLJcw_fMSfQOGnh4-1-M5PfuV6wUD6mUuhrDFoFU2R0M25NPCv0swLQIdULqJyKvDk0aVrfBnhCcV-Gc2pTKNlgPpkHNIKxJIEUU63xdf6A3K3v1TcOLXW4sptFVxXoXs7Vuiz7fg3a-EtBaoKz-pO11TXC-oLeewIJBm-rcyMa7i-OgjIs6FV9Rd-WqwxWUZEfIZN74w2VYrNYc3ALxQGReVgcfnoFUA_rcxzTeIE_KJNRBT5r8ADW0Oo3hKQom8D2gDZu3X7eg_9ZtHu0Dv-sPDiRpekMA8UoNgt007yrnVqzUSQJcveg2W6wz0KH8PU-AvRA4YY6C0YgK_4xvW6QR3W9sAjKR2Dn2Q5lZPZkpLinWoaAln55Hgepws2J3-8uKXNrHYOjMiZZ-2-6KKg8O6tixdgslQHd6QpRlZuvl4xx6JT_jCAFcYdYVD1Let8nZD2XBMQSptSdlhMfq5EmSb7EEMxNzo-l2YR4vr5qZ5AsZD2IO8ArZZZaVLKj12rtQIbSdCaYy3SdVe4BOiFMIPkfFJsSpjnoi1zALfU7vTiT8s45Y_4xXAfWDKSlSZ5AQO8VmYlXevw2h3aStknICe4AP9XzUwRLhKkh88Cs75F9oPGwuewSk-LLAKYGDtXUBq0aAwDFWuVN9p5us-ZlxzkE8i0dimXQVvqgOjsBoHmKqo5gK5Qz8slscZhE9AszPCQGjAhurh6lgI4ARiHpMkeK-PMszkH05pIvRWxq3M-eWnDNcXbN68TbejgjPUyyoqYd0bkNzM0EuimVkT75MlbDYFdbY0w1w0JrhSl_wSaNc8Vi1VWQpwln3HEjBYGkSYD_CoOEnMTcHwAsTqSUZSZ0Cm62zLlvix9DdmLROGOaaUHTBQvUIfD9p9pgEhoLFNR1ihQbO1HqMo6skrgFPfWoMHFiFbvNjswQsDnc0fb4ptz32NeV-QKckju1AotCKsVCniq25ovzogkPxbKkYL8yJ8gXiF38ICf8EBEdx99aJ5kiH2AUvTVBn3x4fhHJsG4ka6gTE9GRUDJ9w2JOhbnmH1dRGrmE_dDofHzni_DByHdcIuOfTvXbytHApjw6Gh5zlkhen_vfuEAVLcKOIs7EJiAcjn9y3eJ89zidsT5UUtqVYGHgO-lE5BXBHAXAOfKwXjTHBIA6VVXBFaneItLKIukNFCdykrspmmy_f9b0aA6ELGubDdOxM3UT45TO8soP3VRaYAZieuk_RvUvopL-d_LgMYQce6UyRCTRr8FBi0z5ZMSE1FIzvnh99RmmS8OV8F_zd85GMGl-vxCWUZ0VYy_m9fyFykYZJsra7vz-2eia4LX1v8HSHVvhIpO-8pikUYm__bEAARWtgx2eedO0-3Gy9Er70LElW5NZNAevGVrkkRu-R0f2wdQhR3tQ_Z_LdXaLXV3DSDB190yOeKli-R3onnX6Ys5JCGqujuDJY7iiJR3HMoOezqi4v90oXZcoSoW4PkfLgbzJl1Xdof1avsCA2BrJADA40i2RcExlI6s7OHYdQ2YwdHslIH34Y6dPdY5P5mQIlx-JkhrwohLMz5eLdhCxxXI_zvMHup0N8kPDbH4DvTuv3ehQjHQV7iUVU35Y0jPRQzr34yTWGluP1DtFYiiFmFlsJAODQ6ojQ3pHDXBnjBPdM2zddAoPWPNc6JWTqYK8_xQpig7ULAp6OSf-J8tlI0HXsDSsKZEdnDxo3YAsJQKSAQN2wwcvySbFDHR7J1Jn-TGEPNQWGzcl5MjUwtYVRf57-_9OphzJ62ZGs3Cs_CZTfHFpcajbVvBm3km2XOcn7h00YfxeGWISvVyVDbEBg5qPh2FOzF2ipk1moUadiR1WDrGR3_p9NRoRRTdRZv5LYs3HVLtyQFyY5Fe-SlxyEAlo1yVGcL7dwN2Ng8bpLwbXyv6qSqbEJ5nBhddn4nlvSf77c3EEWQQUmkNVbLWZxq5uMr_VK-npYcBcjlnqyTdMIMclOhjecL1tyRvvmOKEtaiFsYnGzvM0LnzDNoLDgOm_jzdiYsrliZFJvbDz0c6lHX9xsISS8lOH6FiiSUV5BrfTRQJCY5QE9-vNz4ReSQdBbdlMz6mU0ez9vg1PoeRdaJgQu-fB9nP08oQCviPAjBC49ynuYpo4rG3gg-5yXURxNs7kRtwI6sHIPmD1AXF4k3FDTqTvBpz4kmTHHwVPvtZwR2NbhWJ_TO7pcIXztxbik5EDyD0TaF9R5q6Tn85povaCmde4tYcI5ZEQfNsuIsVf9eh-gjr8l3izWbudeazy_8ukvIRnqA9rBhvdBkKWBQrQOnhUTbRlwYuI8X7LKAdm9Rm4vHg45ooGIwIoi7x3GTyAi55ZRsVUJy6LBUNSkS5xn0ulMs_vATeD0hPWs4BGfVpWP8fAdTmuF3Ipq4Ty0RPdmxe6QdDHK7fv3bI0TrzgI_cNnUIY1qkn8O7o0avWaVxjhb4DZv_q-FwNErHZIy4qFgs7HZkw3mNy-Kk9i3ZOx6L4ZctpS8oekkT1iC04lFI2KMo_U7meFjzxVM6vJthmt-CHX_CFXFbdo1qVhhsnn2AX8gxkv9OoAwDVDwfpfsKS2AkuNLDbR5DzOlM9r4JzwVB5ib8Ca_ISdP0Z4RW4K921K0aREqoYKmjoxGIMCXCGkZ_245mTnxXTK8YejVgRt9PzzQ-PRkpv_91hCtvpFzhxE-OuPIsZbFaJjzpxz3hMjsnEE7Ievz0fPCSpbb0wwhpd-K36c-1KFkDrmeM9_2YhSSySA_tMm_gM9RW1KVUAbyM_-n0xObun8q&cid=CAQSTADUE5ymbO6i06_HHDVvUmsHOJYg2BY8AXJJ7HoheChFyvd2825TySFfJmk0qEbVBItLAgBSTfCc9ibXCaeUYtVVLhCGrmwvCIbiLuMYAQ&dc_eid=31072035&dv3_ver=m202301300101&rfl=https%3A%2F%2Fm.1news.io%2F&ds=l&xdt=1&iif=1&cor=16828254459655858000&adk=356101037&idt=253&cac=0&dtd=7

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

24702113471f07440c01746310d208cc1dcbf8e519a7a57d8077c0feb086c1ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 19:02:09 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11426
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 2269 0
0 81ms
81ms Image
text/html 2a00:1450:400d:804::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2023021301&jk=3173225333372820&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:804::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9D27 0
20 B 79ms
78ms Ping
image/gif 2a00:1450:400d:804::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=576002270763&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:804::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 19:02:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9D27 0
20 B 81ms
80ms Ping
image/gif 2a00:1450:400d:804::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=576002270763&version=m202301230201&ct=77&x=1&cor=18437685158599475000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:804::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 19:02:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 9D27 15 KB
11 KB 71ms
70ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BQqZOO_fh1vbd_ForlothsS2yzd5FS2ReroK1WyH1LUG9kXbYXXDcPiZVx-PkUiM-o9NWbVct_7WlqMSZGVErdW6KuN7iNtj5yzeBGEGEqu0RhCTSWcAwxAA7iTr-5tSWuePDq98XGkS-_IAvY2FbV2HAG6temhx9LrY4lJeuGDgBVP0I&cry=1&dbm_d=AKAmf-BBLyOlPTzpFH4WUHspelrNMFa_tLz4omOkaU4rdWDuBeKHuOZSq-o4ojHkw1og3Q4kKvkwbHy-o_W17JgopPkBQzwfF11dlV9g6un5Gqnb71-gLxJMAKxauG2RDjPp5mFvNLdiQNOdPlQY_MNnNMdbMSITnx0E9wL34DlPKVQ9hPurAQ4jkpRcSLb-6jL91xum2sqjKAc_eVU98zX1x4hIv7NlVOkBYRmeOVgjYea7qo7IwXQiSCbleRDR4RzcsQAtB81bxePjWFKD97sPm4p6DT87VIgn0Y-GSOL757bTXxnek7AI9I7XGFgbjGoo8P6BuNEUiFr3RJg_BEK3jp-nS48jbomLrja-VYc-IKM74GTmCuKpsRePoIAi69ra8tOqz62-OPeFIlSjbbhgec2_3I-wAtJ_BkfNSZ4YL4Gjwo5qh0-rrrCE2WEI3nk3n5bxSMquhNILi2T4E4liajQiOilAkQfss34DegelzbBlEjACeKY8KID51gUMkARlYpDSicWEnmpewO8Ib4bZVn7Z5Tn-73pdyO7GNm71L15tgMVnO1hHu9upQBfdst8Wu2c2EidW49gaEq7KnTG0U9NzxaGXL6M6xWDf6atF_OLxceBHuamPwfmsoLRSy28KhEsFjm0uZTYCWUi0UGukCXj71pIVBmTTjpogglfSUmWUmniVmvX-GnVvySSXFty2uwvvQ3SeEWBh5I2BHI5BejGAtjSuY6yc64uh4nQmHqTYy9T_whXCneer07fMfC01krQfzO9oUbyeHVQ-D66qD2cM0MGvVdPbkxKaVeb9tRY9S3DEzeXjXTAs_D5nxGilBNMWIksD0wydjDt-AMcHQO-18cD3w3GD68L9QVWgd-fFKUOxXuj7tXZ7-oQdSD7I3mOCfcTogErljc0wqBxzICqz602XA9WlgD2gFeP36Fdl9pC9MFbMNd2U_aJ_fWDnC0b17ta8yT9GwgYuyOMuqoQVpv4NAoOevhmc96E4_hgxpeRjfKwGMHsrz7mDLketrnFlIfNe9Zh5OFYLuO_pZj7AY9QOlthn5bVklQFesmF25HEn-tof1S75z4ufgV-ykN_Cn_XsGWx32o3mND0dSprYWQCwgbwlO9DtYJD7Wicsb0m8dCRwE-RP_NoHpjmGoCCHtvig6hMtFPm5E15dORsPa81CaAISAuY_Vtrz48XIFPsnfrYRwC3dkgXXasInmk82k-YxnwfMN6Jv3naKqbpbfEI2XSUwng5IicVDuX-qnDPgis25HQJQxSaVai0rIhotC4UHQpOGvJ0zR5NbhqGTDWbeZQGDNqhHcPkTO1SUj71y8XVQsN71gqAOwMKWhjlbWoWNNXBfTFuaaondkBjKPLl0TIJx5y2JAEZnTGAOYztKJCloJjlF0HIIqvFNEaScLGplvvm884mK9YuQuCPaw-vfteZNUoWheF5fFGjGmT3sBQJ0MzJyl0ugxCm5lUz6PTiT3y2Vg5FHKymYjC7KmHbC-uC3_1993SNM2Ozg6BJ8E32V1whMnrEYBD2Gxwom5r9rEhGN6GkmJjAhDOhrypKiW28cHPHZQWUOTpAikU1dbnZFR8G80Jh6N11L_UsaniGJ9DHFeTtGAYNoHN-VhpszK5IqMnxFINHwplgGFCCBTfeuO3ryCoSSft10WnNa7MoTOGN0-aKUS7y8RNGhv5txa3yIPpctxPM1PEZqeHB16CQlQ-h7qXcRnQn1ZEJQUsJclibIAQZbCdO50QrBNnprpbZb9OqQpw_de8h3oq0hP8paGz6LYZTDtahLzz9TgWHVHiWXqd4XD-l5_P-3PUksIPcq8XrB-Xr4IlC5Ji9jwiIhfxFPcgFs829rS4jWwH-zVu6rFKjnFA4aHFnSAI5h-CYrP-C8OpNrWd-aH22QbeCEGrlaRFDWVp2afvx3WsK4x6Hv-CWt2hZpAqh3FppDnj1DxLZhoiojID8Z1azt-DwbiHiZxaKdfgF1JXBpnelhwuKsd6Uj21ifYAYzg03ndJtxmUCNPCSGsTvsMrLxPWxdDXrcKFI8YP7_2oiNcDQxYZNLnwzhCDGsOVWBUY_Sl7jSfZ7wbdOnxsokZ6cUWpG2aii4lMHxg7hwz0ZALZbcor1vhaX01VIxmv9UofhPrUbYtJoTI6J8B4aPJAaQCNbBxavnoDvtKPnE9EWI7TnFxLMUAMfHMSQbRFiFiXSWJYLHxkCqKEIWqIJpbCZ4x_CbYW7b9JvE-CooZx8ww9t-gaAFqYU5NuhI_5DBIUK_MNR_utreFo67auZ0nKeyNUMSbY99NERTUm_WawwaaA1NcWR76I45N6EeiQM-trvjp60wymCSxm_FjTVdAbs2DRV-p5IW8yo_C-JE0EbTrhhQEGtDAKKPNNME3bQ9z6Qn7UxkMD_Qw2pcyrVrtxFNr2OAvtMehTc3csHaSnkX1tK-uSSyJdOBbb7Ga8_d43iREYGjL5kAOiP5SmdFblK7_nIbrWQnkWRA14W7wnXL8AS6713fglVVC7uMUdr99YuuCwWbSGDQBx0IKL3LrAX9mtAmFVRu4q3ZC422rU28Hla1Gf2IvJQy7Is9cXM7kM5ogzVpAt7oxedNpKs66YCThdxylwX5Flw-20tysNN2Ap_QS8QiVO_8DrNBYPJ26hbhdDAphLCt2DjYXggHzCxChKpguiSrRVc1yid6WFKoaj4fIbp3VvHXQI-u04J3g8e_U-xeEwhhESQVte8mHssh3mFwiy3vR2r4XT8QafRiddoh0aZbwT0ribneYAN8h6yS9qYBzFPaufj9R19I4Sahi62dakpQSEqtR0VcBFQAulA6sXVi8NhGs4JivQgyQIieVnTOMubdqrqgAmkVHdW55BqLwTCS3Od0jDmnH8N39sQN8aKGXfXC86UX-KKVv65QmPSQ1V7Gzin0_Xx6Js6cJoGnGCr_J2kDrOHmGgnwpYP-XuLeQGThEOVgYK3uO1Mya6tK1lCnNbYDD26T9OnSIOGy85vD-q6c015s6bYV4Mewyc-D_ZIoFRz8bi4xF3ywtHH5q0V9wo7vK0qkdmgcNCItj75SqYYTvjgG_NIzRtP644y49h1N8lP3p31V7oPuV4WqpMBU4tuErVojQXcYuKsRp6WEsp4EMO414prJj_xozoZw0Ivvzg3oouj9aIV1wjVPuUAqiCCRBpAW0Tvgl65fsQiNSihttFXB8-Khld4yKpQdejoiN46e_QyMVBSQPXYfcqbYT_0gaBk13upgl5fny4qxbJJl-sbQM3WPa0Hb1GFCdt3yxM_c0TUixDaH4-LWLvviBmrhOb-Op9XQFAVU37HxxF6y_bzqY5ZmwW_ae-cKFAxccOs1pL0xQ2_9eC8RWTuEv9LuS9o1C_MJ2-0MB2fGe-alKy6n1meTk4WdNHi9QNLfaV6JPomwHmHwuf6e-KU0vuognzL55ZRW2eI&cid=CAQSTADUE5ymtOCcHHfih-9BnOgmJ1bzGjh5s9eylvIJLX1ybiXEJTSv-z3KRtaz2TIPAjh0C0p1RrwIRHIZZJjy-p3F-nOEZsqByOWK7WoYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fm.1news.io%2F&ds=l&xdt=1&iif=1&cor=18437685158599475000&adk=2923430907&idt=236&cac=0&dtd=8

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1011d8b3025b752f51dad5b5834a225ef17b8996cf90a03b3be5d477c97cb76

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 19:02:09 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11469
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame EDF1 0
20 B 83ms
78ms Ping
image/gif 2a00:1450:400d:804::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=329601202115&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:804::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 19:02:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame EDF1 0
20 B 89ms
84ms Ping
image/gif 2a00:1450:400d:804::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=329601202115&version=m202301230201&ct=77&x=1&cor=2134767062722660900

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:804::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 19:02:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame EDF1 15 KB
11 KB 75ms
72ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BGacQ-rE4bJ__NwHKYzT45yKnAswvkyC0sAle3HfTv-6sA8xp6eeD9FX4O1Z4cofOMi1pJeCuxMgUw8l11WcDgGhwiB_c6c3cppjC9VVswiSFrum8Dm6Gv6jXBPedow59vDjqPBEwlnfrWJ6ZMMotsg0EcRxfbbQyhbP8DZVxJIFMzcGc&cry=1&dbm_d=AKAmf-CS534ZaT-H93f182X874h5bSzmuWnQy1wXokHRDfWjg3QGPZ78Fj7UPyEX1AqXmhfqH0eE9wEsQ3FzIDtxrhnhA1ZiPhOXbHwfc4HtF3eV1zhaUGuljcHcCidx11nmZlj9BFW_V0YZpzOfmx4wuWi_DPtDm0SLGDDj0Zs0nOKQzIxM_f62IgbVnLHOw6YkVnUNVE3ScfHT-XwD747fLtlsBxxFlv91lMoXq_oT47LGGjBXGCWluM_3mGMBVr-bC67DryVF6HuhOCMioYoO-a2UHHdtGkS6cIiXY0FoV1D1IYwpoxAe_keRc7m0N15N6ovXIeR7JoX94DYD21W2Vv0wKvXbCabO7hEB5vlfjZIkl5eQgA0tJkb2xlQD-j3fTkUlPdM6IiTBJ2PIWwEgESQsr1W1UQhbhpstYXUZ36Gt3BlUqR2wXc_VrJt9vLIzGcH9iaghSo1vaiFW5sxbo79644xfz9ueo4NE6RXfQ2OPePtZgLpDG06geUE5pTEMiY8xuq4qKZb0nRhXNdhWoH_k05V-YYobJBtBFJyLP7ajT1u80oE3CIM-1WkSUwI1PuQNFiO5hfx83-ND8A90r7hD9D_AKz4gPonWVdfx1-MGB7eX-PBjmBx9moe2uXlo8AOHaX4Wevw385lKh6YiDWscyQTmIKD0SkjuwZ6O4_20TD5oeNInAgKimVzD_fRrMLL2kgcYQcZipCBQ_SAOs9iph0EUEejeCL4FVf77-Th9DmS3-JLaBd_wRkx1rc0dQUJvLSmF2xdixElqjP2-PlRztnhIfAmD9cQ87ktI_-b453jynzPIOzhbTAHsSzqDWpchX11d10nvBIkXOu7jBlORzkRB2uLWZ4qGlveCFHdT91Kw6nMGcSTzPpbU2LI_ATBVqAlVcu-MrKl-bo9hbAF7YU1_N6FWVMXmJ4gCJB2qIqVzhekSpwZkJ4gJxY49yH80sVz7D0rlh86HlepULTPc0Qu2RNlszWpEKuwy5_f2W-sm3cQn2qHNqMw6sEP6e2GFtsEyv7iH412STyS_I4wvfTUxsHbDHOmXHQWOp8wMKkRmDKlP3WglrBYUavA52rhfCBplNT7rgNPNbGYphWoIjYAlB2tEeWytH08-lF-Pjkyhsn5X0IrNf70u1LIOcR_ZWpqpuwUEP9LDvomP1CbPG8YjZ3wnK1Xpkqxjboxe2Ti0PNCFsAyBZXkgHiKDrgcCIj61qesE3P3Tqla-eZxu8AKbjoe6ws7bn6S_HbH70OBCiMwBBsaJsOPVIhzyMNBAuKxWRSfz8PTUz29yM1Ha_rFex1-dJNrAubhZP3Z2sHcBVL6KCWKRIzLtHErJTwCQQyb8UgYxxQmAVfRCH-7j8MSKj4tz0bxs5ZmBPBMnHKOIZOFqmVqbzXcOYcJpz1jyPqH24J44Cb4qNNBFNFDWIexB591rqLNImSuoiXUX152KP3nBAF5ZxhxkjD5rrgZyMBx8KqlyZ9sjvvK5ch-ofBxpm8CYwJ2A4nTTEJkGhXhFpxIbVHLAMYtLU2wtKO0VpQw5gtWV_uLuEuujzIraIlwoSgI9hK6-Ib-wub4YyjuA_XrPDx9UQTcb8nsFzJ642NtduxrUTVGcQWK5NCbKejzdzhR-J8b6yf4sTKQPb39hq3Rtv127wp81fiykOb4NbdcmyEDTOUfgxHE-ThGFVjOoR2w3RJ29nSvE44bfrkgjFGKz6NmKfG1xtSXZAa1AqR7xgbDJTAIXlSE8NUX-QZeceevS9xWnaeSNl0Cm80JM9Zid7FqdarZxfjIdxY62f7oeQsE07RjVZ2fxM9Ja4TWA8SmdlpCW0uowSKegwq2c57bLaPLknzmm_iyxPzbscEWO5nASltZonWCthl0jKk2iw14zg480jY7N73Tgfn6CLceJ3d0UaJvf9vnB71B7Wuziig9GgJIm2IAoz8-6qDExByJE3gxD8VI2naLm8TQgcietjpEfNG_2a6APyP039ef0HEtZmk1aA5oFz7ck3NOmFn9iWjXp0UavuSpjDiQX-bE0WOu89sPzaBfavuiyKcWzMxuPklRdK4HVQ9NUwk9BTXW6fYTTGbOMO7JvgQWn-DoplISWw1pYSWFUoq-tl4oPy-QxzIAYiiv5F8XMtDIzc2uc-8m9270itgvU47p1bLKcnxIIAaazB9XasZ7x-TujGIWbNl05923tYgxHAhGmUflZ5Ey8Og2CaJeJ0wfI82Tivtf88ScJOsSjmwG1ji7AcwzdlkJp4HzgE1wVw3KsaEQS6u6nteqFXCN3zFAOzu3UdMM3kCMN0BxbFU7lMx8Eh0GEJKh8yAWaVylLxYWffintmqLn6WrmJhMKZV6l4244sGbUZ69FZ3HBs4ZusoKPn2sNPLG245opeI8WWla0-_5s7UIauX26iXBDsMgzrbMK7aTbH5eLJiGU9oMk4EAPooxgSLWKhkNSjLwdnGMDu8hKwsZwTCN3zjJxoVC4zgsD-vLi3WIdjfdkTP3cuByJbRE5IR9KfZz4BdAChqcSOBCuIebB6dHaj4qtmymGFFFr8IBYTdalT0ra168JwXUM_ebQIumfjFNxu1I-ybRjhYhlS38h3zziMTRQgqqkNvHdDbDAm10HnAYqv97wdVnjcb5cwMNJ-VoBnlwN437W4IE9RthDczvIjauopQvBKYaB-Y-h4O_nExFrsYcC6T-KFQVUEE1givQptWYysf3GuLHeL7sa8PtL7QR06aGUCxBgJIHoZSPQQUFDLDQd2B1CCCWERT1Jfm5AzC1dXerFssK2hxZq7jOviIEYk9RXrAywyDqsbH6TUBY8PaVFnj3J56Ae4-h0gv-k2P6FDmbtctaZpv_D75y36pRFOci_HtQSGV3jNqOHyj-B1haeOAodwi3cf6OX6rKR-50hL8VGNreP7FGE20jmPiGDcfBSnMvThrfenlrfBmjZIe-aScRgNALiU1-0FDolqvGX8UE0bZn-dYL0s9VtO_BYrHvD6A6rdzefJCLSxv2tjVH0-cOfDvkjKuiYfrl8azACDobM5udoeXmcq7sHg8Evs3YGrtKgBSYrvyG9XR80Ku4EljyFzP7YDIiJd61divDXO4KyrytfmXn2evtgqrxl9m0_xrpeTgev9pJtfJTilrQVLZG2RN3PuNbYy08jRiT9lFqSi_Mf2gWUf_o8GE9N7aYWYXFgwRm1m0NV9UmGlVGJXg8jtl25gnB2tKpqJMrX3hdsXgsm-VkExNv3xuXvxjJatt14eRJmFyBn8ATrOFZZslFoEj9yPa-WT6FjLPPuciXagGrtjy4OnqKHLzn2tL3G_jlkWwQCvLpFELc7rdoqrfmkmpGqCWO4FRqNQ3WmsgCrLbrJO9GYoL0RS4kNLNIXFtgKTYASGRwQp_3EKzP7G3bK3RW51lXQ1yg_adJc3oK1jkU__Q2uJMpQqZmgLRrcs8R7OPqZvD0QzZDCictbpocA&cid=CAQSSwDUE5ymZdW0fuY9fKV2icij4hWLxEoPDjfFvvykvluPFrsbojdLvkqIlcrZx1VHmrpMjH6tKrZIpXlCfJVngC2nluXuOlMAL4Uj7RgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fm.1news.io%2F&ds=l&xdt=1&iif=1&cor=2134767062722660900&adk=250412560&idt=219&cac=0&dtd=3

