www.newtimes.co.rw Open in urlscan Pro
2606:4700:20::681a:956 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://newtimes.co.rw/article/6147/n
Effective URL:
https://www.newtimes.co.rw/
Submission: On May 15 via api (May 15th 2023, 8:42:56 pm UTC) from US — Scanned from DE

Summary HTTP 1232 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 115 IPs in 12 countries across 85 domains to perform 1232 HTTP transactions. The main IP is 2606:4700:20::681a:956, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.newtimes.co.rw. The Cisco Umbrella rank of the primary domain is 858711.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on January 26th 2023. Valid for: a year.

This is the only time www.newtimes.co.rw was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 53	2606:4700:20:... 2606:4700:20::681a:956	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2a00:1450:400... 2a00:1450:4001:806::2008	15169 (GOOGLE) (GOOGLE)
4	2600:9000:205... 2600:9000:2057:f000:18:1fcd:351:7bc1	16509 (AMAZON-02) (AMAZON-02)
11	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
2	35.244.141.151 35.244.141.151	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:82f::200e	15169 (GOOGLE) (GOOGLE)
2	2a04:4e42::714 2a04:4e42::714	54113 (FASTLY) (FASTLY)
2	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c0b::9a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
2	54.165.163.91 54.165.163.91	14618 (AMAZON-AES) (AMAZON-AES)
19	2a00:1450:400... 2a00:1450:4001:82a::2004	15169 (GOOGLE) (GOOGLE)
49	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
8	23.35.236.201 23.35.236.201	16625 (AKAMAI-AS) (AKAMAI-AS)
6	52.222.208.154 52.222.208.154	16509 (AMAZON-02) (AMAZON-02)
21	34.107.148.139 34.107.148.139	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
25	2602:803:c003... 2602:803:c003:200::41	26667 (RUBICONPR...) (RUBICONPROJECT)
25	54.93.178.54 54.93.178.54	16509 (AMAZON-02) (AMAZON-02)
21	185.64.189.112 185.64.189.112	62713 (AS-PUBMATIC) (AS-PUBMATIC)
3 61	37.252.171.21 37.252.171.21	29990 (ASN-APPNEX) (ASN-APPNEX)
21	108.138.9.235 108.138.9.235	16509 (AMAZON-02) (AMAZON-02)
2	23.218.48.210 23.218.48.210	16625 (AKAMAI-AS) (AKAMAI-AS)
4	34.239.75.135 34.239.75.135	14618 (AMAZON-AES) (AMAZON-AES)
2	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
54	2a00:1450:400... 2a00:1450:4001:80b::2002	15169 (GOOGLE) (GOOGLE)
23	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
7	2a02:2638:3::9 2a02:2638:3::9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
11	2a02:2638:d::4 2a02:2638:d::4	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
69	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
25	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
90	2a02:2638:3::3 2a02:2638:3::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
11	178.250.7.9 178.250.7.9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
5	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2a02:2638:d::13 2a02:2638:d::13	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
22	2a02:2638:3::1a 2a02:2638:3::1a	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
17	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
15	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
3	2a04:4e42:400... 2a04:4e42:400::485	54113 (FASTLY) (FASTLY)
2 4	46.228.164.11 46.228.164.11	56396 (AMOBEE) (AMOBEE)
25 111	216.58.212.130 216.58.212.130	15169 (GOOGLE) (GOOGLE)
1 1	151.101.2.49 151.101.2.49	54113 (FASTLY) (FASTLY)
12 13	3.65.173.148 3.65.173.148	16509 (AMAZON-02) (AMAZON-02)
2 2	35.210.53.219 35.210.53.219	15169 (GOOGLE) (GOOGLE)
3 11	178.250.1.9 178.250.1.9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
5 7	37.157.6.243 37.157.6.243	198622 (ADFORM) (ADFORM)
7	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
12 20	51.38.120.206 51.38.120.206	16276 (OVH) (OVH)
8 18	142.250.186.38 142.250.186.38	15169 (GOOGLE) (GOOGLE)
13	37.157.3.20 37.157.3.20	198622 (ADFORM) (ADFORM)
2	213.202.235.10 213.202.235.10	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
3 5	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
2	34.98.64.218 34.98.64.218	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 6	104.111.217.42 104.111.217.42	16625 (AKAMAI-AS) (AKAMAI-AS)
6	3.33.220.150 3.33.220.150	16509 (AMAZON-02) (AMAZON-02)
1 1	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
13 15	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
9 9	216.52.2.48 216.52.2.48	30282 (AS-INAPCD...) (AS-INAPCDN-OCY)
6 6	2600:9000:211... 2600:9000:211e:e000:1b:5138:8a40:93a1	16509 (AMAZON-02) (AMAZON-02)
7 8	2620:116:800d... 2620:116:800d:21:7eb1:3826:be7e:d981	16509 (AMAZON-02) (AMAZON-02)
1 4	2606:4700::68... 2606:4700::6812:18ad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11 11	13.248.245.213 13.248.245.213	16509 (AMAZON-02) (AMAZON-02)
9	185.86.139.93 185.86.139.93	201081 (SMARTADSE...) (SMARTADSERVER)
9	185.29.134.245 185.29.134.245	30419 (MEDIAMATH...) (MEDIAMATH-INC)
4	2600:1901:0:7... 2600:1901:0:76b9::	15169 (GOOGLE) (GOOGLE)
48	2606:4700:20:... 2606:4700:20::681a:bd1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
24	37.157.5.73 37.157.5.73	198622 (ADFORM) (ADFORM)
12	136.243.149.243 136.243.149.243	24940 (HETZNER-AS) (HETZNER-AS)
3	2.18.233.201 2.18.233.201	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2602:803:c003... 2602:803:c003:200::67	26667 (RUBICONPR...) (RUBICONPROJECT)
3	2a02:fa8:8806... 2a02:fa8:8806:13::1370	41041 (VCLK-EU-SE) (VCLK-EU-SE)
3 3	35.156.61.220 35.156.61.220	16509 (AMAZON-02) (AMAZON-02)
2 2	52.17.185.171 52.17.185.171	16509 (AMAZON-02) (AMAZON-02)
4 4	3.75.62.37 3.75.62.37	16509 (AMAZON-02) (AMAZON-02)
1 1	37.252.171.84 37.252.171.84	29990 (ASN-APPNEX) (ASN-APPNEX)
3	2a02:2638:d::c 2a02:2638:d::c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
4	2a02:26f0:350... 2a02:26f0:3500:d::1732:83d6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2 4	2a05:d018:d29... 2a05:d018:d29:3605:e341:f6b2:dd43:a873	16509 (AMAZON-02) (AMAZON-02)
5 5	213.155.156.184 213.155.156.184	1299 (TWELVE99 ...) (TWELVE99 Arelion)
3 3	213.19.147.45 213.19.147.45	26120 (RHYTHMONE) (RHYTHMONE)
2 6	74.121.143.245 74.121.143.245	30419 (MEDIAMATH...) (MEDIAMATH-INC)
7 12	185.64.189.115 185.64.189.115	62713 (AS-PUBMATIC) (AS-PUBMATIC)
3	88.99.219.174 88.99.219.174	24940 (HETZNER-AS) (HETZNER-AS)
4	2606:4700:20:... 2606:4700:20::681a:71b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 5	78.46.23.46 78.46.23.46	24940 (HETZNER-AS) (HETZNER-AS)
2	2a0b:4d07:101::1 2a0b:4d07:101::1	44239 (PROINITY ...) (PROINITY PROINITY)
2 4	2a01:4f8:d0a:... 2a01:4f8:d0a:2321::2	24940 (HETZNER-AS) (HETZNER-AS)
2	167.233.14.134 167.233.14.134	24940 (HETZNER-AS) (HETZNER-AS)
11	18.133.36.104 18.133.36.104	16509 (AMAZON-02) (AMAZON-02)
2 2	35.186.231.97 35.186.231.97	15169 (GOOGLE) (GOOGLE)
2	13.224.189.110 13.224.189.110	16509 (AMAZON-02) (AMAZON-02)
4 5	35.204.74.118 35.204.74.118	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
4	130.211.44.5 130.211.44.5	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6813:9e13	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.65.108 151.101.65.108	54113 (FASTLY) (FASTLY)
6	18.66.147.98 18.66.147.98	16509 (AMAZON-02) (AMAZON-02)
6	99.86.4.52 99.86.4.52	16509 (AMAZON-02) (AMAZON-02)
6	23.56.202.187 23.56.202.187	16625 (AKAMAI-AS) (AKAMAI-AS)
4	54.157.91.210 54.157.91.210	14618 (AMAZON-AES) (AMAZON-AES)
1	178.250.7.11 178.250.7.11	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
8	2606:4700:20:... 2606:4700:20::ac43:4a81	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:828::2006	15169 (GOOGLE) (GOOGLE)
4 4	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2 5	67.220.228.201 67.220.228.201	16509 (AMAZON-02) (AMAZON-02)
2 3	52.46.128.147 52.46.128.147	16509 (AMAZON-02) (AMAZON-02)
6	151.101.193.108 151.101.193.108	54113 (FASTLY) (FASTLY)
5	2.18.235.93 2.18.235.93	16625 (AKAMAI-AS) (AKAMAI-AS)
1 5	23.197.149.186 23.197.149.186	16625 (AKAMAI-AS) (AKAMAI-AS)
1	85.114.131.235 85.114.131.235	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
16	18.135.126.181 18.135.126.181	16509 (AMAZON-02) (AMAZON-02)
10	185.64.190.80 185.64.190.80	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 2	52.30.239.223 52.30.239.223	16509 (AMAZON-02) (AMAZON-02)
2 2	34.111.129.221 34.111.129.221	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	34.111.131.239 34.111.131.239	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3 4	23.21.155.77 23.21.155.77	14618 (AMAZON-AES) (AMAZON-AES)
10	185.64.189.110 185.64.189.110	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	2606:4700::68... 2606:4700::6812:7f05	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	198.47.127.20 198.47.127.20	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	193.0.160.130 193.0.160.130	54312 (ROCKETFUEL) (ROCKETFUEL)
2	2606:4700:10:... 2606:4700:10::6816:1857	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 4	77.243.51.122 77.243.51.122	42697 (NETIC-AS) (NETIC-AS)
5 5	141.94.171.213 141.94.171.213	16276 (OVH) (OVH)
2 2	18.198.69.109 18.198.69.109	16509 (AMAZON-02) (AMAZON-02)
1	69.192.160.219 69.192.160.219	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	85.114.159.118 85.114.159.118	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
2 2	3.125.82.56 3.125.82.56	16509 (AMAZON-02) (AMAZON-02)
4 4	98.98.134.243 98.98.134.243	21859 (ZEN-ECN) (ZEN-ECN)
2 2	52.209.9.234 52.209.9.234	16509 (AMAZON-02) (AMAZON-02)
32	2a00:1450:400... 2a00:1450:4001:827::200e	() ()
4	2a00:1450:400... 2a00:1450:4001:829::2006	() ()
16	2a00:1450:400... 2a00:1450:4001:810::200a	() ()
4	2a00:1450:400... 2a00:1450:4001:80f::2016	() ()
4	2a00:1450:400... 2a00:1450:4001:827::2001	() ()
8	2a00:1450:400... 2a00:1450:4001:811::2003	() ()
1232	115

53 2606:4700:20::681a:956 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

newtimes.co.rw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.newtimes.co.rw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:806::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:2057:f000:18:1fcd:351:7bc1 (United States)

ASN16509 (AMAZON-02, US)

static.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.141.151 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 151.141.244.35.bc.googleusercontent.com

cdn.yourbow.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42::714 (United States)

ASN54113 (FASTLY, US)

mab.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c0b::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.165.163.91 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-165-163-91.compute-1.amazonaws.com

ping.chartbeat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a00:1450:4001:82a::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

49 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 23.35.236.201 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-236-201.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 52.222.208.154 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-208-154.fra56.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 34.107.148.139 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 139.148.107.34.bc.googleusercontent.com

prebid.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 2602:803:c003:200::41 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 54.93.178.54 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-93-178-54.eu-central-1.compute.amazonaws.com

btlr.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

61 37.252.171.21 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fra1-ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 108.138.9.235 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-9-235.fra56.r.cloudfront.net

aax.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.218.48.210 (Haarlem, Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-218-48-210.deploy.static.akamaitechnologies.com

secure.cdn.fastclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.239.75.135 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-239-75-135.compute-1.amazonaws.com

prod.us-east-1.cxm-bcn.publisher-services.amazon.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

54 2a00:1450:4001:80b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a02:2638:3::9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.nl3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a02:2638:d::4 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

ads.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

69 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

90 2a02:2638:3::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 178.250.7.9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

cat.fr3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a02:2638:d::13 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

imageproxy.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2a02:2638:3::1a (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

csm.eu.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a04:4e42:400::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 46.228.164.11 (United Kingdom) 2 redirects

ASN56396 (AMOBEE, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

111 216.58.212.130 (United States) 25 redirects

ASN15169 (GOOGLE, US)
PTR: ams15s21-in-f130.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.2.49 (United States) 1 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 3.65.173.148 (Frankfurt am Main, Germany) 12 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-65-173-148.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.210.53.219 (Brussels, Belgium) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 219.53.210.35.bc.googleusercontent.com

pool.admedo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 178.250.1.9 (France) 3 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 37.157.6.243 (Denmark) 5 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dmp.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 35.227.252.103 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 51.38.120.206 (Hessen, Germany) 12 redirects

ASN16276 (OVH, FR)
PTR: ip206.ip-51-38-120.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 142.250.186.38 (United States) 8 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 37.157.3.20 (Denmark)

ASN198622 (ADFORM, DK)

track.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.202.235.10 (Nagold, Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)

m.exactag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.80.39.216 (Canada) 3 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.98.64.218 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 218.64.98.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.111.217.42 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-217-42.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 3.33.220.150 (United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.193.173 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 69.173.144.165 (Frankfurt am Main, Germany) 13 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 216.52.2.48 (United States) 9 redirects

ASN30282 (AS-INAPCDN-OCY, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:9000:211e:e000:1b:5138:8a40:93a1 (United States) 6 redirects

ASN16509 (AMAZON-02, US)

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2620:116:800d:21:7eb1:3826:be7e:d981 (United States) 7 redirects

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6812:18ad (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 13.248.245.213 (United States) 11 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 185.86.139.93 (France)

ASN201081 (SMARTADSERVER, FR)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 185.29.134.245 (United Kingdom)

ASN30419 (MEDIAMATH-INC, US)

tags.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:1901:0:76b9:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

prod-rtb.ad4mat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

48 2606:4700:20::681a:bd1 (United States)

ASN13335 (CLOUDFLARENET, US)

as.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 37.157.5.73 (Denmark)

ASN198622 (ADFORM, DK)

s1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 136.243.149.243 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.243.149.243.136.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
hal900030.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2.18.233.201 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-201.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2602:803:c003:200::67 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)

beacon-ams3.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:fa8:8806:13::1370 (Singapore)

ASN41041 (VCLK-EU-SE, US)

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pubmatic-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.156.61.220 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-156-61-220.eu-central-1.compute.amazonaws.com

a.sportradarserving.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.17.185.171 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-185-171.eu-west-1.compute.amazonaws.com

match.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.75.62.37 (Frankfurt am Main, Germany) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-75-62-37.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.252.171.84 (Frankfurt am Main, Germany) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:2638:d::c (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

rtb.fr3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:26f0:3500:d::1732:83d6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

cdn.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a05:d018:d29:3605:e341:f6b2:dd43:a873 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 213.155.156.184 (Sweden) 5 redirects

ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE)

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 213.19.147.45 (Castricum, Netherlands) 3 redirects

ASN26120 (RHYTHMONE, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 74.121.143.245 (United States) 2 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 185.64.189.115 (United Kingdom) 7 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 88.99.219.174 (Falkenstein, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.174.219.99.88.clients.your-server.de

hal900029.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:20::681a:71b (United States)

ASN13335 (CLOUDFLARENET, US)

static-de.ad4mat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 78.46.23.46 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.46.23.46.78.clients.your-server.de

hal900023.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a0b:4d07:101::1 (Switzerland)

ASN44239 (PROINITY PROINITY, CH)

adv.office-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a01:4f8:d0a:2321::2 (Germany) 2 redirects

ASN24940 (HETZNER-AS, DE)

cdn.retailads.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 167.233.14.134 (Hallbergmoos, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: lb-2.futalis.de

futalis.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 18.133.36.104 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-133-36-104.eu-west-2.compute.amazonaws.com

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.186.231.97 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 97.231.186.35.bc.googleusercontent.com

impfr.tradedoubler.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.224.189.110 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-110.fra2.r.cloudfront.net

img.tradedoubler.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.204.74.118 (Groningen, Netherlands) 4 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 118.74.204.35.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 130.211.44.5 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 5.44.211.130.bc.googleusercontent.com

rtb0.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
rtbc-ew1.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:9e13 (United States)

ASN13335 (CLOUDFLARENET, US)

assets.a-mo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.65.108 (United States)

ASN54113 (FASTLY, US)

cdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 18.66.147.98 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-98.fra60.r.cloudfront.net

analytics.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 99.86.4.52 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-52.fra6.r.cloudfront.net

cdn.track.production.webgains.team	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 23.56.202.187 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-56-202-187.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.157.91.210 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-157-91-210.compute-1.amazonaws.com

1x1.a-mo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.7.11 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

widget.fr3.eu.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2606:4700:20::ac43:4a81 (United States)

ASN13335 (CLOUDFLARENET, US)

ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 69.173.144.138 (Frankfurt am Main, Germany) 4 redirects

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 67.220.228.201 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

aax-eu.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.46.128.147 (Ashburn, United States) 2 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 151.101.193.108 (United States)

ASN54113 (FASTLY, US)

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2.18.235.93 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-93.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 23.197.149.186 (Schiphol, Netherlands) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-197-149-186.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.131.235 (Bad Durrheim, Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: srv21039.dus4.fastwebserver.de

cdn.contentspread.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 18.135.126.181 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-135-126-181.eu-west-2.compute.amazonaws.com

api.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 185.64.190.80 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.30.239.223 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-239-223.eu-west-1.compute.amazonaws.com

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.129.221 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 221.129.111.34.bc.googleusercontent.com

cr.frontend.weborama.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.111.131.239 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 239.131.111.34.bc.googleusercontent.com

idsync.frontend.weborama.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.21.155.77 (Ashburn, United States) 3 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-23-21-155-77.compute-1.amazonaws.com

a.audrte.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 185.64.189.110 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:7f05 (United States)

ASN13335 (CLOUDFLARENET, US)

www.conrad.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 198.47.127.20 (United States)

ASN62713 (AS-PUBMATIC, US)

simage4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
image4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 193.0.160.130 (United States) 2 redirects

ASN54312 (ROCKETFUEL, US)

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::6816:1857 (United States)

ASN13335 (CLOUDFLARENET, US)

mwzeom.zeotap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 77.243.51.122 (Norresundby, Denmark) 2 redirects

ASN42697 (NETIC-AS, DK)

uipglob.semasio.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 141.94.171.213 (France) 5 redirects

ASN16276 (OVH, FR)
PTR: pikafka-eu-5.cloudy.ovh

pixel.onaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.198.69.109 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-198-69-109.eu-central-1.compute.amazonaws.com

loada.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.192.160.219 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a69-192-160-219.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 85.114.159.118 (Bad Durrheim, Germany) 2 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.125.82.56 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-125-82-56.eu-central-1.compute.amazonaws.com

ads.creative-serving.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 98.98.134.243 (United States) 4 redirects

ASN21859 (ZEN-ECN, US)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.209.9.234 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-209-9-234.eu-west-1.compute.amazonaws.com

r.scoota.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 2a00:1450:4001:827::200e (None, )

ASN- ()

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:829::2006 (None, )

ASN- ()

static.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:810::200a (None, )

ASN- ()

jnn-pa.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80f::2016 (None, )

ASN- ()

i.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:827::2001 (None, )

ASN- ()

yt3.ggpht.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:811::2003 (None, )

ASN- ()

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
196	doubleclick.net 33 redirects stats.g.doubleclick.net — Cisco Umbrella Rank: 91 securepubads.g.doubleclick.net — Cisco Umbrella Rank: 205 cm.g.doubleclick.net — Cisco Umbrella Rank: 234 ad.doubleclick.net — Cisco Umbrella Rank: 173 googleads.g.doubleclick.net — Cisco Umbrella Rank: 41 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 357 static.doubleclick.net	650 KB
146	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 107 2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 143 a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com	662 KB
120	criteo.net static.criteo.net — Cisco Umbrella Rank: 664 imageproxy.eu.criteo.net — Cisco Umbrella Rank: 9195 csm.eu.criteo.net — Cisco Umbrella Rank: 8920	2 MB
69	adnxs.com 4 redirects ib.adnxs.com — Cisco Umbrella Rank: 232 secure.adnxs.com — Cisco Umbrella Rank: 440 cdn.adnxs.com — Cisco Umbrella Rank: 1649 fra1-ib.adnxs.com — Cisco Umbrella Rank: 8816 acdn.adnxs.com — Cisco Umbrella Rank: 611	339 KB
68	pubmatic.com 7 redirects ads.pubmatic.com — Cisco Umbrella Rank: 514 hbopenbid.pubmatic.com — Cisco Umbrella Rank: 506 image6.pubmatic.com — Cisco Umbrella Rank: 746 simage2.pubmatic.com — Cisco Umbrella Rank: 707 image2.pubmatic.com — Cisco Umbrella Rank: 958 simage4.pubmatic.com — Cisco Umbrella Rank: 1277 image4.pubmatic.com — Cisco Umbrella Rank: 1104	197 KB
56	ad4m.at as.ad4m.at — Cisco Umbrella Rank: 31186 ad4m.at — Cisco Umbrella Rank: 11978 assets.ad4m.at — Cisco Umbrella Rank: 41727	4 MB
53	newtimes.co.rw 1 redirects newtimes.co.rw — Cisco Umbrella Rank: 762442 www.newtimes.co.rw — Cisco Umbrella Rank: 858711	7 MB
52	rubiconproject.com 17 redirects fastlane.rubiconproject.com — Cisco Umbrella Rank: 491 pixel.rubiconproject.com — Cisco Umbrella Rank: 352 beacon-ams3.rubiconproject.com — Cisco Umbrella Rank: 11076 eus.rubiconproject.com — Cisco Umbrella Rank: 589 token.rubiconproject.com — Cisco Umbrella Rank: 600	61 KB
44	adform.net 5 redirects c1.adform.net — Cisco Umbrella Rank: 585 track.adform.net — Cisco Umbrella Rank: 3820 s1.adform.net — Cisco Umbrella Rank: 9592 dmp.adform.net — Cisco Umbrella Rank: 3177	474 KB
44	criteo.com 3 redirects rtb.nl3.eu.criteo.com — Cisco Umbrella Rank: 15613 ads.eu.criteo.com — Cisco Umbrella Rank: 8901 cat.fr3.eu.criteo.com — Cisco Umbrella Rank: 10641 dis.criteo.com — Cisco Umbrella Rank: 674 rtb.fr3.eu.criteo.com — Cisco Umbrella Rank: 17207 widget.fr3.eu.criteo.com — Cisco Umbrella Rank: 20850	283 KB
35	amazon-adsystem.com 4 redirects c.amazon-adsystem.com — Cisco Umbrella Rank: 310 aax.amazon-adsystem.com — Cisco Umbrella Rank: 406 aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 1052 s.amazon-adsystem.com — Cisco Umbrella Rank: 293	136 KB
32	youtube.com www.youtube.com	4 MB
30	google.com region1.analytics.google.com — Cisco Umbrella Rank: 4217 www.google.com — Cisco Umbrella Rank: 2 adservice.google.com — Cisco Umbrella Rank: 83	61 KB
27	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 50 jnn-pa.googleapis.com	132 KB
26	media.net prebid.media.net — Cisco Umbrella Rank: 1430 contextual.media.net — Cisco Umbrella Rank: 635	59 KB
25	gstatic.com fonts.gstatic.com www.gstatic.com	398 KB
25	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 192	1 MB
25	sharethrough.com btlr.sharethrough.com — Cisco Umbrella Rank: 1090	4 KB
22	webgains.io analytics.webgains.io — Cisco Umbrella Rank: 19754 api.webgains.io — Cisco Umbrella Rank: 53004	189 KB
20	redintelligence.net 1 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 33010 hal900030.redintelligence.net — Cisco Umbrella Rank: 342479 hal900029.redintelligence.net — Cisco Umbrella Rank: 313410 hal900023.redintelligence.net — Cisco Umbrella Rank: 386149	496 KB
20	onetag-sys.com 12 redirects onetag-sys.com — Cisco Umbrella Rank: 798	5 KB
18	mathtag.com 2 redirects tags.mathtag.com — Cisco Umbrella Rank: 4619 pixel.mathtag.com — Cisco Umbrella Rank: 1097 sync.mathtag.com — Cisco Umbrella Rank: 505	13 KB
13	bidswitch.net 12 redirects x.bidswitch.net — Cisco Umbrella Rank: 324	4 KB
11	webgains.com track.webgains.com — Cisco Umbrella Rank: 29871	88 KB
11	3lift.com 11 redirects eb2.3lift.com — Cisco Umbrella Rank: 389	5 KB
11	google.de www.google.de — Cisco Umbrella Rank: 5171 adservice.google.de — Cisco Umbrella Rank: 7680	2 KB
9	smartadserver.com ssbsync.smartadserver.com — Cisco Umbrella Rank: 776	397 B
9	lijit.com 9 redirects ap.lijit.com — Cisco Umbrella Rank: 639	6 KB
9	openx.net rtb.openx.net — Cisco Umbrella Rank: 1307 us-u.openx.net — Cisco Umbrella Rank: 472	1 KB
8	doubleverify.com cdn.doubleverify.com — Cisco Umbrella Rank: 496 rtb0.doubleverify.com — Cisco Umbrella Rank: 756 rtbc-ew1.doubleverify.com — Cisco Umbrella Rank: 86510	43 KB
8	yahoo.com 6 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 301 pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 448	4 KB
8	ad4mat.net prod-rtb.ad4mat.net — Cisco Umbrella Rank: 153404 static-de.ad4mat.net — Cisco Umbrella Rank: 199770	16 KB
8	quantserve.com 7 redirects cms.quantserve.com — Cisco Umbrella Rank: 740	3 KB
6	webgains.team cdn.track.production.webgains.team — Cisco Umbrella Rank: 55691	114 KB
6	smaato.net 6 redirects s.ad.smaato.net — Cisco Umbrella Rank: 761	3 KB
6	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 356	2 KB
6	teads.tv 2 redirects sync.teads.tv — Cisco Umbrella Rank: 1347	1 KB
6	chartbeat.com static.chartbeat.com — Cisco Umbrella Rank: 1680 mab.chartbeat.com — Cisco Umbrella Rank: 2526	50 KB
6	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 62	337 KB
5	onaudience.com 5 redirects pixel.onaudience.com — Cisco Umbrella Rank: 3145	2 KB
5	awin1.com 1 redirects www.awin1.com — Cisco Umbrella Rank: 17733	3 KB
5	a-mo.net assets.a-mo.net — Cisco Umbrella Rank: 3936 1x1.a-mo.net — Cisco Umbrella Rank: 3231	19 KB
5	simpli.fi 4 redirects um.simpli.fi — Cisco Umbrella Rank: 792	3 KB
5	de17a.com 5 redirects d5p.de17a.com — Cisco Umbrella Rank: 5492	1 KB
5	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 575 ssum-sec.casalemedia.com — Cisco Umbrella Rank: 463	4 KB
5	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 231	35 KB
4	ggpht.com yt3.ggpht.com	16 KB
4	ytimg.com i.ytimg.com	132 KB
4	sitescout.com 4 redirects pixel-sync.sitescout.com — Cisco Umbrella Rank: 668	2 KB
4	semasio.net 2 redirects uipglob.semasio.net — Cisco Umbrella Rank: 1262	2 KB
4	audrte.com 3 redirects a.audrte.com — Cisco Umbrella Rank: 2202	3 KB
4	tradedoubler.com 2 redirects impfr.tradedoubler.com — Cisco Umbrella Rank: 103785 img.tradedoubler.com — Cisco Umbrella Rank: 91131	2 KB
4	retailads.net 2 redirects cdn.retailads.net — Cisco Umbrella Rank: 140982	11 KB
4	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 817 s.tribalfusion.com — Cisco Umbrella Rank: 2073	2 KB
4	turn.com 2 redirects ad.turn.com — Cisco Umbrella Rank: 949 r.turn.com — Cisco Umbrella Rank: 3697	2 KB
4	amazon.dev prod.us-east-1.cxm-bcn.publisher-services.amazon.dev — Cisco Umbrella Rank: 726	908 B
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 39	41 KB
3	weborama.fr 2 redirects cr.frontend.weborama.fr — Cisco Umbrella Rank: 30569 idsync.frontend.weborama.fr — Cisco Umbrella Rank: 33813	921 B
3	sportradarserving.com 3 redirects a.sportradarserving.com — Cisco Umbrella Rank: 2514	2 KB
3	dotomi.com dclk-match.dotomi.com — Cisco Umbrella Rank: 3063 pubmatic-match.dotomi.com — Cisco Umbrella Rank: 3491	310 B
3	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 379	28 KB
2	scoota.co 2 redirects r.scoota.co — Cisco Umbrella Rank: 42064	1 KB
2	creative-serving.com 2 redirects ads.creative-serving.com — Cisco Umbrella Rank: 4482	1 KB
2	adition.com 2 redirects dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1581	1 KB
2	exelator.com 2 redirects loada.exelator.com — Cisco Umbrella Rank: 38450	2 KB
2	zeotap.com mwzeom.zeotap.com — Cisco Umbrella Rank: 2977	614 B
2	rfihub.com 2 redirects p.rfihub.com — Cisco Umbrella Rank: 806	2 KB
2	crwdcntrl.net 1 redirects sync.crwdcntrl.net — Cisco Umbrella Rank: 875	483 B
2	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 311	247 KB
2	futalis.de futalis.de — Cisco Umbrella Rank: 216608	801 B
2	office-partner.de adv.office-partner.de — Cisco Umbrella Rank: 200925	2 KB
2	1rx.io 2 redirects sync.1rx.io — Cisco Umbrella Rank: 547	2 KB
2	360yield.com 2 redirects match.360yield.com — Cisco Umbrella Rank: 2410	883 B
2	exactag.com m.exactag.com — Cisco Umbrella Rank: 13055	3 KB
2	admedo.com 2 redirects pool.admedo.com — Cisco Umbrella Rank: 5210	747 B
2	fastclick.net secure.cdn.fastclick.net — Cisco Umbrella Rank: 1194	34 KB
2	chartbeat.net ping.chartbeat.net — Cisco Umbrella Rank: 1299	401 B
2	yourbow.com cdn.yourbow.com — Cisco Umbrella Rank: 164749	556 KB
1	bluekai.com stags.bluekai.com — Cisco Umbrella Rank: 548	227 B
1	conrad.de www.conrad.de — Cisco Umbrella Rank: 118978	474 B
1	contentspread.net cdn.contentspread.net — Cisco Umbrella Rank: 67146	1 KB
1	linkedin.com px.ads.linkedin.com — Cisco Umbrella Rank: 414	654 B
1	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 1173	576 B
1	ctnsnet.com 1 redirects gcm.ctnsnet.com — Cisco Umbrella Rank: 60165	610 B
1	everesttech.net 1 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 682	576 B
1232	85

	Domain	Requested by
111	cm.g.doubleclick.net	25 redirects a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com googleads.g.doubleclick.net
90	static.criteo.net	ads.eu.criteo.com static.criteo.net
69	tpc.googlesyndication.com	2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com securepubads.g.doubleclick.net tpc.googlesyndication.com a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com googleads.g.doubleclick.net ad.doubleclick.net
58	ib.adnxs.com	3 redirects cdn.yourbow.com googleads.g.doubleclick.net acdn.adnxs.com
54	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com pagead2.googlesyndication.com googleads.g.doubleclick.net ad.doubleclick.net
52	www.newtimes.co.rw	www.newtimes.co.rw
49	securepubads.g.doubleclick.net	cdn.yourbow.com securepubads.g.doubleclick.net www.newtimes.co.rw a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com www.googletagservices.com
32	www.youtube.com	www.newtimes.co.rw www.youtube.com
25	www.googletagservices.com	2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com cdn.doubleverify.com www.googletagservices.com
25	btlr.sharethrough.com	cdn.yourbow.com
25	fastlane.rubiconproject.com	cdn.yourbow.com
24	assets.ad4m.at	as.ad4m.at
24	s1.adform.net	track.adform.net assets.a-mo.net s1.adform.net a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com www.newtimes.co.rw
22	csm.eu.criteo.net	ads.eu.criteo.com
21	aax.amazon-adsystem.com	c.amazon-adsystem.com
21	hbopenbid.pubmatic.com	cdn.yourbow.com
21	prebid.media.net	cdn.yourbow.com
20	onetag-sys.com	12 redirects a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
20	a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
19	www.google.com	www.newtimes.co.rw tpc.googlesyndication.com a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com www.youtube.com
18	ad.doubleclick.net	8 redirects ads.eu.criteo.com www.googletagservices.com
17	fonts.gstatic.com	fonts.googleapis.com www.youtube.com
16	jnn-pa.googleapis.com	www.youtube.com
16	api.webgains.io	analytics.webgains.io
16	ad4m.at	as.ad4m.at ad4m.at
16	as.ad4m.at	a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com as.ad4m.at ad4m.at
15	pixel.rubiconproject.com	13 redirects a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
13	track.adform.net	a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com hal900023.redintelligence.net assets.a-mo.net s1.adform.net
13	x.bidswitch.net	12 redirects a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
12	image6.pubmatic.com	7 redirects ads.pubmatic.com
11	track.webgains.com	www.newtimes.co.rw as.ad4m.at
11	eb2.3lift.com	11 redirects
11	dis.criteo.com	3 redirects a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
11	cat.fr3.eu.criteo.com	ads.eu.criteo.com
11	ads.eu.criteo.com	2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com www.newtimes.co.rw
11	fonts.googleapis.com	www.newtimes.co.rw hal900030.redintelligence.net hal900029.redintelligence.net
10	image2.pubmatic.com	ads.pubmatic.com
10	simage2.pubmatic.com	ads.pubmatic.com
9	hal9000.redintelligence.net	www.newtimes.co.rw hal900030.redintelligence.net hal900029.redintelligence.net
9	tags.mathtag.com	a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com tags.mathtag.com www.newtimes.co.rw
9	ssbsync.smartadserver.com	a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
9	ap.lijit.com	9 redirects
9	adservice.google.com	securepubads.g.doubleclick.net
9	adservice.google.de	securepubads.g.doubleclick.net
8	www.gstatic.com	www.youtube.com www.gstatic.com
8	cms.quantserve.com	7 redirects a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
8	googleads.g.doubleclick.net	a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com pagead2.googlesyndication.com www.youtube.com
8	imageproxy.eu.criteo.net	ads.eu.criteo.com
8	ads.pubmatic.com	cdn.yourbow.com ads.pubmatic.com
7	rtb.openx.net	a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
7	rtb.nl3.eu.criteo.com	www.newtimes.co.rw
6	acdn.adnxs.com	cdn.yourbow.com a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
6	eus.rubiconproject.com	a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com eus.rubiconproject.com www.newtimes.co.rw cdn.yourbow.com
6	cdn.track.production.webgains.team	a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com as.ad4m.at track.webgains.com
6	analytics.webgains.io	track.webgains.com
6	sync.mathtag.com	2 redirects tags.mathtag.com sync.mathtag.com a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
6	s.ad.smaato.net	6 redirects
6	match.adsrvr.org	a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com ads.pubmatic.com
6	sync.teads.tv	2 redirects googleads.g.doubleclick.net a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
6	c1.adform.net	4 redirects ads.pubmatic.com
6	c.amazon-adsystem.com	cdn.yourbow.com c.amazon-adsystem.com
6	www.googletagmanager.com	www.newtimes.co.rw www.googletagmanager.com adv.office-partner.de
5	pixel.onaudience.com	5 redirects
5	simage4.pubmatic.com	ads.pubmatic.com
5	www.awin1.com	1 redirects as.ad4m.at
5	contextual.media.net	cdn.yourbow.com
5	aax-eu.amazon-adsystem.com	2 redirects a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com ads.pubmatic.com
5	um.simpli.fi	4 redirects ads.pubmatic.com
5	hal900023.redintelligence.net	1 redirects a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com hal900023.redintelligence.net
5	d5p.de17a.com	5 redirects
5	cdnjs.cloudflare.com	ads.eu.criteo.com s1.adform.net
4	yt3.ggpht.com	www.youtube.com
4	i.ytimg.com	www.youtube.com
4	static.doubleclick.net	www.youtube.com
4	pixel-sync.sitescout.com	4 redirects
4	uipglob.semasio.net	2 redirects
4	a.audrte.com	3 redirects ads.pubmatic.com
4	token.rubiconproject.com	4 redirects
4	googleads4.g.doubleclick.net	ad.doubleclick.net
4	1x1.a-mo.net	a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
4	cdn.retailads.net	2 redirects futalis.de
4	static-de.ad4mat.net	as.ad4m.at
4	pr-bh.ybp.yahoo.com	2 redirects ads.pubmatic.com
4	cdn.doubleverify.com	s1.adform.net cdn.doubleverify.com
4	ups.analytics.yahoo.com	4 redirects
4	prod-rtb.ad4mat.net	www.newtimes.co.rw
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	prod.us-east-1.cxm-bcn.publisher-services.amazon.dev	c.amazon-adsystem.com
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com www.newtimes.co.rw
4	static.chartbeat.com	www.newtimes.co.rw
3	s.amazon-adsystem.com	2 redirects a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
3	fra1-ib.adnxs.com	cdn.jsdelivr.net a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com cdn.adnxs.com
3	hal900029.redintelligence.net	hal9000.redintelligence.net hal900029.redintelligence.net
3	hal900030.redintelligence.net	hal9000.redintelligence.net hal900030.redintelligence.net
3	rtb.fr3.eu.criteo.com	www.newtimes.co.rw
3	a.sportradarserving.com	3 redirects
3	pixel.mathtag.com	tags.mathtag.com
3	a.tribalfusion.com	1 redirects a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
3	cdn.jsdelivr.net	a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
3	2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	r.scoota.co	2 redirects
2	pubmatic-match.dotomi.com	ads.pubmatic.com
2	ads.creative-serving.com	2 redirects
2	image4.pubmatic.com
2	dsp.adfarm1.adition.com	2 redirects
2	loada.exelator.com	2 redirects
2	mwzeom.zeotap.com	ads.pubmatic.com
2	p.rfihub.com	2 redirects
2	cr.frontend.weborama.fr	2 redirects
2	sync.crwdcntrl.net	1 redirects ads.pubmatic.com
2	s0.2mdn.net	a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com ad.doubleclick.net
2	rtbc-ew1.doubleverify.com	cdn.doubleverify.com
2	rtb0.doubleverify.com	cdn.doubleverify.com
2	img.tradedoubler.com	a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
2	impfr.tradedoubler.com	2 redirects
2	futalis.de	hal900030.redintelligence.net hal900029.redintelligence.net
2	adv.office-partner.de	hal900030.redintelligence.net hal900029.redintelligence.net
2	sync.1rx.io	2 redirects
2	match.360yield.com	2 redirects
2	beacon-ams3.rubiconproject.com	www.newtimes.co.rw a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
2	us-u.openx.net	googleads.g.doubleclick.net
2	m.exactag.com	a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
2	pool.admedo.com	2 redirects
2	r.turn.com	a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
2	ad.turn.com	2 redirects
2	secure.cdn.fastclick.net	www.newtimes.co.rw
2	ping.chartbeat.net	www.newtimes.co.rw
2	www.google.de	www.newtimes.co.rw
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	region1.analytics.google.com	www.googletagmanager.com
2	mab.chartbeat.com	static.chartbeat.com
2	cdn.yourbow.com	www.newtimes.co.rw
1	stags.bluekai.com
1	www.conrad.de	as.ad4m.at
1	ssum-sec.casalemedia.com	1 redirects
1	dmp.adform.net	1 redirects
1	idsync.frontend.weborama.fr	ads.pubmatic.com
1	cdn.contentspread.net	hal900023.redintelligence.net
1	px.ads.linkedin.com	a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
1	widget.fr3.eu.criteo.com	ads.eu.criteo.com
1	cdn.adnxs.com	cdn.jsdelivr.net
1	assets.a-mo.net	cdn.jsdelivr.net
1	sync.targeting.unrulymedia.com	1 redirects
1	secure.adnxs.com	1 redirects
1	dclk-match.dotomi.com	a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
1	s.tribalfusion.com	a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
1	gcm.ctnsnet.com	1 redirects
1	sync-tm.everesttech.net	1 redirects
1	newtimes.co.rw	1 redirects
1232	149

This site contains links to these domains. Also see Links.

Domain
twitter.com
www.facebook.com
instagram.com
www.linkedin.com
jobs.newtimes.co.rw
epaper.newtimes.co.rw

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-01-26` - `2024-01-25`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-04-24` - `2023-07-17`	3 months	crt.sh
*.chartbeat.com Thawte RSA CA 2018	`2022-05-06` - `2023-06-03`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-04-24` - `2023-07-17`	3 months	crt.sh
cdn.yourbow.com GTS CA 1D4	`2023-04-26` - `2023-07-25`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-04-24` - `2023-07-17`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-04-24` - `2023-07-17`	3 months	crt.sh
*.chartbeat.net Thawte RSA CA 2018	`2022-12-19` - `2023-12-30`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-04-24` - `2023-07-17`	3 months	crt.sh
*.pubmatic.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-25` - `2024-01-24`	a year	crt.sh
c.amazon-adsystem.com Amazon RSA 2048 M01	`2023-02-28` - `2024-02-17`	a year	crt.sh
prebid.media.net GTS CA 1D4	`2023-05-09` - `2023-08-07`	3 months	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-05` - `2024-04-03`	a year	crt.sh
*.sharethrough.com Amazon RSA 2048 M02	`2023-02-10` - `2023-08-12`	6 months	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2023-02-13` - `2024-03-15`	a year	crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com Amazon RSA 2048 M01	`2023-03-16` - `2024-03-08`	a year	crt.sh
secure.cdn.fastclick.net DigiCert TLS RSA SHA256 2020 CA1	`2022-12-02` - `2023-12-02`	a year	crt.sh
prod.us-east-1.cxm-bcn.publisher-services.amazon.dev Amazon RSA 2048 M02	`2022-12-27` - `2024-01-25`	a year	crt.sh
*.google.de GTS CA 1C3	`2023-04-24` - `2023-07-17`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-04-24` - `2023-07-17`	3 months	crt.sh
*.nl3.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-14` - `2023-06-09`	3 months	crt.sh
*.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-13` - `2023-08-10`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-04-24` - `2023-07-17`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-24` - `2023-06-18`	3 months	crt.sh
*.fr3.eu.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-22` - `2023-06-25`	3 months	crt.sh
*.eu.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-26` - `2023-06-29`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-04-24` - `2023-07-17`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2022 Q4	`2022-12-23` - `2024-01-24`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-05-12` - `2023-08-10`	3 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2022-09-20` - `2023-09-20`	a year	crt.sh
*.exactag.com Sectigo RSA Organization Validation Secure Server CA	`2023-04-03` - `2024-05-03`	a year	crt.sh
teads.tv R3	`2023-05-11` - `2023-08-09`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-21` - `2024-01-23`	a year	crt.sh
*.mathtag.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-03-30` - `2024-04-29`	a year	crt.sh
prod-rtb.ad4mat.net GTS CA 1D4	`2023-04-09` - `2023-07-08`	3 months	crt.sh
redintelligence.net R3	`2023-04-10` - `2023-07-09`	3 months	crt.sh
pixel.mathtag.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-05` - `2023-07-05`	a year	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2022-08-09` - `2023-09-10`	a year	crt.sh
*.doubleverify.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-05` - `2023-07-07`	a year	crt.sh
adv.office-partner.de R3	`2023-05-01` - `2023-07-30`	3 months	crt.sh
*.futalis.de R3	`2023-04-17` - `2023-07-16`	3 months	crt.sh
*.webgains.com Amazon RSA 2048 M01	`2023-05-15` - `2024-06-13`	a year	crt.sh
cdn.retailads.net Encryption Everywhere DV TLS CA - G1	`2022-06-17` - `2023-06-18`	a year	crt.sh
cdn.adnxs.com GeoTrust TLS RSA CA G1	`2023-03-27` - `2024-04-26`	a year	crt.sh
*.webgains.io Amazon RSA 2048 M02	`2023-03-02` - `2023-09-21`	7 months	crt.sh
cdn.track.production.webgains.team Amazon RSA 2048 M01	`2023-02-28` - `2023-10-28`	8 months	crt.sh
*.a-mo.net Amazon RSA 2048 M01	`2023-02-22` - `2023-08-24`	6 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-04-24` - `2023-07-17`	3 months	crt.sh
*.media.net DigiCert TLS RSA SHA256 2020 CA1	`2023-02-10` - `2024-02-18`	a year	crt.sh
www.awin1.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-10` - `2024-03-09`	a year	crt.sh
contentspread.net R3	`2023-04-19` - `2023-07-18`	3 months	crt.sh
*.crwdcntrl.net Amazon RSA 2048 M01	`2022-11-07` - `2023-12-06`	a year	crt.sh
*.simpli.fi DigiCert TLS RSA SHA256 2020 CA1	`2022-11-07` - `2023-12-08`	a year	crt.sh
aax-eu.amazon-adsystem.com Amazon RSA 2048 M01	`2023-01-27` - `2024-01-27`	a year	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-04-04` - `2023-09-27`	6 months	crt.sh
edgestatic.com GTS CA 1C3	`2023-04-24` - `2023-07-17`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2023-04-24` - `2023-07-17`	3 months	crt.sh

This page contains 126 frames:

Primary Page: https://www.newtimes.co.rw/
Frame ID: F778BE715172F8C968FB81F5D1F4998B
Requests: 310 HTTP requests in this frame

Frame: https://2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: B7EF1B4D3EB2D500439F8CB54CF5D0EC
Requests: 1 HTTP requests in this frame

Frame: https://2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 25D2404A440E29EA739752D3842C04D5
Requests: 9 HTTP requests in this frame

Frame: https://2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 664B353C71C1EAB765E7560460893803
Requests: 9 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZGKZQgACxGMKhZQMAARnYtQwTiGFjSEc-uVeIA&u=%7C7%2FYujITEdeg8FUILki9iJ4aRAOxKVOf64C6CSfRjutA%3D%7C&c1=VEd5MTeK-DVtvwpxQwkatQ5fNcsqqVzrGxHd21mMpxNh6ptbvoFGr-zNgOWxNGK8hcdazcCQ4TV7lxzc5U56N7_Ai_ZCvZZTcs4J_AUHiXNxRCEv0MQBdHvpJnTXGdNbA-UccGqOgBByFas5qs71SzwjAjRgRqmn4rrx9dkHB9E-hLcKrgC6FKslC7u9vWnncVk6BXeyHUiL5yhw5oiaj6ruCaD0UKCipKUOkWUuGAkSZbDRiz8-S0zaJ1CPlePj55HCyr9TTMB-2DNda8qLIajXL5sCw5a3eWodUMgItCXXznTTw2C7xII6aQY1gAXTlZxDrigAb0yZg_OGmFbYjJjR_kxtI6wkmQT95IoKJiE_KgvU-rSvnSzG2htUjMLLzUVs-Y7-LIDykFhpBe6NLJvHpfBgMU732hfHbxJzmi8dxgqXM66ndU2NAAEckF7tFLK4r36m198lxNTHQUTsm6J3Ehrln1QbPdDVH5ZllIqeq8WilryvtxureV-OBOls3sK8SnwiAMjzS1JuzN7a_EyFMIvfBy37nOck0-7yF22McOZ1rOOy-dXRnPaqLrf_ySvkHEV7t0ULrcGnT-VMKEZY7vtEQP805Zqez2lObAvGFnGXZ2VztO8Aq0gPZNQX&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCi2YnQpliZOOIC4yolgTizpHQBMme0rFc1Z2R93DAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCakCuEm_tTNnsj7gAgCoAwGqBIICT9C0tQm2h-2Dn9Xz9r53D8Ubu70CbA_Xk1bp1xfSKvxHCGGKEGfCg6S23pb9VbMT549FfAGq5H7g9oC4BK5fBraIMmRMG4zPzCeVUeLgPgb6p-VdIa6u10TyZtiB-6PwosrI39wj-hWzfQWZdc8meNg04yu1Tl7grPgDYRjMIkw3zb7uDMERHPMbyuDK1N8zNEX3-ylsWcnYDru5wtmswUQBP5bN4QKrL0VJBaJe_U0DTecyGCgp6UVJ_La4-4s4EIQD1tY2jbYx71vhAmlRtZzLl2i2zRAjN7qiyCW1fNiYnjX-dHPbQ3qJ91LUp0AIGhNyVCcYjry1HXotGO76TtRk4AQBgAbGx_OR9K7H7SGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0O7g3R0OnmDgKhYKooLhH8BtokUg%26client%3Dca-pub-7554793497192362%26adurl%3D
Frame ID: 079871C85C3E88CB028EBC6D7C4778CA
Requests: 18 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZGKZQgACkV4KG18EAAbgzP23cLihI8NRiROqVg&u=%7C7%2FYujITEdeileQYii%2Fu4kHmyOYOc77UKfKJaRSNGW0w%3D%7C&c1=VEd5MTeK-DVtvwpxQwkatQ5fNcsqqVzrGxHd21mMpxNh6ptbvoFGr-zNgOWxNGK8hcdazcCQ4TV7lxzc5U56N7_Ai_ZCvZZTcs4J_AUHiXOyTUmt0LIB1Arv3LRdJwySd4b4OfvN2D44-sQq0YqqG3DXD5WO6mx0nOgFBhA8tkrZddUlZ5X5fiYikF9raWCM_qEr5R9CSKKKO0-tZyddIaF0uhtI0_UhcKWd1sHOyD-iMd_Mtzzc07BHfFhKKI5aUxrlI44OB_y4xbtVltzM2-cp3k6_RbNMDOAT1-vCPIlubVYrCH2BAKnAUO6lVt8ASph3_zvGviuFfBEogtJWWO2vO9Uc8GPuX9Ht139wpcqe9g5oatNagP9U6CbNnSrT_jx85Hm48Y-n5vwrZNHt_00tHF9FBf52AUYWiJxAnW-1XsiCNMvmb09x2RyWsYgrArH26KgQLEw-0KvEgVGHE3Svz2DhmwTta-GX-pP2HNHc1KoyKUf8qfM1s825eh3kPixotdQGVIuZiIBx0cC2sN6vGL1BO7_7gT0lcdh1Q7qL_fjb7hlwirlcvdt9vyNSeQ_wtB330QsAa_v0jQ_6aw0NkIQ706GN2Xt6gYh9BTuM0pzY5iezoHMhU8JgkpW-&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCmMrCQpliZN6iCoS-bczBm_gFyZ7SsVzVnZH3cMCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoEggJP0GWutwxIK8CQCZpi14cSVME7LPBJYFYWwPvtIhjT2OHAyF_TdnGXZMOjj-GOtVl7IA7eN14bRgnyI1tSZXGGgOXDLTy6MmeZ_Y4HdgTeFFwKjJi4lwfJYe6UbQbBaz_D0Z8xAtqJavSJA3nuokuFwMjtajltB7usDkgajPumSSRtLloa5DT7YjzUkoKvV9sXqW7x1FrI6vQaJfL87k12pwOV8kKanbv82W65dkI8rWrdo13ioUrnRczoUZkIhffOr2xZbs8kPCEJ50a27dOnZahzE7mGRHX5yhfr35r_t4Ay6EVxM1Ret6MGVP5KHYAmN3nMErXGsTB7ihgs62zfOu7gBAGABsbH85H0rsftIaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_05nlqAJErFxZZJMAyEuB_jivIJhg%26client%3Dca-pub-7554793497192362%26adurl%3D
Frame ID: 5D99398EE75F94F564417C007BBA40EA
Requests: 18 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 2EFC04F87CBFC11B5413137F51C7E088
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: DA5B3EA96C88A8FA3ED058F1696A73B9
Requests: 2 HTTP requests in this frame

Frame: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 62D740E83722586052D073682A70DEA6
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 90E076D1D860A01486F1D33714514E2C
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 4EBB364C053AEAFBC819F36EAD452B8A
Requests: 2 HTTP requests in this frame

Frame: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 7AA34C5CBAFA7781D62DBF88A61DEE7F
Requests: 8 HTTP requests in this frame

Frame: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 116629FBD3E52FF3CBBD3B85A4ACFACE
Requests: 10 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZGKZQwAPQLQKhZHWAArelSR7iFRp5foQp2NfbQ&u=%7ClPoQj%2FclhXfQxcpR0ZBejVdhABwdtwMV0Itz3TgBfQI%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNy44cDHK1QYNdJ71gdyCWvw29y1GxtacI6iVoVnLQ5srUOwC-sDBJIjvRCy3Ss-BiCTuGilNUvwWnBBu_EXHaPkH5RNgJ0KnX81D7_f_dj6C4lHuSeJmHtU4kVV_nk3PInoMPa3DzXxIneR-eoKPFqW4a0RmcolbAT_oAM0bsj249Uxkyj8SLK3GC41W4UbA1MdhNUkSVNn0Mlt40RMWAtKjIQgKGX7Pn8PnHBceG_m3q2EHzzLLfXgr_lXTegOIGYtprp8OsL2d7CpQBOfO5-QuyDgxE944qGM66Q2z7cTVBY9RNCt37cFupYoTvVnpd4lvARbF5OaYr-L3RwJuB7qKstX6FBMcR0O3StfleUZkMeWxWB_PojhDDUw4iA9hl8yGJ3Xh5zWW4ciT7y_MGJerzrIR8Xb5kUOJgYfMV9BRsUk1_Ky5vLHO3ytTqQSS1IYHIeQqorEKO2McPWEu8sN6EqoL1LvUWwVAfG_svrE9pjRRjo1IYoHkWILlcT2xsmlMsfBrnfkex0ShyHq18XqFis_dKa-j7heGAbfeZfh_OPNBOlwyHjYUHTM_xALfZNZz_1F0i_8-UiZLKa0i4lt54QDYP4_tP&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCXl68Q5liZLSBPdajlgSVvavwDcme0rFc1Z2R93DAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCakCuEm_tTNnsj7gAgCoAwGqBPIBT9BlEac5EqXx13Nx6-vQDMCnuNxYEyeVH3uEsYqRuKAVWzvISsykXO82Vtv3hCYN1jxy28WVZowdb8tBIqA5IC3OqvYRS2V4hNYm1fn6aBVUC_ZFysbPAne5xBS2M5LzogBhzrxYvyd-VWhaHrCMU_fvS_Oo3tDCygehKQBOrPbpo8-Bf16R4is6OF9c9Msti0O9_Cu4kzbqZg_TXhLLgWxIdWYT_pJJ2OivGn3Ccv4v50cioUvlhl_CGwBoR7-05Wb3WUdG_ubCRQD5eFbciWUtdE0drSPikS11cXbd5dHR8jdN3EFf2soQ3IpVWOp_K0fgBAGABpHNpJqwz_r1nQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3atL_huolOcdev-Bicb8uUxwM-8g%26client%3Dca-pub-7554793497192362%26adurl%3D
Frame ID: A2FE4517720233FE241B06F14F6EC5CD
Requests: 12 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 9CDE0F9D5D960D7542365C4FCD6C99D9
Requests: 9 HTTP requests in this frame

Frame: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 34A140C25A6D9FD0FE9AF4B05718C1E5
Requests: 33 HTTP requests in this frame

Frame: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: FF84B7C0246DC8B83633754406147B3E
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPL6BhCIo0gYxNG26AEwAQ&v=APEucNXyW61cRFhlkQf8sJj7kA9ide9dAnKXUJlfGF3CHBrt98RFby7sm3a4HYO0ul2D9u_Msv6KDzrMPb0fzgqvq_-Tom1A0KnRiAs2sdvfnf7gUMAwUcqWKMXJB_vauw7L0aZpGWF4ZXLtnob3Rpje8QljRm9RM9V9fWIZqxFQd8emNa2Ju7U
Frame ID: F4255ED3BEF51D084A5DDA35CE24A1C0
Requests: 5 HTTP requests in this frame

Frame: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 91515C199E429E65CFF9A4BA3FB056C7
Requests: 33 HTTP requests in this frame

Frame: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: DAFA6DE1CD64246A5A965456A1E221D6
Requests: 8 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZGKZRAAC0CIJHUgUAAwZXX043s1SQ-B5p9s2IQ&u=%7ClPoQj%2FclhXf9WwOXP9QuTgwEw3HDIF8JxjgYB64EZRc%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNTJmLEv97WHnUtKOrKYxIgy15bW8W2rqt8moXOmZ61Js1hV2A5U12MlBuvHpjHFyABkMtCN3PGOM0RjLNu6hUrhecSBrGn2DX8YQCQMDfHNUVqEzAWaeEEyQASNw72j2bsUhFa1AEOIZ9zVz9Ir7gdtrLjiVONBhNAkQsvnmQJW8ktDaPjE3xJEkBusv6-PufQ-z71X7YXzB01C9ixarmSrQSMzQu6A6aeo7ySRkb_u0-o4HCyPJGVCm6Lbi18wqT7LkAduJGcX5sRtUdXsNTf2wE-9jdOSRbuKiFMKBmxwFGOXaQvDsRGoYGwLlyUbCyNs2BmPRM1otZePEM3rGQG2_G5VPRTlUEU32DsvEUm_ecFukIb7cH87qH_kpLgqzhgpVtICTFq750ck3kwHBIZGFvyySOB_-USuMyfTuJ78oZOr-RjDKzkK7Wcc6x7ASY5alFcmW57KYcrLpQLYrmZZ_cGdqf1c_H-1-NRiLyEwOGn9fVTo-4TOskRGr5DkQ3firlfhtjkqUZ_qurFOqBw0PMXXjhU0FTN2UjWWzvW2qk1CXKXKufNdOYAmjVJbASPkn4yS3U5MWcGlA_uktKh-PhFD09rAWSn5IH0q8sBVM&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCtGXJRJliZKKgC5SQ9fgP3bKw4AnJntKxXNWdkfdwwI23ARABIABglfqXgqwHggEXY2EtcHViLTc1NTQ3OTM0OTcxOTIzNjLIAQmpArhJv7UzZ7I-4AIAqAMBqgT5AU_Q0H2qdv8g299fH6msNA5uX4iXfkbjwrfkSSLMWJ30o4RSION7mqbkaLNh5K01MyhzyZYw1lsJI93Gw8wgJCu0hfZqp9REKLSsdzk1bXAPfg94iAT4C6b-V0ozmV7pg-Q_OJSqtLN5pUs5_cuerLUpk-0rBmj3ebQp8LYb6IhVJ4CA0krsfmaxLLjeACqnfJcW-7eLu9OUyh5pjRT0DCgoHO6iD9j9evqKhxxNzQX-cDmLIjlhmnZCEHKs_R0HTbro9GqD1_Meb-n1LlwC8UmgF_r-2tFC_J5NwHTCgLprWQHJPj1OqTPgHZzPl1rfvmurOggGR4DWFuAEAYAGkc2kmrDP-vWdAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_34QNOaOQL60_JzGoZ7Z9i76lY1jw%26client%3Dca-pub-7554793497192362%26adurl%3D
Frame ID: 2421190F404CB1CE5772FC1280E74762
Requests: 11 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: E02463A7507DEE0ECDC453EB89AA0749
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMbfsgIQuOmt-QIY7cL05QEwAQ&v=APEucNUSK0V_idwQzashypXQfxsot3Dy7H1BDqPgT73CBCpaz_kt2XId0uv86kkKtHIGwIDmbbHfUuG4ZY61HsUWV3DrjETDhCyU32LoBWefvwTKoiPKOs5LFXVLhg5fj0PG7cCt-gLo1Sd3KBySw-sSROSsAoLvzOe2iycv-noEraFcB9DCYhM
Frame ID: 810945EA5EADB67F1B12FBDE29835D1E
Requests: 5 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZGKZRAAENxgKG0wVAAl_4V1qe1bezqWiM_3aEw&u=%7ClPoQj%2FclhXdbHUfr%2FX73WjLxhBjYb27T4ZbEbit3kBw%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNy44cDHK1QYNdJ71gdyCWvw29y1GxtacI6iVoVnLQ5srUOwC-sDBJIjvRCy3Ss-BiCTuGilNUvwXseut9fTbPXJYA_7Vjbs5ATnAPuy_R_bhNUf-w337NAAY9hUNK9tG0iTJcPJkWL7XWwoGO073hxHA4DNKP2XGSSVCLgVSP5442mS6EqxtdqzIzkhcumSfbz6soShuz67h_6Sd07f4AyOsUURnzSTTIyIlm5mfswWEBzCtEuXkh6FLvdG-cr1Gw7q8OCgUKFkoglNEAzIwBQwxZd8G9LeVHhcTPwzjytUJSNo8S_NYrAPLVb18jKPIrUotULoKL2utESgRAQnU7NEYQA3gV29VApOwq8e6XIuhtpNS7_EV63oySLYcND71t3UOrQM_ddMgWgok7v1ri7s8oE8LxFLbgC9W_t5ikv1O9l10phi1yI_XAApE_IcaICF7vF0g5Xh-BQk8z7LQQcaMAhTpGeejITjB9XDJ9A-xnHegYAeTcmqWhwPLWYKAsBEqBe5byvVY3pl-aaXig2M9F3yKOW-sG9XvgMl0VDCtKhYsrotcbuIf5gToYa8zsCeYZW31aubsbuRwBs1ge5yr_XcmPHt8i&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCt5ByRJliZJjuEJWYbeH_pbgMyZ7SsVzVnZH3cMCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE-AFP0FwdSYfUC1yKwU9E7IRrH-56Bk4eWIrd1aPU0Rf0X0roFAC6QCrvdoJPZ02GP2NvnQ1NDuI27YIbuDNDH5uH-oP_q6SGtZzbm6NhhHcCdUTwtrFkigPVLjHXZ8wdkoybtfbxNvdJKSSz16bGpDCAbNALySEBM3ZaWgT_VDRaHLr17WF-TKhJq79lKvVsOsiUTOjIgNAU_EdEgKnuaSmlvvK3EcTyI4FMj-KfjehNSmXHb-y4mXgp0FU4yemIKj-6sJQOfkdK_fW_j3OYHlcQUZcwy4mJX663irybpHBbxpCMmxAKryuEqvidEyNYRKhJXJ-SLJKusOAEAYAGkc2kmrDP-vWdAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3omGGcLVhzNfFyWnIiORE5nm1PEQ%26client%3Dca-pub-7554793497192362%26adurl%3D
Frame ID: 5CC1DA45CFAE983E70AF5EBA50EA43B8
Requests: 11 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: A3E288EFFDF949609D166DD4ECAC54AC
Requests: 9 HTTP requests in this frame

Frame: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 83DE9B236F006A8C2F357876A29D77FD
Requests: 18 HTTP requests in this frame

Frame: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: A1680532E96749C82965E2D1B822178C
Requests: 9 HTTP requests in this frame

Frame: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 8C305B326B701F120C09A9FAAE40C870
Requests: 19 HTTP requests in this frame

Frame: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 56DE991ED30906B7503375AAEAC15B68
Requests: 9 HTTP requests in this frame

Frame: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 765D474926AF16B050A100983DA72414
Requests: 9 HTTP requests in this frame

Frame: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 876848A734D17100554AFE60E86FBFD3
Requests: 8 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/dr?ed=1kteyh50x7cpchem3eccg990peba0ty1dgqn5xgr7wvnma1pb39hqqkx2qez2k4td1ysa3wwvjaqk57y0e10pyt7se8btg2kft62grkmb0h3pj60tbmqv0jjjw3gxxe2j50agkez66846ww0d9harqgq7hetpqtjbp7qdj8d8w6j1qtq8txhe0xk3cjfrv2tym9ncevknmbc3gzrrw00ey9e4ng74enjae319pzrvph13a87rfjg1cymc61tzn7h4exqkvgqw9zwdbbw6156xwz092tfn6zccmme2ramkas23x5x05z7cg5znm9t1g4k5r2g96r4cbesapcf65g2j935jfzyy8sry0y8x31azqqtbwbxk0k6ckq6tsbey80jfdarpyr0mxy7ey4g9vrnrpqkt8v0bdkcda82d7ap8s2q033crep665gatsybpbek2c9zmny62c&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DClw_NRJliZKSdGpqB9fgP5K-K0AGQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE-AFP0CIO-mZyQiahzgS6hGfeY8A2pgFLowFFkpayfcFqpU3Ff7GvEDEYXDRfWCAaHY0lOZKoa-gqU8QeWcR0-d9P3CGEYQ15A0dUya_W-y7-W0tsT1S4bu1Av5u4RgmTChelHkyGxMu6CUO8Wvy7iPMlRjlt6oACVseK9dC8T_IVpbKoA6H_d9NTbkapOyqqNKBzc9D7btcPK1u_okA_BajnnAtBeuQutZaRaK3UKjvjAgP-mcC-2yzLP-GBOWCMeyZxVBRu9XSV-rNG2rTyq2NW_Pq9esN9b9MHU5YLljMPcknOZHiluoHM1eNAw-sT6jm1_AkOLgLWUuAEAYAGxNGe9MiAzrylAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0herB7Ds3i_gUflTiCJ2XNousZcw%26client%3Dca-pub-7554793497192362%26adurl%3D
Frame ID: 0DF07FC0885531534D14C58EDB82A45A
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 2484F3C2530BA66630EC8E549617C09D
Requests: 9 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZGKZRAAHzu0JHUDNAA5ENXY37SNg9MZ1nBG9Rg&u=%7ClPoQj%2FclhXftJgSi%2F6UinLIOpDfxbLkIS2OAdi9OtxE%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNTJmLEv97WHnUtKOrKYxIgy15bW8W2rqt8moXOmZ61Js1hV2A5U12MlBuvHpjHFyABkMtCN3PGOOyCgUDGd33DSyoKYdQXRIyKkMQwcKXXdqoxy2CXD2Z3_zkz0hI7mIyvItocaG11lshaz_O8E8rR6uWiyUVOjUEIASd9St0gAmRzQBkpsTZUr-WMn59hINGDWA_dt12S3SChoSB1hZq1rAgkeAUwaepYrDx7k5H_qobIS9XspY9_Z-L7rGf2c12qeUllI1CimJ3ZOpDMmimXW3iKv7Bs3K1tOcVLJd-TpSQRBzug1M40jGObWFsFTmmQumAx7r5b5XwWTEJx5I3RROj6TblEy9_sSRcpWAcZ265WZAC7auZsKzI1r_1yhIm0kJMSenELdOkKHOP1XH-btV7PuZE9ExaQimWy3yBErwI3PbQ0y1agT3WZDOaSDOcAzsvX3j_4ICimTeY0MiDRsLJoCywKD_MglpXgqbBZ-Z_Lvotwb2mDphkkAPkzfKCxT7rB0ABZOwlsCX9u0BUEsEBzYjH517egOwobe7Al2x6iNVL_MojshHB77Sy_pUbKrpVNlcnKQ6rT_89dOytbo2qpl2MqFdl&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DChHVERJliZO2dH82B9fgPtYi5qAbJntKxXNWdkfdwwI23ARABIABglfqXgqwHggEXY2EtcHViLTc1NTQ3OTM0OTcxOTIzNjLIAQmpArhJv7UzZ7I-4AIAqAMBqgT5AU_QatxxxKP3kIITN-KDm2uGJw2ImOnP2vm-6v8FhNEv7MjtTHEjGHRqD3LV39LzkF6KianmYWS1huuBoF8anjlfoEdCYV0EYUFfRILoNkmDS7zhQzkOLQAogwz33A9SOImLA2_NaXQZKNgJqRxKJM6W654TiVrtkD6VTStHqS7odJGg4a4vkZT9J6YMYnOwIwslmJLTOFD14FI-O0hrLahZG3RrC8MrhecWzyBgbuYP7-T86caf7L8FjUF3KGIDq3NT_pP_6Rd-iqoNMwEIR7opj0V2TT5zr0f1DNOuJtkhwkDlPhXK881nSav7HQw2agviECb4vYVhn-AEAYAGkc2kmrDP-vWdAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_33D3VadGi3zggGqQv20DsmUC0Vuw%26client%3Dca-pub-7554793497192362%26adurl%3D
Frame ID: 5072B1059BB7D3A8F73421E8C2DA58B7
Requests: 12 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 227B001DA8114992242190254AD3F0E1
Requests: 9 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/dr?ed=1j0sd5kc2dh37e315h4ysrq35wtrfrgkxfbqgg6tjg2gg98449fszn6vdg5gr6n5v77rkktnz5v1afjgwvessm5nadkk075913fd5kf01vt0tj61715xe5d3jx33nj218kvw592e2djnfr7r7szmf9xav8sfcss6srpjhyhj9ec6a05z6eegah2s3zpwhbj8npn33bcxnbc11d9zqa01a2wk81gfypccfp72gczn2wy5bw9087kzwz46bt0nkyk2tn0jy6e2sa9v3qqam4kh4mh0ek3ms3mdt17er94tzbh7hw20ht0yehjgtck933e24m2fjxa5pyvv4zwyrbspedqvxq795wppjb8r0e6g2xfb312tm9femqg9np49y33h7z4zpet0mfpmvzsxjg5460tygn9rgac42f4k9he98qs4kq6x3frjxszzd7rz9tb69f8a2b60vc&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-MODRJliZOnTI4SglgS7grL4BZDhgYRctqjCivACwI23ARABIABglfqXgqwHggEXY2EtcHViLTc1NTQ3OTM0OTcxOTIzNjLIAQmpArhJv7UzZ7I-4AIAqAMBqgT4AU_Qm2cwHRJq8x2mkUf0GK3tCeGzXDNnyO2GqSGGzaZhJQo5FykRax4-HhAGSgNK2QSc7uPGSq3qUbao3Eqc_Kd_rJGclJbpBwfT_l8mX6-Z3qQDDfjFkGMlNzeVc6RcbBufW9cAjgUyzA7KYFvwF-uxMu9kz8Hqhypz2D3nlaIDXgRtI1ahHpFE8cM9CBYPn-ZYh7wuUDf-yYlA_1_YekoTOVyW8OAlW7tT27cksi7tgg7tGCYPYyVeopjLiRAvRUZvKNtD2_dlMJ1ozeyE43u426RRDiAUjXjWUDtkF4g42PhhtCrEhXieKxOpKKmhEfDKLEynXXMx4AQBgAbE0Z70yIDOvKUBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1fWoXb9j5p6leW3a656AtniIfMZQ%26client%3Dca-pub-7554793497192362%26adurl%3D
Frame ID: D299300BEB9F4B2B8215693256346136
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 15EC047A464E7774C852A2F4CBBDB87C
Requests: 9 HTTP requests in this frame

Frame: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 37382EF945C89390348B3E609CF7D722
Requests: 9 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZGKZRAAJoMAJHUrgAA7vXErYZ2MCOWqkyfyQVA&u=%7ClPoQj%2FclhXe%2BzRN6PRX3nMw%2FlQXbSe%2B1xkD1k9PgfeY%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNy44cDHK1QYNdJ71gdyCWvw29y1GxtacI6iVoVnLQ5srUOwC-sDBJIjvRCy3Ss-BiCTuGilNUvwXKWgmjkBimEDMLzpRLmnsMpjOgbz_LVgMCNERFhaNlvUnpRl3XeBsucKM0Op_B2WC05RkcKDCS77VUIwXKroQc8kznaJ-QxSlgfWcoVsvQ0cxAFtT46nz3Xfud2uHmtWJ0Q65bTIxFEpQLA7Vzj8nj7m7MaxVG-IXQfY8AeUE0-MGKqI7pEAXf9ga4QFlBZgheIwwwpmFZc34VEy00yUcoa_Id8wb8WE0x2tXIYytPlvT37q60TG4MpzC4PDrGxDqTJuGI6V1jTzWdqZpVe3bhnPmEzyctR7nYxQUgUX-LHo9zp-IY9ppUKIwLyUs-7mVzOh9U06mm_t4TYDSnr0oBHi7Wu4ZN1wUG3Nld66qCFm-FuJNMl-_LLmdSLFOf2VQWdD7BQC4qzCQ-rlb8DmAXSMN8DPGCQwYRPRzzAO8qx2EqaqvsXA6fER3TV-lHaD5uB3y8sI_Jgb1MbXC0MtJelqaxOLGhc-Gzir0U_NH4MjNtOH_ydOwVmA8H-RyrMtsV6_nfynGdTFXccdFchnvyaJeBekQsOPU&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCuIxfRJliZMDBJuCV9fgP3N67uA7JntKxXNWdkfdwwI23ARABIABglfqXgqwHggEXY2EtcHViLTc1NTQ3OTM0OTcxOTIzNjLIAQmpArhJv7UzZ7I-4AIAqAMBqgT4AU_QnPVoUAAbbuQnbWG9fTR0m-9yS8TDwbXUR1LflZc2jk8FmbDMEqPFkfg3dyQTA6UZLyVYUa27YyAEVts6XHgKEJ12ofARrpNdh7nVzUNz8cYQWad35ODvuoeEuQnO_3qZ-g50z_95ZDyMSNBjN72MLiG3NQ8VxBrwuF0mTORFfU2Z3rh32UmZTxthIorBTEntmZDMknrMhGNA6NgcW8vWnnA0LjU2JHa6JqRTj2Ih7IfKQK2lNzhf__ESS4AHbYIqP51FzWbvnKXsbCbH4Yweiz9w2R-98mj5hSwjgd9tV2Fajxw10UrB7bPap_IfdAVsbjcRjrUY4AQBgAaRzaSasM_69Z0BoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3glJ7OMXSedse8syDXCIP3ltnQEg%26client%3Dca-pub-7554793497192362%26adurl%3D
Frame ID: 766EDD8F2AB6EB761D865E00E0713B6A
Requests: 13 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 906AF22EADD7BA4779153DEDE41805D6
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: DFE12B633704E1E518B4B97D453FBD82
Requests: 3 HTTP requests in this frame