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6a2e3bd300b056bef317b497545dcb229192f9b0cb5a05634943b80194fad509

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 19:02:09 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11273
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame A2AC 41 KB
15 KB 50ms
47ms Script
text/javascript 2a00:1450:400d:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BjBQvS5Qarfi5fVV5K882JyXmqjc44tUKm8QEpWMz4GtU9n7_VPgNTCUBTBojulYdzgRFOPyjuLNbRzl7z__khOBGpKzPeM9_kXOwJhHGCEz-AlBqWMTNRXFkD5VbRNMHAZh06f0BG2HkUMNm1uYRdmOoTQ29IE8TwPifEi_xCTOeZSaA&cry=1&dbm_d=AKAmf-CNiz7qYkA_KB9zrvyOW5rTUR4CepFqr7J-8yqwB1a4g_G_wummu5T3QabSKm5sng9yssqgH5ohU74mT-v7QAuy8HnY8nt6rTBS_iOA96Uckgl7ejC4rGg035URPo8ymKjzUrcAuehOviZB6Gx4Sv9oV-V4gDDdyI2HMigf91OBIJYqJjlcsaD_EeUc91032etJ3-UzpmhhtnjpX4OWNkUraF6R6IhOumgTr9yS0q3MoL6e74LjBeAvNOJrJqLAgPHT9SpFlXcwbfdBbV6d3rN2udgKJpYekfisTyjvZocDPk58Mc2Z3zAYEtjUo8gSGuozQSy3tfi54Bl9oyKkd0wf38rLync8_CZy7ITC4BjJe-X5q5nVZ2Tqqvcu4UPOdyaKf9-nEvLoBRzXFZlEkTVTWI_LtO3fjqaC-CHaV_yBJ9KLBajfMED-FeZ4IPhCUSLquTvdIwZJo39SVEt0BIicxl26ulNJCI1XJV9z5CMoKFg9kZ0IPOH9X4DD3BUBPwt4RtEt7GtNZaGyzmKaiIyqv4WdIxQF3b8OCEAXaT1qnLjsf1FMv0FhLwsSQcHtrW_WfD-TUgznIeYxmF3DCuOIpCSQzDhP2PX38Zvf0d5VLnS1TwzLBBiGsooWMRYMpEabtXmyjiO5kg3IWd82DxKZCH1R5n0FQeRfLJcw_fMSfQOGnh4-1-M5PfuV6wUD6mUuhrDFoFU2R0M25NPCv0swLQIdULqJyKvDk0aVrfBnhCcV-Gc2pTKNlgPpkHNIKxJIEUU63xdf6A3K3v1TcOLXW4sptFVxXoXs7Vuiz7fg3a-EtBaoKz-pO11TXC-oLeewIJBm-rcyMa7i-OgjIs6FV9Rd-WqwxWUZEfIZN74w2VYrNYc3ALxQGReVgcfnoFUA_rcxzTeIE_KJNRBT5r8ADW0Oo3hKQom8D2gDZu3X7eg_9ZtHu0Dv-sPDiRpekMA8UoNgt007yrnVqzUSQJcveg2W6wz0KH8PU-AvRA4YY6C0YgK_4xvW6QR3W9sAjKR2Dn2Q5lZPZkpLinWoaAln55Hgepws2J3-8uKXNrHYOjMiZZ-2-6KKg8O6tixdgslQHd6QpRlZuvl4xx6JT_jCAFcYdYVD1Let8nZD2XBMQSptSdlhMfq5EmSb7EEMxNzo-l2YR4vr5qZ5AsZD2IO8ArZZZaVLKj12rtQIbSdCaYy3SdVe4BOiFMIPkfFJsSpjnoi1zALfU7vTiT8s45Y_4xXAfWDKSlSZ5AQO8VmYlXevw2h3aStknICe4AP9XzUwRLhKkh88Cs75F9oPGwuewSk-LLAKYGDtXUBq0aAwDFWuVN9p5us-ZlxzkE8i0dimXQVvqgOjsBoHmKqo5gK5Qz8slscZhE9AszPCQGjAhurh6lgI4ARiHpMkeK-PMszkH05pIvRWxq3M-eWnDNcXbN68TbejgjPUyyoqYd0bkNzM0EuimVkT75MlbDYFdbY0w1w0JrhSl_wSaNc8Vi1VWQpwln3HEjBYGkSYD_CoOEnMTcHwAsTqSUZSZ0Cm62zLlvix9DdmLROGOaaUHTBQvUIfD9p9pgEhoLFNR1ihQbO1HqMo6skrgFPfWoMHFiFbvNjswQsDnc0fb4ptz32NeV-QKckju1AotCKsVCniq25ovzogkPxbKkYL8yJ8gXiF38ICf8EBEdx99aJ5kiH2AUvTVBn3x4fhHJsG4ka6gTE9GRUDJ9w2JOhbnmH1dRGrmE_dDofHzni_DByHdcIuOfTvXbytHApjw6Gh5zlkhen_vfuEAVLcKOIs7EJiAcjn9y3eJ89zidsT5UUtqVYGHgO-lE5BXBHAXAOfKwXjTHBIA6VVXBFaneItLKIukNFCdykrspmmy_f9b0aA6ELGubDdOxM3UT45TO8soP3VRaYAZieuk_RvUvopL-d_LgMYQce6UyRCTRr8FBi0z5ZMSE1FIzvnh99RmmS8OV8F_zd85GMGl-vxCWUZ0VYy_m9fyFykYZJsra7vz-2eia4LX1v8HSHVvhIpO-8pikUYm__bEAARWtgx2eedO0-3Gy9Er70LElW5NZNAevGVrkkRu-R0f2wdQhR3tQ_Z_LdXaLXV3DSDB190yOeKli-R3onnX6Ys5JCGqujuDJY7iiJR3HMoOezqi4v90oXZcoSoW4PkfLgbzJl1Xdof1avsCA2BrJADA40i2RcExlI6s7OHYdQ2YwdHslIH34Y6dPdY5P5mQIlx-JkhrwohLMz5eLdhCxxXI_zvMHup0N8kPDbH4DvTuv3ehQjHQV7iUVU35Y0jPRQzr34yTWGluP1DtFYiiFmFlsJAODQ6ojQ3pHDXBnjBPdM2zddAoPWPNc6JWTqYK8_xQpig7ULAp6OSf-J8tlI0HXsDSsKZEdnDxo3YAsJQKSAQN2wwcvySbFDHR7J1Jn-TGEPNQWGzcl5MjUwtYVRf57-_9OphzJ62ZGs3Cs_CZTfHFpcajbVvBm3km2XOcn7h00YfxeGWISvVyVDbEBg5qPh2FOzF2ipk1moUadiR1WDrGR3_p9NRoRRTdRZv5LYs3HVLtyQFyY5Fe-SlxyEAlo1yVGcL7dwN2Ng8bpLwbXyv6qSqbEJ5nBhddn4nlvSf77c3EEWQQUmkNVbLWZxq5uMr_VK-npYcBcjlnqyTdMIMclOhjecL1tyRvvmOKEtaiFsYnGzvM0LnzDNoLDgOm_jzdiYsrliZFJvbDz0c6lHX9xsISS8lOH6FiiSUV5BrfTRQJCY5QE9-vNz4ReSQdBbdlMz6mU0ez9vg1PoeRdaJgQu-fB9nP08oQCviPAjBC49ynuYpo4rG3gg-5yXURxNs7kRtwI6sHIPmD1AXF4k3FDTqTvBpz4kmTHHwVPvtZwR2NbhWJ_TO7pcIXztxbik5EDyD0TaF9R5q6Tn85povaCmde4tYcI5ZEQfNsuIsVf9eh-gjr8l3izWbudeazy_8ukvIRnqA9rBhvdBkKWBQrQOnhUTbRlwYuI8X7LKAdm9Rm4vHg45ooGIwIoi7x3GTyAi55ZRsVUJy6LBUNSkS5xn0ulMs_vATeD0hPWs4BGfVpWP8fAdTmuF3Ipq4Ty0RPdmxe6QdDHK7fv3bI0TrzgI_cNnUIY1qkn8O7o0avWaVxjhb4DZv_q-FwNErHZIy4qFgs7HZkw3mNy-Kk9i3ZOx6L4ZctpS8oekkT1iC04lFI2KMo_U7meFjzxVM6vJthmt-CHX_CFXFbdo1qVhhsnn2AX8gxkv9OoAwDVDwfpfsKS2AkuNLDbR5DzOlM9r4JzwVB5ib8Ca_ISdP0Z4RW4K921K0aREqoYKmjoxGIMCXCGkZ_245mTnxXTK8YejVgRt9PzzQ-PRkpv_91hCtvpFzhxE-OuPIsZbFaJjzpxz3hMjsnEE7Ievz0fPCSpbb0wwhpd-K36c-1KFkDrmeM9_2YhSSySA_tMm_gM9RW1KVUAbyM_-n0xObun8q&cid=CAQSTADUE5ymbO6i06_HHDVvUmsHOJYg2BY8AXJJ7HoheChFyvd2825TySFfJmk0qEbVBItLAgBSTfCc9ibXCaeUYtVVLhCGrmwvCIbiLuMYAQ&dc_eid=31072035&dv3_ver=m202301300101&rfl=https%3A%2F%2Fm.1news.io%2F&ds=l&xdt=1&iif=1&cor=16828254459655858000&adk=356101037&idt=253&cac=0&dtd=7

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:803::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 11:06:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 28540
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 15 Feb 2024 11:06:29 GMT

GET
H/1.1 200
OK iju9wczm8trb Show response
hal9000.redintelligence.net/zone/ Frame A2AC 11 KB
4 KB 48ms
12ms Script
text/html 138.201.63.165
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/iju9wczm8trb?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCuiMVMCztY5zdOrLD7_UPibaowAim5b2gaa2VnKfJD_AuEAEg9orHMGCV4pCCoAfIAQmpAgbogTyF5rE-qAMBqgTkAU_QL3CbsoDQ4uDtpwIv4rpBMTos2xiJzGoetrudPeipHLjLsBVKc08fssNxz5tYCNPt4yCtUxBXmlqpLqiGFWLeTUTtWWC1H2C98-QcszPhfxVTQd-_BIVnvB3SI48X2Ix_E-0rWws0UXTpYh7yOJUH-7ZUYsCfI_3hdupz3IlYfEuIlUkE4ZJebgll391xiEtfwinWbVD2sZ08ychDfbu8JgQ5aw9i3PxFfW5PHkjBvc8FbevCSgNfDIOYByDNjbTd4ecr1M8YNadf8GraXLRVbE8hYHSr85dDNxj93AqsoGpcOsAE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQIAKA5gLAcgLAYAMAbATj7XRDtATANgTA9gUAdAVAfgWAYAXAQ%26num%3D1%26cid%3DCAQSTADUE5ymbO6i06_HHDVvUmsHOJYg2BY8AXJJ7HoheChFyvd2825TySFfJmk0qEbVBItLAgBSTfCc9ibXCaeUYtVVLhCGrmwvCIbiLuMYAQ%26sig%3DAOD64_3T5ZoeqeDeeEtWGHrHUpBkIeSxaQ%26client%3Dca-pub-8964299718266508%26dbm_c%3DAKAmf-A_d5pyZ-IioB9iVnyB0JrWS_pU6yJopeXYkKYQZfRESasQATZkp3lhYgQEnc6d0r2Cel9OfIYPR5rVridh0lPkwHi4LbKe-RZ_Iu-LlUe9Ig4PGx76BsHbojJOCJ_87SCYs30kP7ZrQ5EqaNhH2r0pRc1UIfyFaQDjAN5OmCZXarWJ68k%26cry%3D1%26dbm_d%3DAKAmf-Ajs5p9am6kmvtDYaFJe6akxlLmygc8B58YFwuOTwYXk8pEJS3X8F3hzbjCZWFA9ZWm0V5_NPhf4MvP5H19WUrhb321GVtIrYwqfiEA6SY02JY91xdJzmAwo78V6MT84MtceddOC5LUPM5vTEDyo64W1Gx9RTILDLKA6h2sjL9_m0g6O41JU0V0mMJVSiCGqNHYqPLkWautqUEoIpQtXL672X2q_78XjCcFG6ju1TwyuhMDz060PQp4mIAxfuX54meMJiFHLf3oTCS-05VPuKEnAAgFVKFrhazk0dmMayuGgQJrMOVrVW25bm6Tkz1p7KD3RkfJyDCKajkLrT2GjsKW9JTFLF5XghZma4Hh3-Clyoc0UjDR8wJCOm_c1WgkVmFeb8KRxLA0t2_WHnm3ekZxPKgLk0HtOdZynaVzFcYOZnMmjeXfceChwDMQuZNK_VjJYNn1S0VYT7-JHnKiR5w1nPImV08dSMVMqiUsQ0nUkx-M7FQ%26adurl%3D
Requested by: Host: e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com
URL: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.165 Böblingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.165.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 12b3abfa632b22093e49df95f815ac6bc760b37f24139300b77af9fb802c3dc8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Date: Wed, 15 Feb 2023 19:02:09 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4019
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 9D27 41 KB
15 KB 47ms
47ms Script
text/javascript 2a00:1450:400d:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BQqZOO_fh1vbd_ForlothsS2yzd5FS2ReroK1WyH1LUG9kXbYXXDcPiZVx-PkUiM-o9NWbVct_7WlqMSZGVErdW6KuN7iNtj5yzeBGEGEqu0RhCTSWcAwxAA7iTr-5tSWuePDq98XGkS-_IAvY2FbV2HAG6temhx9LrY4lJeuGDgBVP0I&cry=1&dbm_d=AKAmf-BBLyOlPTzpFH4WUHspelrNMFa_tLz4omOkaU4rdWDuBeKHuOZSq-o4ojHkw1og3Q4kKvkwbHy-o_W17JgopPkBQzwfF11dlV9g6un5Gqnb71-gLxJMAKxauG2RDjPp5mFvNLdiQNOdPlQY_MNnNMdbMSITnx0E9wL34DlPKVQ9hPurAQ4jkpRcSLb-6jL91xum2sqjKAc_eVU98zX1x4hIv7NlVOkBYRmeOVgjYea7qo7IwXQiSCbleRDR4RzcsQAtB81bxePjWFKD97sPm4p6DT87VIgn0Y-GSOL757bTXxnek7AI9I7XGFgbjGoo8P6BuNEUiFr3RJg_BEK3jp-nS48jbomLrja-VYc-IKM74GTmCuKpsRePoIAi69ra8tOqz62-OPeFIlSjbbhgec2_3I-wAtJ_BkfNSZ4YL4Gjwo5qh0-rrrCE2WEI3nk3n5bxSMquhNILi2T4E4liajQiOilAkQfss34DegelzbBlEjACeKY8KID51gUMkARlYpDSicWEnmpewO8Ib4bZVn7Z5Tn-73pdyO7GNm71L15tgMVnO1hHu9upQBfdst8Wu2c2EidW49gaEq7KnTG0U9NzxaGXL6M6xWDf6atF_OLxceBHuamPwfmsoLRSy28KhEsFjm0uZTYCWUi0UGukCXj71pIVBmTTjpogglfSUmWUmniVmvX-GnVvySSXFty2uwvvQ3SeEWBh5I2BHI5BejGAtjSuY6yc64uh4nQmHqTYy9T_whXCneer07fMfC01krQfzO9oUbyeHVQ-D66qD2cM0MGvVdPbkxKaVeb9tRY9S3DEzeXjXTAs_D5nxGilBNMWIksD0wydjDt-AMcHQO-18cD3w3GD68L9QVWgd-fFKUOxXuj7tXZ7-oQdSD7I3mOCfcTogErljc0wqBxzICqz602XA9WlgD2gFeP36Fdl9pC9MFbMNd2U_aJ_fWDnC0b17ta8yT9GwgYuyOMuqoQVpv4NAoOevhmc96E4_hgxpeRjfKwGMHsrz7mDLketrnFlIfNe9Zh5OFYLuO_pZj7AY9QOlthn5bVklQFesmF25HEn-tof1S75z4ufgV-ykN_Cn_XsGWx32o3mND0dSprYWQCwgbwlO9DtYJD7Wicsb0m8dCRwE-RP_NoHpjmGoCCHtvig6hMtFPm5E15dORsPa81CaAISAuY_Vtrz48XIFPsnfrYRwC3dkgXXasInmk82k-YxnwfMN6Jv3naKqbpbfEI2XSUwng5IicVDuX-qnDPgis25HQJQxSaVai0rIhotC4UHQpOGvJ0zR5NbhqGTDWbeZQGDNqhHcPkTO1SUj71y8XVQsN71gqAOwMKWhjlbWoWNNXBfTFuaaondkBjKPLl0TIJx5y2JAEZnTGAOYztKJCloJjlF0HIIqvFNEaScLGplvvm884mK9YuQuCPaw-vfteZNUoWheF5fFGjGmT3sBQJ0MzJyl0ugxCm5lUz6PTiT3y2Vg5FHKymYjC7KmHbC-uC3_1993SNM2Ozg6BJ8E32V1whMnrEYBD2Gxwom5r9rEhGN6GkmJjAhDOhrypKiW28cHPHZQWUOTpAikU1dbnZFR8G80Jh6N11L_UsaniGJ9DHFeTtGAYNoHN-VhpszK5IqMnxFINHwplgGFCCBTfeuO3ryCoSSft10WnNa7MoTOGN0-aKUS7y8RNGhv5txa3yIPpctxPM1PEZqeHB16CQlQ-h7qXcRnQn1ZEJQUsJclibIAQZbCdO50QrBNnprpbZb9OqQpw_de8h3oq0hP8paGz6LYZTDtahLzz9TgWHVHiWXqd4XD-l5_P-3PUksIPcq8XrB-Xr4IlC5Ji9jwiIhfxFPcgFs829rS4jWwH-zVu6rFKjnFA4aHFnSAI5h-CYrP-C8OpNrWd-aH22QbeCEGrlaRFDWVp2afvx3WsK4x6Hv-CWt2hZpAqh3FppDnj1DxLZhoiojID8Z1azt-DwbiHiZxaKdfgF1JXBpnelhwuKsd6Uj21ifYAYzg03ndJtxmUCNPCSGsTvsMrLxPWxdDXrcKFI8YP7_2oiNcDQxYZNLnwzhCDGsOVWBUY_Sl7jSfZ7wbdOnxsokZ6cUWpG2aii4lMHxg7hwz0ZALZbcor1vhaX01VIxmv9UofhPrUbYtJoTI6J8B4aPJAaQCNbBxavnoDvtKPnE9EWI7TnFxLMUAMfHMSQbRFiFiXSWJYLHxkCqKEIWqIJpbCZ4x_CbYW7b9JvE-CooZx8ww9t-gaAFqYU5NuhI_5DBIUK_MNR_utreFo67auZ0nKeyNUMSbY99NERTUm_WawwaaA1NcWR76I45N6EeiQM-trvjp60wymCSxm_FjTVdAbs2DRV-p5IW8yo_C-JE0EbTrhhQEGtDAKKPNNME3bQ9z6Qn7UxkMD_Qw2pcyrVrtxFNr2OAvtMehTc3csHaSnkX1tK-uSSyJdOBbb7Ga8_d43iREYGjL5kAOiP5SmdFblK7_nIbrWQnkWRA14W7wnXL8AS6713fglVVC7uMUdr99YuuCwWbSGDQBx0IKL3LrAX9mtAmFVRu4q3ZC422rU28Hla1Gf2IvJQy7Is9cXM7kM5ogzVpAt7oxedNpKs66YCThdxylwX5Flw-20tysNN2Ap_QS8QiVO_8DrNBYPJ26hbhdDAphLCt2DjYXggHzCxChKpguiSrRVc1yid6WFKoaj4fIbp3VvHXQI-u04J3g8e_U-xeEwhhESQVte8mHssh3mFwiy3vR2r4XT8QafRiddoh0aZbwT0ribneYAN8h6yS9qYBzFPaufj9R19I4Sahi62dakpQSEqtR0VcBFQAulA6sXVi8NhGs4JivQgyQIieVnTOMubdqrqgAmkVHdW55BqLwTCS3Od0jDmnH8N39sQN8aKGXfXC86UX-KKVv65QmPSQ1V7Gzin0_Xx6Js6cJoGnGCr_J2kDrOHmGgnwpYP-XuLeQGThEOVgYK3uO1Mya6tK1lCnNbYDD26T9OnSIOGy85vD-q6c015s6bYV4Mewyc-D_ZIoFRz8bi4xF3ywtHH5q0V9wo7vK0qkdmgcNCItj75SqYYTvjgG_NIzRtP644y49h1N8lP3p31V7oPuV4WqpMBU4tuErVojQXcYuKsRp6WEsp4EMO414prJj_xozoZw0Ivvzg3oouj9aIV1wjVPuUAqiCCRBpAW0Tvgl65fsQiNSihttFXB8-Khld4yKpQdejoiN46e_QyMVBSQPXYfcqbYT_0gaBk13upgl5fny4qxbJJl-sbQM3WPa0Hb1GFCdt3yxM_c0TUixDaH4-LWLvviBmrhOb-Op9XQFAVU37HxxF6y_bzqY5ZmwW_ae-cKFAxccOs1pL0xQ2_9eC8RWTuEv9LuS9o1C_MJ2-0MB2fGe-alKy6n1meTk4WdNHi9QNLfaV6JPomwHmHwuf6e-KU0vuognzL55ZRW2eI&cid=CAQSTADUE5ymtOCcHHfih-9BnOgmJ1bzGjh5s9eylvIJLX1ybiXEJTSv-z3KRtaz2TIPAjh0C0p1RrwIRHIZZJjy-p3F-nOEZsqByOWK7WoYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fm.1news.io%2F&ds=l&xdt=1&iif=1&cor=18437685158599475000&adk=2923430907&idt=236&cac=0&dtd=8

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:803::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 11:06:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 28540
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 15 Feb 2024 11:06:29 GMT

GET
H/1.1 200
OK iju9wczm8trb Show response
hal9000.redintelligence.net/zone/ Frame 9D27 11 KB
4 KB 34ms
12ms Script
text/html 138.201.63.165
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/iju9wczm8trb?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCVVdmMCztY_3iOr7P7_UPlqOnsAWm5b2gaa2VnKfJD_AuEAEg9orHMGCV4pCCoAfIAQmpAgbogTyF5rE-qAMBqgTeAU_QGO0sB42ay6_DtPQMXOPQ7sqx8yJTkWBi_6MVOXlc9OV8t2PyxEgB8K2tL7BICyh7C5O9P_c4NaPAZ3OlAwyqkqUl05DwU_qs1kHUTxm3BfAJmiezaG7nNZ61zr9-DrkSVRwz90Yyc0TzOUIWcwzgDLYjjiiSoYaIClRrwL49Lpm5FEh20kDW3J7MvSkfx-XkRhHP_Vh9sSSMxikxz5U_IjzL8ezwJe638oGFisfsz3nv87nE8OdHqPUr2CDUd6PsWIvSUg14OlLEBIhJyYbS3XoAmQMaUeE3bXhKccAE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQIAKA5gLAcgLAYAMAbATj7XRDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTADUE5ymtOCcHHfih-9BnOgmJ1bzGjh5s9eylvIJLX1ybiXEJTSv-z3KRtaz2TIPAjh0C0p1RrwIRHIZZJjy-p3F-nOEZsqByOWK7WoYAQ%26sig%3DAOD64_03x4QWRXLZKfLp4lJRiFm50h2XPA%26client%3Dca-pub-8964299718266508%26dbm_c%3DAKAmf-Cs9Oy6vEWW4QD5zyuUuPEb7xVz6PxCNRZ2Aaof7udCDLnsTZeHs0u0kWaHh6umk2_LAkQoFyt9oQ6nveLfQuXbippSprrmkKNwIGs3eloryPoqzJypuos-ynJdePi-2mu6aDqzR8lpGL-_8wWlqMRGm5yNUKfU-BB9yedZnB42JBJZPSY%26cry%3D1%26dbm_d%3DAKAmf-AdYZwK_g1UtvMWhWX4w8y8arF9b5iFtJ0TNMrdry4P1fk-mqZtAzvjGIuRppHJ3A8-PL-GA5RQUivSKfSJt2KFCiUHR1cU0JFfO6m22IQjJ57VmJapXBvy19M30f8scQVWRZfkG98eeUNNNE3iwajesbcb3lMCjmOBRik0wKAbFd3LAjc6Ks9ha8L6VP6Lwep55qqvz72nU7Zg_1ROc1jZopBmfeaCm6YQj7OtshEJUV2LXhu-vQXlu-oLiim8fSckqPWkmnXbBU-kpx5F9-fk4kt-jo89rVVUeQygGpetkOfvbWIXAmK0365FD8bZ5wKSwNTau7mGMgkgCqBaeaXzAOtCfjdBU8iJyrX1Us5Q1mKCvhq3GwPr9EcoArLEb2XUPhfH5gC52RLIhP0Bfs6kYcGQeHEIb3ISj-K-ePqCKMUucILTsK4ZuQnPeumyX5CefvrOy7ld_98T6wMsa2bYMCvGvBuPi192r_hkboRv5RLjDEk%26adurl%3D
Requested by: Host: e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com
URL: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.165 Böblingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.165.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 648c8169b6970b3e16c3e601a5c3d2f251e3141aa8373d2bddccf056d993193b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Date: Wed, 15 Feb 2023 19:02:09 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4020
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 4E58 0
10 B 49ms
49ms Image
text/plain 2a00:1450:400d:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?Lm4XHA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:803::2001 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:09 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 9F66 22 KB
8 KB 47ms
47ms Document
text/html 2a00:1450:400d:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:803::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 28540
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 11:06:29 GMT
expires: Thu, 15 Feb 2024 11:06:29 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1

200
OK

request.php Show response
hal900021.redintelligence.net/ Frame A2AC
Redirect Chain

https://hal900021.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=1d6ed175ee&subid=&uid=0a69cf01e8532c8d&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900021.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=1d6ed175ee&subid=&uid=0a69cf01e8532c8d&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

4 KB
2 KB

127ms
105ms

Script
application/x-javascript

144.76.238.55
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900021.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=1d6ed175ee&subid=&uid=0a69cf01e8532c8d&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCuiMVMCztY5zdOrLD7_UPibaowAim5b2gaa2VnKfJD_AuEAEg9orHMGCV4pCCoAfIAQmpAgbogTyF5rE-qAMBqgTkAU_QL3CbsoDQ4uDtpwIv4rpBMTos2xiJzGoetrudPeipHLjLsBVKc08fssNxz5tYCNPt4yCtUxBXmlqpLqiGFWLeTUTtWWC1H2C98-QcszPhfxVTQd-_BIVnvB3SI48X2Ix_E-0rWws0UXTpYh7yOJUH-7ZUYsCfI_3hdupz3IlYfEuIlUkE4ZJebgll391xiEtfwinWbVD2sZ08ychDfbu8JgQ5aw9i3PxFfW5PHkjBvc8FbevCSgNfDIOYByDNjbTd4ecr1M8YNadf8GraXLRVbE8hYHSr85dDNxj93AqsoGpcOsAE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQIAKA5gLAcgLAYAMAbATj7XRDtATANgTA9gUAdAVAfgWAYAXAQ%26num%3D1%26cid%3DCAQSTADUE5ymbO6i06_HHDVvUmsHOJYg2BY8AXJJ7HoheChFyvd2825TySFfJmk0qEbVBItLAgBSTfCc9ibXCaeUYtVVLhCGrmwvCIbiLuMYAQ%26sig%3DAOD64_3T5ZoeqeDeeEtWGHrHUpBkIeSxaQ%26client%3Dca-pub-8964299718266508%26dbm_c%3DAKAmf-A_d5pyZ-IioB9iVnyB0JrWS_pU6yJopeXYkKYQZfRESasQATZkp3lhYgQEnc6d0r2Cel9OfIYPR5rVridh0lPkwHi4LbKe-RZ_Iu-LlUe9Ig4PGx76BsHbojJOCJ_87SCYs30kP7ZrQ5EqaNhH2r0pRc1UIfyFaQDjAN5OmCZXarWJ68k%26cry%3D1%26dbm_d%3DAKAmf-Ajs5p9am6kmvtDYaFJe6akxlLmygc8B58YFwuOTwYXk8pEJS3X8F3hzbjCZWFA9ZWm0V5_NPhf4MvP5H19WUrhb321GVtIrYwqfiEA6SY02JY91xdJzmAwo78V6MT84MtceddOC5LUPM5vTEDyo64W1Gx9RTILDLKA6h2sjL9_m0g6O41JU0V0mMJVSiCGqNHYqPLkWautqUEoIpQtXL672X2q_78XjCcFG6ju1TwyuhMDz060PQp4mIAxfuX54meMJiFHLf3oTCS-05VPuKEnAAgFVKFrhazk0dmMayuGgQJrMOVrVW25bm6Tkz1p7KD3RkfJyDCKajkLrT2GjsKW9JTFLF5XghZma4Hh3-Clyoc0UjDR8wJCOm_c1WgkVmFeb8KRxLA0t2_WHnm3ekZxPKgLk0HtOdZynaVzFcYOZnMmjeXfceChwDMQuZNK_VjJYNn1S0VYT7-JHnKiR5w1nPImV08dSMVMqiUsQ0nUkx-M7FQ%26adurl%3D&documentReferer=https%3A%2F%2Fm.1news.io%2F&ancestorOrigins=https%3A%2F%2Fm.1news.io&random=7316120749338&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com
URL: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Server: 144.76.238.55 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.55.238.76.144.clients.your-server.de
Software: Apache /
Resource Hash: 04dd1d5290e7b68a919567168c2b151065b045b6beed3a5727adaecb74d998e8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 15 Feb 2023 19:02:09 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 81219600145809304444554012236021
Connection: close
Content-Length: 1344
Expires: Wed, 15 Feb 2023 19:02:09 +0100

Redirect headers

Pragma: no-cache
Date: Wed, 15 Feb 2023 19:02:09 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=1d6ed175ee&subid=&uid=0a69cf01e8532c8d&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCuiMVMCztY5zdOrLD7_UPibaowAim5b2gaa2VnKfJD_AuEAEg9orHMGCV4pCCoAfIAQmpAgbogTyF5rE-qAMBqgTkAU_QL3CbsoDQ4uDtpwIv4rpBMTos2xiJzGoetrudPeipHLjLsBVKc08fssNxz5tYCNPt4yCtUxBXmlqpLqiGFWLeTUTtWWC1H2C98-QcszPhfxVTQd-_BIVnvB3SI48X2Ix_E-0rWws0UXTpYh7yOJUH-7ZUYsCfI_3hdupz3IlYfEuIlUkE4ZJebgll391xiEtfwinWbVD2sZ08ychDfbu8JgQ5aw9i3PxFfW5PHkjBvc8FbevCSgNfDIOYByDNjbTd4ecr1M8YNadf8GraXLRVbE8hYHSr85dDNxj93AqsoGpcOsAE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQIAKA5gLAcgLAYAMAbATj7XRDtATANgTA9gUAdAVAfgWAYAXAQ%26num%3D1%26cid%3DCAQSTADUE5ymbO6i06_HHDVvUmsHOJYg2BY8AXJJ7HoheChFyvd2825TySFfJmk0qEbVBItLAgBSTfCc9ibXCaeUYtVVLhCGrmwvCIbiLuMYAQ%26sig%3DAOD64_3T5ZoeqeDeeEtWGHrHUpBkIeSxaQ%26client%3Dca-pub-8964299718266508%26dbm_c%3DAKAmf-A_d5pyZ-IioB9iVnyB0JrWS_pU6yJopeXYkKYQZfRESasQATZkp3lhYgQEnc6d0r2Cel9OfIYPR5rVridh0lPkwHi4LbKe-RZ_Iu-LlUe9Ig4PGx76BsHbojJOCJ_87SCYs30kP7ZrQ5EqaNhH2r0pRc1UIfyFaQDjAN5OmCZXarWJ68k%26cry%3D1%26dbm_d%3DAKAmf-Ajs5p9am6kmvtDYaFJe6akxlLmygc8B58YFwuOTwYXk8pEJS3X8F3hzbjCZWFA9ZWm0V5_NPhf4MvP5H19WUrhb321GVtIrYwqfiEA6SY02JY91xdJzmAwo78V6MT84MtceddOC5LUPM5vTEDyo64W1Gx9RTILDLKA6h2sjL9_m0g6O41JU0V0mMJVSiCGqNHYqPLkWautqUEoIpQtXL672X2q_78XjCcFG6ju1TwyuhMDz060PQp4mIAxfuX54meMJiFHLf3oTCS-05VPuKEnAAgFVKFrhazk0dmMayuGgQJrMOVrVW25bm6Tkz1p7KD3RkfJyDCKajkLrT2GjsKW9JTFLF5XghZma4Hh3-Clyoc0UjDR8wJCOm_c1WgkVmFeb8KRxLA0t2_WHnm3ekZxPKgLk0HtOdZynaVzFcYOZnMmjeXfceChwDMQuZNK_VjJYNn1S0VYT7-JHnKiR5w1nPImV08dSMVMqiUsQ0nUkx-M7FQ%26adurl%3D&documentReferer=https%3A%2F%2Fm.1news.io%2F&ancestorOrigins=https%3A%2F%2Fm.1news.io&random=7316120749338&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Wed, 15 Feb 2023 19:02:09 +0100

GET
H/1.1

200
OK

request.php Show response
hal900025.redintelligence.net/ Frame 9D27
Redirect Chain

https://hal900025.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=9112260372&subid=&uid=5002fae36cfc198e&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900025.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=9112260372&subid=&uid=5002fae36cfc198e&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

4 KB
2 KB

110ms
87ms

Script
application/x-javascript

138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900025.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=9112260372&subid=&uid=5002fae36cfc198e&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCVVdmMCztY_3iOr7P7_UPlqOnsAWm5b2gaa2VnKfJD_AuEAEg9orHMGCV4pCCoAfIAQmpAgbogTyF5rE-qAMBqgTeAU_QGO0sB42ay6_DtPQMXOPQ7sqx8yJTkWBi_6MVOXlc9OV8t2PyxEgB8K2tL7BICyh7C5O9P_c4NaPAZ3OlAwyqkqUl05DwU_qs1kHUTxm3BfAJmiezaG7nNZ61zr9-DrkSVRwz90Yyc0TzOUIWcwzgDLYjjiiSoYaIClRrwL49Lpm5FEh20kDW3J7MvSkfx-XkRhHP_Vh9sSSMxikxz5U_IjzL8ezwJe638oGFisfsz3nv87nE8OdHqPUr2CDUd6PsWIvSUg14OlLEBIhJyYbS3XoAmQMaUeE3bXhKccAE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQIAKA5gLAcgLAYAMAbATj7XRDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTADUE5ymtOCcHHfih-9BnOgmJ1bzGjh5s9eylvIJLX1ybiXEJTSv-z3KRtaz2TIPAjh0C0p1RrwIRHIZZJjy-p3F-nOEZsqByOWK7WoYAQ%26sig%3DAOD64_03x4QWRXLZKfLp4lJRiFm50h2XPA%26client%3Dca-pub-8964299718266508%26dbm_c%3DAKAmf-Cs9Oy6vEWW4QD5zyuUuPEb7xVz6PxCNRZ2Aaof7udCDLnsTZeHs0u0kWaHh6umk2_LAkQoFyt9oQ6nveLfQuXbippSprrmkKNwIGs3eloryPoqzJypuos-ynJdePi-2mu6aDqzR8lpGL-_8wWlqMRGm5yNUKfU-BB9yedZnB42JBJZPSY%26cry%3D1%26dbm_d%3DAKAmf-AdYZwK_g1UtvMWhWX4w8y8arF9b5iFtJ0TNMrdry4P1fk-mqZtAzvjGIuRppHJ3A8-PL-GA5RQUivSKfSJt2KFCiUHR1cU0JFfO6m22IQjJ57VmJapXBvy19M30f8scQVWRZfkG98eeUNNNE3iwajesbcb3lMCjmOBRik0wKAbFd3LAjc6Ks9ha8L6VP6Lwep55qqvz72nU7Zg_1ROc1jZopBmfeaCm6YQj7OtshEJUV2LXhu-vQXlu-oLiim8fSckqPWkmnXbBU-kpx5F9-fk4kt-jo89rVVUeQygGpetkOfvbWIXAmK0365FD8bZ5wKSwNTau7mGMgkgCqBaeaXzAOtCfjdBU8iJyrX1Us5Q1mKCvhq3GwPr9EcoArLEb2XUPhfH5gC52RLIhP0Bfs6kYcGQeHEIb3ISj-K-ePqCKMUucILTsK4ZuQnPeumyX5CefvrOy7ld_98T6wMsa2bYMCvGvBuPi192r_hkboRv5RLjDEk%26adurl%3D&documentReferer=https%3A%2F%2Fm.1news.io%2F&ancestorOrigins=https%3A%2F%2Fm.1news.io&random=5217845308132&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com
URL: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 48dab50914d99286fa94474a4da9c1ad46373b55260942bdcfca95a9000da45f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 15 Feb 2023 19:02:09 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 32370600137523104444554012236025
Connection: close
Content-Length: 1347
Expires: Wed, 15 Feb 2023 19:02:09 +0100

Redirect headers

Pragma: no-cache
Date: Wed, 15 Feb 2023 19:02:09 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=9112260372&subid=&uid=5002fae36cfc198e&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCVVdmMCztY_3iOr7P7_UPlqOnsAWm5b2gaa2VnKfJD_AuEAEg9orHMGCV4pCCoAfIAQmpAgbogTyF5rE-qAMBqgTeAU_QGO0sB42ay6_DtPQMXOPQ7sqx8yJTkWBi_6MVOXlc9OV8t2PyxEgB8K2tL7BICyh7C5O9P_c4NaPAZ3OlAwyqkqUl05DwU_qs1kHUTxm3BfAJmiezaG7nNZ61zr9-DrkSVRwz90Yyc0TzOUIWcwzgDLYjjiiSoYaIClRrwL49Lpm5FEh20kDW3J7MvSkfx-XkRhHP_Vh9sSSMxikxz5U_IjzL8ezwJe638oGFisfsz3nv87nE8OdHqPUr2CDUd6PsWIvSUg14OlLEBIhJyYbS3XoAmQMaUeE3bXhKccAE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQIAKA5gLAcgLAYAMAbATj7XRDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTADUE5ymtOCcHHfih-9BnOgmJ1bzGjh5s9eylvIJLX1ybiXEJTSv-z3KRtaz2TIPAjh0C0p1RrwIRHIZZJjy-p3F-nOEZsqByOWK7WoYAQ%26sig%3DAOD64_03x4QWRXLZKfLp4lJRiFm50h2XPA%26client%3Dca-pub-8964299718266508%26dbm_c%3DAKAmf-Cs9Oy6vEWW4QD5zyuUuPEb7xVz6PxCNRZ2Aaof7udCDLnsTZeHs0u0kWaHh6umk2_LAkQoFyt9oQ6nveLfQuXbippSprrmkKNwIGs3eloryPoqzJypuos-ynJdePi-2mu6aDqzR8lpGL-_8wWlqMRGm5yNUKfU-BB9yedZnB42JBJZPSY%26cry%3D1%26dbm_d%3DAKAmf-AdYZwK_g1UtvMWhWX4w8y8arF9b5iFtJ0TNMrdry4P1fk-mqZtAzvjGIuRppHJ3A8-PL-GA5RQUivSKfSJt2KFCiUHR1cU0JFfO6m22IQjJ57VmJapXBvy19M30f8scQVWRZfkG98eeUNNNE3iwajesbcb3lMCjmOBRik0wKAbFd3LAjc6Ks9ha8L6VP6Lwep55qqvz72nU7Zg_1ROc1jZopBmfeaCm6YQj7OtshEJUV2LXhu-vQXlu-oLiim8fSckqPWkmnXbBU-kpx5F9-fk4kt-jo89rVVUeQygGpetkOfvbWIXAmK0365FD8bZ5wKSwNTau7mGMgkgCqBaeaXzAOtCfjdBU8iJyrX1Us5Q1mKCvhq3GwPr9EcoArLEb2XUPhfH5gC52RLIhP0Bfs6kYcGQeHEIb3ISj-K-ePqCKMUucILTsK4ZuQnPeumyX5CefvrOy7ld_98T6wMsa2bYMCvGvBuPi192r_hkboRv5RLjDEk%26adurl%3D&documentReferer=https%3A%2F%2Fm.1news.io%2F&ancestorOrigins=https%3A%2F%2Fm.1news.io&random=5217845308132&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Wed, 15 Feb 2023 19:02:09 +0100