Frame: https://tags.mathtag.com/notify/js?exch=ruc&s_exch=ruc&id=5aW95q2jLzIzLyAvWkRJM05ETmxaREF0Wm1VME15MHdZbUptTFRBd01EQXRNREF3TURBd01EQXdNREF3LzQxMTc4MDEwNzk5NDUwMDQ1MDQvMTE2NDQ4NjYvMTM1MjcwODYvOS9jSGRFdmg2M3BIVnJqNXRsQzhUanMzT0VvM0JtUVc3R0RUcThVLWg3NmZBLzEvOS8wLzAvMjEzNDIwMS8wLzIxNTU0My8xMzQzNjQwLzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvNDExNzgwMTA3OTk0NTAwNDUwNC96cmgvMC8xMDAxMy83MS85OTkvMi8yYTAyOjZlYTA6YzcxYjo6LzAuMDAwLzE2ODQxODMzNjMvMTY4NDE5NTk2My85LzE3MDQ2Lw/wVfGoPEVGDuGcm62fcgBAXF67pc&nodeid=3772&group=zrh&auctionid=4117801079945004504&pbs_auctionid=4117801079945004504&shardkey=4117801079945004504&sid=13527086&cid=11644866&bp=a_bjiibd&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.133.220&3pck=https%3A%2F%2Fbeacon-nf.rubiconproject.com%2Fbeacon%2Fv3%2Ft%2Fams3%2F0%2F8c2834a0-3760-4975-bad7-65f9bd1ce8fd%2F
Frame ID: AAD33B6047A7FBA15D8BFA7139F9F906
Requests: 9 HTTP requests in this frame

Frame: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 24A2EAC17FDD8F76F9DE71E603941025
Requests: 9 HTTP requests in this frame

Frame: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 071752948E5BB6DF14F98AA79B1F90E3
Requests: 7 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZGKZRAANUzQKhZ5XAAKhjiIm_-e-d2EdGMq2Aw&u=%7ClPoQj%2FclhXecBmEy438X%2FHJS4GUup4DQuYpNN8Lz2qw%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNy44cDHK1QYNdJ71gdyCWvw29y1GxtacI6iVoVnLQ5srUOwC-sDBJIjvRCy3Ss-BiCTuGilNUvwWl_sxa8C-mAkgNESHrW4cfocwwU0fFERcUXaVimzaNmtft-zqwjxz0fwhBcJkJMCJsPs7bVDAxrImZCVXp5OA57i9nbKaJTl7PbWklNS0ZWsv2agltlLAo2krUHlmUWZd10RWT15UuMLRKhE0BZwaBs9qkwsQU0H7Zqi5AReM4D90xZ8M4uGbv_3f2XPLUXymXSmGpeE3p9ve9c-hWBsFWTecjevyfJSXRXXdDm1-j1lbDxJhgHtT44Ul-ziNcvBUeoM_KhXtqbTmYuKz9PLh-LSBjXuZId9jl5GnxjaL0MA1-NnyRUvRsbXdjl7jKdaPqgK0DjuH2BgvNhTYY-VQYm2o_jbKZUqVE9sWil28kgK7Y5_CHBV66VDch6Q5uiwOUb8_PWsGGmdu63VMNfq_6dtmcMo9Tpg-xsIQfJ0fdqjER8YejiQzc2S-CQ3VrKCXuH2lRcWGwmhoNSxzA0mrj7frwPbIy9wCEKemx5QulFZ8aoTldGzAeQRDaDkM-mhhFevAY_FyWoX-wQvy2qDtp&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC4GdCRJliZLSmNde8lgSOw4rYCsme0rFc1Z2R93DAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCakCuEm_tTNnsj7gAgCoAwGqBPgBT9BLRlARnZYEN_mWNpKXeyY22lGGufW_QmuyqSgZZXg-m-N0Ac6EMIQdImiI-raS5wvvCmo1C_rrOYJKVUrxR4U_WHYUKzs2mNSQ6sH5vIY42KeY-P7ccNeGZhz0Hh0-IRcu3tQ3j3xFeehRTWbMt3RQ6NHjfvOFE_BjwRcwYvgMJx7Vo1Q7GrM1VsU3rdvybJWVfJOt0fmVNGUvQcYGembC0tEWYCSvY02U8QTDYWVrIv_MZLUyUDyhPCu6ENajGbD1iTOdghOqa_y2naxqADBpBeQrNnEOS3MV0VYN_x_HseA9C-rDbiRXIH2m4zvfGg9n2yD5vpfgBAGABpHNpJqwz_r1nQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3fgiOUsz2t9mXAi5WAxr8FIo_7BQ%26client%3Dca-pub-7554793497192362%26adurl%3D
Frame ID: E1946FA7B5AF1D2DBBA980F9D6CD7A26
Requests: 11 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: B7698EC60501087EFEC2B061C05E71B3
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 9504BFABF2E0AC1D05B9222C699332F5
Requests: 3 HTTP requests in this frame

Frame: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 2F255E82960D559744588C19E2CDF52E
Requests: 9 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZGKZRAANEEEKhYcBAAYz3Q9_vX-1fvPENDNopQ&u=%7ClPoQj%2FclhXdvqlwWQbO8Y%2FuqEZjLqy8FZY11Fduq%2Fs0%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNy44cDHK1QYNdJ71gdyCWvw29y1GxtacI6iVoVnLQ5srUOwC-sDBJIjvRCy3Ss-BiCTuGilNUvwWk5lKhuw8D1F0vOWT_GsbReDzboeNqNymdHAYROFUloaor91iUASEiShYsdbW4BisHsvzeNuZrPekOUTv0yf4Gp9328cojWQq9DLpJzvZZEoVSCnvQ3tut4lvrHFJvEBIEF6URi-LhG-il4nPUa1PbBYi1dhuAD3l-lX2A0VPwDJFwSlpJXy6awUuo1auRrzIXvsVt-DomHbejWvK1EVMo9RAWEb9qxVqSTcaBNvo2jSjvII1n8FhTHAfQpWS-e45evfwdZQMErP2vpWabAGwiuawsda5B_NCXfOfPnp-1Wqhmkh2oq1zrG7zWMmQY9b4GAJ4iI1GMtQmEGbkeOGNTA3VC75nWMuaWVjvGsEd63Sh8HpsQpgs-sVYPs3B-gVsNrjyV2KzWdJGI4kTuWCOoxzAcOc6Q3EHVcKm8UkKIsJnA-9Xrz03FndszCGR0DLjLInOHSSj7jjOVGhiSrYbal8-yxhc8-WizljQMdJpZ8afjK02bQ1gQwErJCBTS15xEAqRzI_u89zCZwGLY_EPJ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC4kN-RJliZMGgNIGOlgTd55jwBcme0rFc1Z2R93DAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCakCuEm_tTNnsj7gAgCoAwGqBPgBT9BzyjdolNELFZa-XZom9l4H5kfOhENus1nFdSjl10qOYpK86x9hdMUT1JcYEDIrZcJ3EClmflJvHgp13jpHijTgeuQcCMPommrilOKvB2BwShnf8xszjHrLV9jW_BEj5VIx7AapiFBGoNpkFToNiMK4l8mc6vZLGBYQosfS9XoC0AQUt3xjxNKgGAYN62x1x9bLcTwGWDnhnF5cNy5g-9NCEDe4XPkkXD54lJWzUvsbYSXi5HoBj3Gs3qtasRdCX8CPCeAUTjTeSxabPLd2tD3UcLGvSnkxEd3c0SJMdDuHRruZtzMUoHU3HVejLfMnplXzI5cTry3gBAGABpHNpJqwz_r1nQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3YoFG9rxa9FX3lZtObEGPDint-bQ%26client%3Dca-pub-7554793497192362%26adurl%3D
Frame ID: C2185E5BA70F20AFFDDFE44CD0A43AC4
Requests: 12 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: E1B2F7498C1A01B7BD8D535D364FA7EB
Requests: 9 HTTP requests in this frame

Frame: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 06E478A3AF2150C1AF568CEA1B036ABE
Requests: 7 HTTP requests in this frame

Frame: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 217B3A6ED4AC45A8411E63648098A035
Requests: 9 HTTP requests in this frame

Frame: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: EEBFAC21F3D9452DDD952D90DEFF0DDF
Requests: 9 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/dr?ed=1k94hv8sfhdtd9mmsrmpnhjq3h75v76892bpvxz0nh2b4ejs5qhdj3gf68fhq4rnpc48ppxbjd0bsek4a3ghzw7adync1nmde2j9ytn0dggmh8ahp604y44g6vgy1ahjdy3yv614g14tjr38agehdrj9akdr4ryanxym46twprn5tdage49xfezw396s13gv5hhncrsnv8gyrpentevthg8g91jypbf8r3k1c0w2f1n7n7bftbc1q0ghn1rc1qd7cp9zwm38bf70jtve7x7s2hfrmd0fjnwwasdx4qy9tj9s6rn3t45mbxzwww4jna3jk920jt68fqnyzgea8716fpxh2vt1hbztga71vv1x4v2x6m2ssgtjayc0re4f3430a4x0yncz0vdvppgmne7xetdvx6j83krmd47rff3rj510s5gzvzh60q35expy86gtw29nq4zjg4&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC04wERZliZKWkCoysbYzLt9AGkOGBhFy2qMKK8ALAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCakCuEm_tTNnsj7gAgCoAwGqBPgBT9D1hncuEGvr-5JJSltAD29RxLNPtO82ArmolBPnOycWps1XjPRURvA6sG1LN9_obUU_lRG9gkbNWpY-W1mub1ROlLbjBUFjlLBJ0NGlG-YoIbNzutp4zGS0TPG5GOS27kukMvs3H1dspf_UHa6pgu8jaBA1QwRPVgytVjkXqMmgAoupWp1emM4mIhsa_FcKMIniMyr9KkoRd8JZNWccCe1XxSHPWT83wse8-cW2-kxXGpvPONeo2V5XpH6ELmF5qOmcJHeQT0xFdZFhgYi48_277eP0LuvXn2zf_8PmFCerByyBt1n5_YX_j-hvVy8fLmdEum9nVz3gBAGABsTRnvTIgM68pQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3FB1mNWba4Er0x6X7fV_QthhgJ9A%26client%3Dca-pub-7554793497192362%26adurl%3D
Frame ID: 30DB60B3984BBB72432B414423226EEF
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 9091631D2C6EDC120DDB95DCA3D46089
Requests: 9 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: 742E5329D0086DF293891148BAC4F8AE
Requests: 1 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: 4AD01CECCDE4B9FD2A783A5BAC1E248E
Requests: 2 HTTP requests in this frame

Frame: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2724564331
Frame ID: DD751B0BD5946AE57EA632419A11D7F6
Requests: 2 HTTP requests in this frame

Frame: https://hal900030.redintelligence.net/request_content.php?s=52485300187141600951401012325030&a=50fbfd5e
Frame ID: 6E9E8323331489FC9DADC3EEC20A3665
Requests: 8 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: CA2B2970423A4079D361D358C5700C23
Requests: 1 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZGKZRQAB8KIKGwwPAAkv7WpDA1XoHvfw0cfnFQ&u=%7CCjy03sQgDewdxswuMjwDBMv%2BN6rdIt5F8yK3MmqJ4ro%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNy44cDHK1QYNdJ71gdyCWvw29y1GxtacI6iVoVnLQ5srUOwC-sDBJIjvRCy3Ss-BiCTuGilNUvwWXY4YDk7Zbj5VHzU2BFzbcIGmzIARkWam377qyCiMcTVOCTmk5Q6ZaAGKxmBU6hH6fNjlv4L8mgHmepDq-HGad-02atCu_ICvP0RU-JQv0LOQo1shj4QzUKX2wKQ7G8GUrAtnG-p3A2JmP6aHZaccG6wGitVsQKtZ-0kvmggLeQ74rzxT1WqBdCrQAAO2cznXcTp2U0bTKhvOZSjqHQAH1YiYEGmN5j41OZ0UyZgTGDLPnyQYje2FfWO8-CwSMW_FebYS0iw4M4XWuBiXkg4G0s4jPscLXx4HX7ngmALovxIfLDWeNdOACtoyLQ1LCTF_-j-AAOwHj0cpToJBmQZNiaU2xsH5M9yrsR1WTqmuUQB_wPQ2lVASB6osCCMw1Gb5xZ8kctXE0rzpwrP76CvjVmyg_CZpVP-b7EIwlx1LdjyxFhgoAK3_fM9AA_9C_e2Ae_Ba9-iuXY9ic0Z9rbRUY3ymTKWrFiDNcMR8t_cn0Xb82ylHyzTtfUyztG-O97-VWDQ6-ps-B869-bAzDuCUe&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-jzDRZliZKLhB4-YbO3fpNgFyZ7SsVzVnZH3cMCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE-AFP0G_T-xvPRLJOkgWtEkBsjKeRoX2-iNGEN9yrsdtgEeq193HOyzxKXPMD6ClUzeaZJamXk1ruva6fpqcg6QBfADLfpWbOavvHvnTD9N-vp-TPqw_A3f6Tg4WSplZ-4qgU9mLrnnw9uaobeCCX_Ole3WrdJA3W9q14_Wxb50LTToXEr6fJmyYPqQ2BfklBq18QTiRfKqAAFJwVBiR3_oRL8IPc_7jsLt6wlv3srZbmLERp1NlqIw1f7IM_8jwd2V98ANCjBjYxsANREiH6ZgZSH2XbLjePPaMwZ1SnXCMjDwHMaG3coPOZ8iH3PK2HBGOLod9uNcFCz-AEAYAGkc2kmrDP-vWdAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1UwaM-Dodi4-aXDk0JpnfB9FWvpw%26client%3Dca-pub-7554793497192362%26adurl%3D
Frame ID: 9523D27D8664AC17AE9D8D296980D1FD
Requests: 13 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: D69B4463FD96E16FB809FB3A9123F8E9
Requests: 9 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: F96171B56C80F970A9A0379EF73A5EA1
Requests: 2 HTTP requests in this frame

Frame: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2724564333
Frame ID: 9D4771E813030FBF52A93A6DE49C02C5
Requests: 2 HTTP requests in this frame

Frame: https://hal900029.redintelligence.net/request_content.php?s=38176200164363000951401012325029&a=a2ef41b5
Frame ID: 64BB6F6F5EFB58837D5952FC5D3CBC32
Requests: 8 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/dr?ed=1k1qk00rm203jhvf8577vvf6fexgqpa8mpzz6a2k0sv6z6yq2amh6a1qjqtb0ahw2bg02cpd2c1dy7kh95k9m8b8gw5bxpdxcy05em5g8g69ek4pwm3vv6qapd0z9evgkn99c02gvfhp4jwn4t7q61nndn9aa0atv0kgqcmdbcpacatebd2yq7fnhtng3207tarb92sthdt5e8bbkmer07vedw30brszyx0bvqh63w74gzsfzzt9eyet7fmcxsbdshskntf82dbg1dm5hry9y24bn5s3pwkypabahc4v9fmgazbtknav78v01r6z55w163v0ams2jdnksdtn9gp6t92mt1dnyhrxnhbqbwspdn7d3rtt8g672239vvv28awy6hgjy4rft7cffzcvapqbx0tb2q49y9w8005nvy0pk2hz9tf2kkrhhgdeaamnyrq3ddvapb01fm&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCLBwtRZliZPngGfGB9fgPyLu5uAqQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE8gFP0MBKN3Ow-R0wtaCGbLMJeaZeL-SwA_Q3zDdbTa0gn6Im6nt4GWlZHyD77-yJvlD8OhGsRba0y5JcYvDzKQo7hmgqhMSQswxkR-RSBz5RUZtm542kZOpyiss0GFnIjcjBihR0kvgu34LNy7nEDf8ueR3D4s8joPtRz8uncpkzITZ_V4kzP1RwxJdFIZuRXFbNivpjMMskpPrmjBhbfc6aqNSjqP0CEcBsJE6oHoNe8P62aJ4M6c8rTSBEySTh4fOBSIBOMNC09tkuqZEnb8BPCTHFt6skGo49EFP5nv1Bh5_DGwZptL4PXsF3e2_W1ZvHZOAEAYAGzui6xZWzjYKnAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1UwXbSGyKJWUMZzdC1BdIH98xNkA%26client%3Dca-pub-7554793497192362%26adurl%3D
Frame ID: DC05AD810ED501B2D49C2F5AE3FD4CEF
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: AAEF3F966E7AA69ABE8941BC46C79CEC
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 62E962EFFA7E602BBFAE8910A62DE18A
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 861584AAF65D2001A6745A9DFF0796F3
Requests: 9 HTTP requests in this frame

Frame: https://assets.a-mo.net/js/c.js?rj=rtbx
Frame ID: 50DA26EA14AA4D73210C9DE8BEC3F592
Requests: 17 HTTP requests in this frame

Frame: https://hal900023.redintelligence.net/request_content.php?s=56230500198937108091756012325023&a=348a6790
Frame ID: F7CBB5622D8ED3F6DC511846D410B76E
Requests: 12 HTTP requests in this frame

Frame: https://sync.mathtag.com/sync/iframe?mt_uuid=42296462-9945-4b01-b126-3a5e83bcf37d&no_iframe=1&mt_lim=2&type=1,2&source=bidder
Frame ID: A1A108F2DCB0B60301747BBCB5485F51
Requests: 2 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
Frame ID: F1AE77B0AA3CD849F656B89D62E65917
Requests: 10 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: 81AA086A516F6A6C400BEA9CFC984765
Requests: 1 HTTP requests in this frame

Frame: https://ads.eu.criteo.com/delivery/r/afr.php?z=64E5DE761CA1B1A1&u=%7CCjy03sQgDey9i0ZFD4CVLgs06si%2FVINpd67gG9%2BjWLk%3D%7C&c1=JrbohDAzizBCiLKN5O6jHaciAGCxxZxheGkusSCGG-27CYHRxnbR0Ms5OLJPMPOSwIstLLJNYtoZTaSaoT6-rRNZi6qTYFG2CVlEpXee8GumT47NpJo6qDwbzc2LkVeHRYIOGzsXDLpmJ-R7d90IprcydAagu68fRqFlkw-db9hUedwOooG1VaCsUSYN-VcvT1CB6W7eEOPrBgiKroO0kXog-QHtPqYAQ4zlB05091-JznV2G7kzKN9C4GNLDAvgkA_pdVgvBU-V8hHYbVEHvVXaV1Fxypfc5WXC1LnSGRdQOaj10EUAMff8kVZX5EwBzU8ZyEmXzEMA_1ZDxcUPnPwDkLti9rIqDAnNa56vI_BexQuP3XV1hH4CskA_gRvFEsLr2jqLx4ecaMsUYAuNnTwhIIgTbE9G8D47O29SmHAfl5PecGqvphEqUFfcfzMVp--q89rfL1eWtTbgz6n9fWQubJ9s54BlAZcrIVnq8yyPIv0676WJR0FNsZb0DksngTVPOG31Ovg6QNg_FOuC3XERi7zO3yleuVKHbL7o0N3Ba-58oC9vTs3N-a6VX6dHhak-1yY5F-7dacBzF_3-hrByMYT3JkWxk-8hedb3cP9tgedrupkzlgvnTkR_wR28uLFPi6S8EUlEsCFsDu6QUpuZgk6x7gAP
Frame ID: C2B370E515F1402FF65679DE367B5855
Requests: 21 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
Frame ID: 682609031816545A7E12444667BCECD5
Requests: 2 HTTP requests in this frame

Frame: https://beacon-ams3.rubiconproject.com/beacon/d/6b6647aa-3ad8-4994-9337-4d308fd7a428?oo=0&accountId=17046&siteId=315192&zoneId=1608182&sizeId=57&e=6A1E40E384DA563BAC81927878AD45993BF87460C97DC29F6A723D58D70066131931762A2E562D0357E5611225C2278D5ABF4BC26238BE1860D5FBF84B4FFB389C47F639FA427556248233EB694013CBC869C314CC0D19ABB981CEBE6A0FADDBA04DD7A0CD7EF97C3408D8D9323F14935901F0202059A0C8FAD70FA138C8399B64983A16B412A10B5A0DABF8E624AB8886379F6914141F94EC3DA8A9611E303021CF572E617D14E6B1D3175EF46282655A5131565F8E446321B7C6667EBB0A8477516EACE43C89CC2F3F60389AE8CFDAFE4697F72680EA0A23DB198EC5B3F845E39CC90928F4E4B5BDF828BD491235885394077C0D4E90AA0A1D207998BB8CD8CF544BEE4326766C6185AE44383DBA9CFC0DC1E8DF065D52F415940EDDC8733318A551DC505BDAD5D6453553B6AC4DD71DF2FE98FCEBC58C606F27F5BEB973603B914DF9C21251E5360648B3ED343EB60A67DAB130557242A7C8100B241E3D948BC5792D9AAC70544DA22007499A8C63B322F16A49EAB04FB74655CB2FD87DC291ED46CBFE2A18A7BD09E6A62D4FCA76520FF4A715ED82037B8BDC49E209F5528355B887428F3762683AF23ABF994FAB0EE8E57DBE1D631DF7A4ACE129B1BE2AD4271BE2B19A72B2B776C3DF967C2F01A8AB76E228CCCA27168F4A2B919E85D2B2A8EC7174CA09FDB5667FAA7C83D76A21EBD200443DBFFAEF1FBA040DEB1122A7B1D6641DFC63BC06BFC1A05CE3E56D022F636867587A207A9B11FAE9692029A462D5F49B2C7DDB4CA67D82556AD1C98A17A17065B08F4BD72CA171358FB203CB81587BC7A199078D50F44E9660C5BBBD119F1DB071B0F8B31E33D937FD056F90983D505E27E86F93234BA4B397E17384B8BB59FEAF8366EBF90065F5A215BFE8F4865A3AEC0BECB1BC056C6FB610E5BC8F78D4D2F563B564867B3AF745849E866A57554917C20C98C65B76AD62AC883D9CBE113E335F2AC307E931631BBEC3E067B043D56CDC4E95BE004CC11C08CAE00C5A7274621FC00B6D16F5233235E54B1B9924556515E6A3998CC034C3D409EB87AF2B1E587085CFD9EA0E741ACA14F28319B41DF5CB0B050EA18CFA9D2E91F26B431021A0C5C857C97C4A822A0A60A4FE5B9816CDA13B69A8906358651F339ED828DF259E4F8496D671C55CF7DCEE2840B3F7797055875DCF8705992108DB4194786DE0B44940B2171FC33F199F6B
Frame ID: E651C29A9EF53C1C19DE346EB36ABC84
Requests: 1 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: F89C63923076808504A8F2B8E2F9CA99
Requests: 1 HTTP requests in this frame

Frame: https://widget.fr3.eu.criteo.com/dis/dis.aspx?pu=7944&cb=646299467575f027ba983fd4304c588e&r=https%3a%2f%2fa8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com%2f&crossorigin=false
Frame ID: 3D14452264F1CEE43DDC365F89E25091
Requests: 1 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=728&d=90&e=&g=9c8ee0e066bce4dcdc944efdb1283e96%2F15048059093230874786&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183366846&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1hc4ca8sb0w79k9m5c2v743z02cem4ze99ns39kcz6rq282djs7msfpr73wbt26xppatvh4p8yzx95fcctzbw5tdm6ejg64r6j96d2w0egwwcn3dbyzs94b39s0q3pjavyef3vaz2r69k1xxbz88dy5cy1fmc6jwwnw97gy2rxzts216ym3tqdhvn4129zggqqcj3zrhk9r8b5ff3yvd60nan95gg42aecbamgykmvn96sxcb11nyxfy1v9971tm3fxkgpck1as6mg61rhcgqh24k8%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DClw_NRJliZKSdGpqB9fgP5K-K0AGQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE-AFP0CIO-mZyQiahzgS6hGfeY8A2pgFLowFFkpayfcFqpU3Ff7GvEDEYXDRfWCAaHY0lOZKoa-gqU8QeWcR0-d9P3CGEYQ15A0dUya_W-y7-W0tsT1S4bu1Av5u4RgmTChelHkyGxMu6CUO8Wvy7iPMlRjlt6oACVseK9dC8T_IVpbKoA6H_d9NTbkapOyqqNKBzc9D7btcPK1u_okA_BajnnAtBeuQutZaRaK3UKjvjAgP-mcC-2yzLP-GBOWCMeyZxVBRu9XSV-rNG2rTyq2NW_Pq9esN9b9MHU5YLljMPcknOZHiluoHM1eNAw-sT6jm1_AkOLgLWUuAEAYAGxNGe9MiAzrylAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0herB7Ds3i_gUflTiCJ2XNousZcw%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0
Frame ID: B2C62FE17F3CB8436E9839ED7A05EDEB
Requests: 14 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: B4A0B8E9C6599A2A57BE2BCC7F1AFA8B
Requests: 3 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUN4B97C&prvid=2034%2C2030%2C273%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C238%2C97%2C55%2C99%2C3012%2C3011%2C3010%2C244%2C201%2C2039%2C3007%2C246%2C4%2C203%2C446%2C9%2C2011%2C2055%2C3022%2C3020%2C173%2C294%2C251%2C175%2C450%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C3014%2C337%2C338%2C459%2C70%2C77%2C38%2C2022%2C182%2C261%2C141%2C262%2C461%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
Frame ID: 578437435948553D25BFA0C95FB53F25
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: ACA27E3F852AF1F316260B95E9F8B8FB
Requests: 3 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158370
Frame ID: 910A4E615E644EB342EC7FAC2216AC23
Requests: 12 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 20AA78C5545620C39B43C33BBDC75100
Requests: 3 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 405C6C462EA94BDA955487E8C87423EB
Requests: 3 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: BAA9252A377CC0B593222C0C61E04051
Requests: 3 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158370
Frame ID: 7AD90012394808B96C8B6112903ED5FB
Requests: 6 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUN4B97C&prvid=2034%2C2030%2C273%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C238%2C97%2C55%2C99%2C3012%2C3011%2C3010%2C244%2C201%2C2039%2C3007%2C246%2C4%2C203%2C446%2C9%2C2011%2C2055%2C3022%2C3020%2C173%2C294%2C251%2C175%2C450%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C3014%2C337%2C338%2C459%2C70%2C77%2C38%2C2022%2C182%2C261%2C141%2C262%2C461%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
Frame ID: 64AC3A37A1610CCCF36925F53A6655BA
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158370
Frame ID: 6480C9AF0775C846BA635DD14701D5CF
Requests: 6 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUN4B97C&prvid=2034%2C2030%2C273%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C238%2C97%2C55%2C99%2C3012%2C3011%2C3010%2C244%2C201%2C2039%2C3007%2C246%2C4%2C203%2C446%2C9%2C2011%2C2055%2C3022%2C3020%2C173%2C294%2C251%2C175%2C450%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C3014%2C337%2C338%2C459%2C70%2C77%2C38%2C2022%2C182%2C261%2C141%2C262%2C461%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
Frame ID: 9C732AF983411A2A56C4D28799B84770
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUN4B97C&prvid=2034%2C2030%2C273%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C238%2C97%2C55%2C99%2C3012%2C3011%2C3010%2C244%2C201%2C2039%2C3007%2C246%2C4%2C203%2C446%2C9%2C2011%2C2055%2C3022%2C3020%2C173%2C294%2C251%2C175%2C450%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C3014%2C337%2C338%2C459%2C70%2C77%2C38%2C2022%2C182%2C261%2C141%2C262%2C461%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
Frame ID: 772B638635CC60CA62CE1371C137A5F2
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158370
Frame ID: CC15FB80D29B811D7D5B9CF5560DA7B7
Requests: 8 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 43D971783F3C880E6538BE157E456854
Requests: 2 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUN4B97C&prvid=2034%2C2030%2C273%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C238%2C97%2C55%2C99%2C3012%2C3011%2C3010%2C244%2C201%2C2039%2C3007%2C246%2C4%2C203%2C446%2C9%2C2011%2C2055%2C3022%2C3020%2C173%2C294%2C251%2C175%2C450%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C3014%2C337%2C338%2C459%2C70%2C77%2C38%2C2022%2C182%2C261%2C141%2C262%2C461%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
Frame ID: 5377534FE902A39B22F8FC206FAECB81
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158370
Frame ID: CB76671AE0501E82352E7E2D2A420A71
Requests: 8 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=728&d=90&e=&g=0330d0c39cf699edc9dd789692fc5611%2F12912256110232126051&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183366889&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1hwhzn75vb5ps0pdyqrj5fwnnkd7h32xzkxhwyswysbzt2b2cwnr7qx1np0bzd5ne6qmtc7zpmmvvem0dc3ce8jagbj5bn44x1nn9y8qdsf7xnsa0hknkmxdb6n03ck4y3pmfc5ta6decpa5pt1s4xxhk70sgkkbp83k1xeaxea2rrtkzmbt82gg11wacdgwsjjph1n13mkv9wwtgbm789ymbxg15psph2j37bghnnc88a28ts1ab9yswfbqgd4wrqfsqeh60gf3taav1vmqpth744%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC-MODRJliZOnTI4SglgS7grL4BZDhgYRctqjCivACwI23ARABIABglfqXgqwHggEXY2EtcHViLTc1NTQ3OTM0OTcxOTIzNjLIAQmpArhJv7UzZ7I-4AIAqAMBqgT4AU_Qm2cwHRJq8x2mkUf0GK3tCeGzXDNnyO2GqSGGzaZhJQo5FykRax4-HhAGSgNK2QSc7uPGSq3qUbao3Eqc_Kd_rJGclJbpBwfT_l8mX6-Z3qQDDfjFkGMlNzeVc6RcbBufW9cAjgUyzA7KYFvwF-uxMu9kz8Hqhypz2D3nlaIDXgRtI1ahHpFE8cM9CBYPn-ZYh7wuUDf-yYlA_1_YekoTOVyW8OAlW7tT27cksi7tgg7tGCYPYyVeopjLiRAvRUZvKNtD2_dlMJ1ozeyE43u426RRDiAUjXjWUDtkF4g42PhhtCrEhXieKxOpKKmhEfDKLEynXXMx4AQBgAbE0Z70yIDOvKUBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_1fWoXb9j5p6leW3a656AtniIfMZQ%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0
Frame ID: AB30DE5FD7A0822581DC86051F34E744
Requests: 14 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=1624&pub_id=1968063
Frame ID: 598582AB8E56B26B12E9EC04D87B4C79
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 4012B68954C325BBCCEA3EBDD0B890EC
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 6875672605CFA5CA27C535F036C8D004
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: EF7A6B57F8AA804462DCAB3DD3AED201
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: C60FF1143977A479DCD5B3E2890B9E70
Requests: 9 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:42296462-9945-4b01-b126-3a5e83bcf37d&gdpr=0&gdpr_consent=
Frame ID: FCF92FC1E6F61F29B2DE4FEF2780045F
Requests: 1 HTTP requests in this frame

Frame: https://s1.adform.net/Banners/Elements/Files/160090/12685250/12685250.js?ADFassetID=12685250&bv=258
Frame ID: C0F80316CDAB58594BDAD76F608FEE28
Requests: 19 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=183975%2C321853%2C46427&b=rWbTQf9f3XBdaAH7HjtqtBXVaYS8TgJka1JYM%2Cg62h8frfWBzXfPHbH8t5tj78WSmSQT954TMx4E%2CrWbTQf9fGq1tAH7HjtqtGReuYS8TgJka1JYM&f=P6AhBfbfbJMRC9HjHbtgCP6ASJS9TDpQcjqdY%2CBgwFgfPfYG1XFxH6H3tgCzVDAtjSeT8dbUB6xZ%2CP6AhBfbfeYET9HjHbtgCwJ2CJS9TDpQcjqdY&c=728&d=90&e=&g=26e11e3735c455e09b8160b4faee1eec%2F13339628171076748777&i=20597%2C111803%2C22481&j=21%2C21%2C21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183367716&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j37addvzsm6pg9wrec073ybpx10nh101evqamjpga5wh77zgakr2evjgqr83t27h8rejggp2s328q176ysvf2tn5b339wnme8dte3j35bgae27nw05z2czpzk68fxnx19pc08a9k9f6dgrpsmg9w8hzyd081ev0r8jctvr3k7hn4qvybbdp1q1wy7a9ng1qbt7c2yf29tchqqw5bzcavxmswp4h66a1ejcqry6mxraax60p4q2z082j67h36epb1c9dzqrb48n9rrkfes42d05p1w%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC04wERZliZKWkCoysbYzLt9AGkOGBhFy2qMKK8ALAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCakCuEm_tTNnsj7gAgCoAwGqBPgBT9D1hncuEGvr-5JJSltAD29RxLNPtO82ArmolBPnOycWps1XjPRURvA6sG1LN9_obUU_lRG9gkbNWpY-W1mub1ROlLbjBUFjlLBJ0NGlG-YoIbNzutp4zGS0TPG5GOS27kukMvs3H1dspf_UHa6pgu8jaBA1QwRPVgytVjkXqMmgAoupWp1emM4mIhsa_FcKMIniMyr9KkoRd8JZNWccCe1XxSHPWT83wse8-cW2-kxXGpvPONeo2V5XpH6ELmF5qOmcJHeQT0xFdZFhgYi48_277eP0LuvXn2zf_8PmFCerByyBt1n5_YX_j-hvVy8fLmdEum9nVz3gBAGABsTRnvTIgM68pQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3FB1mNWba4Er0x6X7fV_QthhgJ9A%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0
Frame ID: 29E8115D07B8B7238DFC27F874FF71A0
Requests: 16 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=200037%2C14019%2C183722&b=mV2HefGfWXGmSmHZHZtzt6qYtKSwTeZMHb1k5%2CeYdU3fVfxA6tjHZHet1t4mWTwSQTKrACYXpb%2CBgwFgfPfxKzeSxH6H3t9tVJwMajSeT8dbUB6xZ&f=7YmUqfzfj538crHXHgtECk98c4S1TQPbCEZQx%2CDXdT3fwfbJ6t3HmH9twCZDAhxSmTYW3aXdjW%2CjE2sEfGfqP9jtYHEH2tWC43eVhZSzT1XgTGpmR&c=970&d=90&e=&g=ba99554a4dbfa68e99ca82cd9152f370%2F2842032654825791844&i=22499%2C21596%2C71170&j=21%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183367931&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1khhrt6f8gjtga1bxy7csbkrwb0m1rhpprqvffawwn02bxbhfs6ddr1tfzmtfwn421r9ss33w3y12ev4ar03r5vy9t0qntgms0rk6cm5jrg84bxeez2b052g361s77nb0xyk44fp2x1fe669aqg2zzpmz4ym0wzf5bxza1d7vttkgj14g5d55znm9myy1z5dz062bygktts8z11774bjsgmtwygt4zqhp94h13vdwep18ve64vxzfxhjbtph6q2c5w4y27dm89ewpfc6fm63zv6s18%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCLBwtRZliZPngGfGB9fgPyLu5uAqQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE8gFP0MBKN3Ow-R0wtaCGbLMJeaZeL-SwA_Q3zDdbTa0gn6Im6nt4GWlZHyD77-yJvlD8OhGsRba0y5JcYvDzKQo7hmgqhMSQswxkR-RSBz5RUZtm542kZOpyiss0GFnIjcjBihR0kvgu34LNy7nEDf8ueR3D4s8joPtRz8uncpkzITZ_V4kzP1RwxJdFIZuRXFbNivpjMMskpPrmjBhbfc6aqNSjqP0CEcBsJE6oHoNe8P62aJ4M6c8rTSBEySTh4fOBSIBOMNC09tkuqZEnb8BPCTHFt6skGo49EFP5nv1Bh5_DGwZptL4PXsF3e2_W1ZvHZOAEAYAGzui6xZWzjYKnAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_1UwXbSGyKJWUMZzdC1BdIH98xNkA%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0
Frame ID: 093E1285B73FAB2E8B11775119FDA39F
Requests: 16 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?party=14&cid=6898CE94-28C0-4EDB-820B-A8EADEDF2C20&gdpr=0&gdpr_consent=
Frame ID: 118CECD2FB147EC1928B4D1DCF74D203
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=5142336723222583972
Frame ID: 8E38529FEE4CB123FC678BE8EA75C1B2
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
Frame ID: 917D0F4E544F1E073F61D725AEDA8DCC
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=8441730088378381050
Frame ID: C521C7160B0BF31994FAC615F40F6261
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=1204617872861343328&gdpr=0&gdpr_consent=
Frame ID: D62C5DCF9B61A41AEC5ED859331E639D
Requests: 1 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=6898CE94-28C0-4EDB-820B-A8EADEDF2C20&redir=true&gdpr=0&gdpr_consent=
Frame ID: 034C46F61D9874C8824053F021AAE60B
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=L3h_BSB1fQM0KHBUK3pkUiF6LQQ0KiwGLHqevwVL
Frame ID: D54C100AA8AA54395D0913CB9320A93D
Requests: 1 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?party=14&cid=6898CE94-28C0-4EDB-820B-A8EADEDF2C20&gdpr=0&gdpr_consent=
Frame ID: 8AF8CE8C69C4608A51F1C9562D3C5977
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=5107433827890933733
Frame ID: 8D946DBBADED24E38E30CDAFD19505E7
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
Frame ID: B29E9ADC7D6261EAC834894C39CC66D1
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=8441730088378381050
Frame ID: 0BE60D5E1E844F9732FBA3FEB6890DCE
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=1204617872861343328&gdpr=0&gdpr_consent=
Frame ID: D1E8B730029D41F0954A847D4EEF2C05
Requests: 1 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=6898CE94-28C0-4EDB-820B-A8EADEDF2C20&redir=true&gdpr=0&gdpr_consent=
Frame ID: A594E8AA909962BC8B0DA910742B6D37
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=L3h_BSB1fQM0KHBUK3pkUiF6LQQ0KiwGLHqevwVL
Frame ID: 982FCCE297EE60208D1E8DC2A8A43C3A
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA%3D&piggybackCookie=7233512498918455450&gdpr=0&gdpr_consent=
Frame ID: A22B094B7D69B9AFFE22F12E9BB6AFC4
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA%3D&piggybackCookie=7233512498918455435&gdpr=0&gdpr_consent=
Frame ID: 532072E0F76D7404B7A80E0542A79F96
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/embed/2aIbpqdGYac?rel=0
Frame ID: 4CC5AEAAA0CD245700DDA48A3E6CDC57
Requests: 20 HTTP requests in this frame