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame EDF1 41 KB
15 KB 47ms
47ms Script
text/javascript 2a00:1450:400d:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BGacQ-rE4bJ__NwHKYzT45yKnAswvkyC0sAle3HfTv-6sA8xp6eeD9FX4O1Z4cofOMi1pJeCuxMgUw8l11WcDgGhwiB_c6c3cppjC9VVswiSFrum8Dm6Gv6jXBPedow59vDjqPBEwlnfrWJ6ZMMotsg0EcRxfbbQyhbP8DZVxJIFMzcGc&cry=1&dbm_d=AKAmf-CS534ZaT-H93f182X874h5bSzmuWnQy1wXokHRDfWjg3QGPZ78Fj7UPyEX1AqXmhfqH0eE9wEsQ3FzIDtxrhnhA1ZiPhOXbHwfc4HtF3eV1zhaUGuljcHcCidx11nmZlj9BFW_V0YZpzOfmx4wuWi_DPtDm0SLGDDj0Zs0nOKQzIxM_f62IgbVnLHOw6YkVnUNVE3ScfHT-XwD747fLtlsBxxFlv91lMoXq_oT47LGGjBXGCWluM_3mGMBVr-bC67DryVF6HuhOCMioYoO-a2UHHdtGkS6cIiXY0FoV1D1IYwpoxAe_keRc7m0N15N6ovXIeR7JoX94DYD21W2Vv0wKvXbCabO7hEB5vlfjZIkl5eQgA0tJkb2xlQD-j3fTkUlPdM6IiTBJ2PIWwEgESQsr1W1UQhbhpstYXUZ36Gt3BlUqR2wXc_VrJt9vLIzGcH9iaghSo1vaiFW5sxbo79644xfz9ueo4NE6RXfQ2OPePtZgLpDG06geUE5pTEMiY8xuq4qKZb0nRhXNdhWoH_k05V-YYobJBtBFJyLP7ajT1u80oE3CIM-1WkSUwI1PuQNFiO5hfx83-ND8A90r7hD9D_AKz4gPonWVdfx1-MGB7eX-PBjmBx9moe2uXlo8AOHaX4Wevw385lKh6YiDWscyQTmIKD0SkjuwZ6O4_20TD5oeNInAgKimVzD_fRrMLL2kgcYQcZipCBQ_SAOs9iph0EUEejeCL4FVf77-Th9DmS3-JLaBd_wRkx1rc0dQUJvLSmF2xdixElqjP2-PlRztnhIfAmD9cQ87ktI_-b453jynzPIOzhbTAHsSzqDWpchX11d10nvBIkXOu7jBlORzkRB2uLWZ4qGlveCFHdT91Kw6nMGcSTzPpbU2LI_ATBVqAlVcu-MrKl-bo9hbAF7YU1_N6FWVMXmJ4gCJB2qIqVzhekSpwZkJ4gJxY49yH80sVz7D0rlh86HlepULTPc0Qu2RNlszWpEKuwy5_f2W-sm3cQn2qHNqMw6sEP6e2GFtsEyv7iH412STyS_I4wvfTUxsHbDHOmXHQWOp8wMKkRmDKlP3WglrBYUavA52rhfCBplNT7rgNPNbGYphWoIjYAlB2tEeWytH08-lF-Pjkyhsn5X0IrNf70u1LIOcR_ZWpqpuwUEP9LDvomP1CbPG8YjZ3wnK1Xpkqxjboxe2Ti0PNCFsAyBZXkgHiKDrgcCIj61qesE3P3Tqla-eZxu8AKbjoe6ws7bn6S_HbH70OBCiMwBBsaJsOPVIhzyMNBAuKxWRSfz8PTUz29yM1Ha_rFex1-dJNrAubhZP3Z2sHcBVL6KCWKRIzLtHErJTwCQQyb8UgYxxQmAVfRCH-7j8MSKj4tz0bxs5ZmBPBMnHKOIZOFqmVqbzXcOYcJpz1jyPqH24J44Cb4qNNBFNFDWIexB591rqLNImSuoiXUX152KP3nBAF5ZxhxkjD5rrgZyMBx8KqlyZ9sjvvK5ch-ofBxpm8CYwJ2A4nTTEJkGhXhFpxIbVHLAMYtLU2wtKO0VpQw5gtWV_uLuEuujzIraIlwoSgI9hK6-Ib-wub4YyjuA_XrPDx9UQTcb8nsFzJ642NtduxrUTVGcQWK5NCbKejzdzhR-J8b6yf4sTKQPb39hq3Rtv127wp81fiykOb4NbdcmyEDTOUfgxHE-ThGFVjOoR2w3RJ29nSvE44bfrkgjFGKz6NmKfG1xtSXZAa1AqR7xgbDJTAIXlSE8NUX-QZeceevS9xWnaeSNl0Cm80JM9Zid7FqdarZxfjIdxY62f7oeQsE07RjVZ2fxM9Ja4TWA8SmdlpCW0uowSKegwq2c57bLaPLknzmm_iyxPzbscEWO5nASltZonWCthl0jKk2iw14zg480jY7N73Tgfn6CLceJ3d0UaJvf9vnB71B7Wuziig9GgJIm2IAoz8-6qDExByJE3gxD8VI2naLm8TQgcietjpEfNG_2a6APyP039ef0HEtZmk1aA5oFz7ck3NOmFn9iWjXp0UavuSpjDiQX-bE0WOu89sPzaBfavuiyKcWzMxuPklRdK4HVQ9NUwk9BTXW6fYTTGbOMO7JvgQWn-DoplISWw1pYSWFUoq-tl4oPy-QxzIAYiiv5F8XMtDIzc2uc-8m9270itgvU47p1bLKcnxIIAaazB9XasZ7x-TujGIWbNl05923tYgxHAhGmUflZ5Ey8Og2CaJeJ0wfI82Tivtf88ScJOsSjmwG1ji7AcwzdlkJp4HzgE1wVw3KsaEQS6u6nteqFXCN3zFAOzu3UdMM3kCMN0BxbFU7lMx8Eh0GEJKh8yAWaVylLxYWffintmqLn6WrmJhMKZV6l4244sGbUZ69FZ3HBs4ZusoKPn2sNPLG245opeI8WWla0-_5s7UIauX26iXBDsMgzrbMK7aTbH5eLJiGU9oMk4EAPooxgSLWKhkNSjLwdnGMDu8hKwsZwTCN3zjJxoVC4zgsD-vLi3WIdjfdkTP3cuByJbRE5IR9KfZz4BdAChqcSOBCuIebB6dHaj4qtmymGFFFr8IBYTdalT0ra168JwXUM_ebQIumfjFNxu1I-ybRjhYhlS38h3zziMTRQgqqkNvHdDbDAm10HnAYqv97wdVnjcb5cwMNJ-VoBnlwN437W4IE9RthDczvIjauopQvBKYaB-Y-h4O_nExFrsYcC6T-KFQVUEE1givQptWYysf3GuLHeL7sa8PtL7QR06aGUCxBgJIHoZSPQQUFDLDQd2B1CCCWERT1Jfm5AzC1dXerFssK2hxZq7jOviIEYk9RXrAywyDqsbH6TUBY8PaVFnj3J56Ae4-h0gv-k2P6FDmbtctaZpv_D75y36pRFOci_HtQSGV3jNqOHyj-B1haeOAodwi3cf6OX6rKR-50hL8VGNreP7FGE20jmPiGDcfBSnMvThrfenlrfBmjZIe-aScRgNALiU1-0FDolqvGX8UE0bZn-dYL0s9VtO_BYrHvD6A6rdzefJCLSxv2tjVH0-cOfDvkjKuiYfrl8azACDobM5udoeXmcq7sHg8Evs3YGrtKgBSYrvyG9XR80Ku4EljyFzP7YDIiJd61divDXO4KyrytfmXn2evtgqrxl9m0_xrpeTgev9pJtfJTilrQVLZG2RN3PuNbYy08jRiT9lFqSi_Mf2gWUf_o8GE9N7aYWYXFgwRm1m0NV9UmGlVGJXg8jtl25gnB2tKpqJMrX3hdsXgsm-VkExNv3xuXvxjJatt14eRJmFyBn8ATrOFZZslFoEj9yPa-WT6FjLPPuciXagGrtjy4OnqKHLzn2tL3G_jlkWwQCvLpFELc7rdoqrfmkmpGqCWO4FRqNQ3WmsgCrLbrJO9GYoL0RS4kNLNIXFtgKTYASGRwQp_3EKzP7G3bK3RW51lXQ1yg_adJc3oK1jkU__Q2uJMpQqZmgLRrcs8R7OPqZvD0QzZDCictbpocA&cid=CAQSSwDUE5ymZdW0fuY9fKV2icij4hWLxEoPDjfFvvykvluPFrsbojdLvkqIlcrZx1VHmrpMjH6tKrZIpXlCfJVngC2nluXuOlMAL4Uj7RgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fm.1news.io%2F&ds=l&xdt=1&iif=1&cor=2134767062722660900&adk=250412560&idt=219&cac=0&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:803::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 11:06:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 28540
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 15 Feb 2024 11:06:29 GMT

GET
H/1.1 200
OK iju9wczm8trb Show response
hal9000.redintelligence.net/zone/ Frame EDF1 11 KB
4 KB 34ms
12ms Script
text/html 138.201.63.165
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/iju9wczm8trb?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCEBGhMCztY6iHO-aF9u8Pzbyk4AWm5b2gaa2VnKfJD_AuEAEg9orHMGCV4pCCoAfIAQmpAgbogTyF5rE-qAMBqgTkAU_QhvajZ140DfCSqqXfueAg_TJfn5qK1Os8HzvQWIBFLhqcu5pQATmZ8QFl8HEp6oSVVetk4wXz14LZVovRCZ2qjWWFksFJMT3Jh7PJxMV014XQJU-ebqGUGxYw8JThq6ttTMIXCYqP_LX5wp7B0jqLCJINVDXEwsBRZtZBO1mIa89NgzqxkVJE8xIPOHrmpyRZ9mHv7R_zgR6cehWTikKAcgBylzaY4Lqh7lwQniGpdvUhMtKJDWdCH2akI8mUCu0otGfm24AAPgiHs4869YvzCF7Op5WVmTnwuaWX8V5fWaeR28AE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQIAKA5gLAcgLAYAMAbATj7XRDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSSwDUE5ymZdW0fuY9fKV2icij4hWLxEoPDjfFvvykvluPFrsbojdLvkqIlcrZx1VHmrpMjH6tKrZIpXlCfJVngC2nluXuOlMAL4Uj7RgB%26sig%3DAOD64_2yVp-lN1gnQBKrBbGrsgj6zFBtBg%26client%3Dca-pub-8964299718266508%26dbm_c%3DAKAmf-DIrTgenLCbylBBuvbNTzbWZ1yNHpNlYphWSHEEElv9lJyo-LlwMjxbepg85l-2yv7b9BY5ucviumcr60-mUVDVzHnXon9pq0VxvH4pyctpTxhuUI1BEP2hSinMenzH3djHfxBbKD4OF-qFnD21MmMIxEiiOJ_5_7907kSwoy6Q_4L_-fo%26cry%3D1%26dbm_d%3DAKAmf-BrXD0UVbAuUvKDVb4lEyyfkSq1bgZzyKfXVRu-rEO3fgRmuARTwo_9eia5R5TepuIpvXD5y090cjywnWw7LxUTgeog1F4-IWRGAreG5YXYNr5V-DGohsXouzlQoFuN-izeF2ZnYHZxrHNnGOS9yeWZptr5b40Yg2T-cSL2FmThjc8HUAba2U_7_twp-XzQwaRPNU6gYu4s2mNqvYY7kT8N2cukJLd8ZIT1LdG4mYD2G6Wwx9sbKnVi3LOSk7_KpXiQHdyWy15kBTHvi2aCA99Ko4uqS5Tfsg7NlRARjz91-HSDX0RJc9MAgoJSHB6j5WQ9x9dLaFM88vlxr6HywsYZU-_oQkGbXzOwU_vIzYclD4-4qmC4ZUgZSYk3CUjKmrBSpfujyqMCs3hpkrJ2jTEw83CPkcRIFFQ8CBFZPB3MW04ElteaZ9DV-GlM__WTVgmXOQZHjrVgL4vRqonhUMUfwbVg0tZ0PJlqiV7GBt_1HUCM3Qc%26adurl%3D
Requested by: Host: e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com
URL: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.165 Böblingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.165.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 43b44df323c72a6f0c03ba662969f9d9167637b5bd96323bb911f0041afa535d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Date: Wed, 15 Feb 2023 19:02:09 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4026
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 710D 22 KB
8 KB 48ms
47ms Document
text/html 2a00:1450:400d:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:803::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 28540
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 11:06:29 GMT
expires: Thu, 15 Feb 2024 11:06:29 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1

200
OK

request.php Show response
hal900018.redintelligence.net/ Frame EDF1
Redirect Chain

https://hal900018.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=e8113cb082&subid=&uid=0ef6324ecebe8b2b&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900018.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=e8113cb082&subid=&uid=0ef6324ecebe8b2b&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

4 KB
2 KB

340ms
319ms

Script
application/x-javascript

144.76.91.199
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900018.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=e8113cb082&subid=&uid=0ef6324ecebe8b2b&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCEBGhMCztY6iHO-aF9u8Pzbyk4AWm5b2gaa2VnKfJD_AuEAEg9orHMGCV4pCCoAfIAQmpAgbogTyF5rE-qAMBqgTkAU_QhvajZ140DfCSqqXfueAg_TJfn5qK1Os8HzvQWIBFLhqcu5pQATmZ8QFl8HEp6oSVVetk4wXz14LZVovRCZ2qjWWFksFJMT3Jh7PJxMV014XQJU-ebqGUGxYw8JThq6ttTMIXCYqP_LX5wp7B0jqLCJINVDXEwsBRZtZBO1mIa89NgzqxkVJE8xIPOHrmpyRZ9mHv7R_zgR6cehWTikKAcgBylzaY4Lqh7lwQniGpdvUhMtKJDWdCH2akI8mUCu0otGfm24AAPgiHs4869YvzCF7Op5WVmTnwuaWX8V5fWaeR28AE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQIAKA5gLAcgLAYAMAbATj7XRDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSSwDUE5ymZdW0fuY9fKV2icij4hWLxEoPDjfFvvykvluPFrsbojdLvkqIlcrZx1VHmrpMjH6tKrZIpXlCfJVngC2nluXuOlMAL4Uj7RgB%26sig%3DAOD64_2yVp-lN1gnQBKrBbGrsgj6zFBtBg%26client%3Dca-pub-8964299718266508%26dbm_c%3DAKAmf-DIrTgenLCbylBBuvbNTzbWZ1yNHpNlYphWSHEEElv9lJyo-LlwMjxbepg85l-2yv7b9BY5ucviumcr60-mUVDVzHnXon9pq0VxvH4pyctpTxhuUI1BEP2hSinMenzH3djHfxBbKD4OF-qFnD21MmMIxEiiOJ_5_7907kSwoy6Q_4L_-fo%26cry%3D1%26dbm_d%3DAKAmf-BrXD0UVbAuUvKDVb4lEyyfkSq1bgZzyKfXVRu-rEO3fgRmuARTwo_9eia5R5TepuIpvXD5y090cjywnWw7LxUTgeog1F4-IWRGAreG5YXYNr5V-DGohsXouzlQoFuN-izeF2ZnYHZxrHNnGOS9yeWZptr5b40Yg2T-cSL2FmThjc8HUAba2U_7_twp-XzQwaRPNU6gYu4s2mNqvYY7kT8N2cukJLd8ZIT1LdG4mYD2G6Wwx9sbKnVi3LOSk7_KpXiQHdyWy15kBTHvi2aCA99Ko4uqS5Tfsg7NlRARjz91-HSDX0RJc9MAgoJSHB6j5WQ9x9dLaFM88vlxr6HywsYZU-_oQkGbXzOwU_vIzYclD4-4qmC4ZUgZSYk3CUjKmrBSpfujyqMCs3hpkrJ2jTEw83CPkcRIFFQ8CBFZPB3MW04ElteaZ9DV-GlM__WTVgmXOQZHjrVgL4vRqonhUMUfwbVg0tZ0PJlqiV7GBt_1HUCM3Qc%26adurl%3D&documentReferer=https%3A%2F%2Fm.1news.io%2F&ancestorOrigins=https%3A%2F%2Fm.1news.io&random=4506509189079&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com
URL: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Server: 144.76.91.199 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.199.91.76.144.clients.your-server.de
Software: Apache /
Resource Hash: a6434f7dc8c11931ca5371a199431e32aafcbf78d93a21cebf4ade99a0ea294b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 15 Feb 2023 19:02:09 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 48180000130097204444554012236018
Connection: close
Content-Length: 1351
Expires: Wed, 15 Feb 2023 19:02:09 +0100

Redirect headers

Pragma: no-cache
Date: Wed, 15 Feb 2023 19:02:09 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=e8113cb082&subid=&uid=0ef6324ecebe8b2b&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCEBGhMCztY6iHO-aF9u8Pzbyk4AWm5b2gaa2VnKfJD_AuEAEg9orHMGCV4pCCoAfIAQmpAgbogTyF5rE-qAMBqgTkAU_QhvajZ140DfCSqqXfueAg_TJfn5qK1Os8HzvQWIBFLhqcu5pQATmZ8QFl8HEp6oSVVetk4wXz14LZVovRCZ2qjWWFksFJMT3Jh7PJxMV014XQJU-ebqGUGxYw8JThq6ttTMIXCYqP_LX5wp7B0jqLCJINVDXEwsBRZtZBO1mIa89NgzqxkVJE8xIPOHrmpyRZ9mHv7R_zgR6cehWTikKAcgBylzaY4Lqh7lwQniGpdvUhMtKJDWdCH2akI8mUCu0otGfm24AAPgiHs4869YvzCF7Op5WVmTnwuaWX8V5fWaeR28AE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQIAKA5gLAcgLAYAMAbATj7XRDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSSwDUE5ymZdW0fuY9fKV2icij4hWLxEoPDjfFvvykvluPFrsbojdLvkqIlcrZx1VHmrpMjH6tKrZIpXlCfJVngC2nluXuOlMAL4Uj7RgB%26sig%3DAOD64_2yVp-lN1gnQBKrBbGrsgj6zFBtBg%26client%3Dca-pub-8964299718266508%26dbm_c%3DAKAmf-DIrTgenLCbylBBuvbNTzbWZ1yNHpNlYphWSHEEElv9lJyo-LlwMjxbepg85l-2yv7b9BY5ucviumcr60-mUVDVzHnXon9pq0VxvH4pyctpTxhuUI1BEP2hSinMenzH3djHfxBbKD4OF-qFnD21MmMIxEiiOJ_5_7907kSwoy6Q_4L_-fo%26cry%3D1%26dbm_d%3DAKAmf-BrXD0UVbAuUvKDVb4lEyyfkSq1bgZzyKfXVRu-rEO3fgRmuARTwo_9eia5R5TepuIpvXD5y090cjywnWw7LxUTgeog1F4-IWRGAreG5YXYNr5V-DGohsXouzlQoFuN-izeF2ZnYHZxrHNnGOS9yeWZptr5b40Yg2T-cSL2FmThjc8HUAba2U_7_twp-XzQwaRPNU6gYu4s2mNqvYY7kT8N2cukJLd8ZIT1LdG4mYD2G6Wwx9sbKnVi3LOSk7_KpXiQHdyWy15kBTHvi2aCA99Ko4uqS5Tfsg7NlRARjz91-HSDX0RJc9MAgoJSHB6j5WQ9x9dLaFM88vlxr6HywsYZU-_oQkGbXzOwU_vIzYclD4-4qmC4ZUgZSYk3CUjKmrBSpfujyqMCs3hpkrJ2jTEw83CPkcRIFFQ8CBFZPB3MW04ElteaZ9DV-GlM__WTVgmXOQZHjrVgL4vRqonhUMUfwbVg0tZ0PJlqiV7GBt_1HUCM3Qc%26adurl%3D&documentReferer=https%3A%2F%2Fm.1news.io%2F&ancestorOrigins=https%3A%2F%2Fm.1news.io&random=4506509189079&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Wed, 15 Feb 2023 19:02:09 +0100

GET
H3 200 6-mBnbZZAXMPHT3hzvxeUCpCwb2zquUgwTdAFaKOTjQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 9F66 36 KB
14 KB 50ms
49ms Script
text/javascript 2a00:1450:400d:804::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/6-mBnbZZAXMPHT3hzvxeUCpCwb2zquUgwTdAFaKOTjQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:804::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ebe9819db65901730f1d3de1cefc5e502a42c1bdb3aae520c1374015a28e4e34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 06:22:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 45596
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14458
x-xss-protection: 0
last-modified: Tue, 07 Feb 2023 17:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 15 Feb 2024 06:22:13 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 07E0 22 KB
8 KB 51ms
50ms Document
text/html 2a00:1450:400d:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:803::2001 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 28540
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 11:06:29 GMT
expires: Thu, 15 Feb 2024 11:06:29 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 6-mBnbZZAXMPHT3hzvxeUCpCwb2zquUgwTdAFaKOTjQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 710D 36 KB
14 KB 47ms
47ms Script
text/javascript 2a00:1450:400d:804::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/6-mBnbZZAXMPHT3hzvxeUCpCwb2zquUgwTdAFaKOTjQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:804::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ebe9819db65901730f1d3de1cefc5e502a42c1bdb3aae520c1374015a28e4e34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 06:22:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 45596
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14458
x-xss-protection: 0
last-modified: Tue, 07 Feb 2023 17:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 15 Feb 2024 06:22:13 GMT

GET
H3 200 6-mBnbZZAXMPHT3hzvxeUCpCwb2zquUgwTdAFaKOTjQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 07E0 36 KB
14 KB 48ms
47ms Script
text/javascript 2a00:1450:400d:804::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/6-mBnbZZAXMPHT3hzvxeUCpCwb2zquUgwTdAFaKOTjQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:804::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ebe9819db65901730f1d3de1cefc5e502a42c1bdb3aae520c1374015a28e4e34

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 06:22:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 45596
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14458
x-xss-protection: 0
last-modified: Tue, 07 Feb 2023 17:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 15 Feb 2024 06:22:13 GMT

GET
H2 200 / Show response
adv.office-partner.de/ Frame 4CDF 930 B
931 B 150ms
6ms Document
text/html 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900025.redintelligence.net
URL: https://hal900025.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=9112260372&subid=&uid=5002fae36cfc198e&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCVVdmMCztY_3iOr7P7_UPlqOnsAWm5b2gaa2VnKfJD_AuEAEg9orHMGCV4pCCoAfIAQmpAgbogTyF5rE-qAMBqgTeAU_QGO0sB42ay6_DtPQMXOPQ7sqx8yJTkWBi_6MVOXlc9OV8t2PyxEgB8K2tL7BICyh7C5O9P_c4NaPAZ3OlAwyqkqUl05DwU_qs1kHUTxm3BfAJmiezaG7nNZ61zr9-DrkSVRwz90Yyc0TzOUIWcwzgDLYjjiiSoYaIClRrwL49Lpm5FEh20kDW3J7MvSkfx-XkRhHP_Vh9sSSMxikxz5U_IjzL8ezwJe638oGFisfsz3nv87nE8OdHqPUr2CDUd6PsWIvSUg14OlLEBIhJyYbS3XoAmQMaUeE3bXhKccAE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQIAKA5gLAcgLAYAMAbATj7XRDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTADUE5ymtOCcHHfih-9BnOgmJ1bzGjh5s9eylvIJLX1ybiXEJTSv-z3KRtaz2TIPAjh0C0p1RrwIRHIZZJjy-p3F-nOEZsqByOWK7WoYAQ%26sig%3DAOD64_03x4QWRXLZKfLp4lJRiFm50h2XPA%26client%3Dca-pub-8964299718266508%26dbm_c%3DAKAmf-Cs9Oy6vEWW4QD5zyuUuPEb7xVz6PxCNRZ2Aaof7udCDLnsTZeHs0u0kWaHh6umk2_LAkQoFyt9oQ6nveLfQuXbippSprrmkKNwIGs3eloryPoqzJypuos-ynJdePi-2mu6aDqzR8lpGL-_8wWlqMRGm5yNUKfU-BB9yedZnB42JBJZPSY%26cry%3D1%26dbm_d%3DAKAmf-AdYZwK_g1UtvMWhWX4w8y8arF9b5iFtJ0TNMrdry4P1fk-mqZtAzvjGIuRppHJ3A8-PL-GA5RQUivSKfSJt2KFCiUHR1cU0JFfO6m22IQjJ57VmJapXBvy19M30f8scQVWRZfkG98eeUNNNE3iwajesbcb3lMCjmOBRik0wKAbFd3LAjc6Ks9ha8L6VP6Lwep55qqvz72nU7Zg_1ROc1jZopBmfeaCm6YQj7OtshEJUV2LXhu-vQXlu-oLiim8fSckqPWkmnXbBU-kpx5F9-fk4kt-jo89rVVUeQygGpetkOfvbWIXAmK0365FD8bZ5wKSwNTau7mGMgkgCqBaeaXzAOtCfjdBU8iJyrX1Us5Q1mKCvhq3GwPr9EcoArLEb2XUPhfH5gC52RLIhP0Bfs6kYcGQeHEIb3ISj-K-ePqCKMUucILTsK4ZuQnPeumyX5CefvrOy7ld_98T6wMsa2bYMCvGvBuPi192r_hkboRv5RLjDEk%26adurl%3D&documentReferer=https%3A%2F%2Fm.1news.io%2F&ancestorOrigins=https%3A%2F%2Fm.1news.io&random=5217845308132&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Wed, 15 Feb 2023 19:02:10 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Wed, 22 Feb 2023 19:02:10 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn-engine
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H2

200

view.aspx Show response
pb.media01.eu/ Frame 30A3
Redirect Chain

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=32370600137523104444554012236025&t=htlp
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=32370600137523104444554012236025&actionid=981741&produktid=&dt_url=

0
605 B

67ms
30ms

Document
text/html

88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=32370600137523104444554012236025&actionid=981741&produktid=&dt_url=