Frame: https://www.youtube.com/embed/ohUJzYvrLP4?rel=0
Frame ID: 0A24FBD02C55370A3D96EC81CE49A54C
Requests: 20 HTTP requests in this frame

Frame: https://www.youtube.com/embed/60N1BsqYfLk?rel=0
Frame ID: 0E49D3A72212BDEAC50EC6D7D1EB6530
Requests: 20 HTTP requests in this frame

Frame: https://www.youtube.com/embed/-Z5tOYApDig?rel=0
Frame ID: 5B026BE12EF44C504CC6A38F1BFC6956
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

The New Times - Home

Page URL History Show full URLs

https://newtimes.co.rw/article/6147/n HTTP 301
https://www.newtimes.co.rw/article/6147/n Page URL
https://www.newtimes.co.rw/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Chartbeat (Analytics) Expand

Overall confidence: 100%
Detected patterns

chartbeat\.js

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Webgains (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

analytics\.webgains\.io

Zepto (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

zepto.*\.js

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

1232
Requests

89 %
HTTPS

38 %
IPv6

85
Domains

149
Subdomains

115
IPs

12
Countries

23616 kB
Transfer

42507 kB
Size

118
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://twitter.com/NewTimesRwanda

Search URL Search Domain Scan URL

URL: https://www.facebook.com/TheNewTimesRwanda/

Search URL Search Domain Scan URL

URL: https://instagram.com/thenewtimesrwanda

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/the-new-times-rwanda/%20https://instagram.com/thenewtimesrwanda

Search URL Search Domain Scan URL

URL: https://jobs.newtimes.co.rw/
Title: Jobs & Tenders

Search URL Search Domain Scan URL

URL: https://epaper.newtimes.co.rw/
Title: Epaper

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://newtimes.co.rw/article/6147/n HTTP 301
https://www.newtimes.co.rw/article/6147/n Page URL
https://www.newtimes.co.rw/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://newtimes.co.rw/article/6147/n HTTP 301
https://www.newtimes.co.rw/article/6147/n

Request Chain 285

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEKUW5kVV0h3ac2GfVbbl9c8&google_cver=1&google_push=ATf1kGNLhJEQNvLn1JWByWyJa7SanM3h-Z9eUif0hMzTLmEk_OmJaweL-Rt0zcyBTtpN7mMbJVLWqoCMK5CUCBUS7lf9uCtxpRYcvi_oOkRCqHa3u28fiTtfHPgCrvDtMd0KeWPXB3Mc9lrJ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MjcxNDYyMTQ5MDU5ODMxNzE3OA==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEKUW5kVV0h3ac2GfVbbl9c8&google_cver=1

Request Chain 286

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEDKGGkhNgndgI4HErOXrCkU&google_cver=1&google_push=ATf1kGPzx5ZjHY9p_urW72-4SRM9UY4J8a3kR9F7vOClInfAP_JyYvbIqoWyIQ7DwCUoAiEhoA-1EY8JTa3-b6Kj1EtGhAFVo-01j4PpvxqzS-7hI_sjGdEqAguOjq0K6k-3yuNir6BFt9PK HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEDKGGkhNgndgI4HErOXrCkU&google_push=ATf1kGPzx5ZjHY9p_urW72-4SRM9UY4J8a3kR9F7vOClInfAP_JyYvbIqoWyIQ7DwCUoAiEhoA-1EY8JTa3-b6Kj1EtGhAFVo-01j4PpvxqzS-7hI_sjGdEqAguOjq0K6k-3yuNir6BFt9PK

Request Chain 287

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEDI_PUIbBJFYCv6VwoC0hI4&google_cver=1&google_push=ATf1kGNMwYhInWdT7l3XwUmLRCbpWiHdaXv8VGFBL5Tv819seMH7XFfbq4VN91rpjVT-BnxN_AakLvhBCjwxg38H5JrnNIsCVIbOJhdoKMwjPPoHLeCoKxG6Li6DBpDvtfISWrEGpyx54kSg HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEDI_PUIbBJFYCv6VwoC0hI4&google_cver=1&google_push=ATf1kGNMwYhInWdT7l3XwUmLRCbpWiHdaXv8VGFBL5Tv819seMH7XFfbq4VN91rpjVT-BnxN_AakLvhBCjwxg38H5JrnNIsCVIbOJhdoKMwjPPoHLeCoKxG6Li6DBpDvtfISWrEGpyx54kSg HTTP 302
https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=google&bsw_custom_parameter=8a126298-bee8-44c9-bd96-f06275f7d961 HTTP 302
https://pool.admedo.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=google&bsw_custom_parameter=8a126298-bee8-44c9-bd96-f06275f7d961 HTTP 302
https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=c4c2253b-a26c-483d-a5dd-058d8627e020&user_group=1&ssp=google&bsw_param=8a126298-bee8-44c9-bd96-f06275f7d961 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ATf1kGNMwYhInWdT7l3XwUmLRCbpWiHdaXv8VGFBL5Tv819seMH7XFfbq4VN91rpjVT-BnxN_AakLvhBCjwxg38H5JrnNIsCVIbOJhdoKMwjPPoHLeCoKxG6Li6DBpDvtfISWrEGpyx54kSg&google_hm=ihJimL7oRMm9lvBidffZYQ==

Request Chain 289

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEDTK9lx580COF8UGNTAT7OM&google_cver=1&google_push=ATf1kGMuLVPklBL1ZtRylSlFthUff7wCSnAbsWmoUKsGb-BxFojSgnSSgwqdYna8abxJfLhl5Lp0OvRCrjxJF85UPntKbBfFLY8H54lbAOCPqpOvqLSt0Vmo2SNRwjv4oH4s6IRMbKLfjf_L HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEDTK9lx580COF8UGNTAT7OM&google_cver=1&google_push=ATf1kGMuLVPklBL1ZtRylSlFthUff7wCSnAbsWmoUKsGb-BxFojSgnSSgwqdYna8abxJfLhl5Lp0OvRCrjxJF85UPntKbBfFLY8H54lbAOCPqpOvqLSt0Vmo2SNRwjv4oH4s6IRMbKLfjf_L HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzYxODcwODY3NDI1NTgwMzA1Ng&google_push=ATf1kGMuLVPklBL1ZtRylSlFthUff7wCSnAbsWmoUKsGb-BxFojSgnSSgwqdYna8abxJfLhl5Lp0OvRCrjxJF85UPntKbBfFLY8H54lbAOCPqpOvqLSt0Vmo2SNRwjv4oH4s6IRMbKLfjf_L

Request Chain 291

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESELQXSGJqEpsDJB_bsWeFOf0&google_cver=1&google_push=ATf1kGPS3a8m4Jgu8BEjtO3hCa4oj3HN9i-s9hYbKjTPhNSDjjYnUIAsWdaRfMWy-RlVDhjgvdnKf8blJzUElESsv1MPKTQFs7R_BB5SOJVo_teWegsbVi9eib8VLKu82pKxIHIKjW6qLnlJ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGPS3a8m4Jgu8BEjtO3hCa4oj3HN9i-s9hYbKjTPhNSDjjYnUIAsWdaRfMWy-RlVDhjgvdnKf8blJzUElESsv1MPKTQFs7R_BB5SOJVo_teWegsbVi9eib8VLKu82pKxIHIKjW6qLnlJ HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

Request Chain 303

https://ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/B29933196.366647091;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=64629944ade0bc3dfa8d7745acdff480;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=1;;ltd=;dc_tdv=1 HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/B29933196.366647091;dc_pre=CMqUtvmX-P4CFQae_Qcd98ABiQ;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=64629944ade0bc3dfa8d7745acdff480;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=1;;ltd=;dc_tdv=1

Request Chain 352

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJDBTnLMHkZEUs7_qiqSR8s&google_cver=1

Request Chain 353

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZGKZRCybRghSAFROgsBfOQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJDBTnLMHkZEUs7_qiqSR8s&google_cver=1

Request Chain 354

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESELwv1VITRpQ6NqHTvhQlmB8&google_cver=1

Request Chain 355

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTIwNDYxNzg3Mjg2MTM0MzMyOA%3D%3D

Request Chain 388

https://ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/B29933196.366647091;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=64629943423f8d2dd9e44d0829445900;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=1;;ltd=;dc_tdv=1 HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/B29933196.366647091;dc_pre=CPO1xvmX-P4CFfbiuwgdSBwMaw;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=64629943423f8d2dd9e44d0829445900;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=1;;ltd=;dc_tdv=1

Request Chain 395

https://ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/B29933196.366647091;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=64629944c4b607535dab2f51c9379b7c;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=1;;ltd=;dc_tdv=1 HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/B29933196.366647091;dc_pre=CLCLyPmX-P4CFRPluwgdG3UMVw;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=64629944c4b607535dab2f51c9379b7c;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=1;;ltd=;dc_tdv=1

Request Chain 397

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEL613HWWqPmHxHoXGotLrBo&google_cver=1

Request Chain 399

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESENf5YJ7QsnqTWOpjYls8-74&google_cver=1

Request Chain 411

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEKUW5kVV0h3ac2GfVbbl9c8&google_cver=1&google_push=ATf1kGNUgvI4XNgZI-J9pvurNhZ54hp8cAeDKxRqrmw_599E1ObVbfvFse3GLtVxaI4z76TByHaMlQiitdDjKo0L9A6d4Voh0RJjWQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MjcxNDYyMTQ5MDU5ODMxNzE3OA==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEKUW5kVV0h3ac2GfVbbl9c8&google_cver=1

Request Chain 413

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEOli8LDG3vrhjUPyQK4o1pc&google_cver=1&google_push=ATf1kGPQprAZLWHPst2myC5As8ZZBLR9qhvFFLxoZKqfC41X3wClc0Gwf0ThWqwEjU18tp-JFsc2s_4SWwPBn_zkjNDglJYkXoduaQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGPQprAZLWHPst2myC5As8ZZBLR9qhvFFLxoZKqfC41X3wClc0Gwf0ThWqwEjU18tp-JFsc2s_4SWwPBn_zkjNDglJYkXoduaQ&google_hm=5A9XPSFWTc-cixafZoob1YY

Request Chain 414

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEG-r3gCok_CQ6HTKS-rezLU&google_cver=1&google_push=ATf1kGP9uGaAljXdkrPGAZ1uzrx6SPPB1QXJnDenZpRcOD8JpQy37Olwu326AkhNCYPDXoeObZk0gv2FOMcFUVS0gxhGaM9-vpIScw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEhQQkFFWlgtMjQtNVBNNw==&google_push=ATf1kGP9uGaAljXdkrPGAZ1uzrx6SPPB1QXJnDenZpRcOD8JpQy37Olwu326AkhNCYPDXoeObZk0gv2FOMcFUVS0gxhGaM9-vpIScw

Request Chain 415

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEHcTNlvqESKPS0amoxugak4&google_cver=1&google_push=ATf1kGMOXkAcIG9MwYT4YUb-MYE71SPIri32r9Iv47NfQzoKMD83PfuydAqwGrk0gxSdGFqfAfY8b856jKItC-WWJE34eTUcjc9zgw HTTP 307
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEHcTNlvqESKPS0amoxugak4&google_cver=1&google_push=ATf1kGMOXkAcIG9MwYT4YUb-MYE71SPIri32r9Iv47NfQzoKMD83PfuydAqwGrk0gxSdGFqfAfY8b856jKItC-WWJE34eTUcjc9zgw&sovrn_retry=true HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGMOXkAcIG9MwYT4YUb-MYE71SPIri32r9Iv47NfQzoKMD83PfuydAqwGrk0gxSdGFqfAfY8b856jKItC-WWJE34eTUcjc9zgw&google_hm=GpsatGZHaeNOCZpHRJuw4U2V

Request Chain 416

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEHyVjsheMpGIXOOYl4QaQ-k&google_cver=1&google_push=ATf1kGN7vrmLEJJqi0hajc1k0d5b23Zi_CMf2jyuC9IL7Q9tlizaFNKosOFpQxBzZwsnuohe7gweaOZvXa_qrdFKixJ2hSr9g3JBrg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ATf1kGN7vrmLEJJqi0hajc1k0d5b23Zi_CMf2jyuC9IL7Q9tlizaFNKosOFpQxBzZwsnuohe7gweaOZvXa_qrdFKixJ2hSr9g3JBrg

Request Chain 417

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESELQXSGJqEpsDJB_bsWeFOf0&google_cver=1&google_push=ATf1kGPhUJzNz0a6Yxv5LSDwpdSSDv0QQh8YxUE4oMc9m9bfI1bSK5cid8x3lPHFiF-ia3xNz3HMC-85B62B1OwEO-kDvURIKn16xg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGPhUJzNz0a6Yxv5LSDwpdSSDv0QQh8YxUE4oMc9m9bfI1bSK5cid8x3lPHFiF-ia3xNz3HMC-85B62B1OwEO-kDvURIKn16xg

Request Chain 432

https://a.tribalfusion.com/i.match?p=b6&u=CAESEHMKmf6dvbxCkAgG8Nlv0T0&google_cver=1&google_push=ATf1kGMdA4BL1SHI997jApgfldWANBdFg26c5VaRk2kq1otJlmzXDC1vdNkjzx-zr2OJ6j1gQgF8utuuJ-yZBWEbZLKhhbVzV_s&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DATf1kGMdA4BL1SHI997jApgfldWANBdFg26c5VaRk2kq1otJlmzXDC1vdNkjzx-zr2OJ6j1gQgF8utuuJ-yZBWEbZLKhhbVzV_s%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEHMKmf6dvbxCkAgG8Nlv0T0&google_cver=1&google_push=ATf1kGMdA4BL1SHI997jApgfldWANBdFg26c5VaRk2kq1otJlmzXDC1vdNkjzx-zr2OJ6j1gQgF8utuuJ-yZBWEbZLKhhbVzV_s&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DATf1kGMdA4BL1SHI997jApgfldWANBdFg26c5VaRk2kq1otJlmzXDC1vdNkjzx-zr2OJ6j1gQgF8utuuJ-yZBWEbZLKhhbVzV_s%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 434

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEHcTNlvqESKPS0amoxugak4&google_cver=1&google_push=ATf1kGMCsbZEGF3T4V8vFNhAuXoB9lPa5pdKn3ni5yh8NTRsgiIcwWME0jQIMl3NzbEpwGqsmJu_fpCF_DbPCZBcJuPbXtBjSZA HTTP 307
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEHcTNlvqESKPS0amoxugak4&google_cver=1&google_push=ATf1kGMCsbZEGF3T4V8vFNhAuXoB9lPa5pdKn3ni5yh8NTRsgiIcwWME0jQIMl3NzbEpwGqsmJu_fpCF_DbPCZBcJuPbXtBjSZA&sovrn_retry=true HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGMCsbZEGF3T4V8vFNhAuXoB9lPa5pdKn3ni5yh8NTRsgiIcwWME0jQIMl3NzbEpwGqsmJu_fpCF_DbPCZBcJuPbXtBjSZA&google_hm=GpsatGZHaeNOCZpHRJuw4U2V

Request Chain 435

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESELghKnXhXdIiJ2YGroFYnAU&google_cver=1&google_push=ATf1kGPXNlT0cpczqr_7cn8aTZDsJAAVuDnjGkYkSrU6MdeFC9oC-dgxld2OHsfmQ_JVgSrV2xktx0ShchtW9xP-De61diZ0GNM HTTP 302
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=ATf1kGPXNlT0cpczqr_7cn8aTZDsJAAVuDnjGkYkSrU6MdeFC9oC-dgxld2OHsfmQ_JVgSrV2xktx0ShchtW9xP-De61diZ0GNM&google_gid=CAESELghKnXhXdIiJ2YGroFYnAU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDY0NTM4NjM3NTk5NDc4ODc5ODQz&google_push=ATf1kGPXNlT0cpczqr_7cn8aTZDsJAAVuDnjGkYkSrU6MdeFC9oC-dgxld2OHsfmQ_JVgSrV2xktx0ShchtW9xP-De61diZ0GNM

Request Chain 437

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESELQXSGJqEpsDJB_bsWeFOf0&google_cver=1&google_push=ATf1kGNpK0S0neQfGMwvrvYn0xhPSIsscdhqwcCnoHqCXvd0vPBb4N8uflQ4ePKp3VKp358BmmN9SpgrIszSDpAYJCeKzVkhSuB8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGNpK0S0neQfGMwvrvYn0xhPSIsscdhqwcCnoHqCXvd0vPBb4N8uflQ4ePKp3VKp358BmmN9SpgrIszSDpAYJCeKzVkhSuB8 HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

Request Chain 541

https://ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/B29933196.366647091;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=646299444ca15b4dfd164a47c1908af7;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=1;;ltd=;dc_tdv=1 HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/B29933196.366647091;dc_pre=CNWe7PmX-P4CFbLLEQgd5ToIXQ;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=646299444ca15b4dfd164a47c1908af7;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=1;;ltd=;dc_tdv=1

Request Chain 549

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEDI_PUIbBJFYCv6VwoC0hI4&google_cver=1&google_push=ATf1kGMf3KG7o36TOgYdJy8wIMSItEwA8Q7u1Mewxa-bxS0ngc-zw0QpGeg1MNH0rjN3uOoe_aD3VM96MN3P-Nnv9eqpkrXxPruRtNJR0i1_-VA3KmXmQuzQk1CfXHlTEpkwT1w4DdLphps HTTP 302
https://a.sportradarserving.com/sync?ssp=bidswitch&bidswitch_ssp_id=google HTTP 302
https://a.sportradarserving.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=google HTTP 302
https://x.bidswitch.net/sync?dsp_id=409&expires=14&user_group=1&user_id=28518217-43a4-4d5a-bb0c-9322758a0795&ssp=google HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_cm=1&google_hm=ihJimL7oRMm9lvBidffZYQ== HTTP 302
https://x.bidswitch.net/google_sync_status?ssp_name=google&google_gid=CAESEDI_PUIbBJFYCv6VwoC0hI4&google_cver=1

Request Chain 550

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEDTK9lx580COF8UGNTAT7OM&google_cver=1&google_push=ATf1kGN0IVdPYU0eHc4Z_g_LKTHrBnYpNmOiVsbaEa6N05n1-kzxadRPI_KUr-jIL3NPYms71Bcg2rS0Kmelat9eazM7dwrgAHgKnV4vRA68VsWswc3Niup4mRzHrSqcQXgjZPYWe-hZ-Olm HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzYxODcwODY3NDI1NTgwMzA1Ng&google_push=ATf1kGN0IVdPYU0eHc4Z_g_LKTHrBnYpNmOiVsbaEa6N05n1-kzxadRPI_KUr-jIL3NPYms71Bcg2rS0Kmelat9eazM7dwrgAHgKnV4vRA68VsWswc3Niup4mRzHrSqcQXgjZPYWe-hZ-Olm

Request Chain 551

https://match.360yield.com/match/ebda?google_gid=CAESENzWdJl3lTuhqjBpE8Q3jmo&google_cver=1&google_push=ATf1kGPy5ZEbiApOlT-YxgJdlRDW6qegOHgcfWPVqRwTTiNIezeCn2sqUspnOQzh0_3cDDjC03UBGG1j2TFxW6CR6fx2ZKhDAIRnEE88dbfGEry_3fdzS37wPiCjjPNzlnJ75S7RU6nz8d0j HTTP 302
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESENzWdJl3lTuhqjBpE8Q3jmo&google_cver=1&google_push=ATf1kGPy5ZEbiApOlT-YxgJdlRDW6qegOHgcfWPVqRwTTiNIezeCn2sqUspnOQzh0_3cDDjC03UBGG1j2TFxW6CR6fx2ZKhDAIRnEE88dbfGEry_3fdzS37wPiCjjPNzlnJ75S7RU6nz8d0j HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=8tnyQjZJSHe_2bT4Zk4sBQ&google_push=ATf1kGPy5ZEbiApOlT-YxgJdlRDW6qegOHgcfWPVqRwTTiNIezeCn2sqUspnOQzh0_3cDDjC03UBGG1j2TFxW6CR6fx2ZKhDAIRnEE88dbfGEry_3fdzS37wPiCjjPNzlnJ75S7RU6nz8d0j

Request Chain 552

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEH72pxcy57T-ZGJS1_d4t4I&google_cver=1&google_push=ATf1kGM1lWzBUL2SFUYlhaXQSDsb5d3YAgOXRSiq0nX_q387ZZ4GyOQk-iggfvntjdfzy1oscBOMse7gP9woKyZE2JjmrRxuvzve3eujrQgGH202o6mE0ssDUuA6URK53NB107vXdvD3JFFdXA HTTP 302
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEH72pxcy57T-ZGJS1_d4t4I&google_cver=1&google_push=ATf1kGM1lWzBUL2SFUYlhaXQSDsb5d3YAgOXRSiq0nX_q387ZZ4GyOQk-iggfvntjdfzy1oscBOMse7gP9woKyZE2JjmrRxuvzve3eujrQgGH202o6mE0ssDUuA6URK53NB107vXdvD3JFFdXA&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1ucjlNVjFORTJ1SGZ5Mjl4RjlRa3N4ZFE3cXVFV3c1YX5B&google_push=ATf1kGM1lWzBUL2SFUYlhaXQSDsb5d3YAgOXRSiq0nX_q387ZZ4GyOQk-iggfvntjdfzy1oscBOMse7gP9woKyZE2JjmrRxuvzve3eujrQgGH202o6mE0ssDUuA6URK53NB107vXdvD3JFFdXA

Request Chain 553

https://secure.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=${BASE64_UID_ENC}&google_gid=CAESEJN3Bw77klw6nfyfqcWWASU&google_cver=1&google_push=ATf1kGOP0LqxUOlWMVWTHpEb2yhSJpCbtW8faM7IqWvQNajlIICHxZ5KP-_L0Bv9VaT7rBAhJqhSGlORxydgLrT-a4T8s8xNfOmgHJSAoC0gdcrPIE3tDXlyQ-_sLATcd41l51Bnf_s-BJb9 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=MTIwNDYxNzg3Mjg2MTM0MzMyOA%3D%3D&google_gid=CAESEJN3Bw77klw6nfyfqcWWASU&google_cver=1&google_push=ATf1kGOP0LqxUOlWMVWTHpEb2yhSJpCbtW8faM7IqWvQNajlIICHxZ5KP-_L0Bv9VaT7rBAhJqhSGlORxydgLrT-a4T8s8xNfOmgHJSAoC0gdcrPIE3tDXlyQ-_sLATcd41l51Bnf_s-BJb9

Request Chain 564

https://ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/B29933196.366647091;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=64629945d4ef80b63fb966f9e3fef4e9;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=1;;ltd=;dc_tdv=1 HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/B29933196.366647091;dc_pre=CPXc8fmX-P4CFbnluwgdQi0GuQ;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=64629945d4ef80b63fb966f9e3fef4e9;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=1;;ltd=;dc_tdv=1

Request Chain 581

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEG-r3gCok_CQ6HTKS-rezLU&google_cver=1&google_push=ATf1kGPfuF5fy8MoOcPPCpsVVFhGtnLE5u7fgulMife6GuMk6BGWZFyCj3_fr6f9zqiL8EARv300bBxNZ8aT2e0UpWj_TXY3jbWtrQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEhQQkFFWlgtMjQtNVBNNw==&google_push=ATf1kGPfuF5fy8MoOcPPCpsVVFhGtnLE5u7fgulMife6GuMk6BGWZFyCj3_fr6f9zqiL8EARv300bBxNZ8aT2e0UpWj_TXY3jbWtrQ

Request Chain 582

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESELQXSGJqEpsDJB_bsWeFOf0&google_cver=1&google_push=ATf1kGN4OKpIcMoYSX4jC-zTVCjqIKL_vK0rkvp2-npARnsEMV_QAWISZCsRqS9hnQBvN3DuTm4VZ7jIE0PHvtdzQJylADdh86_uhw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGN4OKpIcMoYSX4jC-zTVCjqIKL_vK0rkvp2-npARnsEMV_QAWISZCsRqS9hnQBvN3DuTm4VZ7jIE0PHvtdzQJylADdh86_uhw

Request Chain 583

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESELghKnXhXdIiJ2YGroFYnAU&google_cver=1&google_push=ATf1kGNFkDGIKRm5IFa7RyEGbztyto1a5QTDQo5UPOtzIv-guNoXuCYHybrCB7UkAQJllGX0tBdqJ_8guZYBEcAvRdr_b8VlqmTq HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDY0NTM4NjM3NTk5NDc4ODc5ODQz&google_push=ATf1kGNFkDGIKRm5IFa7RyEGbztyto1a5QTDQo5UPOtzIv-guNoXuCYHybrCB7UkAQJllGX0tBdqJ_8guZYBEcAvRdr_b8VlqmTq

Request Chain 585

https://sync.teads.tv/um?eid=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEJpYJqFNU3G0XdlUbcZGPqc&google_cver=1&google_push=ATf1kGPmiE5dM6y6xQ7zEm_MbOj7QnFwuxGs48N2VI5bRk9PwXofAUnYlpQR8RigwbH_eBvbITfenwzbPYzYffJvSZVAHGGKSJQDPuQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=ATf1kGPmiE5dM6y6xQ7zEm_MbOj7QnFwuxGs48N2VI5bRk9PwXofAUnYlpQR8RigwbH_eBvbITfenwzbPYzYffJvSZVAHGGKSJQDPuQ HTTP 302
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

Request Chain 586

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEI2PMtZvp3dVoNiru1rgxeo&google_cver=1&google_push=ATf1kGNTnxAXnnsjIwD5dufXGwKrJxdWWxlk0Z3U76zDktu1q2Av83QydquzJ4gmbubuvoBzg-MPhYdp_1U50yuG3aMufBKfpblgVn0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=8a126298-bee8-44c9-bd96-f06275f7d961&%%GOOGLE_PUSH_PAIR%%

Request Chain 591

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEDI_PUIbBJFYCv6VwoC0hI4&google_cver=1&google_push=ATf1kGPVzealvB9Bv9K6XB_PIrRhVrCf3XL8wGwck2dZRyCI6nDcxt7mYXapqSfU8SGQWA_RqK6iQEgmO3S1JNH6yVy7mObeWyBGgA HTTP 302
https://a.sportradarserving.com/sync?ssp=bidswitch&bidswitch_ssp_id=google HTTP 302
https://x.bidswitch.net/sync?dsp_id=409&expires=14&user_group=1&user_id=28518217-43a4-4d5a-bb0c-9322758a0795&ssp=google HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ATf1kGPVzealvB9Bv9K6XB_PIrRhVrCf3XL8wGwck2dZRyCI6nDcxt7mYXapqSfU8SGQWA_RqK6iQEgmO3S1JNH6yVy7mObeWyBGgA&google_hm=ihJimL7oRMm9lvBidffZYQ==

Request Chain 592

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEIm9Oo89tHB5bw_cwhAUhVo&google_cver=1&google_push=ATf1kGNNQxvYE2pGw2EqLQmLf8atelbX2SPjU_AfUkA0v8qXKACTZd4GB1u9BOkEAzlZbtNs5WglnZ8AGuFkluAuiR3-46orhFq-Ew HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=ATf1kGNNQxvYE2pGw2EqLQmLf8atelbX2SPjU_AfUkA0v8qXKACTZd4GB1u9BOkEAzlZbtNs5WglnZ8AGuFkluAuiR3-46orhFq-Ew&google_hm=eS1MTHR5TTRsRTJwRnZPVkVMdXRRa3h5bjNRNmViTkRBSX5B

Request Chain 593

https://d5p.de17a.com/cookies/google?google_gid=CAESENxAkvn7GgkL1X_U9e5U7cs&google_cver=1&google_push=ATf1kGODtoPQCeq6RySDxCNm9-ZAgcOlR_ab43X1K8x4Vrk0SZRwyBEOaqtx966NmIw8lpIxJOc793H50hNvTd6zZ_vs3464FDBMcw HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESENxAkvn7GgkL1X_U9e5U7cs&google_cver=1&google_push=ATf1kGODtoPQCeq6RySDxCNm9-ZAgcOlR_ab43X1K8x4Vrk0SZRwyBEOaqtx966NmIw8lpIxJOc793H50hNvTd6zZ_vs3464FDBMcw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ATf1kGODtoPQCeq6RySDxCNm9-ZAgcOlR_ab43X1K8x4Vrk0SZRwyBEOaqtx966NmIw8lpIxJOc793H50hNvTd6zZ_vs3464FDBMcw

Request Chain 594

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEG-r3gCok_CQ6HTKS-rezLU&google_cver=1&google_push=ATf1kGODwRjhfQUQ1pTq20UXi3iSPcqUaspdxORfJJsWgTrqNNyv7r2ORA8VaE8_A6aLZI_gwbIPnt4vObatYMFYYV1ubmuTqjAfqQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEhQQkFFWlgtMjQtNVBNNw==&google_push=ATf1kGODwRjhfQUQ1pTq20UXi3iSPcqUaspdxORfJJsWgTrqNNyv7r2ORA8VaE8_A6aLZI_gwbIPnt4vObatYMFYYV1ubmuTqjAfqQ

Request Chain 595

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEJkKMHUSBwQ9e3TsTnqK8JY&google_cver=1&google_push=ATf1kGO9DFcFfkjPElg4U58l7mN7_8__gzyqZcICF30UxYVGuOgXtiL7jl8nw03Zj1QJWuWEt0ezJj4F4UBttqYCF7-i0wneUTYCoA HTTP 302
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=ATf1kGO9DFcFfkjPElg4U58l7mN7_8__gzyqZcICF30UxYVGuOgXtiL7jl8nw03Zj1QJWuWEt0ezJj4F4UBttqYCF7-i0wneUTYCoA&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&cb=1684183365541 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-6a1819c8-ec9d-4825-8cf8-3c9b0068a6c3-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DATf1kGO9DFcFfkjPElg4U58l7mN7_8__gzyqZcICF30UxYVGuOgXtiL7jl8nw03Zj1QJWuWEt0ezJj4F4UBttqYCF7-i0wneUTYCoA%26google_hm%3DA2oYGcjsnUgljPg8mwBopsM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=ATf1kGO9DFcFfkjPElg4U58l7mN7_8__gzyqZcICF30UxYVGuOgXtiL7jl8nw03Zj1QJWuWEt0ezJj4F4UBttqYCF7-i0wneUTYCoA&google_hm=A2oYGcjsnUgljPg8mwBopsM

Request Chain 596

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESELghKnXhXdIiJ2YGroFYnAU&google_cver=1&google_push=ATf1kGNGMFzZl7XF2oU8mmKgtC2-12KmSvoWZjN5s4-VNQvjy3KqGBTDdLV6pNMOMqJoZT0jAe3crhZqSEIznO7owEEpVzWr_tK7 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDY0NTM4NjM3NTk5NDc4ODc5ODQz&google_push=ATf1kGNGMFzZl7XF2oU8mmKgtC2-12KmSvoWZjN5s4-VNQvjy3KqGBTDdLV6pNMOMqJoZT0jAe3crhZqSEIznO7owEEpVzWr_tK7

Request Chain 597

https://sync.teads.tv/um?eid=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEJpYJqFNU3G0XdlUbcZGPqc&google_cver=1&google_push=ATf1kGP2i1KZYWsnLH51c-e7CwQU5of7JCW08RwEYvo6jICAWIcgslO2bj9MeIYUt0K9imZpLKo9FCdr_6ysgT_aCafY27gpgOVz6Wk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=ATf1kGP2i1KZYWsnLH51c-e7CwQU5of7JCW08RwEYvo6jICAWIcgslO2bj9MeIYUt0K9imZpLKo9FCdr_6ysgT_aCafY27gpgOVz6Wk HTTP 302
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

Request Chain 606

https://ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/B29933196.366647091;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=6462994537896d9b3ee4c54f1c6e68a8;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=1;;ltd=;dc_tdv=1 HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/B29933196.366647091;dc_pre=CLuC_PmX-P4CFWyJgwcd2ncEKA;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=6462994537896d9b3ee4c54f1c6e68a8;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=1;;ltd=;dc_tdv=1

Request Chain 626

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEPYbpoVJNDFNoQ42PDag9UQ&google_cver=1&google_push=ATf1kGMyxFdSMJh1qFz_FvJO9IfDuKWoi2p28PKvD0lzUNVJMj-HtOEudqoeGTDSMSC-MqPQrlBKh7gSDJ50XnddhMC7EO9r04gmqVaU-Kf43TiGDNW4JvJ5U5dx6X5Ne7TmB8-f4sKvNUY HTTP 302
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=ATf1kGMyxFdSMJh1qFz_FvJO9IfDuKWoi2p28PKvD0lzUNVJMj-HtOEudqoeGTDSMSC-MqPQrlBKh7gSDJ50XnddhMC7EO9r04gmqVaU-Kf43TiGDNW4JvJ5U5dx6X5Ne7TmB8-f4sKvNUY&google_hm=skAkrLmaK9CZOexuwIUP_A

Request Chain 630

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEBuDsiMoKvFHc_JZaiviabE&google_cver=1&google_push=ATf1kGPjX0gt6RSU7i__lWsRmS1nh1TwqJi5asmNr-1oYlEeD7UyhJSYUbxsonF-nCQIUQ57_c5Nv499Ko-rrk9ngO3IDfFsRaqflrbwLQvAWo2NEraPfNvw5lNKyCZgvdvzf4oZ5ufmayg HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEBuDsiMoKvFHc_JZaiviabE&google_cver=1&google_push=ATf1kGPjX0gt6RSU7i__lWsRmS1nh1TwqJi5asmNr-1oYlEeD7UyhJSYUbxsonF-nCQIUQ57_c5Nv499Ko-rrk9ngO3IDfFsRaqflrbwLQvAWo2NEraPfNvw5lNKyCZgvdvzf4oZ5ufmayg&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=7NrSbx-HSgqPHPuMp82fqw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGPjX0gt6RSU7i__lWsRmS1nh1TwqJi5asmNr-1oYlEeD7UyhJSYUbxsonF-nCQIUQ57_c5Nv499Ko-rrk9ngO3IDfFsRaqflrbwLQvAWo2NEraPfNvw5lNKyCZgvdvzf4oZ5ufmayg

Request Chain 631

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEHcTNlvqESKPS0amoxugak4&google_cver=1&google_push=ATf1kGNwb7DQJoOza8fN2zTj3nOEdFFlvXHO1EcXWhS0YLDoxS8dr12PpD8BUJF2wHJwZYa4SJcbkv5VxOwQPRhhryEjbAa54QFnyh2gg3XTXnXDRjqA72E5KaSgEp68LnLsfXVWjJCDUco HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGNwb7DQJoOza8fN2zTj3nOEdFFlvXHO1EcXWhS0YLDoxS8dr12PpD8BUJF2wHJwZYa4SJcbkv5VxOwQPRhhryEjbAa54QFnyh2gg3XTXnXDRjqA72E5KaSgEp68LnLsfXVWjJCDUco&google_hm=GpsatGZHaeNOCZpHRJuw4U2V

Request Chain 632

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESELghKnXhXdIiJ2YGroFYnAU&google_cver=1&google_push=ATf1kGN3H7FokkhFbw8fe2mChZLCWtzICgDTC-u2a9NQJQv1QCn-rlzaImTSdwe_zv1wA3nNYJXVR2qJEJVHojUWVgI3PoMk75EBPGNa14NeCVPlECiUh6R4TzV5BpTr0Lf0_5O_eQhZN6k HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDY0NTM4NjM3NTk5NDc4ODc5ODQz&google_push=ATf1kGN3H7FokkhFbw8fe2mChZLCWtzICgDTC-u2a9NQJQv1QCn-rlzaImTSdwe_zv1wA3nNYJXVR2qJEJVHojUWVgI3PoMk75EBPGNa14NeCVPlECiUh6R4TzV5BpTr0Lf0_5O_eQhZN6k

Request Chain 650

https://ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/B29933196.366647091;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=6462994484582f0782c48be2e8396d05;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=1;;ltd=;dc_tdv=1 HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/B29933196.366647091;dc_pre=CIrah_qX-P4CFW_juwgdQsoDog;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=6462994484582f0782c48be2e8396d05;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=1;;ltd=;dc_tdv=1

Request Chain 659

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEBuDsiMoKvFHc_JZaiviabE&google_cver=1&google_push=ATf1kGM11smIG-eybIEYVJ6xHdW-s8hVQZuTcPlI-l9FjTNGXPNo8Q42Ft2smGJoL_l7muIrbMjLovWd-R7MIVmike0eVvF0b0fHuQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=aJjOlCjATtuCC6jq3t8sIA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGM11smIG-eybIEYVJ6xHdW-s8hVQZuTcPlI-l9FjTNGXPNo8Q42Ft2smGJoL_l7muIrbMjLovWd-R7MIVmike0eVvF0b0fHuQ

Request Chain 660

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEHcTNlvqESKPS0amoxugak4&google_cver=1&google_push=ATf1kGOSVa7AktyszUQKGtE0MbTdKqmb5mSSy5fDi0c5FK_IElVWAFhB9-GbSCrv4P1EXmtNsCtfkdH9e99PGobg_BEXoP0-J8PlAg HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGOSVa7AktyszUQKGtE0MbTdKqmb5mSSy5fDi0c5FK_IElVWAFhB9-GbSCrv4P1EXmtNsCtfkdH9e99PGobg_BEXoP0-J8PlAg&google_hm=GpsatGZHaeNOCZpHRJuw4U2V

Request Chain 661

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEHyVjsheMpGIXOOYl4QaQ-k&google_cver=1&google_push=ATf1kGPVnO7T72FzFhf6RB9tS7I8UTY3sFHZL59iqcau0m_MAVP1PstvkzPyG4NsWXgAyMfLeUs2FNxRdjArIAq42YM3W2Vf9uDr HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ATf1kGPVnO7T72FzFhf6RB9tS7I8UTY3sFHZL59iqcau0m_MAVP1PstvkzPyG4NsWXgAyMfLeUs2FNxRdjArIAq42YM3W2Vf9uDr

Request Chain 662

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESELghKnXhXdIiJ2YGroFYnAU&google_cver=1&google_push=ATf1kGOu0x8eV6lAN2nvPEGyu2JZdBgM6ZmRLM7yO4-8dVvJiKBQOBZm3C0hSgxgDmrB-PyqgQHaeoQcLwANTF5AT74sImKQ_F1kog HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDY0NTM4NjM3NTk5NDc4ODc5ODQz&google_push=ATf1kGOu0x8eV6lAN2nvPEGyu2JZdBgM6ZmRLM7yO4-8dVvJiKBQOBZm3C0hSgxgDmrB-PyqgQHaeoQcLwANTF5AT74sImKQ_F1kog

Request Chain 663

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESELQXSGJqEpsDJB_bsWeFOf0&google_cver=1&google_push=ATf1kGOWX6hJun31fNdWobGj7apY4qj7ChqSKVXj85EFxl7wVYI9kmywNfPQjXAnl5_-ay02LKZI_klnSvWjXgsFIuYn5Z_ER67gg00 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGOWX6hJun31fNdWobGj7apY4qj7ChqSKVXj85EFxl7wVYI9kmywNfPQjXAnl5_-ay02LKZI_klnSvWjXgsFIuYn5Z_ER67gg00 HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

Request Chain 679

https://hal900023.redintelligence.net/request.php?zone=u072l68m42xn&nw=20&renderingType=javascript&namespace=b29f642da8&subid=&uid=ada32feb5337f8ed&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aruc&envData=&gdpr=0&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3D4b1421ee442483292434692d465025a1b20ac66a%26mt_aid%3D4117801079945004504%26mt_id%3D11644866%26mt_adid%3D215543%26mt_sid%3D13527086%26mt_exid%3D9%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D42296462-9945-4b01-b126-3a5e83bcf37d%26mt_cid%3D42296462-9945-4b01-b126-3a5e83bcf37d%26mt_3pck%3Dhttps%253A%2F%2Fbeacon-nf.rubiconproject.com%2Fbeacon%2Fv3%2Ft%2Fams3%2F0%2F8c2834a0-3760-4975-bad7-65f9bd1ce8fd%2F%26redirect%3D&documentReferer=https%3A%2F%2Fa8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2Fa8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.newtimes.co.rw&random=4424404277346&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900023.redintelligence.net/request.php?zone=u072l68m42xn&nw=20&renderingType=javascript&namespace=b29f642da8&subid=&uid=ada32feb5337f8ed&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aruc&envData=&gdpr=0&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3D4b1421ee442483292434692d465025a1b20ac66a%26mt_aid%3D4117801079945004504%26mt_id%3D11644866%26mt_adid%3D215543%26mt_sid%3D13527086%26mt_exid%3D9%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D42296462-9945-4b01-b126-3a5e83bcf37d%26mt_cid%3D42296462-9945-4b01-b126-3a5e83bcf37d%26mt_3pck%3Dhttps%253A%2F%2Fbeacon-nf.rubiconproject.com%2Fbeacon%2Fv3%2Ft%2Fams3%2F0%2F8c2834a0-3760-4975-bad7-65f9bd1ce8fd%2F%26redirect%3D&documentReferer=https%3A%2F%2Fa8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2Fa8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.newtimes.co.rw&random=4424404277346&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 681

https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=52485300187141600951401012325030&ra_cnt_active=1&ra_cnt=1 HTTP 302
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2724564331

Request Chain 684

https://impfr.tradedoubler.com/imp?type(inv)g(24495172)a(1565155)epi(52485300187141600951401012325030)774186887 HTTP 302
https://img.tradedoubler.com/images/inv.gif

Request Chain 696

https://um.simpli.fi/gp_match?google_gid=CAESEJ2ueJKrMhCAQwaqZIJQxQI&google_cver=1&google_push=ATf1kGMXiW83ZdoNkx7w_6AwxgyYRtA95FvPBR8YfwgbWYlBtX2vwX_7puhgkVAWrZnyPf550jj5IsRIY6O2PO5Pu03ETvSrY00 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=A22ABC9E77424ED6B170286A8A1A3AAE&google_push=ATf1kGMXiW83ZdoNkx7w_6AwxgyYRtA95FvPBR8YfwgbWYlBtX2vwX_7puhgkVAWrZnyPf550jj5IsRIY6O2PO5Pu03ETvSrY00

Request Chain 699

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEG-r3gCok_CQ6HTKS-rezLU&google_cver=1&google_push=ATf1kGMMUn76Tt-Au5sG2TLsHtyZc1_dYxSUQZ0pL2diNRgdfu8V0bNxEjGwNUQjusqOs0FJBw9DxaLaraEACJqht-h5Gi_30aYD HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEhQQkFFWlgtMjQtNVBNNw==&google_push=ATf1kGMMUn76Tt-Au5sG2TLsHtyZc1_dYxSUQZ0pL2diNRgdfu8V0bNxEjGwNUQjusqOs0FJBw9DxaLaraEACJqht-h5Gi_30aYD

Request Chain 700

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEHcTNlvqESKPS0amoxugak4&google_cver=1&google_push=ATf1kGOrhRq129bz9JcUPt2syrpFZgnPHgmU3NtjkfEdAuHziDFF6H_PvJoM2dUA2tRceAEvBj_h780pBF3vjODUi-BHtVrZA5lE HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGOrhRq129bz9JcUPt2syrpFZgnPHgmU3NtjkfEdAuHziDFF6H_PvJoM2dUA2tRceAEvBj_h780pBF3vjODUi-BHtVrZA5lE&google_hm=GpsatGZHaeNOCZpHRJuw4U2V

Request Chain 702

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESELQXSGJqEpsDJB_bsWeFOf0&google_cver=1&google_push=ATf1kGOi3qCK6s_QBdztYCUc8l300FGj-TDvAP1sT22smbEDmJy3hxTaL-8uAZX_a_HVgkxEnvHeQieHI5Zaz7y0ZTkhzrVHq6HmWQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGOi3qCK6s_QBdztYCUc8l300FGj-TDvAP1sT22smbEDmJy3hxTaL-8uAZX_a_HVgkxEnvHeQieHI5Zaz7y0ZTkhzrVHq6HmWQ HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

Request Chain 705

https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=38176200164363000951401012325029&ra_cnt_active=1&ra_cnt=1 HTTP 302
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2724564333

Request Chain 708

https://impfr.tradedoubler.com/imp?type(inv)g(24495172)a(1565155)epi(38176200164363000951401012325029)912349334 HTTP 302
https://img.tradedoubler.com/images/inv.gif

Request Chain 740

https://ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/B29933196.366647091;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=64629945fe176bbb5197db1fa2d924f5;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=1;;ltd=;dc_tdv=1 HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/B29933196.366647091;dc_pre=CIybnvqX-P4CFY_0EQgd9HILYg;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=64629945fe176bbb5197db1fa2d924f5;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=1;;ltd=;dc_tdv=1

Request Chain 751

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEPYbpoVJNDFNoQ42PDag9UQ&google_cver=1&google_push=ATf1kGNXD--ZjP6EBrekgxrQiHvniJjMGDKj9dPCUgclJ9wtVZJamYxvPzDB7Fle2S4ShNirpH1Wh2fomZMkmT5Pd6miiAaymG35EoPHBSYzO0ndtQsrFm9TYng0V0uOi0qmJWHTs099qefN HTTP 302
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=ATf1kGNXD--ZjP6EBrekgxrQiHvniJjMGDKj9dPCUgclJ9wtVZJamYxvPzDB7Fle2S4ShNirpH1Wh2fomZMkmT5Pd6miiAaymG35EoPHBSYzO0ndtQsrFm9TYng0V0uOi0qmJWHTs099qefN&google_hm=skAkrLmaK9CZOexuwIUP_A

Request Chain 754

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEBuDsiMoKvFHc_JZaiviabE&google_cver=1&google_push=ATf1kGNjCLGj1dKQF1PDj7-ljFxg5eS1FcI5FzJ6dtt90mMSKJLm6kGTa5IabKHDNnmGuVLaXKg0iUeVAYSFyn4MjaGOlcqZ7mJeo2HreLp7dS8jN06M_BzjsKhqaZ7NcAMEJkRYFSWwt2Ml HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=aJjOlCjATtuCC6jq3t8sIA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGNjCLGj1dKQF1PDj7-ljFxg5eS1FcI5FzJ6dtt90mMSKJLm6kGTa5IabKHDNnmGuVLaXKg0iUeVAYSFyn4MjaGOlcqZ7mJeo2HreLp7dS8jN06M_BzjsKhqaZ7NcAMEJkRYFSWwt2Ml

Request Chain 755

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEG-r3gCok_CQ6HTKS-rezLU&google_cver=1&google_push=ATf1kGPSGdAuurXdwK8XZOe1qwG08jmIQpvvENKJOxQp3e_gXAT39mMAPzucuhjHWkMHZn5OgxMGVLbOnX1xeSiWeo2APJYbzF9PNLlPUwN21l1xcwcPY4xEwF_6WDrIqR_ppf-Kg66sIt8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEhQQkFFWlgtMjQtNVBNNw==&google_push=ATf1kGPSGdAuurXdwK8XZOe1qwG08jmIQpvvENKJOxQp3e_gXAT39mMAPzucuhjHWkMHZn5OgxMGVLbOnX1xeSiWeo2APJYbzF9PNLlPUwN21l1xcwcPY4xEwF_6WDrIqR_ppf-Kg66sIt8

Request Chain 756

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESELghKnXhXdIiJ2YGroFYnAU&google_cver=1&google_push=ATf1kGPin8lMp7e346YcaTnekHAZVfP22n5W3ZZI39GuTOfXjCju_HZ-1EqgNHFukmI4nKbJAc5phrgEur7r4XPsXb8PqnMz1qQDZiuyJWVVJ9kdYtixrA7LHracw3TEbMjWziDUdglkXFU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDY0NTM4NjM3NTk5NDc4ODc5ODQz&google_push=ATf1kGPin8lMp7e346YcaTnekHAZVfP22n5W3ZZI39GuTOfXjCju_HZ-1EqgNHFukmI4nKbJAc5phrgEur7r4XPsXb8PqnMz1qQDZiuyJWVVJ9kdYtixrA7LHracw3TEbMjWziDUdglkXFU

Request Chain 767

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEIQ7tlHHMVpLNTV_oMKvZss&google_cver=1&google_push=ATf1kGOHs-By671b2umu4heVM53D6xhvuG8xLzz5FQx9Ekhi8gxKlb7yifUUyPcBB9BE1wbVsiVt6B54JtM-dPuJhWWt4cjA70bS HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=QilkYplFSwGxJjpeg7zzfQ&google_push=ATf1kGOHs-By671b2umu4heVM53D6xhvuG8xLzz5FQx9Ekhi8gxKlb7yifUUyPcBB9BE1wbVsiVt6B54JtM-dPuJhWWt4cjA70bS

Request Chain 768

https://um.simpli.fi/gp_match?google_gid=CAESEJ2ueJKrMhCAQwaqZIJQxQI&google_cver=1&google_push=ATf1kGO3hYZgBCJs7qhHNHSS2XHR6iPrk15Ozaxa2RRWsj4t2vursp1T4bn_HV50Xaj-LWX4KNnQ-qdbgDynoB3YIzPVcJfm5_0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=A22ABC9E77424ED6B170286A8A1A3AAE&google_push=ATf1kGO3hYZgBCJs7qhHNHSS2XHR6iPrk15Ozaxa2RRWsj4t2vursp1T4bn_HV50Xaj-LWX4KNnQ-qdbgDynoB3YIzPVcJfm5_0

Request Chain 769

https://d5p.de17a.com/cookies/google?google_gid=CAESENxAkvn7GgkL1X_U9e5U7cs&google_cver=1&google_push=ATf1kGOSFbbTOd0AvAjAqBeV2fA3lptnsAzZRN_Xhf4MeI2B20fexRXKNYpMrpPoo_IAttLs8-Amg2gZ8buYeq116s3X_66REzJx HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ATf1kGOSFbbTOd0AvAjAqBeV2fA3lptnsAzZRN_Xhf4MeI2B20fexRXKNYpMrpPoo_IAttLs8-Amg2gZ8buYeq116s3X_66REzJx

Request Chain 770

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEG-r3gCok_CQ6HTKS-rezLU&google_cver=1&google_push=ATf1kGMIV3Sn2_wNmVlJUyIekJAcJzMnw4p8DTXbQjCZtiqjce0hyyK3cpadbNvSRfJUGU3krgwq8KuexjG-87Zoe_EKO66qGt1x HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEhQQkFFWlgtMjQtNVBNNw==&google_push=ATf1kGMIV3Sn2_wNmVlJUyIekJAcJzMnw4p8DTXbQjCZtiqjce0hyyK3cpadbNvSRfJUGU3krgwq8KuexjG-87Zoe_EKO66qGt1x

Request Chain 771

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEHyVjsheMpGIXOOYl4QaQ-k&google_cver=1&google_push=ATf1kGMTB4Ck3qAySsD9PXh7gVBNQdAUq-DcpwjY4tReLy-XkLegcVIR7NOreT-3NZtjnZL1Q-n-36mP8jHmkPigs44D1q9IjeRc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ATf1kGMTB4Ck3qAySsD9PXh7gVBNQdAUq-DcpwjY4tReLy-XkLegcVIR7NOreT-3NZtjnZL1Q-n-36mP8jHmkPigs44D1q9IjeRc

Request Chain 772

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESELQXSGJqEpsDJB_bsWeFOf0&google_cver=1&google_push=ATf1kGNyE55ilPF7mGPaO9NM3ajvY0rWClZUdnhj_0DbAbL-met9CCJMRpOGx9wkDQOBSeo9OQZOVjxzW3-X5OjlneD5SD3LtBTW HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGNyE55ilPF7mGPaO9NM3ajvY0rWClZUdnhj_0DbAbL-met9CCJMRpOGx9wkDQOBSeo9OQZOVjxzW3-X5OjlneD5SD3LtBTW

Request Chain 773

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESELghKnXhXdIiJ2YGroFYnAU&google_cver=1&google_push=ATf1kGO152Iat7sizeGikSH1yNOibZNz0sh5YY13_y6mXy22BAqi7J-bhsVNDKA3ElmmZVOmN9-1Q5vEOHBmh0Ci_g65UA9wWTQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDY0NTM4NjM3NTk5NDc4ODc5ODQz&google_push=ATf1kGO152Iat7sizeGikSH1yNOibZNz0sh5YY13_y6mXy22BAqi7J-bhsVNDKA3ElmmZVOmN9-1Q5vEOHBmh0Ci_g65UA9wWTQ

Request Chain 782

https://um.simpli.fi/gp_match?google_gid=CAESEJ2ueJKrMhCAQwaqZIJQxQI&google_cver=1&google_push=ATf1kGNPjwwfIOdW3BrfixrInfmHfe1lQl5ajzv7oALuGy9CoB18hBwudRonRDj6D_aSDKTe-UpVfo0GGiQiNxRGI4U8uvVDxYXBrQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=A22ABC9E77424ED6B170286A8A1A3AAE&google_push=ATf1kGNPjwwfIOdW3BrfixrInfmHfe1lQl5ajzv7oALuGy9CoB18hBwudRonRDj6D_aSDKTe-UpVfo0GGiQiNxRGI4U8uvVDxYXBrQ

Request Chain 784

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEBuDsiMoKvFHc_JZaiviabE&google_cver=1&google_push=ATf1kGNHO_La9FRhrzuXi4nYJ0q7abiz2yno6fMsqBmp0SYjkWjK810keb1rtQ0lxYjTCojU3toaMoqBh52fe6q5iFcNoaGEESWEtA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=aJjOlCjATtuCC6jq3t8sIA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGNHO_La9FRhrzuXi4nYJ0q7abiz2yno6fMsqBmp0SYjkWjK810keb1rtQ0lxYjTCojU3toaMoqBh52fe6q5iFcNoaGEESWEtA

Request Chain 785

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEG-r3gCok_CQ6HTKS-rezLU&google_cver=1&google_push=ATf1kGPpz0fjnZDaKwgWlBfpcQE4Bu6E6diHXSOs0FIYWrsqqTOUUQxII8-43aq2VgDG6rK38I-73z3T3a2lCcOkDWB04xQtwEYeMA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEhQQkFFWlgtMjQtNVBNNw==&google_push=ATf1kGPpz0fjnZDaKwgWlBfpcQE4Bu6E6diHXSOs0FIYWrsqqTOUUQxII8-43aq2VgDG6rK38I-73z3T3a2lCcOkDWB04xQtwEYeMA

Request Chain 786

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEHyVjsheMpGIXOOYl4QaQ-k&google_cver=1&google_push=ATf1kGPqzvPVqr8Uy5ppbiLhNvpGkyjbf7l1B9OuzHK88VRC95G7Pr8fUrM4t8-arhZ0BMHgEhGijdnKIBYC0MmbjpgfloDc01t1Vw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ATf1kGPqzvPVqr8Uy5ppbiLhNvpGkyjbf7l1B9OuzHK88VRC95G7Pr8fUrM4t8-arhZ0BMHgEhGijdnKIBYC0MmbjpgfloDc01t1Vw

Request Chain 787

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESELghKnXhXdIiJ2YGroFYnAU&google_cver=1&google_push=ATf1kGNvrJXCK6Bcvah7dML7Zuy2djdbydWGoNSEAs5cJ4DhpXctcHEwCTFFSRH9lEQ5v48qO6dShkFGN0211CXCVDkVg_moDAaYQg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDY0NTM4NjM3NTk5NDc4ODc5ODQz&google_push=ATf1kGNvrJXCK6Bcvah7dML7Zuy2djdbydWGoNSEAs5cJ4DhpXctcHEwCTFFSRH9lEQ5v48qO6dShkFGN0211CXCVDkVg_moDAaYQg

Request Chain 791

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEPYbpoVJNDFNoQ42PDag9UQ&google_cver=1&google_push=ATf1kGP4AkFJ5ozvh6zXQ_V2uMqZro27j1snwr5pOcIqIItAb_SP7FZPLgUw-2bbZy2_c2IJEic2AHS0w0j1G2uFlNnPJrmS4fK2 HTTP 302
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=ATf1kGP4AkFJ5ozvh6zXQ_V2uMqZro27j1snwr5pOcIqIItAb_SP7FZPLgUw-2bbZy2_c2IJEic2AHS0w0j1G2uFlNnPJrmS4fK2&google_hm=skAkrLmaK9CZOexuwIUP_A

Request Chain 792

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEBuDsiMoKvFHc_JZaiviabE&google_cver=1&google_push=ATf1kGM2Xkqgv1TIFmxIBiMakrdNH9mqAxlxtZfpSzZISIb6_myIfpL6dDlxXLrqM2cFRPcaUVbhMG4o-CA6ASodAU_GEmeq16sL HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=aJjOlCjATtuCC6jq3t8sIA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGM2Xkqgv1TIFmxIBiMakrdNH9mqAxlxtZfpSzZISIb6_myIfpL6dDlxXLrqM2cFRPcaUVbhMG4o-CA6ASodAU_GEmeq16sL

Request Chain 793

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEG-r3gCok_CQ6HTKS-rezLU&google_cver=1&google_push=ATf1kGO7nFyA8fwYf5LzYXJhZ7BjQ-RljKPkCs99qbHyqZRvlkbT9PVdJ5Usw3CNMTUoYvlmy573o-R2Qh_nibgE2XpMNLU0cXwf HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEhQQkFFWlgtMjQtNVBNNw==&google_push=ATf1kGO7nFyA8fwYf5LzYXJhZ7BjQ-RljKPkCs99qbHyqZRvlkbT9PVdJ5Usw3CNMTUoYvlmy573o-R2Qh_nibgE2XpMNLU0cXwf

Request Chain 794

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEHcTNlvqESKPS0amoxugak4&google_cver=1&google_push=ATf1kGM9CS6W7wUXprAf1jmQEyQKEWgma19X-Ky-jHeoNX9iQu6kkCjGf32WvA35wYtzNy-d9FCV2RBru2a_wehndmLOQNOA03sZ HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGM9CS6W7wUXprAf1jmQEyQKEWgma19X-Ky-jHeoNX9iQu6kkCjGf32WvA35wYtzNy-d9FCV2RBru2a_wehndmLOQNOA03sZ&google_hm=GpsatGZHaeNOCZpHRJuw4U2V

Request Chain 795

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEHyVjsheMpGIXOOYl4QaQ-k&google_cver=1&google_push=ATf1kGM1lmjtWJ_QMpJXb_mMkABadGz41HLH1WKw09clthYpym0SwZnn3y_OKGx0idFcSMnNr3J_qJb8ZntfpSLookLh5nbKVPRy HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ATf1kGM1lmjtWJ_QMpJXb_mMkABadGz41HLH1WKw09clthYpym0SwZnn3y_OKGx0idFcSMnNr3J_qJb8ZntfpSLookLh5nbKVPRy

Request Chain 797

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESELQXSGJqEpsDJB_bsWeFOf0&google_cver=1&google_push=ATf1kGN97WSyYN9HrvapRCHEAkv94iHSEO0tow0lHI8KeYYC3f8JhTxQdT-4KRBMRi7c0CKS0lpwQwebDK9iavFX4heIQzMNEPflZw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGN97WSyYN9HrvapRCHEAkv94iHSEO0tow0lHI8KeYYC3f8JhTxQdT-4KRBMRi7c0CKS0lpwQwebDK9iavFX4heIQzMNEPflZw HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

Request Chain 804

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEPYbpoVJNDFNoQ42PDag9UQ&google_cver=1&google_push=ATf1kGOOI9notqWUoMHg-mgrM4DVnmrSuN1k8vOhPW-owOwfKk6B1VLDn7nPelRoft_wQ7lVseQv_7lslZTtPu3sSYOABUbmPEbt HTTP 302
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=ATf1kGOOI9notqWUoMHg-mgrM4DVnmrSuN1k8vOhPW-owOwfKk6B1VLDn7nPelRoft_wQ7lVseQv_7lslZTtPu3sSYOABUbmPEbt&google_hm=skAkrLmaK9CZOexuwIUP_A

Request Chain 806

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEG-r3gCok_CQ6HTKS-rezLU&google_cver=1&google_push=ATf1kGMgSVV1GwCvuP6FR_qVTv7qL42kzNg61t5Fa9nQ-vyBUq51gHXMbdcQ5KXcS3CWgtYplMX7XBzCqkRzVfdG5XAU4ZmZnMdH HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEhQQkFFWlgtMjQtNVBNNw==&google_push=ATf1kGMgSVV1GwCvuP6FR_qVTv7qL42kzNg61t5Fa9nQ-vyBUq51gHXMbdcQ5KXcS3CWgtYplMX7XBzCqkRzVfdG5XAU4ZmZnMdH

Request Chain 807

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEHcTNlvqESKPS0amoxugak4&google_cver=1&google_push=ATf1kGMfBYlGHyKOH7ZAWknBoLecQ1m8XrGSk3_1wWYrzUKJWP8XeHD21auXE15mc0CS4XHERgThm5fZuyLwJfRrXz9KETFWxBo HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGMfBYlGHyKOH7ZAWknBoLecQ1m8XrGSk3_1wWYrzUKJWP8XeHD21auXE15mc0CS4XHERgThm5fZuyLwJfRrXz9KETFWxBo&google_hm=GpsatGZHaeNOCZpHRJuw4U2V

Request Chain 808

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESELghKnXhXdIiJ2YGroFYnAU&google_cver=1&google_push=ATf1kGPCHy-ey412RO_pfTHFmq2FViiIu3Nsn6etkOHEWXE5xSvW6bflpXKSM5bMFKvQ8FC86fwVizb3bw0S-6VvI4QIKdVgWoVw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDY0NTM4NjM3NTk5NDc4ODc5ODQz&google_push=ATf1kGPCHy-ey412RO_pfTHFmq2FViiIu3Nsn6etkOHEWXE5xSvW6bflpXKSM5bMFKvQ8FC86fwVizb3bw0S-6VvI4QIKdVgWoVw

Request Chain 810

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESELQXSGJqEpsDJB_bsWeFOf0&google_cver=1&google_push=ATf1kGO8mwq7pqDNKiFtccoMUDCQx-pY64Hbabre8hhCedNNWQjDbTTfRl7U1fineLPOoUkztFODYFM6q8tDhuX8_b53M23su8D1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGO8mwq7pqDNKiFtccoMUDCQx-pY64Hbabre8hhCedNNWQjDbTTfRl7U1fineLPOoUkztFODYFM6q8tDhuX8_b53M23su8D1 HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

Request Chain 879

https://token.rubiconproject.com/token?pid=36584 HTTP 302
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LHPBAEZX-24-5PM7

Request Chain 880

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/rubicon/Z6WGhVU8vaG5B8UrzJD0CMn5EUdSAgOZEtemQ7w0kco?csrc= HTTP 302
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-8t.DdPBE2oKZK2Tpv3tJC9Kcn.jv5TRCI09zeQ--~A

Request Chain 882

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id= HTTP 302
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t HTTP 302
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=aGBc6N1OR3WxR9gh4SDgqQ&rk=usync-other HTTP 302
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=aGBc6N1OR3WxR9gh4SDgqQ

Request Chain 883

https://token.rubiconproject.com/token?pid=25470 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_cm&google_hm=TEhQQkFFWlgtMjQtNVBNNw== HTTP 302
https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEG-r3gCok_CQ6HTKS-rezLU&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEhQQkFFWlgtMjQtNVBNNw==&google_push=

Request Chain 884

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEAbhocqxe6fqpbzJ7YShm5A&google_cver=1

Request Chain 885

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id= HTTP 302
https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t HTTP 302
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=pvyK-v8RQN2eSKSpzIvD6Q&rk=usync-na HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=pvyK-v8RQN2eSKSpzIvD6Q

Request Chain 886

https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YWJjMzQyYzU5YWU4YTAwMGFkZDFiNTVlZDdkZjZhNmY3M2Y2NzM2OA

Request Chain 957

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:42296462-9945-4b01-b126-3a5e83bcf37d&gdpr=0&gdpr_consent=

Request Chain 958

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=aJjOlCjATtuCC6jq3t8sIA%3D%3D&gdpr=0&gdpr_consent= HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=

Request Chain 960

https://cr.frontend.weborama.fr/cr?key=pubmatic&gdpr=0&gdpr_consent= HTTP 307
https://cr.frontend.weborama.fr/cr?key=pubmatic&gdpr=0&gdpr_consent=&bounce=1&random=1276544414 HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fidsync.frontend.weborama.fr%2Fids%3Fkey%3Dpubmatic%26value%3D%23PM_USER_ID&gdpr=0 HTTP 302
https://idsync.frontend.weborama.fr/ids?key=pubmatic&value=6898CE94-28C0-4EDB-820B-A8EADEDF2C20

Request Chain 961

https://a.audrte.com/match?gdpr=0&gdpr_consent=&p=M1717054901&uid=6898CE94-28C0-4EDB-820B-A8EADEDF2C20 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_hm=Z2wxNDE2U05FbjlTNkNYZGFGVUc5WWctQQ==&google_redir=https%3A%2F%2Fa.audrte.com%2Fddp%3Fred%3DeyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbeyJuYW1lIjoiYWRmb3JtIn1dfQ%253D%253D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://a.audrte.com/ddp?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbeyJuYW1lIjoiYWRmb3JtIn1dfQ%3D%3D&gdpr=0&gdpr_consent= HTTP 302
https://dmp.adform.net/serving/cookie/match/?party=1003&r=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&gdpr=0&gdpr_consent= HTTP 302
https://a.audrte.com/a?adform_uid=3618708674255803056&r=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D HTTP 302
https://a.audrte.com/p

Request Chain 962

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=Njg5OENFOTQtMjhDMC00RURCLTgyMEItQThFQURFREYyQzIw&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

Request Chain 963

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEGyTfikOD8GGJ8oOnwNUO9o&google_cver=1

Request Chain 965

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=3618708674255803056

Request Chain 994

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DPUSH_DATA&google_gid=CAESEKW5RyA_gKOz3FlQvmotDhE&google_cver=1&google_push=ATf1kGM8oPB4VyFaWy0D0BBq2DK0UCIy8Xu4PmXmcKmhrAX-9yBMV8BwXreiNcyPN2xNBeylgUnB7u6reSN1t_LETBKShR6nMBuE7A HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_hm=k-nObDVdK9WZnb4CQh60fmkL_WOLZ6-REkWj4kZg&google_push=PUSH_DATA HTTP 302
https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_error=5

Request Chain 995

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEG-r3gCok_CQ6HTKS-rezLU&google_cver=1&google_push=ATf1kGOUanAzMi8LnGYf7Ee11WiCqu8PUUXbtN_i3TYZgBmOsNCG0bhlc-0RmLPsjm7ZH7tfPKiiJc4Ccns_zcdwYsA80OL8u1Wu HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEhQQkFFWlgtMjQtNVBNNw==&google_push=ATf1kGOUanAzMi8LnGYf7Ee11WiCqu8PUUXbtN_i3TYZgBmOsNCG0bhlc-0RmLPsjm7ZH7tfPKiiJc4Ccns_zcdwYsA80OL8u1Wu

Request Chain 996

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESECGHKKh33Ipw102tTRlwk2M&google_cver=1&google_push=ATf1kGMi0TBbqFMI9-prd26dnI8CzZwmIcVO8-q6ugPFZr8Ssv-01L2KbwIi_N-9Qm0p64j3s_3S-E0tsWFXL5sU-3XxsUX3tLo5wQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESECGHKKh33Ipw102tTRlwk2M&google_hm=ZGKZRCybRghSAFROgsBfOQAADHsAAAIB&google_nid=index&google_push=ATf1kGMi0TBbqFMI9-prd26dnI8CzZwmIcVO8-q6ugPFZr8Ssv-01L2KbwIi_N-9Qm0p64j3s_3S-E0tsWFXL5sU-3XxsUX3tLo5wQ

Request Chain 997

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESELQXSGJqEpsDJB_bsWeFOf0&google_cver=1&google_push=ATf1kGM0xgfNtIIVx3jxqOMIYmKTK4hbmnf9pcwqWyNG4o5oOwYD0_0yEe5SZTTVcMbxwBQ0Xn8UJMaMgVt5YLBMUHLd96rPZ7Eo1w HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGM0xgfNtIIVx3jxqOMIYmKTK4hbmnf9pcwqWyNG4o5oOwYD0_0yEe5SZTTVcMbxwBQ0Xn8UJMaMgVt5YLBMUHLd96rPZ7Eo1w

Request Chain 999

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESELQXSGJqEpsDJB_bsWeFOf0&google_cver=1&google_push=ATf1kGOoUSs9Qjzf4yi7XeUHqRX9SfAvY91SDzocGJxyySvfstGocrzgPdfwZgcusOrdDgE2XzzE_tEM0y_eNGXFbB3Ya_BNdTTbE0s HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGOoUSs9Qjzf4yi7XeUHqRX9SfAvY91SDzocGJxyySvfstGocrzgPdfwZgcusOrdDgE2XzzE_tEM0y_eNGXFbB3Ya_BNdTTbE0s HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

Request Chain 1001

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEPYbpoVJNDFNoQ42PDag9UQ&google_cver=1&google_push=ATf1kGO80nea32F9LWfBQiCO6CzvYMRbkplEJchN-aSqG90yarYY9f7_8JTa82np9NJtBeHVP_jHnVMTRuzT3PRUFzxn9X8UF1m8 HTTP 302
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=ATf1kGO80nea32F9LWfBQiCO6CzvYMRbkplEJchN-aSqG90yarYY9f7_8JTa82np9NJtBeHVP_jHnVMTRuzT3PRUFzxn9X8UF1m8&google_hm=skAkrLmaK9CZOexuwIUP_A

Request Chain 1002

https://um.simpli.fi/gp_match?google_gid=CAESEJ2ueJKrMhCAQwaqZIJQxQI&google_cver=1&google_push=ATf1kGPkq81vKxxX0QUnly9E88puKRYhySvCUHfxkmmRa6_Q2tetgYHvg0qsU4qBu0spnZ7NbO-4FjYm_tHewdgvLkO35peB8bo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=A22ABC9E77424ED6B170286A8A1A3AAE&google_push=ATf1kGPkq81vKxxX0QUnly9E88puKRYhySvCUHfxkmmRa6_Q2tetgYHvg0qsU4qBu0spnZ7NbO-4FjYm_tHewdgvLkO35peB8bo

Request Chain 1004

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEHyVjsheMpGIXOOYl4QaQ-k&google_cver=1&google_push=ATf1kGOJ0Sf5V3eC3GJfW-MEwYo-vNcTxX5HvoNmGAPGqD48zqvliUHw0AmT9oih3m_Mu5d8nchfMtQz9Z2kBn5SdW9Iz1exICDO HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ATf1kGOJ0Sf5V3eC3GJfW-MEwYo-vNcTxX5HvoNmGAPGqD48zqvliUHw0AmT9oih3m_Mu5d8nchfMtQz9Z2kBn5SdW9Iz1exICDO

Request Chain 1005

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESELghKnXhXdIiJ2YGroFYnAU&google_cver=1&google_push=ATf1kGN6T2FkRg_4wBVS-Yi05H3FMJToDTvwcMylV6uwtiRtdsFdU3YQyU2K_YwdtYnQblsIvQ9y4rOXqulDdXLwCd_psG4zMQo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDY0NTM4NjM3NTk5NDc4ODc5ODQz&google_push=ATf1kGN6T2FkRg_4wBVS-Yi05H3FMJToDTvwcMylV6uwtiRtdsFdU3YQyU2K_YwdtYnQblsIvQ9y4rOXqulDdXLwCd_psG4zMQo

Request Chain 1007

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESELQXSGJqEpsDJB_bsWeFOf0&google_cver=1&google_push=ATf1kGOJ6Vev_hhv2fB7nySBFymC9w4ivcEtQiDbI1YEH75wPdJPsGu-a17IhQXH-ZZgcdvzrn4UEItCEpffxy8X0ks9fdOkYLlTVA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGOJ6Vev_hhv2fB7nySBFymC9w4ivcEtQiDbI1YEH75wPdJPsGu-a17IhQXH-ZZgcdvzrn4UEItCEpffxy8X0ks9fdOkYLlTVA HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

Request Chain 1036

https://www.awin1.com/cshow.php?s=2470185&v=11354&q=377129&r=412871&pv=1&pref3=oneideYdU3fVfxA6tjHZHet1t4mWTwSQTKrACYXpboneid__suite_Netmix_Reach128_WEBGAINSMOSTLY&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://www.conrad.de/ztpv.php?awc=11354_412871_1684183368_0d73e5f0-f361-11ed-9d45-2261c3620022&insert=AW&&gdpr=0&gdpr_consent=

Request Chain 1089

https://p.rfihub.com/cm?pub=224&in=1&getuid=https%3A//image2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw%26piggybackCookie%3D%24UID%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=5142336723222583972

Request Chain 1090

https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@ HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=

Request Chain 1091

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=8441730088378381050

Request Chain 1092

https://ib.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=1204617872861343328&gdpr=0&gdpr_consent=

Request Chain 1094

https://cms.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=L3h_BSB1fQM0KHBUK3pkUiF6LQQ0KiwGLHqevwVL

Request Chain 1096

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=6898CE94-28C0-4EDB-820B-A8EADEDF2C20&sInitiator=external&gdpr=0&gdpr_consent= HTTP 302
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=6898CE94-28C0-4EDB-820B-A8EADEDF2C20&sInitiator=external&gdpr=0&gdpr_consent=

Request Chain 1097

https://pixel.onaudience.com/?partner=214&mapped=6898CE94-28C0-4EDB-820B-A8EADEDF2C20&gdpr=0&gdpr_consent= HTTP 302
https://loada.exelator.com/load/?p=1164&g=1&j=r&gdpr=0&ru=https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D161%26icm%26cver%26mapped%3D%25%25UID%25%25%26gdpr%3D0 HTTP 302
https://loada.exelator.com/load/?p=1164&g=1&j=r&gdpr=0&ru=https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D161%26icm%26cver%26mapped%3D%25%25UID%25%25%26gdpr%3D0&xl8blockcheck=1 HTTP 302
https://pixel.onaudience.com/?partner=161&icm&cver&mapped=92b46da4cc292e3c4d42a3191789781b&gdpr=0 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1&gdpr=0