Requested by

Host: hal900025.redintelligence.net
URL: https://hal900025.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=9112260372&subid=&uid=5002fae36cfc198e&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCVVdmMCztY_3iOr7P7_UPlqOnsAWm5b2gaa2VnKfJD_AuEAEg9orHMGCV4pCCoAfIAQmpAgbogTyF5rE-qAMBqgTeAU_QGO0sB42ay6_DtPQMXOPQ7sqx8yJTkWBi_6MVOXlc9OV8t2PyxEgB8K2tL7BICyh7C5O9P_c4NaPAZ3OlAwyqkqUl05DwU_qs1kHUTxm3BfAJmiezaG7nNZ61zr9-DrkSVRwz90Yyc0TzOUIWcwzgDLYjjiiSoYaIClRrwL49Lpm5FEh20kDW3J7MvSkfx-XkRhHP_Vh9sSSMxikxz5U_IjzL8ezwJe638oGFisfsz3nv87nE8OdHqPUr2CDUd6PsWIvSUg14OlLEBIhJyYbS3XoAmQMaUeE3bXhKccAE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQIAKA5gLAcgLAYAMAbATj7XRDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTADUE5ymtOCcHHfih-9BnOgmJ1bzGjh5s9eylvIJLX1ybiXEJTSv-z3KRtaz2TIPAjh0C0p1RrwIRHIZZJjy-p3F-nOEZsqByOWK7WoYAQ%26sig%3DAOD64_03x4QWRXLZKfLp4lJRiFm50h2XPA%26client%3Dca-pub-8964299718266508%26dbm_c%3DAKAmf-Cs9Oy6vEWW4QD5zyuUuPEb7xVz6PxCNRZ2Aaof7udCDLnsTZeHs0u0kWaHh6umk2_LAkQoFyt9oQ6nveLfQuXbippSprrmkKNwIGs3eloryPoqzJypuos-ynJdePi-2mu6aDqzR8lpGL-_8wWlqMRGm5yNUKfU-BB9yedZnB42JBJZPSY%26cry%3D1%26dbm_d%3DAKAmf-AdYZwK_g1UtvMWhWX4w8y8arF9b5iFtJ0TNMrdry4P1fk-mqZtAzvjGIuRppHJ3A8-PL-GA5RQUivSKfSJt2KFCiUHR1cU0JFfO6m22IQjJ57VmJapXBvy19M30f8scQVWRZfkG98eeUNNNE3iwajesbcb3lMCjmOBRik0wKAbFd3LAjc6Ks9ha8L6VP6Lwep55qqvz72nU7Zg_1ROc1jZopBmfeaCm6YQj7OtshEJUV2LXhu-vQXlu-oLiim8fSckqPWkmnXbBU-kpx5F9-fk4kt-jo89rVVUeQygGpetkOfvbWIXAmK0365FD8bZ5wKSwNTau7mGMgkgCqBaeaXzAOtCfjdBU8iJyrX1Us5Q1mKCvhq3GwPr9EcoArLEb2XUPhfH5gC52RLIhP0Bfs6kYcGQeHEIb3ISj-K-ePqCKMUucILTsK4ZuQnPeumyX5CefvrOy7ld_98T6wMsa2bYMCvGvBuPi192r_hkboRv5RLjDEk%26adurl%3D&documentReferer=https%3A%2F%2Fm.1news.io%2F&ancestorOrigins=https%3A%2F%2Fm.1news.io&random=5217845308132&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

88.198.250.30 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88-198-250-30.clients.your-server.de

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
access-control-allow-methods: GET,POST
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 15 Feb 2023 19:02:10 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Wed, 15 Feb 2023 08:02:10 GMT
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
pragma: no-cache
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-xss-protection: 1; mode=block

Redirect headers

Content-Length: 0
Content-Type: application/javascript
Date: Wed, 15 Feb 2023 19:02:10 GMT
Host: pv.medialead.de
Keep-Alive: timeout=20
Location: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=32370600137523104444554012236025&actionid=981741&produktid=&dt_url=
Proxy-Host: pv.medialead.de
Server: nginx/1.17.5
Strict-Transport-Security: max-age=15768000
X-IPLB-Instance: 40028
X-IPLB-Request-ID: B9D59BA2:AB8E_91EFC182:01BB_63ED2C31_8AEB94:C02A

GET
H2 200 link.html Show response
track.webgains.com/ Frame 9D27 2 KB
2 KB 141ms
80ms Script
text/html 18.168.165.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=32370600137523104444554012236025&nw=1
Requested by: Host: m.1news.io
URL: https://m.1news.io/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.168.165.36 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-168-165-36.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: 87123225ca1c1586e780eeb52146d4c0cd4e57fcb4fa4979e2b58fc15ad62f98

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:10 GMT
last-modified: Wed, 15 Feb 2023 19:02:10 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Wed, 15 Feb 2023 19:03:10 GMT

GET
H2

200

activityi;dc_pre=CI2GgL2bmP0CFc3gsgodo0AAeA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5098058904691.731 Show response
5994599.fls.doubleclick.net/ Frame 97F3
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5098058904691.731?
https://5994599.fls.doubleclick.net/activityi;dc_pre=CI2GgL2bmP0CFc3gsgodo0AAeA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5098058904691.731?

391 B
325 B

91ms
90ms

Document
text/html

172.217.20.6
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=CI2GgL2bmP0CFc3gsgodo0AAeA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5098058904691.731?

Requested by

Host: m.1news.io
URL: https://m.1news.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.20.6 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s28-in-f6.1e100.net

Software

cafe /

Resource Hash

94a8746c168d14080b0253387fc11d8dad04f5639da34ad1d7adf4cae9181c3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 216
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 19:02:10 GMT
expires: Wed, 15 Feb 2023 19:02:10 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 19:02:10 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=CI2GgL2bmP0CFc3gsgodo0AAeA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5098058904691.731?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal900025.redintelligence.net/ Frame EB85 7 KB
2 KB 34ms
11ms Document
text/html 138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900025.redintelligence.net/request_content.php?s=32370600137523104444554012236025&a=d102dade
Requested by: Host: hal900025.redintelligence.net
URL: https://hal900025.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=9112260372&subid=&uid=5002fae36cfc198e&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCVVdmMCztY_3iOr7P7_UPlqOnsAWm5b2gaa2VnKfJD_AuEAEg9orHMGCV4pCCoAfIAQmpAgbogTyF5rE-qAMBqgTeAU_QGO0sB42ay6_DtPQMXOPQ7sqx8yJTkWBi_6MVOXlc9OV8t2PyxEgB8K2tL7BICyh7C5O9P_c4NaPAZ3OlAwyqkqUl05DwU_qs1kHUTxm3BfAJmiezaG7nNZ61zr9-DrkSVRwz90Yyc0TzOUIWcwzgDLYjjiiSoYaIClRrwL49Lpm5FEh20kDW3J7MvSkfx-XkRhHP_Vh9sSSMxikxz5U_IjzL8ezwJe638oGFisfsz3nv87nE8OdHqPUr2CDUd6PsWIvSUg14OlLEBIhJyYbS3XoAmQMaUeE3bXhKccAE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQIAKA5gLAcgLAYAMAbATj7XRDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTADUE5ymtOCcHHfih-9BnOgmJ1bzGjh5s9eylvIJLX1ybiXEJTSv-z3KRtaz2TIPAjh0C0p1RrwIRHIZZJjy-p3F-nOEZsqByOWK7WoYAQ%26sig%3DAOD64_03x4QWRXLZKfLp4lJRiFm50h2XPA%26client%3Dca-pub-8964299718266508%26dbm_c%3DAKAmf-Cs9Oy6vEWW4QD5zyuUuPEb7xVz6PxCNRZ2Aaof7udCDLnsTZeHs0u0kWaHh6umk2_LAkQoFyt9oQ6nveLfQuXbippSprrmkKNwIGs3eloryPoqzJypuos-ynJdePi-2mu6aDqzR8lpGL-_8wWlqMRGm5yNUKfU-BB9yedZnB42JBJZPSY%26cry%3D1%26dbm_d%3DAKAmf-AdYZwK_g1UtvMWhWX4w8y8arF9b5iFtJ0TNMrdry4P1fk-mqZtAzvjGIuRppHJ3A8-PL-GA5RQUivSKfSJt2KFCiUHR1cU0JFfO6m22IQjJ57VmJapXBvy19M30f8scQVWRZfkG98eeUNNNE3iwajesbcb3lMCjmOBRik0wKAbFd3LAjc6Ks9ha8L6VP6Lwep55qqvz72nU7Zg_1ROc1jZopBmfeaCm6YQj7OtshEJUV2LXhu-vQXlu-oLiim8fSckqPWkmnXbBU-kpx5F9-fk4kt-jo89rVVUeQygGpetkOfvbWIXAmK0365FD8bZ5wKSwNTau7mGMgkgCqBaeaXzAOtCfjdBU8iJyrX1Us5Q1mKCvhq3GwPr9EcoArLEb2XUPhfH5gC52RLIhP0Bfs6kYcGQeHEIb3ISj-K-ePqCKMUucILTsK4ZuQnPeumyX5CefvrOy7ld_98T6wMsa2bYMCvGvBuPi192r_hkboRv5RLjDEk%26adurl%3D&documentReferer=https%3A%2F%2Fm.1news.io%2F&ancestorOrigins=https%3A%2F%2Fm.1news.io&random=5217845308132&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 82cb6a3cf9acf1b2eb8e78d4f40fc108175fc2e006e8682e4bd6470ca307061f

Request headers

Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2034
Content-Type: text/html; charset=utf-8
Date: Wed, 15 Feb 2023 19:02:09 GMT
Expires: Wed, 15 Feb 2023 19:02:09 +0100
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1

200
OK

native.png
ad-server.eu/wm/pb/ Frame 9D27
Redirect Chain

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=32370600137523104444554012236025
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=32370600137523104444554012236025
https://ad-server.eu/wm/pb/native.png

68 B
312 B

187ms
30ms

Image
image/png

54.76.176.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-server.eu/wm/pb/native.png
Requested by: Host: e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com
URL: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Server: 54.76.176.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com
Software: nginx/1.4.6 (Ubuntu) /
Resource Hash: 93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Date: Wed, 15 Feb 2023 19:04:57 GMT
Last-Modified: Sat, 21 Dec 2019 23:06:59 GMT
Server: nginx/1.4.6 (Ubuntu)
ETag: "5dfea593-44"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 68

Redirect headers

Date: Wed, 15 Feb 2023 19:02:10 GMT
Strict-Transport-Security: max-age=15768000
Server: nginx/1.17.5
Host: pv.medialead.de
X-IPLB-Request-ID: B9D59BA2:AB8E_91EFC182:01BB_63ED2C32_8AEBA4:C02A
X-IPLB-Instance: 40028
Content-Type: application/go
Location: https://ad-server.eu/wm/pb/native.png
Keep-Alive: timeout=20
Content-Length: 0
Proxy-Host: pv.medialead.de

GET
H/1.1

200
OK

inv.gif
img.tradedoubler.com/images/ Frame 9D27
Redirect Chain

https://impfr.tradedoubler.com/imp?type(inv)g(24495172)a(1565155)epi(32370600137523104444554012236025)733249466
https://img.tradedoubler.com/images/inv.gif

43 B
670 B

57ms
7ms

Image
image/gif

65.9.66.127
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.tradedoubler.com/images/inv.gif

Requested by

Host: e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com
URL: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

HTTP/1.1

Server

65.9.66.127 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-66-127.fra56.r.cloudfront.net

Software

Apache /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Date: Sat, 11 Feb 2023 14:37:13 GMT
Strict-Transport-Security: max-age=15552000; includeSubDomains
Via: 1.1 120ade321ed0e3697c81eb1eb19b5f62.cloudfront.net (CloudFront)
X-Content-Type-Options: nosniff
X-Amz-Cf-Pop: FRA56-C1
Age: 361497
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Fri, 19 Nov 2004 15:35:04 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Type: image/gif
Accept-Ranges: bytes
X-Amz-Cf-Id: o6p0zc7uCkOTUEqCyLxB-6fYtSSBt7psBr2LY2JZ4rUoa4gbaVIKBQ==

Redirect headers

pragma: no-cache
date: Wed, 15 Feb 2023 19:02:09 GMT
via: 1.1 google
referrer-policy: origin
server: TXServerHttp
p3p: policyref="http://tracker.tradedoubler.com/w3c/p3p.xml",CP="NOI DSP COR NID CUR OUR NOR"
location: https://img.tradedoubler.com/images/inv.gif
access-control-allow-origin: *
content-type: text/html; charset=ISO-8859-1
cache-control: private, max-age=0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 248

GET
H2 200 / Show response
adv.office-partner.de/ Frame FC6C 930 B
930 B 69ms
7ms Document
text/html 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900021.redintelligence.net
URL: https://hal900021.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=1d6ed175ee&subid=&uid=0a69cf01e8532c8d&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCuiMVMCztY5zdOrLD7_UPibaowAim5b2gaa2VnKfJD_AuEAEg9orHMGCV4pCCoAfIAQmpAgbogTyF5rE-qAMBqgTkAU_QL3CbsoDQ4uDtpwIv4rpBMTos2xiJzGoetrudPeipHLjLsBVKc08fssNxz5tYCNPt4yCtUxBXmlqpLqiGFWLeTUTtWWC1H2C98-QcszPhfxVTQd-_BIVnvB3SI48X2Ix_E-0rWws0UXTpYh7yOJUH-7ZUYsCfI_3hdupz3IlYfEuIlUkE4ZJebgll391xiEtfwinWbVD2sZ08ychDfbu8JgQ5aw9i3PxFfW5PHkjBvc8FbevCSgNfDIOYByDNjbTd4ecr1M8YNadf8GraXLRVbE8hYHSr85dDNxj93AqsoGpcOsAE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQIAKA5gLAcgLAYAMAbATj7XRDtATANgTA9gUAdAVAfgWAYAXAQ%26num%3D1%26cid%3DCAQSTADUE5ymbO6i06_HHDVvUmsHOJYg2BY8AXJJ7HoheChFyvd2825TySFfJmk0qEbVBItLAgBSTfCc9ibXCaeUYtVVLhCGrmwvCIbiLuMYAQ%26sig%3DAOD64_3T5ZoeqeDeeEtWGHrHUpBkIeSxaQ%26client%3Dca-pub-8964299718266508%26dbm_c%3DAKAmf-A_d5pyZ-IioB9iVnyB0JrWS_pU6yJopeXYkKYQZfRESasQATZkp3lhYgQEnc6d0r2Cel9OfIYPR5rVridh0lPkwHi4LbKe-RZ_Iu-LlUe9Ig4PGx76BsHbojJOCJ_87SCYs30kP7ZrQ5EqaNhH2r0pRc1UIfyFaQDjAN5OmCZXarWJ68k%26cry%3D1%26dbm_d%3DAKAmf-Ajs5p9am6kmvtDYaFJe6akxlLmygc8B58YFwuOTwYXk8pEJS3X8F3hzbjCZWFA9ZWm0V5_NPhf4MvP5H19WUrhb321GVtIrYwqfiEA6SY02JY91xdJzmAwo78V6MT84MtceddOC5LUPM5vTEDyo64W1Gx9RTILDLKA6h2sjL9_m0g6O41JU0V0mMJVSiCGqNHYqPLkWautqUEoIpQtXL672X2q_78XjCcFG6ju1TwyuhMDz060PQp4mIAxfuX54meMJiFHLf3oTCS-05VPuKEnAAgFVKFrhazk0dmMayuGgQJrMOVrVW25bm6Tkz1p7KD3RkfJyDCKajkLrT2GjsKW9JTFLF5XghZma4Hh3-Clyoc0UjDR8wJCOm_c1WgkVmFeb8KRxLA0t2_WHnm3ekZxPKgLk0HtOdZynaVzFcYOZnMmjeXfceChwDMQuZNK_VjJYNn1S0VYT7-JHnKiR5w1nPImV08dSMVMqiUsQ0nUkx-M7FQ%26adurl%3D&documentReferer=https%3A%2F%2Fm.1news.io%2F&ancestorOrigins=https%3A%2F%2Fm.1news.io&random=7316120749338&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Wed, 15 Feb 2023 19:02:10 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Wed, 22 Feb 2023 19:02:10 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn-engine
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H2

200

view.aspx Show response
pb.media01.eu/ Frame 81B1
Redirect Chain

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=81219600145809304444554012236021&t=htlp
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=81219600145809304444554012236021&actionid=981741&produktid=&dt_url=

0
89 B

27ms
27ms

Document
text/html

88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=81219600145809304444554012236021&actionid=981741&produktid=&dt_url=

Requested by

Host: hal900021.redintelligence.net
URL: https://hal900021.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=1d6ed175ee&subid=&uid=0a69cf01e8532c8d&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCuiMVMCztY5zdOrLD7_UPibaowAim5b2gaa2VnKfJD_AuEAEg9orHMGCV4pCCoAfIAQmpAgbogTyF5rE-qAMBqgTkAU_QL3CbsoDQ4uDtpwIv4rpBMTos2xiJzGoetrudPeipHLjLsBVKc08fssNxz5tYCNPt4yCtUxBXmlqpLqiGFWLeTUTtWWC1H2C98-QcszPhfxVTQd-_BIVnvB3SI48X2Ix_E-0rWws0UXTpYh7yOJUH-7ZUYsCfI_3hdupz3IlYfEuIlUkE4ZJebgll391xiEtfwinWbVD2sZ08ychDfbu8JgQ5aw9i3PxFfW5PHkjBvc8FbevCSgNfDIOYByDNjbTd4ecr1M8YNadf8GraXLRVbE8hYHSr85dDNxj93AqsoGpcOsAE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQIAKA5gLAcgLAYAMAbATj7XRDtATANgTA9gUAdAVAfgWAYAXAQ%26num%3D1%26cid%3DCAQSTADUE5ymbO6i06_HHDVvUmsHOJYg2BY8AXJJ7HoheChFyvd2825TySFfJmk0qEbVBItLAgBSTfCc9ibXCaeUYtVVLhCGrmwvCIbiLuMYAQ%26sig%3DAOD64_3T5ZoeqeDeeEtWGHrHUpBkIeSxaQ%26client%3Dca-pub-8964299718266508%26dbm_c%3DAKAmf-A_d5pyZ-IioB9iVnyB0JrWS_pU6yJopeXYkKYQZfRESasQATZkp3lhYgQEnc6d0r2Cel9OfIYPR5rVridh0lPkwHi4LbKe-RZ_Iu-LlUe9Ig4PGx76BsHbojJOCJ_87SCYs30kP7ZrQ5EqaNhH2r0pRc1UIfyFaQDjAN5OmCZXarWJ68k%26cry%3D1%26dbm_d%3DAKAmf-Ajs5p9am6kmvtDYaFJe6akxlLmygc8B58YFwuOTwYXk8pEJS3X8F3hzbjCZWFA9ZWm0V5_NPhf4MvP5H19WUrhb321GVtIrYwqfiEA6SY02JY91xdJzmAwo78V6MT84MtceddOC5LUPM5vTEDyo64W1Gx9RTILDLKA6h2sjL9_m0g6O41JU0V0mMJVSiCGqNHYqPLkWautqUEoIpQtXL672X2q_78XjCcFG6ju1TwyuhMDz060PQp4mIAxfuX54meMJiFHLf3oTCS-05VPuKEnAAgFVKFrhazk0dmMayuGgQJrMOVrVW25bm6Tkz1p7KD3RkfJyDCKajkLrT2GjsKW9JTFLF5XghZma4Hh3-Clyoc0UjDR8wJCOm_c1WgkVmFeb8KRxLA0t2_WHnm3ekZxPKgLk0HtOdZynaVzFcYOZnMmjeXfceChwDMQuZNK_VjJYNn1S0VYT7-JHnKiR5w1nPImV08dSMVMqiUsQ0nUkx-M7FQ%26adurl%3D&documentReferer=https%3A%2F%2Fm.1news.io%2F&ancestorOrigins=https%3A%2F%2Fm.1news.io&random=7316120749338&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

88.198.250.30 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88-198-250-30.clients.your-server.de

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
access-control-allow-methods: GET,POST
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 15 Feb 2023 19:02:10 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Wed, 15 Feb 2023 08:02:10 GMT
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
pragma: no-cache
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-xss-protection: 1; mode=block

Redirect headers

Content-Length: 0
Content-Type: application/javascript
Date: Wed, 15 Feb 2023 19:02:10 GMT
Host: pv.medialead.de
Keep-Alive: timeout=20
Location: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=81219600145809304444554012236021&actionid=981741&produktid=&dt_url=
Proxy-Host: pv.medialead.de
Server: nginx/1.17.5
Strict-Transport-Security: max-age=15768000
X-IPLB-Instance: 40027
X-IPLB-Request-ID: B9D59BA2:AC0C_91EFC182:01BB_63ED2C32_8ACC7B:2FD2E

GET
H2 200 link.html Show response
track.webgains.com/ Frame A2AC 2 KB
2 KB 72ms
72ms Script
text/html 18.168.165.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=81219600145809304444554012236021&nw=1
Requested by: Host: m.1news.io
URL: https://m.1news.io/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.168.165.36 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-168-165-36.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: b72ef0a279f1521931abf312b1cebca14f301fb6a36a00a938e811f93b25f429

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:10 GMT
last-modified: Wed, 15 Feb 2023 19:02:10 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Wed, 15 Feb 2023 19:03:10 GMT

GET
H2

200

activityi;dc_pre=CIKGgL2bmP0CFcVLkQUdf_8OQA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=950976410367.7499 Show response
5994599.fls.doubleclick.net/ Frame 87A7
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=950976410367.7499?
https://5994599.fls.doubleclick.net/activityi;dc_pre=CIKGgL2bmP0CFcVLkQUdf_8OQA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=950976410367.7499?

391 B
282 B

127ms
126ms

Document
text/html

172.217.20.6
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=CIKGgL2bmP0CFcVLkQUdf_8OQA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=950976410367.7499?

Requested by

Host: m.1news.io
URL: https://m.1news.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.20.6 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s28-in-f6.1e100.net

Software

cafe /

Resource Hash

2738d09d766e866da48bf73c12b273db6004b5a0bef13a5a0f0253f7db718ac9

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 216
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 19:02:10 GMT
expires: Wed, 15 Feb 2023 19:02:10 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 19:02:10 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=CIKGgL2bmP0CFcVLkQUdf_8OQA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=950976410367.7499?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal900021.redintelligence.net/ Frame 86C7 7 KB
2 KB 36ms
12ms Document
text/html 144.76.238.55
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900021.redintelligence.net/request_content.php?s=81219600145809304444554012236021&a=0040a3e5
Requested by: Host: hal900021.redintelligence.net
URL: https://hal900021.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=1d6ed175ee&subid=&uid=0a69cf01e8532c8d&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCuiMVMCztY5zdOrLD7_UPibaowAim5b2gaa2VnKfJD_AuEAEg9orHMGCV4pCCoAfIAQmpAgbogTyF5rE-qAMBqgTkAU_QL3CbsoDQ4uDtpwIv4rpBMTos2xiJzGoetrudPeipHLjLsBVKc08fssNxz5tYCNPt4yCtUxBXmlqpLqiGFWLeTUTtWWC1H2C98-QcszPhfxVTQd-_BIVnvB3SI48X2Ix_E-0rWws0UXTpYh7yOJUH-7ZUYsCfI_3hdupz3IlYfEuIlUkE4ZJebgll391xiEtfwinWbVD2sZ08ychDfbu8JgQ5aw9i3PxFfW5PHkjBvc8FbevCSgNfDIOYByDNjbTd4ecr1M8YNadf8GraXLRVbE8hYHSr85dDNxj93AqsoGpcOsAE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQIAKA5gLAcgLAYAMAbATj7XRDtATANgTA9gUAdAVAfgWAYAXAQ%26num%3D1%26cid%3DCAQSTADUE5ymbO6i06_HHDVvUmsHOJYg2BY8AXJJ7HoheChFyvd2825TySFfJmk0qEbVBItLAgBSTfCc9ibXCaeUYtVVLhCGrmwvCIbiLuMYAQ%26sig%3DAOD64_3T5ZoeqeDeeEtWGHrHUpBkIeSxaQ%26client%3Dca-pub-8964299718266508%26dbm_c%3DAKAmf-A_d5pyZ-IioB9iVnyB0JrWS_pU6yJopeXYkKYQZfRESasQATZkp3lhYgQEnc6d0r2Cel9OfIYPR5rVridh0lPkwHi4LbKe-RZ_Iu-LlUe9Ig4PGx76BsHbojJOCJ_87SCYs30kP7ZrQ5EqaNhH2r0pRc1UIfyFaQDjAN5OmCZXarWJ68k%26cry%3D1%26dbm_d%3DAKAmf-Ajs5p9am6kmvtDYaFJe6akxlLmygc8B58YFwuOTwYXk8pEJS3X8F3hzbjCZWFA9ZWm0V5_NPhf4MvP5H19WUrhb321GVtIrYwqfiEA6SY02JY91xdJzmAwo78V6MT84MtceddOC5LUPM5vTEDyo64W1Gx9RTILDLKA6h2sjL9_m0g6O41JU0V0mMJVSiCGqNHYqPLkWautqUEoIpQtXL672X2q_78XjCcFG6ju1TwyuhMDz060PQp4mIAxfuX54meMJiFHLf3oTCS-05VPuKEnAAgFVKFrhazk0dmMayuGgQJrMOVrVW25bm6Tkz1p7KD3RkfJyDCKajkLrT2GjsKW9JTFLF5XghZma4Hh3-Clyoc0UjDR8wJCOm_c1WgkVmFeb8KRxLA0t2_WHnm3ekZxPKgLk0HtOdZynaVzFcYOZnMmjeXfceChwDMQuZNK_VjJYNn1S0VYT7-JHnKiR5w1nPImV08dSMVMqiUsQ0nUkx-M7FQ%26adurl%3D&documentReferer=https%3A%2F%2Fm.1news.io%2F&ancestorOrigins=https%3A%2F%2Fm.1news.io&random=7316120749338&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.238.55 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.55.238.76.144.clients.your-server.de
Software: Apache /
Resource Hash: ae04b11524e31d02bd5ad5a2d822497909f1d937fba92b370541f42327d4f5a7

Request headers

Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2053
Content-Type: text/html; charset=utf-8
Date: Wed, 15 Feb 2023 19:02:10 GMT
Expires: Wed, 15 Feb 2023 19:02:10 +0100
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1

200
OK

native.png
ad-server.eu/wm/pb/ Frame A2AC
Redirect Chain

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=81219600145809304444554012236021
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=81219600145809304444554012236021
https://ad-server.eu/wm/pb/native.png

68 B
312 B

155ms
31ms

Image
image/png

54.76.176.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-server.eu/wm/pb/native.png
Requested by: Host: e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com
URL: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Server: 54.76.176.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com
Software: nginx/1.4.6 (Ubuntu) /
Resource Hash: 93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Date: Wed, 15 Feb 2023 19:04:57 GMT
Last-Modified: Sat, 21 Dec 2019 23:06:59 GMT
Server: nginx/1.4.6 (Ubuntu)
ETag: "5dfea593-44"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 68

Redirect headers

Date: Wed, 15 Feb 2023 19:02:10 GMT
Strict-Transport-Security: max-age=15768000
Server: nginx/1.17.5
Host: pv.medialead.de
X-IPLB-Request-ID: B9D59BA2:AC8A_91EFC182:01BB_63ED2C32_8B04C4:C02D
X-IPLB-Instance: 40028
Content-Type: application/go
Location: https://ad-server.eu/wm/pb/native.png
Keep-Alive: timeout=20
Content-Length: 0
Proxy-Host: pv.medialead.de

GET
H/1.1

200
OK

inv.gif
img.tradedoubler.com/images/ Frame A2AC
Redirect Chain

https://impfr.tradedoubler.com/imp?type(inv)g(24495172)a(1565155)epi(81219600145809304444554012236021)503747421
https://img.tradedoubler.com/images/inv.gif

43 B
670 B

57ms
9ms

Image
image/gif

65.9.66.127
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.tradedoubler.com/images/inv.gif

Requested by

Host: e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com
URL: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

HTTP/1.1

Server

65.9.66.127 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-66-127.fra56.r.cloudfront.net

Software

Apache /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Date: Sat, 11 Feb 2023 14:37:13 GMT
Strict-Transport-Security: max-age=15552000; includeSubDomains
Via: 1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
X-Content-Type-Options: nosniff
X-Amz-Cf-Pop: FRA56-C1
Age: 361497
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Fri, 19 Nov 2004 15:35:04 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Type: image/gif
Accept-Ranges: bytes
X-Amz-Cf-Id: _lNoD2xL4tuSH91nnBlcZtU2HhsmL-EIDqa9Dkr6j0sNE0R30ciwmA==

Redirect headers

pragma: no-cache
date: Wed, 15 Feb 2023 19:02:10 GMT
via: 1.1 google
referrer-policy: origin
server: TXServerHttp
p3p: policyref="http://tracker.tradedoubler.com/w3c/p3p.xml",CP="NOI DSP COR NID CUR OUR NOR"
location: https://img.tradedoubler.com/images/inv.gif
access-control-allow-origin: *
content-type: text/html; charset=ISO-8859-1
cache-control: private, max-age=0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 248

GET
DATA 200
OK truncated
/ Frame 9D27 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d6080c0f87866c86f64b87a47bed733e4983b300bbcdcec3bda7acae2748d2f2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 css
fonts.googleapis.com/ Frame EB85 4 KB
724 B 181ms
180ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Requested by

Host: hal900025.redintelligence.net
URL: https://hal900025.redintelligence.net/request_content.php?s=32370600137523104444554012236025&a=d102dade

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

dfa1ecdb69b9ee93e87159bfcd4ad2b1248a7de0d6346fd42e0b600723ae7b6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900025.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 15 Feb 2023 19:02:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 15 Feb 2023 17:54:41 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 15 Feb 2023 19:02:10 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame EB85 16 KB
16 KB 39ms
12ms Image
image/png 138.201.63.165
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal900025.redintelligence.net
URL: https://hal900025.redintelligence.net/request_content.php?s=32370600137523104444554012236025&a=d102dade
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.165 Böblingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.165.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: f560e0707aabd5384e314751113b6169db448e70bbe70cb5c0dd33bc533e20e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900025.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Date: Wed, 15 Feb 2023 19:02:10 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16551
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame EB85 14 KB
14 KB 36ms
12ms Image
image/png 138.201.63.165
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/23333/creativesup/WW-Native-1200x627.jpeg
Requested by: Host: hal900025.redintelligence.net
URL: https://hal900025.redintelligence.net/request_content.php?s=32370600137523104444554012236025&a=d102dade
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.165 Böblingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.165.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 9cc5c0b1e339d2ca20a90c586ffdaee527e10e189f0f29ad4f0989dc1067a034

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900025.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Date: Wed, 15 Feb 2023 19:02:10 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 14291
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame EB85 16 KB
16 KB 39ms
16ms Image
image/png 138.201.63.165
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/postbank_pool_privatkredit_1200x627.jpg
Requested by: Host: hal900025.redintelligence.net
URL: https://hal900025.redintelligence.net/request_content.php?s=32370600137523104444554012236025&a=d102dade
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.165 Böblingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.165.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 55ac05a17562a1bbd8639d0c624d97f6b018416aa7bed16f62a99ae836eeac6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900025.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Date: Wed, 15 Feb 2023 19:02:10 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16269
Vary: Accept-Encoding
Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame A2AC 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 90d58689fe745d2acf48342c94a764c63ecb848098d88e7e1e17f4ce42254410

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 css
fonts.googleapis.com/ Frame 86C7 4 KB
747 B 45ms
45ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Requested by

Host: hal900021.redintelligence.net
URL: https://hal900021.redintelligence.net/request_content.php?s=81219600145809304444554012236021&a=0040a3e5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

dfa1ecdb69b9ee93e87159bfcd4ad2b1248a7de0d6346fd42e0b600723ae7b6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900021.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 15 Feb 2023 19:02:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 15 Feb 2023 17:19:51 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 15 Feb 2023 19:02:10 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 86C7 12 KB
12 KB 56ms
21ms Image
image/png 138.201.63.165
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=100&height=50&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal900021.redintelligence.net
URL: https://hal900021.redintelligence.net/request_content.php?s=81219600145809304444554012236021&a=0040a3e5
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.165 Böblingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.165.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: ef06de3883911216e47c09ef81ddcb81fe02080dff5f85de3522525f2bf462ff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900021.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Date: Wed, 15 Feb 2023 19:02:10 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 12111
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 86C7 10 KB
10 KB 35ms
12ms Image
image/png 138.201.63.165
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=100&height=50&url=https://cdn.contentspread.net/24i/advertiser/23333/creativesup/WW-Native-1200x627.jpeg
Requested by: Host: hal900021.redintelligence.net
URL: https://hal900021.redintelligence.net/request_content.php?s=81219600145809304444554012236021&a=0040a3e5
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.165 Böblingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.165.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: ecba3f6c1b9dcede71a90ebd1675f1587d74698aeff32df7103d5c7237666129

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900021.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Date: Wed, 15 Feb 2023 19:02:10 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 10279
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 86C7 11 KB
12 KB 35ms
12ms Image
image/png 138.201.63.165
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=100&height=50&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/postbank_pool_privatkredit_1200x627.jpg
Requested by: Host: hal900021.redintelligence.net
URL: https://hal900021.redintelligence.net/request_content.php?s=81219600145809304444554012236021&a=0040a3e5
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.165 Böblingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.165.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 3ed8fd0551ba7602d0b55136b78bb7b4321f0875708345d04c99dc1a81ada823

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900021.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Date: Wed, 15 Feb 2023 19:02:10 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 11596
Vary: Accept-Encoding
Content-Type: image/png

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9F66 0
20 B 93ms
92ms Image
image/gif 2a00:1450:400d:804::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BfXVcMSztY-2XI7G89u8P69u50AMAAAAAOAHgBAI&bg=!R0SlRBDNAAYuhb89DoU7ADkAdvg8WvQBbaqpRi_em3zupRUif_b8c-gZqalXS7beZbXlx8VNAUyO0u1uvq-wlqJKexdYU76h2e4CAAAAwlIAAAADaAEHmQMq08ko-BmtLeUFtfNKKbSEEQF54bzM4vzysNUQQRsfiOvN6A_TcuK_EcmvtUCaYhMaSpol-YQJl45pGq0n1t3UJBXIIizJaJlGZNC4wVQynvYHByZLd89cxCWYLj3oub3_EgQZPzKdwdhcu6yryH8rHZ47HlYMgFnlUS_uhlxZbVAOG4XQIS2bs8TJ682iqSWji6GGme8zvQrfkCU7fO-4OAtl31JvvonWmXOCQJZetEtps3BHxW7cwUm8pC1iszpxN8vqVyYFXVvryYvojIXyyNZUBUI7NYDxNAoRCSpEQTBa6GKIC_RS3PlZEp2WO_4bWfJXYtlBsB9QhLXdSwpU9ZFEifqcV4LaAWwjKW9BszqMVOKGzvmBYeYxUerVD5tpWi2mVbGZui9xW_NpsqSuUUY6GYgcr8hEEBkEvV_tNfFqasuBP-Xup9PRuZTs70lXo4K5rlCshj-Zub9xPLhdAQ9l6ZTRBzraLxsrMkWvFAUCX8Nbwd6J_R3lIoa9pTGUKa9KyXkxU6d1QlNztSrlKJTsY11FMvTX39O0TN_gQw8WnrxbMWWR7yYcAdbIRFbg0qOKgCVqOFJ68dNLAUURlzXRYPlsGl_50MjiJh5OufR0tXcdzoet5N0o1a459hNbgaMPIFmUacUsKL-yRjCie861YVXB1EdLGpTrxsLF5npbfUYP6mMw3gST-4WOnDL5xkRybsqlxEK5zqgQHmLY3zEINqdkF9D8NwdTqosr2sZWA3J3XcaN8Dve7e-qRbEVeX8Su5Z0hhbi2mxwmuk6DJwY0XCNsXniraEki2PBlpzqcDYeSIbPCFsuCe-Ez4SQ0dNtbhTVVzNU4K3bI91jVHW__9fscAF4IsIkhxer5pWJx5zU04lGZ8lWHLSQ_NErW3hkSNuisxJUfF20V6Sg9bi17UNreE1juZUQkgO82Q4UDuRg1MdmFg21jcucIT0wTSM1vKke2CYKZWi4C4O3lxj5HbdAapS-_CMy-5G83e6lcM7b_sB1wTUxg3OxfEgJWTa5jjP-ls0I60TiS16mQ3f2IjofKLtPQKxl4opSUTH_QDtHxhF0-0bN

Requested by

Host: e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com
URL: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:804::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 19:02:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame 4CDF 103 KB
40 KB 213ms
70ms Script
application/javascript 2a00:1450:400d:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:808::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

518cab96ff82c5e88247d136acea14a1a43a5a4c439bf44469887f7e61aa90ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:10 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40793
x-xss-protection: 0
last-modified: Wed, 15 Feb 2023 18:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 15 Feb 2023 19:02:10 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame FC6C 103 KB
40 KB 266ms
129ms Script
application/javascript 2a00:1450:400d:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:808::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

da348ae5665e107843ec728a5cbfb3bc3ddf203bf39cc578305c389a6c1b2f7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:10 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40793
x-xss-protection: 0
last-modified: Wed, 15 Feb 2023 18:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 15 Feb 2023 19:02:10 GMT

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 9D27 85 KB
31 KB 91ms
9ms Script
application/javascript 65.9.66.42
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=32370600137523104444554012236025&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-42.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f031d0330fa0902ad02a7158a8b4aa01cefacc0f4743ab7b78f4ed517723d130

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 08:15:14 GMT
content-encoding: gzip
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
last-modified: Fri, 09 Dec 2022 10:53:01 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 38816
etag: W/"0d5045593d14c9612a5d5576928a5209"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: jXZknqX6cOEA7AQlQVBgX6M6F8xD5VwTLopIZjN1QyHNKnTVDEVSRA==

GET
H2 200 1x1.gif
cdn.track.production.webgains.team/7121/ Frame 9D27 85 B
437 B 49ms
12ms Image
image/gif 99.86.4.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1.gif?Expires=1676488030&Signature=Rwt3H2PSrAJbA2CwtNMpv-9Fbkvtw4-yo9SDWS8Hxhv6GX4NJ79-iaDFHXPD1axDM2xIa5icSR-C0-9coztMSVwjxUyG0LQ8ufImArAedbwz6TRDQQD34JgWsa1g4n0sd3z1hHwiAXpp5tGb3T1hLI0GCh4kctzkylclXK4GmpVtxctpqGAkIRV~fOKgvQD7~n~hgn8OzC~02FwWekZJeoh6wcKhvt6NHdFIPbqFipCR1AKmlt5BU7TafQXvw0susD-AlWagijqqDYBuwQ1Mp8HWK61ZBgIJBiWfnFu1x-svfIYc~FfrcTtMQ0hFshzkHRS4m0xctyuxdg--IS4U8Q__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com
URL: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.53 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-53.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 08409d08d8d118c6c6d1c375e079bfce656ac367ff4d1dd9551fff110033c185

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

x-amz-version-id: null
date: Wed, 15 Feb 2023 05:01:47 GMT
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 50427
etag: "70af33d70b6810475aae19743c8c435b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/gif
accept-ranges: bytes
content-length: 85
x-amz-cf-id: _Cq2UKpJVlyqX_ivMFD_cPyLSObMLouNLWPAajCyLJ4ORpsLTLABDw==

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame A2AC 85 KB
31 KB 97ms
15ms Script
application/javascript 65.9.66.42
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=81219600145809304444554012236021&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-42.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f031d0330fa0902ad02a7158a8b4aa01cefacc0f4743ab7b78f4ed517723d130

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 08:15:14 GMT
content-encoding: gzip
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
last-modified: Fri, 09 Dec 2022 10:53:01 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 38816
etag: W/"0d5045593d14c9612a5d5576928a5209"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: ni86jEojzO4N-Ke7vMYGTCZC9xZdA7dMdvucb2cjT0C7_bKFVeO3gQ==

GET
H2 200 1x1.gif
cdn.track.production.webgains.team/7121/ Frame A2AC 85 B
435 B 50ms
13ms Image
image/gif 99.86.4.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1.gif?Expires=1676488030&Signature=Rwt3H2PSrAJbA2CwtNMpv-9Fbkvtw4-yo9SDWS8Hxhv6GX4NJ79-iaDFHXPD1axDM2xIa5icSR-C0-9coztMSVwjxUyG0LQ8ufImArAedbwz6TRDQQD34JgWsa1g4n0sd3z1hHwiAXpp5tGb3T1hLI0GCh4kctzkylclXK4GmpVtxctpqGAkIRV~fOKgvQD7~n~hgn8OzC~02FwWekZJeoh6wcKhvt6NHdFIPbqFipCR1AKmlt5BU7TafQXvw0susD-AlWagijqqDYBuwQ1Mp8HWK61ZBgIJBiWfnFu1x-svfIYc~FfrcTtMQ0hFshzkHRS4m0xctyuxdg--IS4U8Q__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=81219600145809304444554012236021&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.53 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-53.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 08409d08d8d118c6c6d1c375e079bfce656ac367ff4d1dd9551fff110033c185

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

x-amz-version-id: null
date: Wed, 15 Feb 2023 05:01:47 GMT
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 50427
etag: "70af33d70b6810475aae19743c8c435b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/gif
accept-ranges: bytes
content-length: 85
x-amz-cf-id: l2JKwlTKCsg7XIHOlLasv1g1TGAaoHguRGzE5pUFy9WGG82ov2x7Ew==

GET
H/1.1 200
OK viewability Show response
hal900021.redintelligence.net/ Frame 86C7 0
150 B 53ms
27ms Script
text/html 144.76.238.55
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900021.redintelligence.net/viewability?s=81219600145809304444554012236021&a=d7855c98&vb=m
Requested by: Host: hal900021.redintelligence.net
URL: https://hal900021.redintelligence.net/request_content.php?s=81219600145809304444554012236021&a=0040a3e5
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.238.55 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.55.238.76.144.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900021.redintelligence.net/request_content.php?s=81219600145809304444554012236021&a=0040a3e5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Date: Wed, 15 Feb 2023 19:02:10 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v21/ Frame 86C7 13 KB
13 KB 44ms
40ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900021.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 06:36:22 GMT
x-content-type-options: nosniff
age: 131148
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13052
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:09:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 14 Feb 2024 06:36:22 GMT

GET
H3 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v21/ Frame 86C7 13 KB
13 KB 45ms
41ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900021.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Thu, 09 Feb 2023 14:06:25 GMT
x-content-type-options: nosniff
age: 536145
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13036
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:04:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 09 Feb 2024 14:06:25 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 710D 0
20 B 87ms
86ms Image
image/gif 2a00:1450:400d:804::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BlI3pMSztY7DwJc-_9u8PlvSXoAIAAAAAOAHgBAI&bg=!hYalhtLNAAYuhb89DoU7ADkAdvg8WkkubTHbGVYpdcFX7b9IxK0UjLNIiX8a_4zteVfGl16_DjiD9CCQbUsraw8Pac5s1zJzTkoCAAABKFIAAAACaAEHCgA2yRs1SaRAVQGjqmzE2RGIiYJ8EEw4ZfBCQmeX97_og3kO2Xecl-E2RW55AJ0Z6Y4VelwW1YmUmQMzfg49Hmgz1rc6bl4K-XiA1LitaxVEdmBX984lnYeFTDG3Y7FuDe0xngZ3UsEJq_zKYZq-ywGusoRKwjD53QB0VIifNLkbHlCTW68Ouy49khcbdpJS5Y1osMUL5KFIvNA7iMidt6YaeP2Z7wtH-nmm5AWWPmri9ZpvYn9uOuQtcUvr8z0CYA68AoavWx8MG9_jqwjYb6IvZG6fTnI0mDuiu-JUEOlREP--fmtCqRQDYjCjeJO2j3j7ZCIRp-grXY6vYprFqKxFZD3Hbra5YjRCSHARFpljUIb6Cy1Ojx5V2WHS8M8_LF3pzuo9NHI6pgQo0ZEPYl9XkFiwn1a7Z5-urd8B5SiMQoblUcD0SKZ9rQ7ZLqX1LIxbnUSOFeNYILcgzEhukXyhph2OHLPrnjISR4OXEbvAxZafzEkZxXKzpsww8JzvE0Vgjn1JCyeTKe-461pzKJfX5BH8d228NA7BGm5hj-4B0Aj1fnokPCLGo3g3chZL_uUlmQQLRpOJ2u3M-tuUNqAlL5lboAvb_XBcEpPVA-elW9lCeRWIGcPnw_PZLDMZlI7-OhcTFypcZCp2Nm00Usx0VuVgPuR8aI_9DuS_G2HPPCbkVlFNPPL8SkT0UbwPqRc13mwWexQczzuQZGs_lQSScMaC_aaptnYarUnwfIgSBCl54keKKqRaFMmSp8OHA3SJ7ETOFrkHnJXXitA_POXDn3V2_teMrBSW14OAXOFeFQ6P3i9me5SB48VtM_b1Ihx0Bd7dPJm-6EvB6ZJinaNzdMkFGPDW1STKeHh-u3zHL3QmVfyNKxM_IuprizaLSOi-dAMBk6SE3ns3-6fER6xnMwJa3fNF5w7LpbAodRVg17V3SUkrY6CX9CtTIQpCaEi2wAPJHHZlV74HWfK-U7ZrS0xVqaMYQNxZtzrfMn5r6GeicZFItYFUrX3OvkyFvbuv3i7EIF8gOzH2yQBVZlI9nZL2IX9PN7WuBRErrM_LnTfduVWUXi_hOOWJqzMR0nbYCcSJn7HUNcpGXSOUBXv686YMDQFXKVFJ5DjgcmhxEV4RH8ZevgsGyF7c3ZTlcrXJEDvlIIJDSGL3uBsq