Request Chain 1099

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=6898CE94-28C0-4EDB-820B-A8EADEDF2C20&sInitiator=external&gdpr=0&gdpr_consent= HTTP 302
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=6898CE94-28C0-4EDB-820B-A8EADEDF2C20&sInitiator=external&gdpr=0&gdpr_consent=

Request Chain 1100

https://pixel.onaudience.com/?partner=214&mapped=6898CE94-28C0-4EDB-820B-A8EADEDF2C20&gdpr=0&gdpr_consent= HTTP 302
https://sync.crwdcntrl.net/map/c=8587/tp=CLOD/tpid=fbed0406ae3fc1ac/gdpr=0/gdpr_consent=?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%24%7Bgdpr%7D HTTP 302
https://pixel.onaudience.com/?partner=104&icm&cver&mapped=&gdpr=1 HTTP 302
https://pixel.onaudience.com/?partner=282&icm&cver&gdpr=1&smartmap=1&redirect=stags.bluekai.com%2Fsite%2F52799%3Fid%3D%25m HTTP 302
https://stags.bluekai.com/site/52799?id=9ccea369776c18af

Request Chain 1102

https://p.rfihub.com/cm?pub=224&in=1&getuid=https%3A//image2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw%26piggybackCookie%3D%24UID%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=5107433827890933733

Request Chain 1103

https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@ HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=

Request Chain 1104

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=8441730088378381050

Request Chain 1105

https://ib.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=1204617872861343328&gdpr=0&gdpr_consent=

Request Chain 1107

https://cms.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=L3h_BSB1fQM0KHBUK3pkUiF6LQQ0KiwGLHqevwVL

Request Chain 1108

https://dsp.adfarm1.adition.com/cookie/?ssp=9&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA%3D&piggybackCookie=7233512498918455450&gdpr=0&gdpr_consent=

Request Chain 1109

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=6898CE94-28C0-4EDB-820B-A8EADEDF2C20&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-mRRBPINE2uXyV2_I9eq8.9HAmtFaOKk-~A&gdpr=0

Request Chain 1111

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=pubmatic&bsw_custom_parameter=8a126298-bee8-44c9-bd96-f06275f7d961&gdpr=0&gdpr_consent= HTTP 302
https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=pubmatic&bsw_custom_parameter=8a126298-bee8-44c9-bd96-f06275f7d961&gdpr=0&gdpr_consent= HTTP 302
https://x.bidswitch.net/sync?dsp_id=4&user_id=bd89a4d6-377c-4302-90d1-33a8180c16ad&ssp=pubmatic&expires=30&user_group=5&bsw_param=8a126298-bee8-44c9-bd96-f06275f7d961 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=8a126298-bee8-44c9-bd96-f06275f7d961&gdpr=&gdpr_consent=&gdpr_pd=

Request Chain 1113

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent= HTTP 302
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=3&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MTI5NjAw&piggybackCookie=40d02eae-8a91-410d-85ad-0afc78ec2028-6462994b-5858&gdpr=0&gdpr_consent=

Request Chain 1114

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=6898CE94-28C0-4EDB-820B-A8EADEDF2C20&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-mRRBPINE2uXyV2_I9eq8.9HAmtFaOKk-~A&gdpr=0

Request Chain 1116

https://dsp.adfarm1.adition.com/cookie/?ssp=9&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA%3D&piggybackCookie=7233512498918455435&gdpr=0&gdpr_consent=

Request Chain 1117

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://r.scoota.co/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic HTTP 302
https://r.scoota.co/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic HTTP 302
https://x.bidswitch.net/sync?dsp_id=29&expires=30&user_id=a35fea3c-59d2-4aee-9cce-1ae9b97af80d&ssp=pubmatic HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=8a126298-bee8-44c9-bd96-f06275f7d961&gdpr=&gdpr_consent=&gdpr_pd=

Request Chain 1119

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent= HTTP 302
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=3&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MTI5NjAw&piggybackCookie=40d02eae-8a91-410d-85ad-0afc78ec2028-6462994b-5858&gdpr=0&gdpr_consent=

1232 HTTP transactions
23 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

404

n Show response
www.newtimes.co.rw/article/6147/
Redirect Chain

https://newtimes.co.rw/article/6147/n
https://www.newtimes.co.rw/article/6147/n

152 KB
42 KB

155ms
101ms

Document
text/html

2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.newtimes.co.rw/article/6147/n
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8f817d3caad3802fae729ef9a1416690be5eba91af59d44ab2ce2a6e00f62bb4

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, private
cf-cache-status: DYNAMIC
cf-ray: 7c7e3574e85e9bc2-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 15 May 2023 20:42:40 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z%2FgsjFoAXOMpnSdGwX6IIUd1K07zpjrv9La2qzEUcafW%2F6rFMkL6SKC%2FNFP34lyvOEre8kksElfTTmc13NUxkyYvO%2F%2FOelyfk45VZ35MywX7NvUfVndb29bFdczBPrPikbTnss7i%2FDVNpkk3WmGlAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

Redirect headers

access-control-allow-origin: * *
cf-cache-status: DYNAMIC
cf-ray: 7c7e35746fdb9bc2-FRA
content-type: text/html
date: Mon, 15 May 2023 20:42:40 GMT
location: https://www.newtimes.co.rw/article/6147/n
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r%2BWC6E08LW%2BPMAotMqcwKfV%2FRlyh1YBr9AZpa3bVuyFeKbocXm8cIRWzg0JwYs3no9oLBv0y1NB4bMBAqvsAY30o34B9SM5BlniEBmq48WNaI6qIJX6Xy9dqDBoHa7TzKxwED5Z17ApzWnsX"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-cache-var: /article/6147/n /article/6147/n
x-cache-var-map: 1 1

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 119 KB
47 KB 40ms
18ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-74288219-1

Requested by

Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

409f00b3e0e67a78e96143832aa5edebb1615ef2df31aa5501c200ac4194c643

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:40 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 47256
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 15 May 2023 20:42:40 GMT

GET
H2 200 chartbeat_mab.js Show response
static.chartbeat.com/js/ 23 KB
10 KB 61ms
6ms Script
application/x-javascript 2600:9000:2057:f000:18:1fcd:351:7bc1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat_mab.js
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:f000:18:1fcd:351:7bc1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 5da042d5812f163384470df8b5fbca46e8364922c47407a8dbdcf114066fc6ab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 01:35:12 GMT
content-encoding: gzip
via: 1.1 a0a81637cc76d6981e4e29044a73b7f6.cloudfront.net (CloudFront)
last-modified: Wed, 20 Jul 2022 00:57:56 GMT
server: nginx
x-amz-cf-pop: FRA6-C1
age: 68848
etag: W/"62d75314-5d6b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-amz-cf-id: EUumjSGENJpgmjiVYQfA12w4UvzU5bhm17-z8bu_x4sw9ePNfi4dkw==
expires: Tue, 16 May 2023 01:35:12 GMT

GET
H2 200 chartbeat.js Show response
static.chartbeat.com/js/ 37 KB
15 KB 26ms
7ms Script
application/x-javascript 2600:9000:2057:f000:18:1fcd:351:7bc1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat.js
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:f000:18:1fcd:351:7bc1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 7b307f2ce73aec07bfa1ab1d6462f491de0497c8819b1d6fed66eda9638a3530

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 01:10:22 GMT
content-encoding: gzip
via: 1.1 a0a81637cc76d6981e4e29044a73b7f6.cloudfront.net (CloudFront)
last-modified: Thu, 08 Dec 2022 17:25:10 GMT
server: nginx
x-amz-cf-pop: FRA6-C1
age: 70338
etag: W/"63921df6-9377"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-amz-cf-id: W8FpTgXV4JWF9AQNpKm-n5u1PBSTQp-8xN8gzHxXd3D7lBAqmEZ8OA==
expires: Tue, 16 May 2023 01:10:22 GMT

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
1022 B 39ms
17ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Source+Sans+Pro:ital@1&display=swap

Requested by

Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4ac31f223f44761b6db3628161b0099bbf06ffe5a54ce45cb71bdd1f4b7a2473

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 15 May 2023 20:42:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 15 May 2023 20:42:40 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 15 May 2023 20:42:40 GMT

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
583 B 41ms
19ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Ubuntu&display=swap

Requested by

Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b7506715d8ff403a7e4a56b46e757ecd12c8a59e4c48d8f0478b62186f51bb1a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 15 May 2023 20:42:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 15 May 2023 20:06:13 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 15 May 2023 20:42:40 GMT

GET
H2 200 css2
fonts.googleapis.com/ 20 KB
850 B 61ms
39ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Archivo:ital,wght@0,100;0,200;0,300;0,400;0,600;0,700;0,800;0,900;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

Requested by

Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

0c9652b3df1fcaba87c244caf25fb0c1d129cfedc8c42bb67c06df3ee8afb09a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 15 May 2023 20:42:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 15 May 2023 20:42:40 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 15 May 2023 20:42:40 GMT

GET
H2 200 general-styles.min.css
www.newtimes.co.rw/theme_newtimes/css/ 4 KB
1 KB 14ms
13ms Stylesheet
text/css 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.newtimes.co.rw/theme_newtimes/css/general-styles.min.css?v=0.37
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 00561f3d40eb57585e3c30d2b595d0f2d890ab22bff0cbbd779f8a0c42d0b32f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/article/6147/n
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:40 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 18 Nov 2022 10:21:04 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
locationdebug: 1
age: 4543
etag: W/"63775c90-fd7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A8CAHkqwxJv%2FrqNQJ8R1f4yDvtS5RtGnD8VWr0gIxpDmxUOb5APxGFlXeU3ir9pvNCnZkILriv1jPTwkQD0kRIVrMdVul7qpI5a3zuGJ%2FQoo%2BiECFp26I%2FpWKlu%2Bthu4JxmHJefhzhXjDEZCJqYbag%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 7c7e3575c9809bc2-FRA

GET
H2 200 logo1.png
www.newtimes.co.rw/theme_newtimes/images/ 3 KB
4 KB 14ms
14ms Image
image/webp 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.newtimes.co.rw/theme_newtimes/images/logo1.png
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cba432fb6049713a37723932c0af7a57b174a9b8600f43aa46e4d19d6c56cf4c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/article/6147/n
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:40 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
locationdebug: 1
age: 858
cf-polished: origFmt=png, origSize=5510
content-disposition: inline; filename="logo1.webp"
content-length: 3240
cf-bgj: imgq:100,h2pri
last-modified: Thu, 21 Jul 2022 13:09:02 GMT
server: cloudflare
etag: "62d94fee-1586"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EP9i5n%2BbLc6ds0TEsjW%2BwawMzc0gA%2BYIc1uArnxSBLPCawFMZ2uwREFLf2Ln8p6XK4HCtNVlpjCnLa1E3%2FTcMsPH6qrwWiLD%2Be0GElFuNTonRSAQFVCX7cXS3%2B2jjqWilZd5V98tDDW9esApJkyqgg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7c7e3575c9879bc2-FRA

GET
H2 200 email-decode.min.js Show response
www.newtimes.co.rw/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 10ms
10ms Script
application/javascript 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.newtimes.co.rw/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/article/6147/n
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 12 May 2023 12:05:41 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"645e2b95-4d7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2waW73wM8chpX2G7OXPxrIS3WUD950qhWlXc%2BYPQLLILkpL0fuEZ%2FsZUN8O3cnbohrXovSitSOPj0YrNc%2F%2FaazcNp05JCByuzsHYgPt7iuee80FSX9mxVe0RIjDmwGIotJjrBvbeDzgYvCLyZUXMZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 7c7e3575c98a9bc2-FRA
expires: Wed, 17 May 2023 20:42:40 GMT

GET
H2 200 backtop-icon.svg
www.newtimes.co.rw/theme_newtimes/images/ 289 B
490 B 22ms
21ms Image
image/svg+xml 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.newtimes.co.rw/theme_newtimes/images/backtop-icon.svg
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ad69f2c2dab8b483c052adefe6a3c523cd50b5ed697c4f829a9aff37c3c132c3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/article/6147/n
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:40 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Wed, 22 Jun 2022 06:24:39 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
locationdebug: 1
etag: W/"62b2b5a7-121"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CGF0hJ3Gj81i4fqb5%2F1p%2BMASWlcNyC9xsDsply66478UvBnvGr052PW5Mtrq6oIQKycyoxWkoTPQCDrgGOph%2FIHtS%2BGtDbw7z3YenyaC3w1TOS6%2BadgEWqiVaqIeCJQxJNkZvzetwI4s3jhsVF3L4w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 7c7e3575c9939bc2-FRA

GET
H2 200 slogan.svg
www.newtimes.co.rw/theme_newtimes/images/ 30 KB
23 KB 20ms
20ms Image
image/svg+xml 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.newtimes.co.rw/theme_newtimes/images/slogan.svg
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ce405e27630dd0f75c2e2c282ae3e830664f61189dcfc63fed3efa38831f9902

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/article/6147/n
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:40 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Wed, 22 Jun 2022 06:24:39 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
locationdebug: 1
etag: W/"62b2b5a7-7710"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lX0X18UFvNURDtidW3RxZ7WsCGAXbe4lKMjD%2FllYXnhv2WgdvqZoZJ0Hq6l3TX833l8gk%2BpDkmiaM0AckBxYftMrCsaf980%2BlYOHsFpHFN9eK29%2B80uU1bIwcKu%2FQ24pXQk%2FX1%2BO7yZYiDiFuJKRcg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 7c7e3575c9959bc2-FRA

GET
H2 200 gpt.js Show response
cdn.yourbow.com/newtimesrwanda/ 278 KB
278 KB 207ms
19ms Script
text/javascript 35.244.141.151
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.141.151 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 151.141.244.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 226a2fc6ae1507b3f50ad446d0a19066e86e9fbd18428d288d9eeb280a99c109

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:18:58 GMT
age: 1423
x-guploader-uploadid: ADPycdsFVf3Ls5sxQOTj0OOw0T2_OwPV8neG73JNfUJRs1R5shuCOPdkH2X3NkYdNL0d73vxXS5BmbRPOC9ShLKatVMNrw
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 284454
last-modified: Fri, 07 Oct 2022 12:31:53 GMT
server: UploadServer
etag: "31f0798faebe9cc78b5c024a33a88a4c"
x-goog-generation: 1665145913764615
x-goog-hash: crc32c=I55Fyg==, md5=MfB5j66+nMeLXAJKM6iKTA==
content-type: text/javascript
cache-control: public,max-age=3600
x-goog-stored-content-length: 284454
accept-ranges: bytes

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 232 KB
80 KB 23ms
21ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-MEM2QN6706&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-74288219-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

87a78c078551441e39774745fecc8666c5a158e9ae75a89175059b80216601b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:40 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 82157
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 15 May 2023 20:42:40 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 51 KB
21 KB 30ms
7ms Script
text/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-74288219-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 15 May 2023 20:35:39 GMT
last-modified: Mon, 17 Apr 2023 22:36:01 GMT
server: Golfe2
age: 421
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20737
expires: Mon, 15 May 2023 22:35:39 GMT

GET
H2 200 / Show response
mab.chartbeat.com/mab_strategy/headline_testing/get_strategy/ 159 B
479 B 689ms
222ms XHR
application/json 2a04:4e42::714
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://mab.chartbeat.com/mab_strategy/headline_testing/get_strategy/?host=newtimes.co.rw&domain=newtimes.co.rw&path=%2F
Requested by: Host: static.chartbeat.com
URL: https://static.chartbeat.com/js/chartbeat_mab.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42::714 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: d00b5477d00f8736d2e6d3fdab41ede97e8574d75b74a6a8b3d192a90a060b63

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

x-cache-hits: 1
date: Mon, 15 May 2023 20:42:41 GMT
content-encoding: gzip
via: 1.1 varnish (Varnish/6.0), 1.1 varnish
age: 198
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 124
x-served-by: cache-gig2250026-GIG
x-timer: S1684183362.545064,VS0,VE1
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, s-maxage=0
accept-ranges: bytes
expires: Sat, 13 May 2023 20:39:23 GMT

GET
H2 200 DuplicateSans.ttf
www.newtimes.co.rw/theme_newtimes/fonts/ 87 KB
87 KB 19ms
18ms Font
application/octet-stream 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.newtimes.co.rw/theme_newtimes/fonts/DuplicateSans.ttf
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/theme_newtimes/css/general-styles.min.css?v=0.37
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f6b339f595ef77c30861bb54152c9215d18cec2ee0d9dd8a6cbc9f301f3b1c4c

Request headers

Referer: https://www.newtimes.co.rw/theme_newtimes/css/general-styles.min.css?v=0.37
Origin: https://www.newtimes.co.rw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:40 GMT
cf-cache-status: HIT
last-modified: Wed, 22 Jun 2022 06:24:39 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
locationdebug: 1
age: 4543
etag: "62b2b5a7-15c10"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0Hs4pCbE0hAGSi8R5HdLOtLm%2Bf4MpySwsTlt5mDIGQnG4%2FTkhzm%2BLWioVcO%2BrDj4RIn%2BJ50sJkXC7sW3m%2FvF301n8fOEYXZ8Py58HfYmM0anQpxZ%2BJTm9brHa9cGzDMDRVuw4YP4OwNqiv8bJSyp5w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7c7e35762a1e9bc2-FRA
content-length: 89104

GET
H2 200 icomoon.ttf
www.newtimes.co.rw/theme_newtimes/fonts/ 6 KB
6 KB 14ms
13ms Font
application/octet-stream 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.newtimes.co.rw/theme_newtimes/fonts/icomoon.ttf?d4tn9f
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/theme_newtimes/css/general-styles.min.css?v=0.37
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 81097875d2c45f38ab8460111afa8cb1723e6a0ee1a2a9b2e4066833f39890bf

Request headers

Referer: https://www.newtimes.co.rw/theme_newtimes/css/general-styles.min.css?v=0.37
Origin: https://www.newtimes.co.rw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:40 GMT
cf-cache-status: HIT
last-modified: Tue, 12 Jul 2022 13:30:02 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
locationdebug: 1
age: 4543
etag: "62cd775a-1800"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SeWdLG%2BhInxDZ58sOhzKqrw%2F5%2Fvh0QblEEy8lu7XoyzK%2BBizwmaL5D6Qauy2WkiR25Z%2Ff7dgjIAlj%2FqtGtV7U3bwCkUnMGiKh%2BJZcrc%2FyM6pNZ09Vu9dVu1RFuA2DdNzpRxxvbIREOC93UorxHZw5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7c7e35762a209bc2-FRA
content-length: 6144

GET
H2 200 Greyscale_Basic_Bold.ttf
www.newtimes.co.rw/theme_newtimes/fonts/ 74 KB
75 KB 15ms
14ms Font
application/octet-stream 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.newtimes.co.rw/theme_newtimes/fonts/Greyscale_Basic_Bold.ttf
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/theme_newtimes/css/general-styles.min.css?v=0.37
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 41bb251f8f9ca9b814770618ccaeb6d9586a479b98ba88740fa50c9e661f92a8

Request headers

Referer: https://www.newtimes.co.rw/theme_newtimes/css/general-styles.min.css?v=0.37
Origin: https://www.newtimes.co.rw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:40 GMT
cf-cache-status: HIT
last-modified: Wed, 22 Jun 2022 06:24:39 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
locationdebug: 1
age: 7016
etag: "62b2b5a7-12964"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CECAfvtyCEVNMbPZnzGnOeBbA9MZPlWt%2BoLmUlCgTTgJjZkn5MQ2ET15PRWahm1tOTt9yVSlt6Vtho5zUhC3Xp%2FR%2FjaLvx5JNE0kAUuJwg3TC7JCmtOzCfd4HLpbf9cyIqiMgPuRi28RNFAVvKPhNA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7c7e35762a229bc2-FRA
content-length: 76132

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
209 B 15ms
13ms XHR
text/plain 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j100&a=343091659&t=pageview&_s=1&dl=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAACAAI~&jid=99878490&gjid=204126267&cid=1224847520.1684183361&tid=UA-74288219-1&_gid=940470946.1684183361&_r=1&gtm=457e35a0&jsscut=1&z=215871964

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:41 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.newtimes.co.rw
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 PeriodicoDisplay.ttf
www.newtimes.co.rw/theme_newtimes/fonts/ 72 KB
73 KB 228ms
228ms Font
application/octet-stream 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.newtimes.co.rw/theme_newtimes/fonts/PeriodicoDisplay.ttf
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/theme_newtimes/css/general-styles.min.css?v=0.37
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e64a107cd561670cd079ebec398973b9e1d2db0e8355f7bd537e7cf93f8df7ed

Request headers

Referer: https://www.newtimes.co.rw/theme_newtimes/css/general-styles.min.css?v=0.37
Origin: https://www.newtimes.co.rw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:41 GMT
cf-cache-status: HIT
last-modified: Wed, 22 Jun 2022 06:24:39 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
locationdebug: 1
age: 4544
etag: "62b2b5a7-12118"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MS5mXESkx7HJ9guM2kz3E4qGkXy3wDEc86f7uTGzQSylNQGNpm7z0jq06d89wImK7977%2FiP3WHjpvA0JBkRM%2FZzEiZKvpRqyQXiQ5xLCJkNlpdWEzxzVMpAjBOl1FL%2FeEs2QOKf1syW6HsSuYT1SeA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7c7e3577cc4b9bc2-FRA
content-length: 74008

POST
H2 204 collect
region1.analytics.google.com/g/ 0
256 B 79ms
14ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-MEM2QN6706&gtm=45je35a0&_p=343091659&_gaz=1&cid=1224847520.1684183361&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1684183361&sct=1&seg=0&dl=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&dt=&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-MEM2QN6706&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:41 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.newtimes.co.rw
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
247 B 83ms
17ms Ping
text/plain 2a00:1450:400c:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-MEM2QN6706&cid=1224847520.1684183361&gtm=45je35a0&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-MEM2QN6706&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c0b::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:41 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.newtimes.co.rw
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 109ms
44ms Image
image/gif 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-MEM2QN6706&cid=1224847520.1684183361&gtm=45je35a0&aip=1&z=1251084867

Requested by

Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ping
ping.chartbeat.net/ 43 B
201 B 307ms
99ms Image
image/gif 54.165.163.91
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ping.chartbeat.net/ping?h=newtimes.co.rw&p=%2F&u=C2hOJkBGN4QLEN4ys&d=newtimes.co.rw&g=67020&g0=No%20Section&g1=No%20Author&n=1&f=00001&c=0&x=0&m=0&y=1200&o=1600&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=&PA=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&b=410&t=o_P5gCp3yLsX2jtzTbZCQD9-Btp&V=139&tz=0&sn=1&sv=BlOmPyBVSEKMD3WSl0ecHEfBxTn0-&sd=1&im=067a20ff&_
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.165.163.91 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-165-163-91.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Mon, 15 May 2023 20:42:41 GMT
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-length: 43
expires: 0

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
151 B 20ms
17ms XHR
text/plain 2a00:1450:400c:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j100&tid=UA-74288219-1&cid=1224847520.1684183361&jid=99878490&gjid=204126267&_gid=940470946.1684183361&_u=YEBAAUAAAAAAACAAI~&z=1805330884

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0b::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 15 May 2023 20:42:41 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.newtimes.co.rw
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
408 B 318ms
46ms Image
image/gif 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-74288219-1&cid=1224847520.1684183361&jid=99878490&_u=YEBAAUAAAAAAACAAI~&z=1234601052

Requested by

Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 77ms
77ms Image
image/gif 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-74288219-1&cid=1224847520.1684183361&jid=99878490&_u=YEBAAUAAAAAAACAAI~&z=1234601052

Requested by

Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 75 KB
25 KB 162ms
97ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

452d8ad86a3b916edb7511ba91d8e472f91efa62b2c911aedcf2397011f0816c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:41 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25450
x-xss-protection: 0
server: cafe
etag: 165 / 19492 / 31074557 / config-hash: 10982363139367512492
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 15 May 2023 20:42:41 GMT

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305100101/ 403 KB
125 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305100101/pubads_impl.js?cb=31074557

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

98a3ab26574717a95d200c12658c4dbbb28109a057cc52f8a100e6da2b645963

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Sun, 14 May 2023 21:19:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84184
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 127561
x-xss-protection: 0
server: cafe
etag: 1000764176958695900
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Mon, 13 May 2024 21:19:37 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 78 B
85 B 57ms
41ms XHR
application/json 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.newtimes.co.rw

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

91ad26b5c0957975f48585654f032afa6e3f6242a63ab8314d1de785ce076146

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:41 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61
x-xss-protection: 0
expires: Mon, 15 May 2023 20:42:41 GMT

GET
H2 200 pwt.js Show response
ads.pubmatic.com/AdServer/js/pwt/158370/4934/ 222 KB
67 KB 43ms
7ms Script
application/javascript 23.35.236.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/pwt/158370/4934/pwt.js
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-201.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 51eaf649e037fafcd0277a848ff4b54c4216e8799b7e72c53e1d7265c6a116c6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:41 GMT
content-encoding: gzip
last-modified: Sat, 29 Apr 2023 00:41:53 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=124824
accept-ranges: bytes
content-length: 68431
expires: Wed, 17 May 2023 07:23:05 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 230 KB
57 KB 48ms
9ms Script
application/javascript 52.222.208.154
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.208.154 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-208-154.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bf5de2a37e1b850ca9cc3b1a55bccd36def2be3524d0c5acb67b61f26aac8a96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 19:49:17 GMT
content-encoding: gzip
via: 1.1 5fa65194b963365c20fbd28444032cfc.cloudfront.net (CloudFront), 1.1 eaedf92fd05c53aa96f20b6322b473e6.cloudfront.net (CloudFront)
last-modified: Wed, 10 May 2023 21:23:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1, FRA56-P3
age: 3205
x-amz-server-side-encryption: AES256
etag: W/"e6af4658ab1a6fdde1f0066b27d5372e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-id: G8p2byYmJ7eQoA2YpX5eD35Rr45yI-YicNwqDndVU1XVv_kA-5b-hA==

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
1 KB 70ms
42ms XHR
application/json 34.107.148.139
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CUN4B97C
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 3adeed165d2538b15c845a0f7dd480990f715db805c1926157613081204f18a7

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:41 GMT
content-encoding: gzip
via: 1.1 google
server: nginx
accept-ch: Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
expires: Mon, 15 May 2023 20:42:41 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 370 B
704 B 229ms
149ms XHR
application/json 2602:803:c003:200::41
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17046&site_id=315192&zone_id=1608182&size_id=2&alt_size_ids=55&rp_schain=1.0,1!yourbow.com,76,1,,,&rf=http%3A%2F%2Fwww.newtimes.co.rw%2F&kw=newtimes%2Crwandanews%2Ctnt%2Crwanda%2Ckigali%2Cnews%2Ceastafrica&tg_i.page=http%3A%2F%2Fwww.newtimes.co.rw%2F&tg_i.domain=newtimes.co.rw&tg_i.pbadslot=%2F21828795265%2FTNT%2FTNT_other&tk_flint=pbjs_lite_v7.18.0&x_source.tid=8c17a819-afaf-41bd-bf50-01196d3d3e1f&l_pb_bid_id=50e05a02a73ba2&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F21828795265%2FTNT%2FTNT_other&slots=1&rand=0.40926422622856995
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::41 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 9f7b0125ef9acccbfefc22c575aa0fe9fb415a8fc0a0615c44c94d3aba383923

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:42 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.newtimes.co.rw
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 370
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 370 B
728 B 193ms
114ms XHR
application/json 2602:803:c003:200::41
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17046&site_id=315192&zone_id=1608182&size_id=2&alt_size_ids=55&rp_schain=1.0,1!yourbow.com,76,1,,,&rf=http%3A%2F%2Fwww.newtimes.co.rw%2F&kw=newtimes%2Crwandanews%2Ctnt%2Crwanda%2Ckigali%2Cnews%2Ceastafrica&tg_i.page=http%3A%2F%2Fwww.newtimes.co.rw%2F&tg_i.domain=newtimes.co.rw&tg_i.pbadslot=%2F21828795265%2FTNT%2FTNT_other&tk_flint=pbjs_lite_v7.18.0&x_source.tid=8c17a819-afaf-41bd-bf50-01196d3d3e1f&l_pb_bid_id=6956b2b18b6a55&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F21828795265%2FTNT%2FTNT_other&slots=1&rand=0.5679696716841764
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::41 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: efc2a99fb14c06752ab6385062f4ee2b4314c060dbd9975d0fb266db3f1bb8dd

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:42 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.newtimes.co.rw
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 370
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
160 B 39ms
8ms XHR
text/plain 54.93.178.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.93.178.54 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-93-178-54.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.newtimes.co.rw
date: Mon, 15 May 2023 20:42:41 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
159 B 42ms
11ms XHR
text/plain 54.93.178.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.93.178.54 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-93-178-54.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.newtimes.co.rw
date: Mon, 15 May 2023 20:42:41 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
62 B 137ms
89ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.newtimes.co.rw
date: Mon, 15 May 2023 20:42:41 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 17 KB
9 KB 124ms
105ms XHR
application/json 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4640f441530cf0255d4e19cfef296aea111982dc44f64b511782d3b737492d3e

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 15 May 2023 20:42:41 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 6c0715a1-0982-4b7c-9568-ae90b89af57f
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.newtimes.co.rw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 261 B
1 KB 267ms
247ms XHR
application/json 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

74486a32f9931e4de8821c9a1276c0be67dd38d4d93c408f2f1afb215fc6a6ea

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:42 GMT
AN-X-Request-Uuid: 98196662-aa8f-4220-b113-602442117f24
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.newtimes.co.rw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 261
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
118 B 125ms
83ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.newtimes.co.rw
date: Mon, 15 May 2023 20:42:41 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 261 B
1 KB 202ms
186ms XHR
application/json 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

b70328b3b53e1936fae544e04d9d3d65f86efec591f7dd3b2ca7e19582d8bdf9

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:42 GMT
AN-X-Request-Uuid: e4726b14-2b94-437d-ae83-177407b73a37
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.newtimes.co.rw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 261
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
782 B 58ms
43ms XHR
application/json 34.107.148.139
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CUN4B97C
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: d6edee2b4523aeb3582e3afb76d7072f4e1a8de09ec7d4ef37166c3d1544f673

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:41 GMT
content-encoding: gzip
via: 1.1 google
server: nginx
accept-ch: Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
expires: Mon, 15 May 2023 20:42:41 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 33 KB
10 KB 113ms
98ms XHR
application/json 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

884241c7b65d73edaf18230673b273e83d36bf4aafad202b556fbcb086427899

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 15 May 2023 20:42:41 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 30362364-de94-4c82-bdba-5169f09888b6
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.newtimes.co.rw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
159 B 31ms
11ms XHR
text/plain 54.93.178.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.93.178.54 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-93-178-54.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.newtimes.co.rw
date: Mon, 15 May 2023 20:42:41 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
159 B 31ms
11ms XHR
text/plain 54.93.178.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.93.178.54 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-93-178-54.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.newtimes.co.rw
date: Mon, 15 May 2023 20:42:41 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 370 B
933 B 174ms
109ms XHR
application/json 2602:803:c003:200::41
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17046&site_id=315192&zone_id=1608182&size_id=2&alt_size_ids=55&rp_schain=1.0,1!yourbow.com,76,1,,,&rf=http%3A%2F%2Fwww.newtimes.co.rw%2F&kw=newtimes%2Crwandanews%2Ctnt%2Crwanda%2Ckigali%2Cnews%2Ceastafrica&tg_i.page=http%3A%2F%2Fwww.newtimes.co.rw%2F&tg_i.domain=newtimes.co.rw&tg_i.pbadslot=%2F21828795265%2FTNT%2FTNT_other&tk_flint=pbjs_lite_v7.18.0&x_source.tid=3f31cab7-0b67-4f9a-8b4b-1e94089739c3&l_pb_bid_id=356eaab1cd2591a&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F21828795265%2FTNT%2FTNT_other&slots=1&rand=0.3647908696108344
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::41 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 35ad51e18520b7b83fc27d25da4fb2ef25452e23f8331cca9f9b84430f4a60d9

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:41 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.newtimes.co.rw
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 370
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 370 B
705 B 292ms
227ms XHR
application/json 2602:803:c003:200::41
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17046&site_id=315192&zone_id=1608182&size_id=2&alt_size_ids=55&rp_schain=1.0,1!yourbow.com,76,1,,,&rf=http%3A%2F%2Fwww.newtimes.co.rw%2F&kw=newtimes%2Crwandanews%2Ctnt%2Crwanda%2Ckigali%2Cnews%2Ceastafrica&tg_i.page=http%3A%2F%2Fwww.newtimes.co.rw%2F&tg_i.domain=newtimes.co.rw&tg_i.pbadslot=%2F21828795265%2FTNT%2FTNT_other&tk_flint=pbjs_lite_v7.18.0&x_source.tid=3f31cab7-0b67-4f9a-8b4b-1e94089739c3&l_pb_bid_id=36a8a5ed1d63b58&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F21828795265%2FTNT%2FTNT_other&slots=1&rand=0.5261664928214047
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::41 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 9a3f3c50810204a4252112b471f5d710f56d43e63854d7460d83c7dca6080c65

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:42 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.newtimes.co.rw
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 370
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ 335 B
693 B 8ms
7ms XHR
application/json 52.222.208.154
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fwww.newtimes.co.rw&pubid=db83f9c6-a698-4a6a-89fb-c29c85426748
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.208.154 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-208-154.fra56.r.cloudfront.net
Software: Server /
Resource Hash: 9cd28222b76db9ecead97bdea2b69bce8777da737c9e242502def4a5f1c96675

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 18:08:02 GMT
via: 1.1 eaedf92fd05c53aa96f20b6322b473e6.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P3
age: 9278
x-cache: Hit from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
content-length: 335
x-amz-cf-id: b38IZZeL-2lzfI0B0b1ow_7B2oLyVrQ_4wcP7JHPbnmqb6gkxhKxpg==

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ 23 B
465 B 102ms
47ms XHR
text/javascript 108.138.9.235
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&pid=4g0AqiFQdcef9&cb=0&ws=1600x1200&v=23.505.1627&t=900&slots=%5B%7B%22sd%22%3A%22top%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%5D%2C%22sn%22%3A%22%2F21828795265%2FTNT%2FTNT_other%22%7D%5D&sg=%7B%22ortb2%22%3A%7B%22device%22%3A%7B%22sua%22%3A%7B%22mobile%22%3A0%2C%22source%22%3A1%2C%22browsers%22%3A%5B%5D%7D%7D%7D%7D&schain=1.0%2C1!yourbow.com%2C76%2C1%2C%2C%2C&pubid=db83f9c6-a698-4a6a-89fb-c29c85426748&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.9.235 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-9-235.fra56.r.cloudfront.net

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:41 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 3a4987afa567e120a2fa0d82969d4c0a.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P6
x-amz-rid: DGMZ733FTJ1GC7AWYWCR
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: XSgX4kr3ofKvyrY1O3s3WLntlwpJzZ0X0lW5T6CPaGBTQ4Ox5jRR8g==

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ 23 B
463 B 102ms
49ms XHR
text/javascript 108.138.9.235
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&pid=4g0AqiFQdcef9&cb=1&ws=1600x1200&v=23.505.1627&t=900&slots=%5B%7B%22sd%22%3A%22adhesion%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%5D%2C%22sn%22%3A%22%2F21828795265%2FTNT%2FTNT_other%22%7D%5D&sg=%7B%22ortb2%22%3A%7B%22device%22%3A%7B%22sua%22%3A%7B%22mobile%22%3A0%2C%22source%22%3A1%2C%22browsers%22%3A%5B%5D%7D%7D%7D%7D&schain=1.0%2C1!yourbow.com%2C76%2C1%2C%2C%2C&pubid=db83f9c6-a698-4a6a-89fb-c29c85426748&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.9.235 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-9-235.fra56.r.cloudfront.net

Software

Server /

Resource Hash

89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:41 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 3a4987afa567e120a2fa0d82969d4c0a.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P6
x-amz-rid: 73GXWW8EQ6M29F961GTJ
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: TlnlYy3AxtQkoqNtHN7bt9_hLiwjI1G2lVyA4iGx5FBWy3_8KKnyfA==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 22ms
8ms XHR
application/javascript 52.222.208.154
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.208.154 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-208-154.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

x-amz-version-id: yHpogsakS7iCluwAmUa6Y9ccBYm32d5h
content-encoding: gzip
via: 1.1 51bcd21e941ceaec99864557d86202ae.cloudfront.net (CloudFront)
date: Mon, 15 May 2023 03:27:31 GMT
x-amz-cf-pop: FRA56-P3
age: 62111
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Thu, 11 May 2023 21:16:48 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: TEDUzV5ugrxMf-2alNp46ERjqLXJck8ChXKlJ002-vzwd8FN0rKQag==

GET
H2 200 pubcid.min.js Show response
secure.cdn.fastclick.net/js/pubcid/latest/ 54 KB
17 KB 108ms
31ms Script
application/javascript 23.218.48.210
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.cdn.fastclick.net/js/pubcid/latest/pubcid.min.js
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.218.48.210 Haarlem, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-48-210.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 43f804d38a294c6df1ce8ee64fb95ad0ff5a8d6d5685d9537df02212668a1dff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:41 GMT
content-encoding: gzip
last-modified: Mon, 23 Jan 2023 19:40:17 GMT
server: Apache
etag: "d734-5f2f3919e751f-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=900
accept-ranges: bytes
content-length: 17407
expires: Mon, 15 May 2023 20:57:41 GMT