Requested by

Host: e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com
URL: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:804::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 19:02:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK viewability Show response
hal900025.redintelligence.net/ Frame EB85 0
150 B 41ms
15ms Script
text/html 138.201.84.245
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900025.redintelligence.net/viewability?s=32370600137523104444554012236025&a=b6945e0f&vb=m
Requested by: Host: hal900025.redintelligence.net
URL: https://hal900025.redintelligence.net/request_content.php?s=32370600137523104444554012236025&a=d102dade
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.245 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.245.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900025.redintelligence.net/request_content.php?s=32370600137523104444554012236025&a=d102dade
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Date: Wed, 15 Feb 2023 19:02:10 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H2 200 / Show response
adv.office-partner.de/ Frame 40EA 930 B
930 B 12ms
5ms Document
text/html 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900018.redintelligence.net
URL: https://hal900018.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=e8113cb082&subid=&uid=0ef6324ecebe8b2b&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCEBGhMCztY6iHO-aF9u8Pzbyk4AWm5b2gaa2VnKfJD_AuEAEg9orHMGCV4pCCoAfIAQmpAgbogTyF5rE-qAMBqgTkAU_QhvajZ140DfCSqqXfueAg_TJfn5qK1Os8HzvQWIBFLhqcu5pQATmZ8QFl8HEp6oSVVetk4wXz14LZVovRCZ2qjWWFksFJMT3Jh7PJxMV014XQJU-ebqGUGxYw8JThq6ttTMIXCYqP_LX5wp7B0jqLCJINVDXEwsBRZtZBO1mIa89NgzqxkVJE8xIPOHrmpyRZ9mHv7R_zgR6cehWTikKAcgBylzaY4Lqh7lwQniGpdvUhMtKJDWdCH2akI8mUCu0otGfm24AAPgiHs4869YvzCF7Op5WVmTnwuaWX8V5fWaeR28AE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQIAKA5gLAcgLAYAMAbATj7XRDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSSwDUE5ymZdW0fuY9fKV2icij4hWLxEoPDjfFvvykvluPFrsbojdLvkqIlcrZx1VHmrpMjH6tKrZIpXlCfJVngC2nluXuOlMAL4Uj7RgB%26sig%3DAOD64_2yVp-lN1gnQBKrBbGrsgj6zFBtBg%26client%3Dca-pub-8964299718266508%26dbm_c%3DAKAmf-DIrTgenLCbylBBuvbNTzbWZ1yNHpNlYphWSHEEElv9lJyo-LlwMjxbepg85l-2yv7b9BY5ucviumcr60-mUVDVzHnXon9pq0VxvH4pyctpTxhuUI1BEP2hSinMenzH3djHfxBbKD4OF-qFnD21MmMIxEiiOJ_5_7907kSwoy6Q_4L_-fo%26cry%3D1%26dbm_d%3DAKAmf-BrXD0UVbAuUvKDVb4lEyyfkSq1bgZzyKfXVRu-rEO3fgRmuARTwo_9eia5R5TepuIpvXD5y090cjywnWw7LxUTgeog1F4-IWRGAreG5YXYNr5V-DGohsXouzlQoFuN-izeF2ZnYHZxrHNnGOS9yeWZptr5b40Yg2T-cSL2FmThjc8HUAba2U_7_twp-XzQwaRPNU6gYu4s2mNqvYY7kT8N2cukJLd8ZIT1LdG4mYD2G6Wwx9sbKnVi3LOSk7_KpXiQHdyWy15kBTHvi2aCA99Ko4uqS5Tfsg7NlRARjz91-HSDX0RJc9MAgoJSHB6j5WQ9x9dLaFM88vlxr6HywsYZU-_oQkGbXzOwU_vIzYclD4-4qmC4ZUgZSYk3CUjKmrBSpfujyqMCs3hpkrJ2jTEw83CPkcRIFFQ8CBFZPB3MW04ElteaZ9DV-GlM__WTVgmXOQZHjrVgL4vRqonhUMUfwbVg0tZ0PJlqiV7GBt_1HUCM3Qc%26adurl%3D&documentReferer=https%3A%2F%2Fm.1news.io%2F&ancestorOrigins=https%3A%2F%2Fm.1news.io&random=4506509189079&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Wed, 15 Feb 2023 19:02:10 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Wed, 22 Feb 2023 19:02:10 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn-engine
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H2

200

view.aspx Show response
pb.media01.eu/ Frame 51F3
Redirect Chain

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=48180000130097204444554012236018&t=htlp
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=48180000130097204444554012236018&actionid=981741&produktid=&dt_url=

0
90 B

31ms
27ms

Document
text/html

88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=48180000130097204444554012236018&actionid=981741&produktid=&dt_url=

Requested by

Host: hal900018.redintelligence.net
URL: https://hal900018.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=e8113cb082&subid=&uid=0ef6324ecebe8b2b&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCEBGhMCztY6iHO-aF9u8Pzbyk4AWm5b2gaa2VnKfJD_AuEAEg9orHMGCV4pCCoAfIAQmpAgbogTyF5rE-qAMBqgTkAU_QhvajZ140DfCSqqXfueAg_TJfn5qK1Os8HzvQWIBFLhqcu5pQATmZ8QFl8HEp6oSVVetk4wXz14LZVovRCZ2qjWWFksFJMT3Jh7PJxMV014XQJU-ebqGUGxYw8JThq6ttTMIXCYqP_LX5wp7B0jqLCJINVDXEwsBRZtZBO1mIa89NgzqxkVJE8xIPOHrmpyRZ9mHv7R_zgR6cehWTikKAcgBylzaY4Lqh7lwQniGpdvUhMtKJDWdCH2akI8mUCu0otGfm24AAPgiHs4869YvzCF7Op5WVmTnwuaWX8V5fWaeR28AE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQIAKA5gLAcgLAYAMAbATj7XRDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSSwDUE5ymZdW0fuY9fKV2icij4hWLxEoPDjfFvvykvluPFrsbojdLvkqIlcrZx1VHmrpMjH6tKrZIpXlCfJVngC2nluXuOlMAL4Uj7RgB%26sig%3DAOD64_2yVp-lN1gnQBKrBbGrsgj6zFBtBg%26client%3Dca-pub-8964299718266508%26dbm_c%3DAKAmf-DIrTgenLCbylBBuvbNTzbWZ1yNHpNlYphWSHEEElv9lJyo-LlwMjxbepg85l-2yv7b9BY5ucviumcr60-mUVDVzHnXon9pq0VxvH4pyctpTxhuUI1BEP2hSinMenzH3djHfxBbKD4OF-qFnD21MmMIxEiiOJ_5_7907kSwoy6Q_4L_-fo%26cry%3D1%26dbm_d%3DAKAmf-BrXD0UVbAuUvKDVb4lEyyfkSq1bgZzyKfXVRu-rEO3fgRmuARTwo_9eia5R5TepuIpvXD5y090cjywnWw7LxUTgeog1F4-IWRGAreG5YXYNr5V-DGohsXouzlQoFuN-izeF2ZnYHZxrHNnGOS9yeWZptr5b40Yg2T-cSL2FmThjc8HUAba2U_7_twp-XzQwaRPNU6gYu4s2mNqvYY7kT8N2cukJLd8ZIT1LdG4mYD2G6Wwx9sbKnVi3LOSk7_KpXiQHdyWy15kBTHvi2aCA99Ko4uqS5Tfsg7NlRARjz91-HSDX0RJc9MAgoJSHB6j5WQ9x9dLaFM88vlxr6HywsYZU-_oQkGbXzOwU_vIzYclD4-4qmC4ZUgZSYk3CUjKmrBSpfujyqMCs3hpkrJ2jTEw83CPkcRIFFQ8CBFZPB3MW04ElteaZ9DV-GlM__WTVgmXOQZHjrVgL4vRqonhUMUfwbVg0tZ0PJlqiV7GBt_1HUCM3Qc%26adurl%3D&documentReferer=https%3A%2F%2Fm.1news.io%2F&ancestorOrigins=https%3A%2F%2Fm.1news.io&random=4506509189079&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

88.198.250.30 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88-198-250-30.clients.your-server.de

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
access-control-allow-methods: GET,POST
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 15 Feb 2023 19:02:10 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Wed, 15 Feb 2023 08:02:10 GMT
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
pragma: no-cache
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-xss-protection: 1; mode=block

Redirect headers

Content-Length: 0
Content-Type: application/javascript
Date: Wed, 15 Feb 2023 19:02:10 GMT
Host: pv.medialead.de
Keep-Alive: timeout=20
Location: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=48180000130097204444554012236018&actionid=981741&produktid=&dt_url=
Proxy-Host: pv.medialead.de
Server: nginx/1.17.5
Strict-Transport-Security: max-age=15768000
X-IPLB-Instance: 40028
X-IPLB-Request-ID: B9D59BA2:AC8A_91EFC182:01BB_63ED2C32_8B04DF:C02D

GET
H2 200 link.html Show response
track.webgains.com/ Frame EDF1 2 KB
2 KB 81ms
79ms Script
text/html 18.168.165.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=2513135&wgcampaignid=99582&js=1&viewref=48180000130097204444554012236018&nw=1
Requested by: Host: m.1news.io
URL: https://m.1news.io/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.168.165.36 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-168-165-36.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: a8f2c681d892f20bf95ef4044c23ecb3b4fd8aa37fc320baa395cc597b8f12ed

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:10 GMT
last-modified: Wed, 15 Feb 2023 19:02:10 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Wed, 15 Feb 2023 19:03:10 GMT

GET
H3

200

activityi;dc_pre=CPm9ir2bmP0CFcFJkQUdG40A9w;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6372379860788.509 Show response
5994599.fls.doubleclick.net/ Frame 66D1
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6372379860788.509?
https://5994599.fls.doubleclick.net/activityi;dc_pre=CPm9ir2bmP0CFcFJkQUdG40A9w;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6372379860788.509?

391 B
237 B

126ms
125ms

Document
text/html

172.217.20.6
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=CPm9ir2bmP0CFcFJkQUdG40A9w;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6372379860788.509?

Requested by

Host: m.1news.io
URL: https://m.1news.io/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.20.6 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s28-in-f6.1e100.net

Software

cafe /

Resource Hash

fec062fcabfc69fb7139bf2840c045b64ef7c02c79918540740c01ef79519252

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 214
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 19:02:10 GMT
expires: Wed, 15 Feb 2023 19:02:10 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 15 Feb 2023 19:02:10 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=CPm9ir2bmP0CFcFJkQUdG40A9w;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6372379860788.509?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal900018.redintelligence.net/ Frame C5DB 7 KB
2 KB 62ms
11ms Document
text/html 144.76.91.199
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900018.redintelligence.net/request_content.php?s=48180000130097204444554012236018&a=c8deb07d
Requested by: Host: hal900018.redintelligence.net
URL: https://hal900018.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=e8113cb082&subid=&uid=0ef6324ecebe8b2b&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCEBGhMCztY6iHO-aF9u8Pzbyk4AWm5b2gaa2VnKfJD_AuEAEg9orHMGCV4pCCoAfIAQmpAgbogTyF5rE-qAMBqgTkAU_QhvajZ140DfCSqqXfueAg_TJfn5qK1Os8HzvQWIBFLhqcu5pQATmZ8QFl8HEp6oSVVetk4wXz14LZVovRCZ2qjWWFksFJMT3Jh7PJxMV014XQJU-ebqGUGxYw8JThq6ttTMIXCYqP_LX5wp7B0jqLCJINVDXEwsBRZtZBO1mIa89NgzqxkVJE8xIPOHrmpyRZ9mHv7R_zgR6cehWTikKAcgBylzaY4Lqh7lwQniGpdvUhMtKJDWdCH2akI8mUCu0otGfm24AAPgiHs4869YvzCF7Op5WVmTnwuaWX8V5fWaeR28AE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQIAKA5gLAcgLAYAMAbATj7XRDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSSwDUE5ymZdW0fuY9fKV2icij4hWLxEoPDjfFvvykvluPFrsbojdLvkqIlcrZx1VHmrpMjH6tKrZIpXlCfJVngC2nluXuOlMAL4Uj7RgB%26sig%3DAOD64_2yVp-lN1gnQBKrBbGrsgj6zFBtBg%26client%3Dca-pub-8964299718266508%26dbm_c%3DAKAmf-DIrTgenLCbylBBuvbNTzbWZ1yNHpNlYphWSHEEElv9lJyo-LlwMjxbepg85l-2yv7b9BY5ucviumcr60-mUVDVzHnXon9pq0VxvH4pyctpTxhuUI1BEP2hSinMenzH3djHfxBbKD4OF-qFnD21MmMIxEiiOJ_5_7907kSwoy6Q_4L_-fo%26cry%3D1%26dbm_d%3DAKAmf-BrXD0UVbAuUvKDVb4lEyyfkSq1bgZzyKfXVRu-rEO3fgRmuARTwo_9eia5R5TepuIpvXD5y090cjywnWw7LxUTgeog1F4-IWRGAreG5YXYNr5V-DGohsXouzlQoFuN-izeF2ZnYHZxrHNnGOS9yeWZptr5b40Yg2T-cSL2FmThjc8HUAba2U_7_twp-XzQwaRPNU6gYu4s2mNqvYY7kT8N2cukJLd8ZIT1LdG4mYD2G6Wwx9sbKnVi3LOSk7_KpXiQHdyWy15kBTHvi2aCA99Ko4uqS5Tfsg7NlRARjz91-HSDX0RJc9MAgoJSHB6j5WQ9x9dLaFM88vlxr6HywsYZU-_oQkGbXzOwU_vIzYclD4-4qmC4ZUgZSYk3CUjKmrBSpfujyqMCs3hpkrJ2jTEw83CPkcRIFFQ8CBFZPB3MW04ElteaZ9DV-GlM__WTVgmXOQZHjrVgL4vRqonhUMUfwbVg0tZ0PJlqiV7GBt_1HUCM3Qc%26adurl%3D&documentReferer=https%3A%2F%2Fm.1news.io%2F&ancestorOrigins=https%3A%2F%2Fm.1news.io&random=4506509189079&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.91.199 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.199.91.76.144.clients.your-server.de
Software: Apache /
Resource Hash: c93f8218f35b11bb153899ed34a63f0d731985dfcf7dd78dd379edadb287bd5e

Request headers

Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2016
Content-Type: text/html; charset=utf-8
Date: Wed, 15 Feb 2023 19:02:10 GMT
Expires: Wed, 15 Feb 2023 19:02:10 +0100
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1

200
OK

native.png
ad-server.eu/wm/pb/ Frame EDF1
Redirect Chain

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=48180000130097204444554012236018
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=48180000130097204444554012236018
https://ad-server.eu/wm/pb/native.png

68 B
312 B

30ms
29ms

Image
image/png

54.76.176.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-server.eu/wm/pb/native.png
Requested by: Host: e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com
URL: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Server: 54.76.176.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com
Software: nginx/1.4.6 (Ubuntu) /
Resource Hash: 93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Date: Wed, 15 Feb 2023 19:04:57 GMT
Last-Modified: Sat, 21 Dec 2019 23:06:59 GMT
Server: nginx/1.4.6 (Ubuntu)
ETag: "5dfea593-44"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 68

Redirect headers

Date: Wed, 15 Feb 2023 19:02:10 GMT
Strict-Transport-Security: max-age=15768000
Server: nginx/1.17.5
Host: pv.medialead.de
X-IPLB-Request-ID: B9D59BA2:AC8A_91EFC182:01BB_63ED2C32_8B04EB:C02D
X-IPLB-Instance: 40028
Content-Type: application/go
Location: https://ad-server.eu/wm/pb/native.png
Keep-Alive: timeout=20
Content-Length: 0
Proxy-Host: pv.medialead.de

GET
H/1.1

200
OK

inv.gif
img.tradedoubler.com/images/ Frame EDF1
Redirect Chain

https://impfr.tradedoubler.com/imp?type(inv)g(24495172)a(1565155)epi(48180000130097204444554012236018)742007839
https://img.tradedoubler.com/images/inv.gif

43 B
670 B

9ms
9ms

Image
image/gif

65.9.66.127
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.tradedoubler.com/images/inv.gif

Requested by

Host: e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com
URL: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

HTTP/1.1

Server

65.9.66.127 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-66-127.fra56.r.cloudfront.net

Software

Apache /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Date: Sat, 11 Feb 2023 14:37:13 GMT
Strict-Transport-Security: max-age=15552000; includeSubDomains
Via: 1.1 5ab5e654a3dc7079aad7ac64ec697d82.cloudfront.net (CloudFront)
X-Content-Type-Options: nosniff
X-Amz-Cf-Pop: FRA56-C1
Age: 361497
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Fri, 19 Nov 2004 15:35:04 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Type: image/gif
Accept-Ranges: bytes
X-Amz-Cf-Id: 9N1C1IMrRbQrBcIeLZEQnJnXOVs9wvT-RlKyvT2mVvAeBCD4EiD3ig==

Redirect headers

pragma: no-cache
date: Wed, 15 Feb 2023 19:02:09 GMT
via: 1.1 google
referrer-policy: origin
server: TXServerHttp
p3p: policyref="http://tracker.tradedoubler.com/w3c/p3p.xml",CP="NOI DSP COR NID CUR OUR NOR"
location: https://img.tradedoubler.com/images/inv.gif
access-control-allow-origin: *
content-type: text/html; charset=ISO-8859-1
cache-control: private, max-age=0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 248

GET
H3 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v21/ Frame EB85 13 KB
13 KB 47ms
39ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900025.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 06:36:22 GMT
x-content-type-options: nosniff
age: 131148
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13052
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:09:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 14 Feb 2024 06:36:22 GMT

GET
H3 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v21/ Frame EB85 13 KB
13 KB 55ms
45ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900025.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Thu, 09 Feb 2023 14:06:25 GMT
x-content-type-options: nosniff
age: 536145
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13036
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:04:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 09 Feb 2024 14:06:25 GMT

GET
DATA 200
OK truncated
/ Frame EDF1 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7cdb09cf6b436702c34edff3f215d0389c5bc4c5a9834149e869ae9a45a5c012

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 dc_pre=CI2GgL2bmP0CFc3gsgodo0AAeA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5098058904691.731
adservice.google.com/ddm/fls/z/ Frame 97F3 42 B
262 B 74ms
74ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CI2GgL2bmP0CFc3gsgodo0AAeA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5098058904691.731

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=CI2GgL2bmP0CFc3gsgodo0AAeA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5098058904691.731?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 19:02:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame 40EA 103 KB
40 KB 147ms
147ms Script
application/javascript 2a00:1450:400d:808::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:808::2008 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

518cab96ff82c5e88247d136acea14a1a43a5a4c439bf44469887f7e61aa90ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 19:02:10 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40793
x-xss-protection: 0
last-modified: Wed, 15 Feb 2023 18:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 15 Feb 2023 19:02:10 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 82ms
81ms Image
text/html 2a00:1450:400d:804::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2023021301&jk=3173225333372820&bg=!Dg2lDVnNAAYuhb89DoU7ADkAdvg8WtyAeayzDUhFiXMxc76XR0frySTyxU1D8cppGWuWRP81olXvTMQMK4MD5WiAZ8_63Te3rtACAAAAdVIAAAACaAEHCgB2MeCVT524OGZ9N8iObiwWWXuYiaZ7xFxpqPqNIGpqV8G3eY87PYyeJP2a3K2Eccu_nSbP8R-u3xxRWRm7MzFyaWtev_o7bzED0U3WRaDUb1ZEeyZUhOJOGKPSo0yOYdGaHaPSs4zQ7pg9be2HrMQw8Ik4rIAZWpkCxpBrgNSmM0u-YHmPONe3YKhTSVkJ-CkqOCNNECHKQBauJH0bt_ArgRCYj4YJHqxfLHAj6vHUy6L-0BSpdUNtOlzST9LJ_oR0KrnQWbGdxxMEy1GieIt7xCOv57lBZIENXCCh5HYkC4Zqxojd-4tUcXSfYaZ4kWVhfyUl52dW3uzLv2Bpyh4GGfoDnHBxP0uK6jsiyPh40rKG-5mozXv4ksiw7Ll6w8Va_ModmBeaRCKwj8zfTEKwd4uixOsatO5Gm-sJiAotZCEH1zajPyRaOQQyretKFPn72BoihXIQN2A7fhz_W4MNSoYlKwpoul_YJmKhvRidG4V-lzeYFOv3kemtTuTNrkqzwT1EA98g_Tbuo-AUSZJfw1ZzL0AwdPj8LN-zDtgrJwRPz-XV2xnY4Dgrm9K1UE7AALNJe-iIAWFyUbPIBmVwILZNSTcxt6HHtKyz6J96gJXNjogZOXLZQYqYyZ6t9EkV-8pYQ7ICY9dHj9MW-6hkdH4w4TmGJpf5C3jercQvlfByptbJpX0wbuZoFM1CbEdUYzADbnxfsDpMkoKWaJUrnh_aLc6c_75u_LvyitCWrrbVnMsHKp4YPfhQ2upGUZz_ztrPuSur252tuyN6PY7ZvriMOeztHSyDP5noR3y6FAsEaxv7WVs10DGroYVAcJN89nkTlcJJt0C9Kv03iSUNDRZFVnbJFyOzC90oj3IJ2WEVd9izNvAjmI1LNg7A1r0VrdRB2lU0buYVdsejAG3i9ecPzE0nBhMkLGTgeqShTUj3P2K0Eneq5bQHzbncCbhHgxfMtRZWc1KRzhTkiLC7osQUtXBbke4iZlCvpCpFCyoM9aS6S14qZBOvUoW9PW1HbK4ePpUd9hpxIp_w-xzGjVu0b7T1siUEc5SPu_RPEAV9MA6CIsiukjCPtdVMuoaQxNIV9MCHGbeEsynbmI7H
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:804::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://m.1news.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

GET
H2 200 dc_pre=CIKGgL2bmP0CFcVLkQUdf_8OQA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=950976410367.7499
adservice.google.com/ddm/fls/z/ Frame 87A7 42 B
107 B 77ms
76ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CIKGgL2bmP0CFcVLkQUdf_8OQA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=950976410367.7499

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=CIKGgL2bmP0CFcVLkQUdf_8OQA;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=950976410367.7499?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 19:02:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame C5DB 4 KB
651 B 49ms
48ms Stylesheet
text/css 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Requested by

Host: hal900018.redintelligence.net
URL: https://hal900018.redintelligence.net/request_content.php?s=48180000130097204444554012236018&a=c8deb07d

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

dfa1ecdb69b9ee93e87159bfcd4ad2b1248a7de0d6346fd42e0b600723ae7b6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900018.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 15 Feb 2023 19:02:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 15 Feb 2023 18:13:04 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 15 Feb 2023 19:02:10 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame C5DB 16 KB
16 KB 37ms
12ms Image
image/png 138.201.63.165
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal900018.redintelligence.net
URL: https://hal900018.redintelligence.net/request_content.php?s=48180000130097204444554012236018&a=c8deb07d
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.165 Böblingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.165.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: f560e0707aabd5384e314751113b6169db448e70bbe70cb5c0dd33bc533e20e1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900018.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Date: Wed, 15 Feb 2023 19:02:10 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16551
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame C5DB 18 KB
18 KB 43ms
14ms Image
image/png 138.201.63.165
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/23333/creativesup/1200x627_Matthias.jpg
Requested by: Host: hal900018.redintelligence.net
URL: https://hal900018.redintelligence.net/request_content.php?s=48180000130097204444554012236018&a=c8deb07d
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.165 Böblingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.165.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 1d721d20a56901197d8037678930dbf051ce0f53f5f0eff957767b36026028a8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900018.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Date: Wed, 15 Feb 2023 19:02:10 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 18621
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame C5DB 16 KB
16 KB 44ms
15ms Image
image/png 138.201.63.165
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/postbank_pool_privatkredit_1200x627.jpg
Requested by: Host: hal900018.redintelligence.net
URL: https://hal900018.redintelligence.net/request_content.php?s=48180000130097204444554012236018&a=c8deb07d
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.165 Böblingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.165.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 55ac05a17562a1bbd8639d0c624d97f6b018416aa7bed16f62a99ae836eeac6b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900018.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Date: Wed, 15 Feb 2023 19:02:10 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16269
Vary: Accept-Encoding
Content-Type: image/png

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame EDF1 85 KB
31 KB 11ms
10ms Script
application/javascript 65.9.66.42
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513135&wgcampaignid=99582&js=1&viewref=48180000130097204444554012236018&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-42.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f031d0330fa0902ad02a7158a8b4aa01cefacc0f4743ab7b78f4ed517723d130

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Wed, 15 Feb 2023 08:15:14 GMT
content-encoding: gzip
via: 1.1 35a6ad9a7597ea2f4dacbdb5dc66a66c.cloudfront.net (CloudFront)
last-modified: Fri, 09 Dec 2022 10:53:01 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 38816
etag: W/"0d5045593d14c9612a5d5576928a5209"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: e1kOLTSRkkK67VPWgEPzL4OW-wgf5Ljq-qQehuq58IkFjdm5T3Apmw==

GET
H2 200 1x1.png
cdn.track.production.webgains.team/7121/ Frame EDF1 3 KB
3 KB 9ms
8ms Image
image/png 99.86.4.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1.png?Expires=1676488030&Signature=pohrpfDeav1P~AYia-GnmSJ40GLlmykCkgtai2TOhBztHm18CpKutqO04ytzGBeeLmzUPlooBL1bzmn0GbR14a2Ds1vxTsc6ZcRxU-VVEdeKyACZhQ5OpSZOOSC1n8HrlQoMBh3ZXzfNu81J3LIduJPo8ko7AZvNVo~f0FvQteL-Z9Yo0c0waA5HQ5vJWikHDSHoCQX8TTRUhNRShx0BzbDXEzqKqyzGuCeUqsaMBoxZWhlm5nUioszyu2RGsKbZJmqRiHZID~55f9xWOfuYUeW1sn6KiYsCpquzL7CGQasAhftDeTIcRz5lbCRtn1rNflzPxIErPbpWBH8Zncf2nQ__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com
URL: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.53 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-53.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

x-amz-version-id: null
date: Wed, 15 Feb 2023 02:33:18 GMT
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 59333
etag: "4e57de0506fbdb487ffcd53b450caee1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 2808
x-amz-cf-id: K4Kojc06mWE5ZWQObc30JOKRWzQZ_XWei_nlfQvBUshOcujTywm-dA==

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 07E0 0
20 B 82ms
81ms Image
image/gif 2a00:1450:400d:804::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bs6cjMSztY_XpKNCX3gPW9IyYCQAAAAA4AeAEAg&bg=!LyylLHjNAAYuhb89DoU7ADkAdvg8WvxSLarj5yeIGbyQfDa1Su7JTMe07GYoUD1T1f__xletdj9sYk0sBJN6Un5sUC96gy-knIACAAABUVIAAAACaAEHmQMZByoQjds2GZQTl9uCReF3ZaqbcObYJyqJNIAndYTrvHBCQQlwumRF9GoIbSQihtw5DDbedpTHBYnwRRaTEt0oLta1W-dCz97Fwb6pP1pLcJN1eQJaOXObVy9730Oj-a9DZE0mwgKarD11uAYhV7oHfw4RdMSYmV2RHBp4nMhZDmqoDAyQLv2CrQ0t4GDV6ZVggf3mpogkMwOM1DPahUPPNCIFmQuBdCpMOwrqtTLcyQgvGOwdNWeKJhOXY0KitOFU5mBxSybit70Nyl37PzDQENcPUoCG_GQ09OPUxD7VWpYmT3zylB5KLIgIMOKZntLeFH4gbImemZhJ3WQZaIoFD0XbfRn0tqI5i8bTYczvmRhlMC7tGDp_-8_3uX-e99Y_QK_hloABAFr1K1RHvQ8DEMzkNVYI3gpYVQcZhisQmusc6Ktw_NavoWsnSKU1s6_QLRdHXpTusVqXZ81kFDdyRwYZbBoLk1PcFFolPBFsVxih0cDVU8vA1VVLQUNiKkjjjJ02pYlNxNW18unZGEThyxrZSkYpOJqX8MYhCrprJgOVW0-xYIXogmY3JF_h_GrXqofyvjhUX1MH4E2JK_je1epP6gc07UyVMAJErhEJnr-bDCk3dSGiYmlbvH7b2t439EPMp1LcVWcpwFe7PjMrQG1eSTuceMb4dGxCrcmikamkQh10Y53HL0M2aMVsMOXB6rI7iIEba9saFk-gA3IFJd0hk7GmedLc0xQfp1PVzkZPFyFwEg-z6ca8QAMyt1-x33jwuPGNzYisMgfdSmcP9jmyjz2yEG807Wf1B0Qx5W7a6h0yHMCcE6DrbV9t-opN6T57wLG2KX6GmUYsoQPn-dsprtC7r_RsaqhvIepNE_HQf2VpunMKgTx7EXCVffDFIREFEC1ym_sB8pHSQM2MELEp8IUAolGJaqgPTjBny8Hcz2WtpQiqEDraeibfukiKanuQJgQicKU8c4uA4Zx9E4AdIC6gfb-leZ4JX8NrtjydHWyU_O2dCBgYXD7xcgVJjfkqA3RtnYeqeOj9Bc337nw3_stqqoZ5MA

Requested by

Host: e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com
URL: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:804::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 19:02:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK viewability Show response
hal900018.redintelligence.net/ Frame C5DB 0
150 B 35ms
12ms Script
text/html 144.76.91.199
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900018.redintelligence.net/viewability?s=48180000130097204444554012236018&a=0147f77e&vb=m
Requested by: Host: hal900018.redintelligence.net
URL: https://hal900018.redintelligence.net/request_content.php?s=48180000130097204444554012236018&a=c8deb07d
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 144.76.91.199 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.199.91.76.144.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900018.redintelligence.net/request_content.php?s=48180000130097204444554012236018&a=c8deb07d
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Date: Wed, 15 Feb 2023 19:02:10 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v21/ Frame C5DB 13 KB
13 KB 39ms
38ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900018.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Tue, 14 Feb 2023 06:36:22 GMT
x-content-type-options: nosniff
age: 131148
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13052
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:09:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 14 Feb 2024 06:36:22 GMT

GET
H3 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v21/ Frame C5DB 13 KB
13 KB 40ms
39ms Font
font/woff2 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900018.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

date: Thu, 09 Feb 2023 14:06:25 GMT
x-content-type-options: nosniff
age: 536145
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13036
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:04:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 09 Feb 2024 14:06:25 GMT

GET
H3 200 dc_pre=CPm9ir2bmP0CFcFJkQUdG40A9w;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6372379860788.509
adservice.google.com/ddm/fls/z/ Frame 66D1 42 B
63 B 73ms
73ms Image
image/gif 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CPm9ir2bmP0CFcFJkQUdG40A9w;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6372379860788.509

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=CPm9ir2bmP0CFcFJkQUdG40A9w;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6372379860788.509?

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 19:02:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9D27 0
20 B 146ms
146ms Ping
image/gif 2a00:1450:400d:804::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=576002270763&version=m202301230201&ct=77&x=1&cor=18437685158599475000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:804::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 19:02:11 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A2AC 0
20 B 124ms
124ms Ping
image/gif 2a00:1450:400d:804::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=1675432102544&version=m202301300101&ct=77&x=1&cor=16828254459655858000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:804::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 19:02:11 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame EDF1 0
20 B 96ms
96ms Ping
image/gif 2a00:1450:400d:804::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=329601202115&version=m202301230201&ct=77&x=1&cor=2134767062722660900

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:804::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 15 Feb 2023 19:02:11 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame EDF1 16 B
232 B 88ms
87ms Fetch
application/json 18.169.219.247
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.169.219.247 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-169-219-247.eu-west-2.compute.amazonaws.com

Software

nginx / PHP/7.4.26

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 15 Feb 2023 19:02:12 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/7.4.26
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 499ms
17ms Preflight 18.169.219.247
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.169.219.247 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-169-219-247.eu-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Wed, 15 Feb 2023 19:02:12 GMT
server: nginx

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 9D27 16 B
232 B 71ms
71ms Fetch
application/json 18.169.219.247
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.169.219.247 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-169-219-247.eu-west-2.compute.amazonaws.com

Software

nginx / PHP/7.4.26

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 15 Feb 2023 19:02:12 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/7.4.26
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame A2AC 16 B
232 B 65ms
65ms Fetch
application/json 18.169.219.247
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.169.219.247 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-169-219-247.eu-west-2.compute.amazonaws.com

Software

nginx / PHP/7.4.26

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 15 Feb 2023 19:02:12 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/7.4.26
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 480ms
18ms Preflight 18.169.219.247
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.169.219.247 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-169-219-247.eu-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Wed, 15 Feb 2023 19:02:12 GMT
server: nginx

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 473ms
18ms Preflight 18.169.219.247
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.169.219.247 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-169-219-247.eu-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Wed, 15 Feb 2023 19:02:12 GMT
server: nginx

Verdicts & Comments Add Verdict or Comment

46 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

22 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
m.1news.io/	1970-01-20 19:17:27	Name: visitorId Value: 9a948edf-a92f-450f-9287-f8b098763739
m.1news.io/	1970-01-20 18:27:03	Name: homepage-variantNo Value: 1
m.1news.io/	1970-01-20 18:27:03	Name: homepage-testDate Value: 2019-03-19T14%3A39%3A27Z
m.1news.io/	1970-01-20 18:27:03	Name: homepage-testVersion Value: 1
m.1news.io/	1969-12-31 23:59:59	Name: connect.sid Value: s%3ANbU0vzCcslmjy5l3rnyFCq_eNsgZvwN5.U91o1rYOlAu1nBv4u3imd9w20qejER%2FerYAa8qHYPzQ
.1news.io/	1970-01-20 19:17:27	Name: _ga Value: GA1.2.524181183.1676487728
.1news.io/	1970-01-20 09:42:54	Name: _gid Value: GA1.2.837768997.1676487728
api.airfind.com/	1970-01-20 19:17:27	Name: visitorId Value: c7634da0-5e28-4d19-86b1-261b2a131045
.1news.io/	1970-01-20 19:03:03	Name: __gads Value: ID=394bb9da57815894:T=1676487728:S=ALNI_MZg7YLSA3G0PgMT7pi7pBGf357_BQ
.1news.io/	1970-01-20 19:03:03	Name: __gpi Value: UID=00000bb733eb4afb:T=1676487728:RT=1676487728:S=ALNI_MYmT6hziHkHFW1w5c0hLr7xs9TNIg
.doubleclick.net/	1970-01-20 19:03:03	Name: IDE Value: AHWqTUmyPcVyQ6cvHZf9eLIBxLh5-RoLijGK9yEQKe7OkQVWwQmlYnagVw6g7-c-
.casalemedia.com/	1970-01-20 18:27:03	Name: CMID Value: Y.0sMfe.FPsdR4yCXzHdIQAA
.casalemedia.com/	1970-01-20 11:51:03	Name: CMPS Value: 1136
.casalemedia.com/	1970-01-20 11:51:03	Name: CMPRO Value: 1136
.adnxs.com/	1970-01-20 11:51:03	Name: uuid2 Value: 4892100912547851776
.adnxs.com/	1970-01-20 11:51:03	Name: anj Value: dTM7k!M41.D>6NRF']wIg2IledtrLo!]tbPl1M>e)ZlrFUfJ+tGXxou?l.xiIMp3?:>Eh'[+PD(QqFUAYvoymBR[:e3If)y3KL9D3I?+e*+Jom
.tradedoubler.com/	1970-01-20 18:27:03	Name: UI Value: 1z11zzybz2ECHfEztbDyOFu2
.tradedoubler.com/	1970-01-20 18:27:03	Name: BT Value: 1z11zzybzo0MlTzdhwBUibzzGx1y2x1yIx1y3x1yJx1yKx1y5x1y6x1y8x1yAx1yBx1yDx1z9ydhwBUib
pb.media01.eu/	1970-01-20 19:17:27	Name: DTU Value: D5394D1043C37595CA26B962F73440A4
.redintelligence.net/	1970-01-20 11:51:03	Name: 8lcfmzhxc8d6_uid Value: 125240412a515c59
.tradedoubler.com/	1970-01-20 18:27:03	Name: PI Value: 1z11z1zybzRBYE4z7ab3y1y21FmOy1FRDyyy7WPTyvUky2KKquGyyEl3nt%7aksZveNf%7aXKUKcY5nVaIr1T3GlSFE7Ch1aFKKwTQeq1JP%78hWtowy
.office-partner.de/	1970-01-20 19:17:27	Name: source Value: {"webgains_webgains":{"timestamp":1676487730528,"clickCookie":false}}

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5994599.fls.doubleclick.net
ad-server.eu
adservice.google.com
adservice.google.de
adv.office-partner.de
ajax.aspnetcdn.com
analytics.webgains.io
api.airfind.com
api.webgains.io
cdn.airfind.com
cdn.track.production.webgains.team
cm.g.doubleclick.net
dsum-sec.casalemedia.com
e77029dfd32336c5331742c4672b8c69.safeframe.googlesyndication.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
h6.msn.com
hal9000.redintelligence.net
hal900018.redintelligence.net
hal900021.redintelligence.net
hal900025.redintelligence.net
ib.adnxs.com
img-s-msn-com.akamaized.net
img.tradedoubler.com
impfr.tradedoubler.com
m.1news.io
medialead.de
pagead2.googlesyndication.com
pb.media01.eu
pv.medialead.de
securepubads.g.doubleclick.net
tpc.googlesyndication.com
track.webgains.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
104.236.135.234
138.201.63.165
138.201.84.245
142.250.186.98
144.76.238.55
144.76.91.199
145.239.193.130
151.139.128.10
152.199.19.160
172.217.20.6
18.168.165.36
18.169.219.247
185.80.39.216
192.241.228.85
192.241.229.243
23.35.236.6
2a00:1450:4001:800::200a
2a00:1450:4001:803::2002
2a00:1450:4001:80b::2002
2a00:1450:4001:827::2003
2a00:1450:4001:82f::2002
2a00:1450:4001:830::2002
2a00:1450:400d:803::2001
2a00:1450:400d:804::2002
2a00:1450:400d:806::200e
2a00:1450:400d:808::2008
2a00:1450:400d:80d::2004
2a02:26f0:11a::217:9a40
2a0b:4d07:102::1
35.186.231.97
37.252.171.149
54.76.176.197
65.9.66.127
65.9.66.42
88.198.250.30
94.23.99.218
99.86.4.53
0158a7a3fd4a43fd01c6051d73c8507d87989abb39e83b3dbb8e3fe806ef77cc
04dd1d5290e7b68a919567168c2b151065b045b6beed3a5727adaecb74d998e8
06f90727a223e816ebd38bf1b40c2544a8f696702efdfecfc40cdf7c47a8397d
08409d08d8d118c6c6d1c375e079bfce656ac367ff4d1dd9551fff110033c185
0937a8903ce9027c6f433ddda4c1c9df0c5e6d64aea3696396b0c22c0e85661a
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0cc83a313a235229a8f43a19ad41feb5849f07ba686a525f5408ce5a5dc85485
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
12b3abfa632b22093e49df95f815ac6bc760b37f24139300b77af9fb802c3dc8
1310df84d86661af75c0dd31e09305268e78b73a8e7a06c654b47931a3c8fd43
16b432ac8f43a6b2d8aa358f41ee60e2ef5923b2645bf2c37f3a06f8334b1557
16cda90d3670cb127f01f5737fce9e862eb960617e496a951f9aa3e8026755e0
1d721d20a56901197d8037678930dbf051ce0f53f5f0eff957767b36026028a8
1ed4c4303f72a672fd5cc2d66e9d02d13f97bbacf8eafe09099824dddfb10a60
1fd1d0da3e2c17d770a16dfbaedcd8d29a22873dcfd1678ad7f89600dc94ec8e
227e338bee797a90455672420557e82c8cf038b363d97b55ec3fd251d4213041
232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98
24702113471f07440c01746310d208cc1dcbf8e519a7a57d8077c0feb086c1ce
26347d5b24f37bb96410c90fb7695c1aa89619a3e8950bc7c4a22eafb139de27
2738d09d766e866da48bf73c12b273db6004b5a0bef13a5a0f0253f7db718ac9
2b4727366dbbf82f3dc7d48c30bc9444860158da542dcc4b04eeeb6e0a7b6d60
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
33a6f92f6ca4f2d842111c830b2457da96cbea308bea8127379b234854113a9f
384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7
3ca0609b9ca9d7237409cfeb9a3a2313616bf537ea196a4164267742fcb8738b
3cbd047480cfdbf8ba8e24878aaa6608fc1c990b518e5ce64a5588b6bb385952
3ed8fd0551ba7602d0b55136b78bb7b4321f0875708345d04c99dc1a81ada823
41145049ae46e5ccdeb2b41a28bb287b1aa5429a6707c570f2a7c75f77355629
43b44df323c72a6f0c03ba662969f9d9167637b5bd96323bb911f0041afa535d
440510ff75635e8f8ad083135f05dd2269fa227167bf75022cbbd7656113b6a6
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
47d0230fc7603fa082f5a142aac786bf60f98d83e221775640a19a61fc2b693e
48dab50914d99286fa94474a4da9c1ad46373b55260942bdcfca95a9000da45f
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
518cab96ff82c5e88247d136acea14a1a43a5a4c439bf44469887f7e61aa90ab
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55ac05a17562a1bbd8639d0c624d97f6b018416aa7bed16f62a99ae836eeac6b
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62f367169e5eb30ae4973188e73e672710e88768bb099bce8f9d0b98dbcc1a56
648c8169b6970b3e16c3e601a5c3d2f251e3141aa8373d2bddccf056d993193b
68f6f3db3da255f07444a406ef0c9bc5b43af2c4a6533f65b288e614c6a940c4
69fc98bb3c164169576ed9fe5ea71fb25523d11ce4af5601dc90ab814338ff72
6a2e3bd300b056bef317b497545dcb229192f9b0cb5a05634943b80194fad509
6cc9e249e893cefa3c20f161a61eee0b085a37e65e8acde9d4bb544b1e357dbb
7099b0a5636275b29bf77167ad5d60c566b1162e67cb1fe6e790a82a4cf9e791
73dbe52321b2c22f1d1101de99d698405db3ceff245c3407a16ee741266bb83b
7cdb09cf6b436702c34edff3f215d0389c5bc4c5a9834149e869ae9a45a5c012
7d0b1002ba1cf50ba8782a769b282503801089417a1a414863ae776f883d355b
7f1c829b0c90fd664a03bb714a74f7d35d9e38ee1687104abc8ad5bd9c8ccb6c
813963dd0344093338a322842a0251436c4a75efee1eeb0d9f096f0e088d7713
81b47d559768f38fdaa65b2fdb019733c59fd142b0c4c290d3fe4ed59cae7bf8
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
82cb6a3cf9acf1b2eb8e78d4f40fc108175fc2e006e8682e4bd6470ca307061f
87123225ca1c1586e780eeb52146d4c0cd4e57fcb4fa4979e2b58fc15ad62f98
8a09b016c01a5603e76910083e4976a483ede1d85ef587473632a17669fe4c1a
8c6c8e6283be32b393ff96d5d1178569b94d0e27c6fd7b586c3a7d2424a26ff5
8f2e082574c2291f27848049443b67d051338a396f11773a089fdf8849ad9fca
90d58689fe745d2acf48342c94a764c63ecb848098d88e7e1e17f4ce42254410
91956b2d59664d5dcbfe375ccf094cb16b8a63437109cb5244a40b9791b307f1
923ee51e80dc8c59e467b1bac030ab66852340c5af70673698b908891da1ac40
92b45216fb09abf92170e3d95a1b411ffeef49a5b3137679df61d1b00f14e4f8
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20
94a8746c168d14080b0253387fc11d8dad04f5639da34ad1d7adf4cae9181c3a
9bf0b0bd09f8e1730d70307a3949a517ce14082ade4bbd7d0165b30ae8334fbb
9cc5c0b1e339d2ca20a90c586ffdaee527e10e189f0f29ad4f0989dc1067a034
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a20663c2fbe65b48d19148a3b5840da7a2e008c873e5f4190ba142989e4e640d
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a6434f7dc8c11931ca5371a199431e32aafcbf78d93a21cebf4ade99a0ea294b
a8f2c681d892f20bf95ef4044c23ecb3b4fd8aa37fc320baa395cc597b8f12ed
a9cae479eeab8bda84a9dfe1d855de46cd415fd47709fde2f43bf32a32bed260
ac8f965903029128173d193f1e0268c1291cca25fa8c9f2a9e6b4fe5e772e10e
ae04b11524e31d02bd5ad5a2d822497909f1d937fba92b370541f42327d4f5a7
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b1011d8b3025b752f51dad5b5834a225ef17b8996cf90a03b3be5d477c97cb76
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1a9f51121ef00d4bc11c410113432813ddbdcd85c9f2aabbd2c2c23c87408e4
b6c0e529a1abff26022fd083a058fedf78196bfe9c4c0d25f1eaff6bd0b8e711
b70cb07b237716b049dc6a4dd75e87fae3a9923cc1c869e767bba43262978153
b72ef0a279f1521931abf312b1cebca14f301fb6a36a00a938e811f93b25f429
ba75b30ff4a327fc2cad401244f2baae2008b8f35dffc5606402ed84960f0680
bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0
c5c975c413db100a7aaaaf9c4038956acfb898ceab3d38e36d24c1599bed1f1b
c93f8218f35b11bb153899ed34a63f0d731985dfcf7dd78dd379edadb287bd5e
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
c9f2ddaa18673e946f4cd471de9275210be34b80d975bd7a8aefb20238b80cf6
cbef9eec9501c0e5eacff4f6a5a9f031b4015b76a2159440ba8c97861a36ba9f
cf441599ede6c555a6d391387439081802e284ca796c9b70e00583378afa289e
d5af876ef8430542c72007cf7b787eae177367697d340df5a99b3398f337a2b3
d6080c0f87866c86f64b87a47bed733e4983b300bbcdcec3bda7acae2748d2f2
da348ae5665e107843ec728a5cbfb3bc3ddf203bf39cc578305c389a6c1b2f7a
dd6beef948a87ce490457e6aa508efb50cbd02569c230f49b79f7a500616ae2b
dfa1ecdb69b9ee93e87159bfcd4ad2b1248a7de0d6346fd42e0b600723ae7b6b
e2f2597386660b972fe84faa90af129a353e7e8f9990df6f3b14d0165468350f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e52e4b4364ad2237928ec1fc6666689183be1b2248035be0845be794a2276028
e881a805e55a2412f8ad8af740cfea5cfb3cd2927bc5fac0b0039b557c8d75f7
e959c880530dc1efe386060ed24463d8d3ca2128bfc013012669d9d9897aa40c
eb89647e3d903d6a5718e7c3dc33d63f8ad49394e2b011de5ec2452897690aaa
ebe9819db65901730f1d3de1cefc5e502a42c1bdb3aae520c1374015a28e4e34
ecba3f6c1b9dcede71a90ebd1675f1587d74698aeff32df7103d5c7237666129
ef06de3883911216e47c09ef81ddcb81fe02080dff5f85de3522525f2bf462ff
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f031d0330fa0902ad02a7158a8b4aa01cefacc0f4743ab7b78f4ed517723d130
f074e3cdb69fc0ce970d74c4ee63014e7ee35db3dad17fbe34f78f0717733068
f560e0707aabd5384e314751113b6169db448e70bbe70cb5c0dd33bc533e20e1
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
fd5df9e275319cc87651bfc1f2a887d0d1b9c7cba9a478eb1c3d4b0c9f1b3e62
fec062fcabfc69fb7139bf2840c045b64ef7c02c79918540740c01ef79519252
ffca67ae0f466d918da85a2bc61ce877741c5a6321de76a8227eec930612453e

m.1news.io Open in urlscan Pro 192.241.229.243 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

196 Requests

89 %HTTPS

35 %IPv6

25 Domains

38 Subdomains

34 IPs

8 Countries

1917 kBTransfer

4863 kBSize

22 Cookies

26 Outgoing links

Page URL History

Redirected requests

196 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

m.1news.io Open in urlscan Pro
192.241.229.243 Public Scan

Screenshot
Live screenshot

Full Image

196
Requests

89 %
HTTPS

35 %
IPv6

25
Domains

38
Subdomains

34
IPs

8
Countries

1917 kB
Transfer

4863 kB
Size

22
Cookies

196 HTTP transactions
4 data transactions