POST
H2 200 recordVendorsLoaded Show response
prod.us-east-1.cxm-bcn.publisher-services.amazon.dev/v1/ 0
453 B 99ms
99ms XHR
text/plain 34.239.75.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://prod.us-east-1.cxm-bcn.publisher-services.amazon.dev/v1/recordVendorsLoaded
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.239.75.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-239-75-135.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: *
date: Mon, 15 May 2023 20:42:42 GMT
content-length: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers

OPTIONS
H2 200 recordVendorsLoaded
prod.us-east-1.cxm-bcn.publisher-services.amazon.dev/v1/ Frame 0
0 303ms
98ms Preflight 34.239.75.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://prod.us-east-1.cxm-bcn.publisher-services.amazon.dev/v1/recordVendorsLoaded
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.239.75.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-239-75-135.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.newtimes.co.rw
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 1800
allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
content-length: 0
date: Mon, 15 May 2023 20:42:42 GMT
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
531 B 85ms
16ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.newtimes.co.rw

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305100101/pubads_impl.js?cb=31074557

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 61ms
16ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.newtimes.co.rw

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305100101/pubads_impl.js?cb=31074557

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 25 KB
11 KB 234ms
231ms XHR
text/plain 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3967767644196979&correlator=1926040890495813&eid=31072879%2C31074171%2C31074557%2C31068367&output=ldjh&gdfp_req=1&vrg=202305100101&ptt=17&impl=fif&iu_parts=21828795265%2CTNT%2CTNT_other&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90%7C970x90&ifi=1&adks=4030047229&sfv=1-0-40&prev_scp=pos%3Dtop%26amznbid%3D2%26amznp%3D2%26hb_format%3Dbanner%26hb_size%3D728x90%26hb_pb%3D0.00%26hb_adid%3D410ee5946d252b%26hb_bidder%3DbluTonic&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1684183362112&lmt=1684183362&dlt=1684183360880&idt=812&adxs=436&adys=89&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&frm=20&vis=1&psz=970x90&msz=728x0&fws=4&ohw=1600&ga_vid=1224847520.1684183361&ga_sid=1684183362&ga_hid=343091659&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305100101/pubads_impl.js?cb=31074557

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bffd0d611f4f4d8f88285bbe5a5fcca7c53215ef136bd4ffacead53e5b2144ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:42 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10931
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
11 KB 325ms
64ms XHR
application/json 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202305100101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305100101/pubads_impl.js?cb=31074557

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

720adfe48f595070e9a8490d5fd91fa091a4d6b3cfea9677eb92906f1f6134aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:42 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11321
x-xss-protection: 0

GET
H2 200 container.html Show response
2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame B7EF 6 KB
3 KB 67ms
14ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305100101/pubads_impl.js?cb=31074557

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:42 GMT
expires: Tue, 14 May 2024 20:42:42 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 25 KB
11 KB 197ms
197ms XHR
text/plain 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3967767644196979&correlator=4308323465150644&eid=31072879%2C31074171%2C31074557%2C31068367&output=ldjh&gdfp_req=1&vrg=202305100101&ptt=17&impl=fif&iu_parts=21828795265%2CTNT%2CTNT_other&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=970x90%7C728x90&ifi=2&adks=3660242229&sfv=1-0-40&prev_scp=pos%3Dadhesion%26amznbid%3D2%26amznp%3D2%26hb_format%3Dbanner%26hb_size%3D970x90%26hb_pb%3D0.00%26hb_adid%3D3836e53bb3d752b%26hb_bidder%3DbluTonic&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1684183362141&lmt=1684183362&dlt=1684183360880&idt=812&adxs=315&adys=1110&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&frm=20&vis=1&psz=1600x1022&msz=1600x-1&fws=516&ohw=1600&ga_vid=1224847520.1684183361&ga_sid=1684183362&ga_hid=343091659&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305100101/pubads_impl.js?cb=31074557

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ed8c3beaa9da129a85dee30d9e907b9d05ef57610d1158817a18108027f7d65d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:42 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10911
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 25D2 6 KB
3 KB 10ms
7ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305100101/pubads_impl.js?cb=31074557

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:42 GMT
expires: Tue, 14 May 2024 20:42:42 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 664B 6 KB
3 KB 8ms
7ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305100101/pubads_impl.js?cb=31074557

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:42 GMT
expires: Tue, 14 May 2024 20:42:42 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 25D2 0
0 49ms
49ms Fetch
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C9kGyQpliZOOIC4yolgTizpHQBMme0rFc1Z2R93DAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCakCuEm_tTNnsj7gAgCoAwGqBP8BT9C0tQm2h-2Dn9Xz9r53D8Ubu70CbA_Xk1bp1xfSKvxHCGGKEGfCg6S23pb9VbMT549FfAGq5H7g9oC4BK5fBraIMmRMG4zPzCeVUeLgPgb6p-VdIa6u10TyZtiB-6PwosrI39wj-hWzfQWZdc8meNg04yu1Tl7grPgDYRjMIkw3zb7uDMERHPMbyuDK1N8zNEX3-ylsWcnYDru5wtmswUQBP5bN4QKrL0VJBaJe_U0DTecyGCgp6UVJ_La4-4s4EIQD1tY2jbYx71vhAmlRtZzLl2i2zRAjN_ig6bcy80SLIanq16Pm5YKA41hirW4QmKe6aYHqMaKZBf-HnP1F4AQBgAbGx_OR9K7H7SGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBAgAoD-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTc1NTQ3OTM0OTcxOTIzNjIY_KBy&sigh=MYV4sw5sgNw&uach_m=[UACH]&cid=CAQSLgBygQiD70SMCfsi7cf5ocZQi-i80xrDV8wG55LAuXILxbttO0yuGvuIuCfN4yYYAQ
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

GET
H2 200 notify
rtb.nl3.eu.criteo.com/google/auction/ Frame 25D2 0
0 141ms
13ms Fetch 2a02:2638:3::9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.nl3.eu.criteo.com/google/auction/notify?profile=14&payload=kMvjDejMCcoHWp2DYgICAAAAHI02QL_xWQ4QQZliZDUDLzHwOuTSgzoAABIAAAoKQVFVQkFRRUJBUQ&wp=ZGKZQgACxGMKhZQMAARnYtQwTiGFjSEc-uVeIA

Requested by

Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:41 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 269506
server: Kestrel
content-length: 0

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 0798 133 KB
45 KB 232ms
106ms Document
text/html 2a02:2638:d::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZGKZQgACxGMKhZQMAARnYtQwTiGFjSEc-uVeIA&u=%7C7%2FYujITEdeg8FUILki9iJ4aRAOxKVOf64C6CSfRjutA%3D%7C&c1=VEd5MTeK-DVtvwpxQwkatQ5fNcsqqVzrGxHd21mMpxNh6ptbvoFGr-zNgOWxNGK8hcdazcCQ4TV7lxzc5U56N7_Ai_ZCvZZTcs4J_AUHiXNxRCEv0MQBdHvpJnTXGdNbA-UccGqOgBByFas5qs71SzwjAjRgRqmn4rrx9dkHB9E-hLcKrgC6FKslC7u9vWnncVk6BXeyHUiL5yhw5oiaj6ruCaD0UKCipKUOkWUuGAkSZbDRiz8-S0zaJ1CPlePj55HCyr9TTMB-2DNda8qLIajXL5sCw5a3eWodUMgItCXXznTTw2C7xII6aQY1gAXTlZxDrigAb0yZg_OGmFbYjJjR_kxtI6wkmQT95IoKJiE_KgvU-rSvnSzG2htUjMLLzUVs-Y7-LIDykFhpBe6NLJvHpfBgMU732hfHbxJzmi8dxgqXM66ndU2NAAEckF7tFLK4r36m198lxNTHQUTsm6J3Ehrln1QbPdDVH5ZllIqeq8WilryvtxureV-OBOls3sK8SnwiAMjzS1JuzN7a_EyFMIvfBy37nOck0-7yF22McOZ1rOOy-dXRnPaqLrf_ySvkHEV7t0ULrcGnT-VMKEZY7vtEQP805Zqez2lObAvGFnGXZ2VztO8Aq0gPZNQX&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCi2YnQpliZOOIC4yolgTizpHQBMme0rFc1Z2R93DAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCakCuEm_tTNnsj7gAgCoAwGqBIICT9C0tQm2h-2Dn9Xz9r53D8Ubu70CbA_Xk1bp1xfSKvxHCGGKEGfCg6S23pb9VbMT549FfAGq5H7g9oC4BK5fBraIMmRMG4zPzCeVUeLgPgb6p-VdIa6u10TyZtiB-6PwosrI39wj-hWzfQWZdc8meNg04yu1Tl7grPgDYRjMIkw3zb7uDMERHPMbyuDK1N8zNEX3-ylsWcnYDru5wtmswUQBP5bN4QKrL0VJBaJe_U0DTecyGCgp6UVJ_La4-4s4EIQD1tY2jbYx71vhAmlRtZzLl2i2zRAjN7qiyCW1fNiYnjX-dHPbQ3qJ91LUp0AIGhNyVCcYjry1HXotGO76TtRk4AQBgAbGx_OR9K7H7SGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0O7g3R0OnmDgKhYKooLhH8BtokUg%26client%3Dca-pub-7554793497192362%26adurl%3D

Requested by

Host: 2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com
URL: https://2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

a96e199df136d37da26e9fea5d58884482237121d0b9077fb96db13bbeba9dcb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:41 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=c4dKTVw-_Msrj2KhqNWOPKJ2S33tsUXohCA5S2e4QuS4VgPYpEUD7OHGwZmGm29oI641KG3Ca20mXffPe2beRXol9iqTm8LtP2EfkzuyrOm7Zx-2BYMBmN53e1iPv7GtRJ1Ywex59yBnPax5vJAQeA65CsOirxEMAHYJNvustlkJDBfhxSnRl3mGFMfAn7YVBkSMMSn9OzYeSYnbuOROJ9euribCzPPFBumb1WMwX2Wnn_sEIymS31kf7AwP42kto65tJA"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 58554125
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/ Frame 25D2 3 KB
1 KB 141ms
14ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/window_focus_fy2021.js

Requested by

Host: 2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com
URL: https://2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 18:31:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7891
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 May 2023 18:31:11 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/ Frame 25D2 19 KB
8 KB 134ms
8ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com
URL: https://2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

01dcaf85f2ae23a30115cf4a663e90b4a507dc688c4c17f9ebddc3cf19fee780

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 12:20:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30104
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7937
x-xss-protection: 0
server: cafe
etag: 2499949999788435271
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 May 2023 12:20:58 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 25D2 24 KB
7 KB 136ms
10ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com
URL: https://2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Fri, 12 May 2023 14:52:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 280227
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 11 May 2024 14:52:15 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 25D2 169 KB
53 KB 188ms
62ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com
URL: https://2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fdc79b8c47c6d5c20def82fa5f6a91e3cbe3057bff3f8b14b5c2c71dc9b57ec4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53545
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1683718549123860"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 15 May 2023 20:42:42 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 664B 0
0 49ms
49ms Fetch
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=COVgHQpliZN6iCoS-bczBm_gFyZ7SsVzVnZH3cMCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE_wFP0GWutwxIK8CQCZpi14cSVME7LPBJYFYWwPvtIhjT2OHAyF_TdnGXZMOjj-GOtVl7IA7eN14bRgnyI1tSZXGGgOXDLTy6MmeZ_Y4HdgTeFFwKjJi4lwfJYe6UbQbBaz_D0Z8xAtqJavSJA3nuokuFwMjtajltB7usDkgajPumSSRtLloa5DT7YjzUkoKvV9sXqW7x1FrI6vQaJfL87k12pwOV8kKanbv82W65dkI8rWrdo13ioUrnRczoUZkIhffOr2xZbs8kPCEJ50a27dOnZahzE7mGRHX5iBXKTR1wK5ONdFHS42n4T6oSXkhAM5ikg7HxtEd5rxxjD7Ko-NPgBAGABsbH85H0rsftIaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgECACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItNzU1NDc5MzQ5NzE5MjM2Mhj8oHI&sigh=exLN2Z9THeI&uach_m=[UACH]&cid=CAQSTABygQiDjAeIxDVuB7OCITg_ASNuoOciOjEVIolWq_Gt-_LlbyoBSkW2tiPu9GumTPjxz9vYhZpY17-ajzk9-RZJxeScN4vcbAWJcFAYAQ
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

GET
H2 200 notify
rtb.nl3.eu.criteo.com/google/auction/ Frame 664B 0
0 130ms
13ms Fetch 2a02:2638:3::9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.nl3.eu.criteo.com/google/auction/notify?profile=14&payload=kMvjDejMCcoHWp2DYgICAAAAHI02QL_xWQ4QQZliZL-055-fWEuqWV8AABIAAAoKQVFVQkFRRUJBUQ&wp=ZGKZQgACkV4KG18EAAbgzP23cLihI8NRiROqVg

Requested by

Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:42 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 165761
server: Kestrel
content-length: 0

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 5D99 139 KB
47 KB 86ms
78ms Document
text/html 2a02:2638:d::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZGKZQgACkV4KG18EAAbgzP23cLihI8NRiROqVg&u=%7C7%2FYujITEdeileQYii%2Fu4kHmyOYOc77UKfKJaRSNGW0w%3D%7C&c1=VEd5MTeK-DVtvwpxQwkatQ5fNcsqqVzrGxHd21mMpxNh6ptbvoFGr-zNgOWxNGK8hcdazcCQ4TV7lxzc5U56N7_Ai_ZCvZZTcs4J_AUHiXOyTUmt0LIB1Arv3LRdJwySd4b4OfvN2D44-sQq0YqqG3DXD5WO6mx0nOgFBhA8tkrZddUlZ5X5fiYikF9raWCM_qEr5R9CSKKKO0-tZyddIaF0uhtI0_UhcKWd1sHOyD-iMd_Mtzzc07BHfFhKKI5aUxrlI44OB_y4xbtVltzM2-cp3k6_RbNMDOAT1-vCPIlubVYrCH2BAKnAUO6lVt8ASph3_zvGviuFfBEogtJWWO2vO9Uc8GPuX9Ht139wpcqe9g5oatNagP9U6CbNnSrT_jx85Hm48Y-n5vwrZNHt_00tHF9FBf52AUYWiJxAnW-1XsiCNMvmb09x2RyWsYgrArH26KgQLEw-0KvEgVGHE3Svz2DhmwTta-GX-pP2HNHc1KoyKUf8qfM1s825eh3kPixotdQGVIuZiIBx0cC2sN6vGL1BO7_7gT0lcdh1Q7qL_fjb7hlwirlcvdt9vyNSeQ_wtB330QsAa_v0jQ_6aw0NkIQ706GN2Xt6gYh9BTuM0pzY5iezoHMhU8JgkpW-&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCmMrCQpliZN6iCoS-bczBm_gFyZ7SsVzVnZH3cMCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoEggJP0GWutwxIK8CQCZpi14cSVME7LPBJYFYWwPvtIhjT2OHAyF_TdnGXZMOjj-GOtVl7IA7eN14bRgnyI1tSZXGGgOXDLTy6MmeZ_Y4HdgTeFFwKjJi4lwfJYe6UbQbBaz_D0Z8xAtqJavSJA3nuokuFwMjtajltB7usDkgajPumSSRtLloa5DT7YjzUkoKvV9sXqW7x1FrI6vQaJfL87k12pwOV8kKanbv82W65dkI8rWrdo13ioUrnRczoUZkIhffOr2xZbs8kPCEJ50a27dOnZahzE7mGRHX5yhfr35r_t4Ay6EVxM1Ret6MGVP5KHYAmN3nMErXGsTB7ihgs62zfOu7gBAGABsbH85H0rsftIaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_05nlqAJErFxZZJMAyEuB_jivIJhg%26client%3Dca-pub-7554793497192362%26adurl%3D

Requested by

Host: 2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com
URL: https://2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

69c7440a91991e71e2594b76c9a058c39e0126145a9a7e1a9bfc3d15059d4f7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:42 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=7mKEbVw-_Msrj2KhbkWUOYTOwXTPVjgOu4pXU2SXPttZq8bMwbgVpZuD4ALVapS1bv0WUwCa8LY1B_ei8aUxd6dEo3WIpYpZyD2sfedMbk-q2FDIVA3k2r19vCwHYLIk2K8jGq6b4b4ZLIGER8ItLCYfo61UyyZ4lwsMSc5zEYwXqkPt6aAsRqZi7l0o8Cjd0_smi-xFqWb8a_oAy_A8hBsBZPMHwaR9okWJZMNH74bMbywpf7P_QIV2MmdWEP3sPcOTqg"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 57705598
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/ Frame 664B 3 KB
1 KB 136ms
15ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/window_focus_fy2021.js

Requested by

Host: 2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com
URL: https://2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 18:31:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7891
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 May 2023 18:31:11 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/ Frame 664B 19 KB
8 KB 131ms
11ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com
URL: https://2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

01dcaf85f2ae23a30115cf4a663e90b4a507dc688c4c17f9ebddc3cf19fee780

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 12:20:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30104
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7937
x-xss-protection: 0
server: cafe
etag: 2499949999788435271
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 May 2023 12:20:58 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 664B 24 KB
6 KB 132ms
11ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com
URL: https://2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Fri, 12 May 2023 14:52:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 280227
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 11 May 2024 14:52:15 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 664B 169 KB
52 KB 295ms
175ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com
URL: https://2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fdc79b8c47c6d5c20def82fa5f6a91e3cbe3057bff3f8b14b5c2c71dc9b57ec4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53545
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1683718549123860"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 15 May 2023 20:42:42 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 126ms
47ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305100101/pubads_impl.js?cb=31074557

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 15 May 2023 20:42:42 GMT

GET
DATA 200
OK truncated
/ Frame 25D2 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 60eb5df2834bdbb6a7c0c36dd892635558792886b6285c6d0eb8fa9026357d90

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 664B 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dab27ef73784b63a1d555436f0a1c17e8e333568d031e74270cb2ddf2b599dbf

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 2EFC 13 KB
5 KB 8ms
7ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 7645
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 18:35:17 GMT
expires: Tue, 14 May 2024 18:35:17 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame DA5B 783 B
968 B 17ms
16ms Document
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

eab2dbe6f6732288580b12082eb29259355dd87cadd9d2bc796ff02b088feb10

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-btKruyLL-FN_7ZqNq7tqUw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.newtimes.co.rw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 512
content-security-policy: script-src 'report-sample' 'nonce-btKruyLL-FN_7ZqNq7tqUw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:42 GMT
expires: Mon, 15 May 2023 20:42:42 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 08cn5b8EVMSc5l6e1YWDk0jg24yFrQ2cZ845B_qPECM.js Show response
pagead2.googlesyndication.com/bg/ Frame 2EFC 37 KB
14 KB 23ms
7ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/08cn5b8EVMSc5l6e1YWDk0jg24yFrQ2cZ845B_qPECM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d3c727e5bf0454c49ce65e9ed585839348e0db8c85ad0d9c67ce3907fa8f1023

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:38:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 244
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14732
x-xss-protection: 0
last-modified: Mon, 08 May 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 14 May 2024 20:38:38 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 5D99 2 KB
1 KB 44ms
13ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZGKZQgACkV4KG18EAAbgzP23cLihI8NRiROqVg&u=%7C7%2FYujITEdeileQYii%2Fu4kHmyOYOc77UKfKJaRSNGW0w%3D%7C&c1=VEd5MTeK-DVtvwpxQwkatQ5fNcsqqVzrGxHd21mMpxNh6ptbvoFGr-zNgOWxNGK8hcdazcCQ4TV7lxzc5U56N7_Ai_ZCvZZTcs4J_AUHiXOyTUmt0LIB1Arv3LRdJwySd4b4OfvN2D44-sQq0YqqG3DXD5WO6mx0nOgFBhA8tkrZddUlZ5X5fiYikF9raWCM_qEr5R9CSKKKO0-tZyddIaF0uhtI0_UhcKWd1sHOyD-iMd_Mtzzc07BHfFhKKI5aUxrlI44OB_y4xbtVltzM2-cp3k6_RbNMDOAT1-vCPIlubVYrCH2BAKnAUO6lVt8ASph3_zvGviuFfBEogtJWWO2vO9Uc8GPuX9Ht139wpcqe9g5oatNagP9U6CbNnSrT_jx85Hm48Y-n5vwrZNHt_00tHF9FBf52AUYWiJxAnW-1XsiCNMvmb09x2RyWsYgrArH26KgQLEw-0KvEgVGHE3Svz2DhmwTta-GX-pP2HNHc1KoyKUf8qfM1s825eh3kPixotdQGVIuZiIBx0cC2sN6vGL1BO7_7gT0lcdh1Q7qL_fjb7hlwirlcvdt9vyNSeQ_wtB330QsAa_v0jQ_6aw0NkIQ706GN2Xt6gYh9BTuM0pzY5iezoHMhU8JgkpW-&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCmMrCQpliZN6iCoS-bczBm_gFyZ7SsVzVnZH3cMCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoEggJP0GWutwxIK8CQCZpi14cSVME7LPBJYFYWwPvtIhjT2OHAyF_TdnGXZMOjj-GOtVl7IA7eN14bRgnyI1tSZXGGgOXDLTy6MmeZ_Y4HdgTeFFwKjJi4lwfJYe6UbQbBaz_D0Z8xAtqJavSJA3nuokuFwMjtajltB7usDkgajPumSSRtLloa5DT7YjzUkoKvV9sXqW7x1FrI6vQaJfL87k12pwOV8kKanbv82W65dkI8rWrdo13ioUrnRczoUZkIhffOr2xZbs8kPCEJ50a27dOnZahzE7mGRHX5yhfr35r_t4Ay6EVxM1Ret6MGVP5KHYAmN3nMErXGsTB7ihgs62zfOu7gBAGABsbH85H0rsftIaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_05nlqAJErFxZZJMAyEuB_jivIJhg%26client%3Dca-pub-7554793497192362%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:42 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:42 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 5D99 2 KB
1 KB 42ms
13ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:42 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:42 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 5D99 308 B
636 B 14ms
13ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:42 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Thu, 09 May 2024 20:42:42 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 5D99 293 B
621 B 15ms
15ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:42 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Thu, 09 May 2024 20:42:42 GMT

GET
H2 200 lg.php
cat.fr3.eu.criteo.com/delivery/ Frame 5D99 43 B
348 B 64ms
18ms Image
image/gif 178.250.7.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.fr3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=_m1tHCIuT_cEaN4NLyLBESYqMsVybM5pWa0udPUXI2BKF1Ovx5ZFeEJLxwVWcZVGI3pCc5LxoBQMoP3zyOJtPxwT5ogo_oC_KK8driPBliSdHitCd8xlRPsK_QltgKY4rwbrIjX5vIP5fZrUoaAvDO6TTjVIEeJO2kZC_Lh7ecGkMogn0GwWBhSyQTS_sIBSEXHqdet_ARBR6XTLc41le39b5ozF2oTjYpL6Oe-zi3QMdsOdQKmcbHFyN6L7F4tU_MILpW5Xo19YvGalWwP99i0-ZOT6SKVX1BBBSVqZiZ3GMYzNJDRu-z8wOlYiFZh9wMVC9j446VEx3dj3pF_qXPMzw_u7H8QaLToVbRWpuamf2jp-TniQATWcLZ1PhU0_iMYdBmLNYqG_RgqsducJ_2QVSx5pO5nXGO2yB30uUOWt7wUM

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:41 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1801356
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame 5D99 12 KB
5 KB 33ms
15ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:42 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 408523
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4420
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1mIwlFKZGF0wiuVS8s7SyxTUy9uIaLl3QiFanY%2FBCE6mhDFArPMcc7tYhsmDqWy4bimLtgBgKnZOi7rF5plvwnwzrJaC2uWvHF4yx9IODagsAu5AYyv%2BzXzSjEH4h%2BieLvWAdzSipwt6QUAd%2BWxbf7aB"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7c7e3580dd582c41-FRA
expires: Sat, 04 May 2024 20:42:42 GMT

GET
H2 200 b4338c429b884dd1a41cf5d47720754c_gotham-regular.woff
static.criteo.net/design/dt/ Frame 5D99 31 KB
31 KB 56ms
30ms Font
application/octet-stream 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/dt/b4338c429b884dd1a41cf5d47720754c_gotham-regular.woff

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

af4b954cf45e99d5eccbea113dc2b66799cf8db96c3e8dfc33d145398743727b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Origin: https://ads.eu.criteo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:42 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Mon, 30 Oct 2017 21:00:07 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"59f792d7-7a00"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:42 GMT

GET
H2 200 19b6feaf7bb04307a5ed79d69ca28780_gotham-bold.woff
static.criteo.net/design/dt/ Frame 5D99 15 KB
15 KB 50ms
24ms Font
application/octet-stream 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/dt/19b6feaf7bb04307a5ed79d69ca28780_gotham-bold.woff

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f9d374ef87ca2b8179870daa8739f8b060fc77446a4109ec87dc523bd8059ea4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Origin: https://ads.eu.criteo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:42 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 01 Dec 2017 12:57:30 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5a2151ba-3b68"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:42 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 0798 2 KB
1 KB 14ms
13ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZGKZQgACxGMKhZQMAARnYtQwTiGFjSEc-uVeIA&u=%7C7%2FYujITEdeg8FUILki9iJ4aRAOxKVOf64C6CSfRjutA%3D%7C&c1=VEd5MTeK-DVtvwpxQwkatQ5fNcsqqVzrGxHd21mMpxNh6ptbvoFGr-zNgOWxNGK8hcdazcCQ4TV7lxzc5U56N7_Ai_ZCvZZTcs4J_AUHiXNxRCEv0MQBdHvpJnTXGdNbA-UccGqOgBByFas5qs71SzwjAjRgRqmn4rrx9dkHB9E-hLcKrgC6FKslC7u9vWnncVk6BXeyHUiL5yhw5oiaj6ruCaD0UKCipKUOkWUuGAkSZbDRiz8-S0zaJ1CPlePj55HCyr9TTMB-2DNda8qLIajXL5sCw5a3eWodUMgItCXXznTTw2C7xII6aQY1gAXTlZxDrigAb0yZg_OGmFbYjJjR_kxtI6wkmQT95IoKJiE_KgvU-rSvnSzG2htUjMLLzUVs-Y7-LIDykFhpBe6NLJvHpfBgMU732hfHbxJzmi8dxgqXM66ndU2NAAEckF7tFLK4r36m198lxNTHQUTsm6J3Ehrln1QbPdDVH5ZllIqeq8WilryvtxureV-OBOls3sK8SnwiAMjzS1JuzN7a_EyFMIvfBy37nOck0-7yF22McOZ1rOOy-dXRnPaqLrf_ySvkHEV7t0ULrcGnT-VMKEZY7vtEQP805Zqez2lObAvGFnGXZ2VztO8Aq0gPZNQX&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCi2YnQpliZOOIC4yolgTizpHQBMme0rFc1Z2R93DAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCakCuEm_tTNnsj7gAgCoAwGqBIICT9C0tQm2h-2Dn9Xz9r53D8Ubu70CbA_Xk1bp1xfSKvxHCGGKEGfCg6S23pb9VbMT549FfAGq5H7g9oC4BK5fBraIMmRMG4zPzCeVUeLgPgb6p-VdIa6u10TyZtiB-6PwosrI39wj-hWzfQWZdc8meNg04yu1Tl7grPgDYRjMIkw3zb7uDMERHPMbyuDK1N8zNEX3-ylsWcnYDru5wtmswUQBP5bN4QKrL0VJBaJe_U0DTecyGCgp6UVJ_La4-4s4EIQD1tY2jbYx71vhAmlRtZzLl2i2zRAjN7qiyCW1fNiYnjX-dHPbQ3qJ91LUp0AIGhNyVCcYjry1HXotGO76TtRk4AQBgAbGx_OR9K7H7SGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0O7g3R0OnmDgKhYKooLhH8BtokUg%26client%3Dca-pub-7554793497192362%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:42 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:42 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 0798 2 KB
1 KB 13ms
13ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:42 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:42 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 0798 308 B
636 B 14ms
14ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:42 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Thu, 09 May 2024 20:42:42 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 0798 293 B
621 B 17ms
17ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:42 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Thu, 09 May 2024 20:42:42 GMT

GET
H2 200 lg.php
cat.fr3.eu.criteo.com/delivery/ Frame 0798 43 B
347 B 18ms
18ms Image
image/gif 178.250.7.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.fr3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=Ozg08SIuT_cEaN4NLyLBESYqMsWm_r8qvcIhz5TeWgM-xBgHBb31QVTlnihim-NAW53icQnsGuPD-astume_5jArJevWnl-SG_CzOjeUCg7SN_Qcd3l48D3qsjYA9Re87zpBtcn9_q7QNL0wqoIOSL_m_2zhahxZCgstPQnNI6CffD6K9xsTCB8dssIUMPCWBCpT1LlHFnhFaxyzbd-9kxVjKgrVmvmhYAzaDejF2hMghSdbVUPV5mOZZnDIXrnm2SZaDt3_SY7Y9f_jLOMWfkyUuODgtmuq7_qikp7E7I30Gi3RWRPCyGbHwN4TNPiEuRM9mqJ4nhAcc8hBiTnBuPsjHq1F1DBj3rRUCYWhycniEwpBAC8qBmHhQLXoZ6ppB0pU01WFJJ2g7tbLH35DrujEpFye2fA4t4cEjEd56DLNEXBB

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:42 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2042062
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame DA5B 0
0 45ms
45ms Image
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202305100101&jk=3967767644196979&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

GET
H2 200 animejs.js
static.criteo.net/animejs/ Frame 5D99 12 KB
6 KB 17ms
14ms Script
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:42 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:42 GMT

GET
H2 200 webfontloader.js
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame 0798 12 KB
5 KB 13ms
13ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:42 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 408523
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4420
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1xFxn0ANBHw2nRl5cTjZi4FUbN0M4Bj0KkinoXxpZAS%2Fki12ZeEcjI%2F3NibQMr%2FMgXfysl2ccuxE0rw6xgTjandMBWWa7yQeH%2F%2FeOFLeoXuPO%2FeTEHg5xuk1ZhHoUQGG0OD0sGkiEPYZ5XDMN1Ogu6YA"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7c7e35810d832c41-FRA
expires: Sat, 04 May 2024 20:42:42 GMT

GET
H2 200 animejs.js
static.criteo.net/animejs/ Frame 0798 12 KB
6 KB 19ms
19ms Script
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:42 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:42 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 5D99 56 KB
56 KB 68ms
30ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?h=1200&m=0&partner=15724&q=80&r=0&u=http%3A%2F%2Fstatic.fr3.eu.criteo.net%2Fdesign%2Fdt%2F15724%2F230223%2F294e1dcfa60e4d0797b59f2575943fc0_img_horizontal_1.jpg&v=3&w=1200&s=QRTagS6lKs_sm4dQB2AC8ySK

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:42 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=31104000
content-length: 57532
expires: Wed, 01 May 2024 07:33:31 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 5D99 8 KB
9 KB 88ms
51ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=15724&q=80&r=0&u=https%3A%2F%2Fi1.adis.ws%2Ft%2Fjpl%2Fjd_product_list%3Fplu%3Djd_556787_a%26w%3D600%26h%3D425%26resmode%3Dsharp%26qlt%3D80%26v%3D1%26exclusive%3D1&v=3&w=400&s=K4Rzvngg78tu9B-VcUO44Zh5&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:42 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=1800
content-length: 8612
expires: Mon, 15 May 2023 21:09:16 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 5D99 9 KB
9 KB 92ms
55ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=15724&q=80&r=0&u=https%3A%2F%2Fi1.adis.ws%2Ft%2Fjpl%2Fjd_product_list%3Fplu%3Djd_FJ4211-100_a%26w%3D600%26h%3D425%26resmode%3Dsharp%26qlt%3D80%26v%3D1%26exclusive%3D1&v=3&w=400&s=pvUnS1cJw4ov0j0YSR8YELMA&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:42 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=1800
content-length: 9200
expires: Mon, 15 May 2023 21:08:14 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 5D99 8 KB
8 KB 93ms
56ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=15724&q=80&r=0&u=https%3A%2F%2Fi1.adis.ws%2Ft%2Fjpl%2Fjd_product_list%3Fplu%3Djd_HR4396_a%26w%3D600%26h%3D425%26resmode%3Dsharp%26qlt%3D80%26v%3D1&v=3&w=400&s=ozxjiBSDzNnbQe-zq3IDYodu&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:42 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=1800
content-length: 8236
expires: Mon, 15 May 2023 20:52:30 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 5D99 0
128 B 41ms
13ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=7mKEbVw-_Msrj2KhbkWUOYTOwXTPVjgOu4pXU2SXPttZq8bMwbgVpZuD4ALVapS1bv0WUwCa8LY1B_ei8aUxd6dEo3WIpYpZyD2sfedMbk-q2FDIVA3k2r19vCwHYLIk2K8jGq6b4b4ZLIGER8ItLCYfo61UyyZ4lwsMSc5zEYwXqkPt6aAsRqZi7l0o8Cjd0_smi-xFqWb8a_oAy_A8hBsBZPMHwaR9okWJZMNH74bMbywpf7P_QIV2MmdWEP3sPcOTqg&sds=2&rev=86118.2&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 15 May 2023 20:42:42 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 5D99 2 KB
1 KB 13ms
12ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:42 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:42 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 5D99 2 KB
1 KB 17ms
16ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:42 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:42 GMT

GET
H2 200 b4338c429b884dd1a41cf5d47720754c_gotham-regular.woff
static.criteo.net/design/dt/ Frame 0798 31 KB
31 KB 16ms
16ms Font
application/octet-stream 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/dt/b4338c429b884dd1a41cf5d47720754c_gotham-regular.woff

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Origin: https://ads.eu.criteo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:42 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Mon, 30 Oct 2017 21:00:07 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"59f792d7-7a00"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:42 GMT

GET
H2 200 19b6feaf7bb04307a5ed79d69ca28780_gotham-bold.woff
static.criteo.net/design/dt/ Frame 0798 15 KB
15 KB 14ms
14ms Font
application/octet-stream 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/dt/19b6feaf7bb04307a5ed79d69ca28780_gotham-bold.woff

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Origin: https://ads.eu.criteo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:42 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 01 Dec 2017 12:57:30 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5a2151ba-3b68"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:42 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 0798 56 KB
56 KB 54ms
53ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:42 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=31104000
content-length: 57532
expires: Wed, 01 May 2024 07:33:31 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 0798 8 KB
9 KB 60ms
59ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:42 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=1800
content-length: 8612
expires: Mon, 15 May 2023 21:09:16 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 0798 8 KB
8 KB 59ms
58ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=15724&q=80&r=0&u=https%3A%2F%2Fi1.adis.ws%2Ft%2Fjpl%2Fjd_product_list%3Fplu%3Djd_HR4396_a%26w%3D600%26h%3D425%26resmode%3Dsharp%26qlt%3D80%26v%3D1&v=3&w=400&s=ozxjiBSDzNnbQe-zq3IDYodu&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:42 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=1800
content-length: 8236
expires: Mon, 15 May 2023 20:52:30 GMT

GET
H2 200 img
imageproxy.eu.criteo.net/img/ Frame 0798 14 KB
15 KB 62ms
61ms Image
image/webp 2a02:2638:d::13
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.eu.criteo.net/img/img?c=3&cq=256&h=400&m=0&partner=15724&q=80&r=0&u=https%3A%2F%2Fi1.adis.ws%2Ft%2Fjpl%2Fjd_product_list%3Fplu%3Djd_632310_a%26w%3D600%26h%3D425%26resmode%3Dsharp%26qlt%3D80%26v%3D1&v=3&w=400&s=GS9U8CpEYS-uOEYLrrrMsCAT&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:42 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
content-type: image/webp
cache-control: public, max-age=1800
content-length: 14836
expires: Mon, 15 May 2023 21:02:36 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 0798 0
127 B 13ms
12ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=c4dKTVw-_Msrj2KhqNWOPKJ2S33tsUXohCA5S2e4QuS4VgPYpEUD7OHGwZmGm29oI641KG3Ca20mXffPe2beRXol9iqTm8LtP2EfkzuyrOm7Zx-2BYMBmN53e1iPv7GtRJ1Ywex59yBnPax5vJAQeA65CsOirxEMAHYJNvustlkJDBfhxSnRl3mGFMfAn7YVBkSMMSn9OzYeSYnbuOROJ9euribCzPPFBumb1WMwX2Wnn_sEIymS31kf7AwP42kto65tJA&sds=2&rev=86118.2&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 15 May 2023 20:42:41 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 0798 2 KB
1 KB 13ms
12ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:42 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:42 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 0798 2 KB
1 KB 15ms
15ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:42 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:42 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 2EFC 0
10 B 7ms
6ms Image
text/plain 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?ibGcFw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:42 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H2 200 all
csm.eu.criteo.net/ Frame 0798 0
127 B 13ms
13ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 15 May 2023 20:42:42 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

POST
H2 200 all
csm.eu.criteo.net/ Frame 5D99 0
127 B 13ms
12ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 15 May 2023 20:42:42 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 Primary Request / Show response
www.newtimes.co.rw/ 180 KB
46 KB 147ms
147ms Document
text/html 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.newtimes.co.rw/
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1e1927a9580b4b0088e1e4f0701521b910e1fd1fd1f52c060dcf6f15f0080459

Request headers

Referer: https://www.newtimes.co.rw/article/6147/n
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, private
cf-cache-status: DYNAMIC
cf-ray: 7c7e35831aa79bc2-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 15 May 2023 20:42:43 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ymY6csfq86mJZ6TMK9CwiTuePKS2vzmodzTsz%2B0qCkX9p%2BxPjp%2BqpTJ8oBC3EuX3wVr%2Ffj2oikEwf8josodBl1KxvrMHe372mIJAUAiFVO0NbC%2BjFEPMdIHurDqcyFlgKV5wpNhQ6v4AG1f1UAz5wQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-cache: BYPASS
x-device: device=Desktop

POST collect
region1.analytics.google.com/g/ 0
0

GET activeview
pagead2.googlesyndication.com/pcs/ Frame 664B 0
0

GET activeview
pagead2.googlesyndication.com/pcs/ Frame 25D2 0
0

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 119 KB
46 KB 20ms
20ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-74288219-1

Requested by

Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

680d3d4711f6d6dafbc2ed29ef27934b2a176699fb7c8a69ad0813d54e4dc24f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:43 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 47256
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 15 May 2023 20:42:43 GMT

GET
H2 200 chartbeat_mab.js Show response
static.chartbeat.com/js/ 23 KB
10 KB 8ms
6ms Script
application/x-javascript 2600:9000:2057:f000:18:1fcd:351:7bc1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat_mab.js
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:f000:18:1fcd:351:7bc1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 5da042d5812f163384470df8b5fbca46e8364922c47407a8dbdcf114066fc6ab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 01:35:12 GMT
content-encoding: gzip
via: 1.1 a0a81637cc76d6981e4e29044a73b7f6.cloudfront.net (CloudFront)
last-modified: Wed, 20 Jul 2022 00:57:56 GMT
server: nginx
x-amz-cf-pop: FRA6-C1
age: 68851
etag: W/"62d75314-5d6b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-amz-cf-id: SG_gfLgNFV8dothY2Bo4Z3VbMaviQwJPj8Ko33HziUTa7WwURQc_og==
expires: Tue, 16 May 2023 01:35:12 GMT

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
709 B 17ms
16ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Source+Sans+Pro:ital@1&display=swap

Requested by

Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4ac31f223f44761b6db3628161b0099bbf06ffe5a54ce45cb71bdd1f4b7a2473

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 15 May 2023 20:42:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 15 May 2023 20:42:43 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 15 May 2023 20:42:43 GMT

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
583 B 18ms
17ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Ubuntu&display=swap

Requested by

Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b7506715d8ff403a7e4a56b46e757ecd12c8a59e4c48d8f0478b62186f51bb1a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 15 May 2023 20:42:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 15 May 2023 19:48:20 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 15 May 2023 20:42:43 GMT

GET
H2 200 css2
fonts.googleapis.com/ 20 KB
850 B 22ms
21ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Archivo:ital,wght@0,100;0,200;0,300;0,400;0,600;0,700;0,800;0,900;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

Requested by

Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

0c9652b3df1fcaba87c244caf25fb0c1d129cfedc8c42bb67c06df3ee8afb09a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 15 May 2023 20:42:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 15 May 2023 20:42:43 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 15 May 2023 20:42:43 GMT

GET
H2 200 general-styles.min.css
www.newtimes.co.rw/theme_newtimes/css/ 4 KB
1 KB 16ms
15ms Stylesheet
text/css 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.newtimes.co.rw/theme_newtimes/css/general-styles.min.css?v=0.37
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 00561f3d40eb57585e3c30d2b595d0f2d890ab22bff0cbbd779f8a0c42d0b32f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:43 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Fri, 18 Nov 2022 10:21:04 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
locationdebug: 1
age: 4546
etag: W/"63775c90-fd7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MDtbLQYD48bNmw%2BQaCkHWc7Dtx30w%2BbynJxz43Q0fPaVHSs%2FwClRaolIGQpTD6D7RkRLNeYy3TkMYBnSNZjc9theMBqEX%2Bqg%2BbeAApE5NXixWQLGNANVT3HcITsIJjJN1Qg9uMs3QQExkjsR5YXfWw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 7c7e35843bf19bc2-FRA

GET
H2 200 logo1.png
www.newtimes.co.rw/theme_newtimes/images/ 3 KB
4 KB 20ms
16ms Image
image/webp 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.newtimes.co.rw/theme_newtimes/images/logo1.png
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cba432fb6049713a37723932c0af7a57b174a9b8600f43aa46e4d19d6c56cf4c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:43 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
locationdebug: 1
age: 861
cf-polished: origFmt=png, origSize=5510
content-disposition: inline; filename="logo1.webp"
content-length: 3240
cf-bgj: imgq:100,h2pri
last-modified: Thu, 21 Jul 2022 13:09:02 GMT
server: cloudflare
etag: "62d94fee-1586"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fDnMCr3TLt5tsi4MSbw9JfxCWLTjFsHeNwZBvOKMbfmoP4MMNPIM8SmbUj6fpf1kMEMDP%2B%2FN6wxYBLy6DP0Pd9ot5DDYcE6ILo6h0EmNCjdkudoFr8J10fIySMO2Kd5JezvFq2zlyYk8nYiR4m4Byw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7c7e35846c459bc2-FRA

GET
H2 200 email-decode.min.js Show response
www.newtimes.co.rw/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 13ms
9ms Script
application/javascript 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.newtimes.co.rw/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 12 May 2023 12:05:41 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"645e2b95-4d7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9qkYkD8MITfElyNphqQ5B8VO%2Fw0WFWLJGBRZrAGd1bE%2FCpIyFEQg4je%2BKRPKTSuewJ3jONNIucDkMrAggyWJWGOmAo7SBxUduzqvYqjSDesUYyv1%2FALTdI2An4CddiNx9gzpypzp8EY4lmNqCdYmBg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 7c7e35846c3f9bc2-FRA
expires: Wed, 17 May 2023 20:42:43 GMT

GET
H2 200 18779.jpeg
www.newtimes.co.rw/thenewtimes/uploads/images/2023/05/15/ 248 KB
249 KB 44ms
40ms Image
image/webp 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.newtimes.co.rw/thenewtimes/uploads/images/2023/05/15/18779.jpeg
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aabf3581c2006f4834a49dfa705f42fe4e10f7acbfd44be8c8ba5ec4fd331660

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:43 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
locationdebug: 1
cf-polished: origFmt=jpeg, origSize=449073
content-disposition: inline; filename="18779.webp"
content-length: 253998
cf-bgj: imgq:100,h2pri
last-modified: Mon, 15 May 2023 17:15:15 GMT
server: cloudflare
etag: "646268a3-6da31"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=820RILA9kMC8%2FNyWyDLdAuDBCAgSbZVXB%2BL51Ksb96fTDbJzWOLKwT0Filpvk1RPg7QRXs3u0UAsjiVOmJsZLck5Jajf5orrcTEag24ZFUTdiJvVeH5chkbPC6Dp9jBX539YZDyMtNhJRCLvAI1F8A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7c7e35846c479bc2-FRA

GET
H3 200 css2
fonts.googleapis.com/ 8 KB
588 B 22ms
19ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Archivo:wght@400;500;600;700;800;900&display=swap

Requested by

Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f910e4ad88c6833f05ccb40b8c17fdd0834f1e467a64bf7bf81cf91e4e0ebd99

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 15 May 2023 20:42:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 15 May 2023 20:42:43 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 15 May 2023 20:42:43 GMT

GET
H2 200 18778.jpeg
www.newtimes.co.rw/thenewtimes/uploads/images/2023/05/15/ 135 KB
135 KB 21ms
17ms Image
image/webp 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.newtimes.co.rw/thenewtimes/uploads/images/2023/05/15/18778.jpeg
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 701de9034825c64ca25016b34df3071046480de246bc8087814b4c9b79c17be5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:43 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
locationdebug: 1
age: 4106
cf-polished: origFmt=jpeg, origSize=307597
content-disposition: inline; filename="18778.webp"
content-length: 137900
cf-bgj: imgq:100,h2pri
last-modified: Mon, 15 May 2023 16:54:36 GMT
server: cloudflare
etag: "646263cc-4b18d"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AN9HZ4LHf1%2BX8kT7sNbGprXWhwnvg4i4CibAt48gE4rlvj5jOTh4LrbreVQWuvnP37axUEWksjjbKRpctCYTSumCyjqx8jd27qkktidKSWlfWho790meF8rNL4Z6mk2BmgI2dL8Hs%2FjUejfgYNavrA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7c7e35846c4a9bc2-FRA

GET
H2 200 backtop-icon.svg
www.newtimes.co.rw/theme_newtimes/images/ 289 B
476 B 24ms
20ms Image
image/svg+xml 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.newtimes.co.rw/theme_newtimes/images/backtop-icon.svg
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ad69f2c2dab8b483c052adefe6a3c523cd50b5ed697c4f829a9aff37c3c132c3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:43 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 22 Jun 2022 06:24:39 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
locationdebug: 1
age: 3
etag: W/"62b2b5a7-121"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=meB%2Bxe%2BSirSRJbsZIPRvSmK2cUgJW9nnIv5u9EXlrROy73x1p8vTxT5m7Hgg1y5dmgoao1WZmqaaT12fLmeg35ygmY1uylOH1vCA6i3bvgmGlTZIrfODodX0AP1MnLFsdW6cGj3A0IHlYb570BG3mA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 7c7e35846c4b9bc2-FRA

GET
H2 200 slogan.svg
www.newtimes.co.rw/theme_newtimes/images/ 30 KB
23 KB 18ms
15ms Image
image/svg+xml 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.newtimes.co.rw/theme_newtimes/images/slogan.svg
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ce405e27630dd0f75c2e2c282ae3e830664f61189dcfc63fed3efa38831f9902

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:43 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 22 Jun 2022 06:24:39 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
locationdebug: 1
age: 3
etag: W/"62b2b5a7-7710"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Dhwxk9yn8vjycameA4PMOciZiteUxLEVJicEW4qhKQ0RzX%2BKD63RVLXtI6uoLlqqropXUTo9XD2l99%2FoIvlg%2BNKMattK6L%2BbehC7IoMP%2BIvmbJfHarpoTzslhCSSX7Ke%2B9cKvOF0nUH7Zu7UU9BUbQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=14400
cf-ray: 7c7e35846c4c9bc2-FRA

GET
H2 200 gpt.js Show response
cdn.yourbow.com/newtimesrwanda/ 278 KB
278 KB 22ms
19ms Script
text/javascript 35.244.141.151
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.141.151 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 151.141.244.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 226a2fc6ae1507b3f50ad446d0a19066e86e9fbd18428d288d9eeb280a99c109

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:18:58 GMT
age: 1425
x-guploader-uploadid: ADPycdsFVf3Ls5sxQOTj0OOw0T2_OwPV8neG73JNfUJRs1R5shuCOPdkH2X3NkYdNL0d73vxXS5BmbRPOC9ShLKatVMNrw
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 284454
last-modified: Fri, 07 Oct 2022 12:31:53 GMT
server: UploadServer
etag: "31f0798faebe9cc78b5c024a33a88a4c"
x-goog-generation: 1665145913764615
x-goog-hash: crc32c=I55Fyg==, md5=MfB5j66+nMeLXAJKM6iKTA==
content-type: text/javascript
cache-control: public,max-age=3600
x-goog-stored-content-length: 284454
accept-ranges: bytes

GET
H2 200 chartbeat.js Show response
static.chartbeat.com/js/ 37 KB
15 KB 11ms
7ms Script
application/x-javascript 2600:9000:2057:f000:18:1fcd:351:7bc1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat.js
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:f000:18:1fcd:351:7bc1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 7b307f2ce73aec07bfa1ab1d6462f491de0497c8819b1d6fed66eda9638a3530

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 01:10:22 GMT
content-encoding: gzip
via: 1.1 a0a81637cc76d6981e4e29044a73b7f6.cloudfront.net (CloudFront)
last-modified: Thu, 08 Dec 2022 17:25:10 GMT
server: nginx
x-amz-cf-pop: FRA6-C1
age: 70341
etag: W/"63921df6-9377"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
cache-control: max-age=86400
cross-origin-resource-policy: cross-origin
x-amz-cf-id: uH-C3geacBNEOlSVzUIY-bubKrQrAoKsNcd5r49rtNXY_FXz9tDuig==
expires: Tue, 16 May 2023 01:10:22 GMT

GET
H2 200 DuplicateSans.ttf
www.newtimes.co.rw/theme_newtimes/fonts/ 87 KB
87 KB 16ms
15ms Font
application/octet-stream 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.newtimes.co.rw/theme_newtimes/fonts/DuplicateSans.ttf
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/theme_newtimes/css/general-styles.min.css?v=0.37
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f6b339f595ef77c30861bb54152c9215d18cec2ee0d9dd8a6cbc9f301f3b1c4c

Request headers

Referer: https://www.newtimes.co.rw/theme_newtimes/css/general-styles.min.css?v=0.37
Origin: https://www.newtimes.co.rw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:43 GMT
cf-cache-status: HIT
last-modified: Wed, 22 Jun 2022 06:24:39 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
locationdebug: 1
age: 4546
etag: "62b2b5a7-15c10"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b2TPhe45Po0swDPCgIBAduJJD0Kk6qTwHot6PsLflSGf2A8l0n5boj7OO0koHE3JJ%2FvkTE69Yqh6Bm3UXz%2FbTnMNRUNKPzqAV6PU23YN0Q%2Ffq9LDFj9ffvdO%2FhcinqtwpEpky2zXtH1cOBDnPkKmwg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7c7e35847c5a9bc2-FRA
content-length: 89104

GET
H2 200 icomoon.ttf
www.newtimes.co.rw/theme_newtimes/fonts/ 6 KB
6 KB 21ms
20ms Font
application/octet-stream 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.newtimes.co.rw/theme_newtimes/fonts/icomoon.ttf?d4tn9f
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/theme_newtimes/css/general-styles.min.css?v=0.37
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 81097875d2c45f38ab8460111afa8cb1723e6a0ee1a2a9b2e4066833f39890bf

Request headers

Referer: https://www.newtimes.co.rw/theme_newtimes/css/general-styles.min.css?v=0.37
Origin: https://www.newtimes.co.rw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:43 GMT
cf-cache-status: HIT
last-modified: Tue, 12 Jul 2022 13:30:02 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
locationdebug: 1
age: 4546
etag: "62cd775a-1800"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HvX1PGX2mKBmqTFmgDwTABtw%2FZQ5fNki7V3XLerrFBZzc1k4TX%2F8pjzepBp2fwN48e2V%2BURVG%2F2Tz7yXtUkYsHgGmcC%2BzAPQ1YsMZi5fgJAnhp3N1%2FsaYklBmbh8ZzHRe14D8k8oUq1a0sNDSI4r4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7c7e35847c5d9bc2-FRA
content-length: 6144

GET
H2 200 Greyscale_Basic_Bold.ttf
www.newtimes.co.rw/theme_newtimes/fonts/ 74 KB
75 KB 17ms
17ms Font
application/octet-stream 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.newtimes.co.rw/theme_newtimes/fonts/Greyscale_Basic_Bold.ttf
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/theme_newtimes/css/general-styles.min.css?v=0.37
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 41bb251f8f9ca9b814770618ccaeb6d9586a479b98ba88740fa50c9e661f92a8

Request headers

Referer: https://www.newtimes.co.rw/theme_newtimes/css/general-styles.min.css?v=0.37
Origin: https://www.newtimes.co.rw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:43 GMT
cf-cache-status: HIT
last-modified: Wed, 22 Jun 2022 06:24:39 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
locationdebug: 1
age: 7019
etag: "62b2b5a7-12964"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DkFJSLDoajE4QUMXRhIqH2kGcgZk0j57D4Q50N1FKqHhRiSYaqgE8RbdcTqGCZLdSdaBIEDJBWyJzq7W177P6bHliq6Zg7pT%2BOw5X2kFnnwm7pWm%2BmGB0Ca4rQFSXKB81dTsYvpOSo4Kua4pFsmKvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7c7e35847c5e9bc2-FRA
content-length: 76132

GET
H2 200 PeriodicoDisplay.ttf
www.newtimes.co.rw/theme_newtimes/fonts/ 72 KB
73 KB 14ms
13ms Font
application/octet-stream 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.newtimes.co.rw/theme_newtimes/fonts/PeriodicoDisplay.ttf
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/theme_newtimes/css/general-styles.min.css?v=0.37
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e64a107cd561670cd079ebec398973b9e1d2db0e8355f7bd537e7cf93f8df7ed

Request headers

Referer: https://www.newtimes.co.rw/theme_newtimes/css/general-styles.min.css?v=0.37
Origin: https://www.newtimes.co.rw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:43 GMT
cf-cache-status: HIT
last-modified: Wed, 22 Jun 2022 06:24:39 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
locationdebug: 1
age: 4546
etag: "62b2b5a7-12118"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yAbu7VvvMd14osHJvjsz9fwzMzgVgQzSR0PzOFi%2BX3VbLDBBsidT0bx8BqSvlMr4qCDRHDZRJ2AqZZveY%2FRAk0frBay1LHz%2F51vAuDiF2VVv2173%2BxI2juHdKtENTzxks2kw94dLKn2O3fgmHSWuAA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7c7e3584fcf89bc2-FRA
content-length: 74008

GET
H2 200 DuplicateSans-Medium.ttf
www.newtimes.co.rw/theme_newtimes/fonts/ 90 KB
90 KB 15ms
14ms Font
application/octet-stream 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.newtimes.co.rw/theme_newtimes/fonts/DuplicateSans-Medium.ttf
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/theme_newtimes/css/general-styles.min.css?v=0.37
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4a6e9aea39f6bc726aafb74977e1f6fa754432922aecc18301f5e291d0e33c48

Request headers

Referer: https://www.newtimes.co.rw/theme_newtimes/css/general-styles.min.css?v=0.37
Origin: https://www.newtimes.co.rw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:43 GMT
cf-cache-status: HIT
last-modified: Wed, 22 Jun 2022 06:24:39 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
locationdebug: 1
age: 4546
etag: "62b2b5a7-16814"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2kmPBmSN6Db%2FwmeukNIx9TZrtA2tlonwZ3R8lgK17GL0wXxUSce5SiFenZq7pr%2Bo4Ty%2BnV2Zl7%2FmtCo%2BXykyZdE0VOCk2EJsS5rb3twkwGGU4aUclGTHz1Uvezn%2FfIpt2%2FREsSpj0plgmic0yfSnZA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7c7e3584fcfa9bc2-FRA
content-length: 92180

GET
H2 200 k3kPo8UDI-1M0wlSV9XAw6lQkqWY8Q82sLydOxI.woff2
fonts.gstatic.com/s/archivo/v18/ 31 KB
31 KB 30ms
7ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/archivo/v18/k3kPo8UDI-1M0wlSV9XAw6lQkqWY8Q82sLydOxI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Archivo:ital,wght@0,100;0,200;0,300;0,400;0,600;0,700;0,800;0,900;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

68c831b3324ca6fea43d48681ac2b9338b794ecdb60ff7fa7059a997d4007604

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.newtimes.co.rw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Thu, 11 May 2023 19:40:47 GMT
x-content-type-options: nosniff
age: 349316
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31516
x-xss-protection: 0
last-modified: Fri, 24 Jun 2022 19:34:15 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 10 May 2024 19:40:47 GMT

GET
H2 200 / Show response
mab.chartbeat.com/mab_strategy/headline_testing/get_strategy/ 159 B
215 B 223ms
221ms XHR
application/json 2a04:4e42::714
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://mab.chartbeat.com/mab_strategy/headline_testing/get_strategy/?host=newtimes.co.rw&domain=newtimes.co.rw&path=%2F
Requested by: Host: static.chartbeat.com
URL: https://static.chartbeat.com/js/chartbeat_mab.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42::714 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: d00b5477d00f8736d2e6d3fdab41ede97e8574d75b74a6a8b3d192a90a060b63

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

x-cache-hits: 2
date: Mon, 15 May 2023 20:42:43 GMT
content-encoding: gzip
via: 1.1 varnish (Varnish/6.0), 1.1 varnish
age: 200
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 124
x-served-by: cache-gig2250026-GIG
x-timer: S1684183363.489812,VS0,VE0
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
content-type: application/json
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, s-maxage=0
accept-ranges: bytes
expires: Sat, 13 May 2023 20:39:23 GMT

GET
H2 200 ping
ping.chartbeat.net/ 43 B
200 B 99ms
99ms Image
image/gif 54.165.163.91
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ping.chartbeat.net/ping?h=newtimes.co.rw&p=%2F&u=C2hOJkBGN4QLEN4ys&d=newtimes.co.rw&g=67020&g0=No%20Section&g1=No%20Author&n=1&f=00001&c=0&x=0&m=0&y=5818&o=1600&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&v=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&PA=https%3A%2F%2Fwww.newtimes.co.rw%2F&b=326&t=B5Se63Btf7VW6pY1JlsL9kS8Cs2&V=139&z=t%3Do_P5gCp3yLsX2jtzTbZCQD9-Btp%26E%3D2%26x%3D0%26c%3D0.04%26y%3D1200%26w%3D1200&i=The%20New%20Times%20-%20Home&tz=0&sn=1&sv=BlOmPyBVSEKMD3WSl0ecHEfBxTn0-&sd=2&im=067b0fff&_
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.165.163.91 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-165-163-91.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Mon, 15 May 2023 20:42:43 GMT
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-length: 43
expires: 0

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 232 KB
80 KB 24ms
24ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-MEM2QN6706&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-74288219-1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b1d4d1509431c0c3bdeba9c801efc2c4dc88b502cddf4d4f5835328b57b443f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:43 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 82181
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 15 May 2023 20:42:43 GMT

GET
H3 200 analytics.js Show response
www.google-analytics.com/ 51 KB
20 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-74288219-1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 15 May 2023 20:35:39 GMT
last-modified: Mon, 17 Apr 2023 22:36:01 GMT
server: Golfe2
age: 424
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20737
expires: Mon, 15 May 2023 22:35:39 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 7ms
7ms Image
image/gif 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j100&a=1824289973&t=pageview&_s=1&dl=https%3A%2F%2Fwww.newtimes.co.rw%2F&ul=en-us&de=UTF-8&dt=The%20New%20Times%20-%20Home&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=QACAAUABAAAAAAAAI~&jid=&gjid=&cid=1224847520.1684183361&tid=UA-74288219-1&_gid=940470946.1684183361&gtm=457e35a0&jsscut=1&z=1833384742

Requested by

Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 15:08:34 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 20049
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 74 KB
25 KB 87ms
86ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1ae610dc9e81bb73c9e8bcbc550d08469000307f1fdae98cf0bf038f28fc4789

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:43 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25271
x-xss-protection: 0
server: cafe
etag: 359 / 19492 / m202305090101 / config-hash: 1127544179918750415
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 15 May 2023 20:42:43 GMT

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/ 402 KB
124 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4dc80fcaf6db01fa29ced797dbb0947bb3bb95b1a88f893f389cf17144166075

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 14:02:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 24041
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 127184
x-xss-protection: 0
server: cafe
etag: 3263738860219486170
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Tue, 14 May 2024 14:02:02 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 78 B
85 B 42ms
41ms XHR
application/json 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.newtimes.co.rw

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

91ad26b5c0957975f48585654f032afa6e3f6242a63ab8314d1de785ce076146

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:43 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61
x-xss-protection: 0
expires: Mon, 15 May 2023 20:42:43 GMT

GET
H2 200 pwt.js Show response
ads.pubmatic.com/AdServer/js/pwt/158370/4934/ 222 KB
67 KB 17ms
16ms Script
application/javascript 23.35.236.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/pwt/158370/4934/pwt.js
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-201.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 51eaf649e037fafcd0277a848ff4b54c4216e8799b7e72c53e1d7265c6a116c6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:43 GMT
content-encoding: gzip
last-modified: Sat, 29 Apr 2023 00:41:53 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=124822
accept-ranges: bytes
content-length: 68431
expires: Wed, 17 May 2023 07:23:05 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 230 KB
57 KB 7ms
6ms Script
application/javascript 52.222.208.154
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.208.154 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-208-154.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: bf5de2a37e1b850ca9cc3b1a55bccd36def2be3524d0c5acb67b61f26aac8a96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 19:49:17 GMT
content-encoding: gzip
via: 1.1 5fa65194b963365c20fbd28444032cfc.cloudfront.net (CloudFront), 1.1 eaedf92fd05c53aa96f20b6322b473e6.cloudfront.net (CloudFront)
last-modified: Wed, 10 May 2023 21:23:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1, FRA56-P3
age: 3207
x-amz-server-side-encryption: AES256
etag: W/"e6af4658ab1a6fdde1f0066b27d5372e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-id: JKqEPb9o0kTKx85YxRmFBUx5JCFsTBpDIldQZOzTvO3nF6FsZo1TTg==

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 4 KB
2 KB 98ms
96ms XHR
application/json 2602:803:c003:200::41
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17046&site_id=315192&zone_id=1608182&size_id=2&alt_size_ids=55&rp_schain=1.0,1!yourbow.com,76,1,,,&rf=http%3A%2F%2Fwww.newtimes.co.rw%2F&kw=newtimes%2Crwandanews%2Ctnt%2Crwanda%2Ckigali%2Cnews%2Ceastafrica&tg_i.ref=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&tg_i.page=http%3A%2F%2Fwww.newtimes.co.rw%2F&tg_i.domain=newtimes.co.rw&tg_i.pbadslot=%2F21828795265%2FTNT%2FTNT_home&tk_flint=pbjs_lite_v7.18.0&x_source.tid=fe4e416d-839c-4595-a6c9-aaf923fe3a36&l_pb_bid_id=2ba9905f7fadbc&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F21828795265%2FTNT%2FTNT_home&slots=1&rand=0.1521801427000513
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::41 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 42c1c369b05f0ed047726f0ced4ab65fa8807cd12ef8c3fe0c3fe99c2bc6e8eb

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:43 GMT
content-encoding: gzip
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.newtimes.co.rw
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 424 B
482 B 83ms
81ms XHR
application/json 2602:803:c003:200::41
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17046&site_id=315192&zone_id=1608182&size_id=2&alt_size_ids=55&rp_schain=1.0,1!yourbow.com,76,1,,,&rf=http%3A%2F%2Fwww.newtimes.co.rw%2F&kw=newtimes%2Crwandanews%2Ctnt%2Crwanda%2Ckigali%2Cnews%2Ceastafrica&tg_i.ref=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&tg_i.page=http%3A%2F%2Fwww.newtimes.co.rw%2F&tg_i.domain=newtimes.co.rw&tg_i.pbadslot=%2F21828795265%2FTNT%2FTNT_home&tk_flint=pbjs_lite_v7.18.0&x_source.tid=fe4e416d-839c-4595-a6c9-aaf923fe3a36&l_pb_bid_id=395528db86c6e9&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F21828795265%2FTNT%2FTNT_home&slots=1&rand=0.342572688526775
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::41 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: ce0b96f89eae40bb3b56648de2c8225856d1574aec4dda6a231f09a1c08ad1bc

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:43 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.newtimes.co.rw
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 424
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
159 B 13ms
12ms XHR
text/plain 54.93.178.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.93.178.54 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-93-178-54.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.newtimes.co.rw
date: Mon, 15 May 2023 20:42:43 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
159 B 10ms
9ms XHR
text/plain 54.93.178.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.93.178.54 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-93-178-54.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.newtimes.co.rw
date: Mon, 15 May 2023 20:42:43 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 246 B
1 KB 7ms
7ms XHR
application/json 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

3f94657c31d73d3f8cfaf1b079185edbac32188f5e263ca38154d8f7a4fb21e5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:43 GMT
AN-X-Request-Uuid: 4c69431c-f4b0-47c4-b2bf-49250625b8c1
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.newtimes.co.rw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 246
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 34 KB
10 KB 111ms
111ms XHR
application/json 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

f961fc2ce93baef2fb4de117dfc488d3738b06e9c1d62b4527d18012ec95241e

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 15 May 2023 20:42:43 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 70be8fcf-ca44-4cac-874c-4ca1835c0ee9
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.newtimes.co.rw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
62 B 41ms
41ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.newtimes.co.rw
date: Mon, 15 May 2023 20:42:43 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
805 B 45ms
44ms XHR
application/json 34.107.148.139
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CUN4B97C
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 58d0fe6f00ed5f12073027fabbed88ebebb8c6d0b178a5d5ba9369949659995d

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:43 GMT
content-encoding: gzip
via: 1.1 google
server: nginx
accept-ch: Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
expires: Mon, 15 May 2023 20:42:43 GMT

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
159 B 9ms
9ms XHR
text/plain 54.93.178.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.93.178.54 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-93-178-54.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.newtimes.co.rw
date: Mon, 15 May 2023 20:42:43 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
62 B 13ms
13ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.newtimes.co.rw
date: Mon, 15 May 2023 20:42:42 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 17 KB
9 KB 85ms
85ms XHR
application/json 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

35262e99f3fa80a555031466dfab2dd447d9b8ae1d408060eb4d101ae36d1875

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 15 May 2023 20:42:43 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 553797b4-0361-4212-b29e-982e6ebb5b55
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.newtimes.co.rw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 404 B
439 B 86ms
86ms XHR
application/json 2602:803:c003:200::41
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17046&site_id=315192&zone_id=1608182&size_id=2&rp_schain=1.0,1!yourbow.com,76,1,,,&rf=http%3A%2F%2Fwww.newtimes.co.rw%2F&kw=newtimes%2Crwandanews%2Ctnt%2Crwanda%2Ckigali%2Cnews%2Ceastafrica&tg_i.ref=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&tg_i.page=http%3A%2F%2Fwww.newtimes.co.rw%2F&tg_i.domain=newtimes.co.rw&tg_i.pbadslot=%2F21828795265%2FTNT%2FTNT_home&tk_flint=pbjs_lite_v7.18.0&x_source.tid=b3f869b7-9a10-4d5d-b381-7a6976670b07&l_pb_bid_id=269950604d03f3c&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F21828795265%2FTNT%2FTNT_home&slots=1&rand=0.33470176270602514
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::41 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: eab2aae155acddc9e3b5546a99b71443d14decfb2a222e64793629fb9e947505

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:43 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.newtimes.co.rw
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 404
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 145 B
1 KB 137ms
137ms XHR
application/json 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

f4cf99006988509d9e94b1fc6420bb3896244a7dadbc49f2eb44e28396ee4815

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:43 GMT
AN-X-Request-Uuid: 3ba5cf69-bdbb-43a7-8cbd-07153fe31482
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.newtimes.co.rw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
781 B 45ms
45ms XHR
application/json 34.107.148.139
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CUN4B97C
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: a829e85f81b8b34a49a526ecdc03b18f26604d679f50c825e34cb2636013900c

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:43 GMT
content-encoding: gzip
via: 1.1 google
server: nginx
accept-ch: Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
expires: Mon, 15 May 2023 20:42:43 GMT

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
159 B 10ms
9ms XHR
text/plain 54.93.178.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.93.178.54 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-93-178-54.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.newtimes.co.rw
date: Mon, 15 May 2023 20:42:43 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
783 B 52ms
52ms XHR
application/json 34.107.148.139
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CUN4B97C
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 041d7db1f2f6a660ae214e8be3e3e5d5c0a5d61f7a7000649ccd13441bee5bef

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:43 GMT
content-encoding: gzip
via: 1.1 google
server: nginx
accept-ch: Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
expires: Mon, 15 May 2023 20:42:43 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 17 KB
9 KB 132ms
132ms XHR
application/json 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

13b7f277264c786a6a8089e7248df0262d3c0bd1bedb64b3cb48dc1a21c75bda

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 15 May 2023 20:42:43 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 4f3ea9f1-3ba4-4724-ae69-7499fd346fd1
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.newtimes.co.rw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 404 B
439 B 87ms
86ms XHR
application/json 2602:803:c003:200::41
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17046&site_id=315192&zone_id=1608182&size_id=2&rp_schain=1.0,1!yourbow.com,76,1,,,&rf=http%3A%2F%2Fwww.newtimes.co.rw%2F&kw=newtimes%2Crwandanews%2Ctnt%2Crwanda%2Ckigali%2Cnews%2Ceastafrica&tg_i.ref=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&tg_i.page=http%3A%2F%2Fwww.newtimes.co.rw%2F&tg_i.domain=newtimes.co.rw&tg_i.pbadslot=%2F21828795265%2FTNT%2FTNT_home&tk_flint=pbjs_lite_v7.18.0&x_source.tid=f2b34eda-1390-4973-b7b6-2c76c97801d2&l_pb_bid_id=38b30e49f66d2bc&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F21828795265%2FTNT%2FTNT_home&slots=1&rand=0.7874293745736753
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::41 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: efff86878ca9d39cf24f6db8869883220b29bca6eec484cd2c1ab198205d25b3

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:43 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.newtimes.co.rw
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 404
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 144 B
1 KB 146ms
146ms XHR
application/json 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

eba039adfb6a97b8a4e3b1225d2b4ba287b2872562f993aaf87f1bd0e1cb2b8b

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:43 GMT
AN-X-Request-Uuid: dd0bfbcb-9c33-449c-91f1-33b7236bd09a
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.newtimes.co.rw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 144
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
62 B 305ms
305ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.newtimes.co.rw
date: Mon, 15 May 2023 20:42:43 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
159 B 13ms
12ms XHR
text/plain 54.93.178.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.93.178.54 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-93-178-54.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.newtimes.co.rw
date: Mon, 15 May 2023 20:42:43 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
782 B 48ms
47ms XHR
application/json 34.107.148.139
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CUN4B97C
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 57130e887446d43791ef89e20d1b124abf0bb46c1582523c5f37865ae6b8dc1a

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:43 GMT
content-encoding: gzip
via: 1.1 google
server: nginx
accept-ch: Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
expires: Mon, 15 May 2023 20:42:43 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 145 B
1 KB 185ms
184ms XHR
application/json 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

c04ce59d9c0ef75453ede3bc73be9675c4a71260bdff7965e921ac2e78dc6539

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:44 GMT
AN-X-Request-Uuid: 788f3c69-3286-46b9-8153-838a71421d47
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.newtimes.co.rw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 404 B
439 B 91ms
91ms XHR
application/json 2602:803:c003:200::41
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17046&site_id=315192&zone_id=1608182&size_id=2&rp_schain=1.0,1!yourbow.com,76,1,,,&rf=http%3A%2F%2Fwww.newtimes.co.rw%2F&kw=newtimes%2Crwandanews%2Ctnt%2Crwanda%2Ckigali%2Cnews%2Ceastafrica&tg_i.ref=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&tg_i.page=http%3A%2F%2Fwww.newtimes.co.rw%2F&tg_i.domain=newtimes.co.rw&tg_i.pbadslot=%2F21828795265%2FTNT%2FTNT_home&tk_flint=pbjs_lite_v7.18.0&x_source.tid=b14f3c3e-2ff9-4fdb-a3d0-7ea02e060775&l_pb_bid_id=5027e0a00f4b6fd&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F21828795265%2FTNT%2FTNT_home&slots=1&rand=0.44568766343503974
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::41 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 257ff71d0dbc9ba651c5a42f4f2b4c4a5b36b2f87a02aabfb5592f7246a18fdb

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:43 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.newtimes.co.rw
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 404
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
62 B 28ms
28ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.newtimes.co.rw
date: Mon, 15 May 2023 20:42:43 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 139 B
1 KB 21ms
6ms XHR
application/json 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

87dd8761626cf628f262abd3d86b1f2829854d2d497b24a7322811e664124146

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:43 GMT
AN-X-Request-Uuid: 15b5c25e-c7d9-45d7-a449-7f846f1e491c
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.newtimes.co.rw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 139
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
165 B 20ms
18ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.newtimes.co.rw

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 17ms
16ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.newtimes.co.rw

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 22 KB
10 KB 283ms
282ms XHR
text/plain 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3441115050061315&correlator=266244569736163&eid=31074646&output=ldjh&gdfp_req=1&vrg=202305090101&ptt=17&impl=fif&iu_parts=21828795265%2CTNT%2CTNT_home&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90%7C970x90&ifi=1&adks=3658131758&sfv=1-0-40&prev_scp=pos%3Dtop%26hb_format%3Dbanner%26hb_size%3D728x90%26hb_pb%3D0.16%26hb_adid%3D24114b0beb3b02c1%26hb_bidder%3Drubicon&eri=1&sc=1&cookie=ID%3D9aaffe5e15c1aac3%3AT%3D1684183362%3AS%3DALNI_Ma9jKnX2iRWyThg5ibpFngNLZiOxw&gpic=UID%3D00000c17af5f1690%3AT%3D1684183362%3ART%3D1684183362%3AS%3DALNI_MbiM4NLUrzgVL4HLfPYJSLMvXKpsQ&abxe=1&dt=1684183363875&lmt=1684183363&dlt=1684183363227&idt=398&adxs=436&adys=89&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.newtimes.co.rw%2F&ref=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&frm=20&vis=1&psz=970x90&msz=728x0&fws=4&ohw=1600&ga_vid=1224847520.1684183361&ga_sid=1684183364&ga_hid=1824289973&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ac788033aa123a9e47570575d8e05090580cfacc91dc6e07523f443ac49123a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10303
x-xss-protection: 0
google-lineitem-id: 5406822631
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138315208925
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 56ms
55ms XHR
application/json 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202305090101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

92642e75cd4765ffb7a24d303305eee7965acaa648f5d670df837b96f2476a15

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:43 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11070
x-xss-protection: 0

GET
H2 200 container.html Show response
a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 62D7 6 KB
3 KB 29ms
14ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:43 GMT
expires: Tue, 14 May 2024 20:42:43 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ 335 B
686 B 6ms
6ms XHR
application/json 52.222.208.154
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fwww.newtimes.co.rw&pubid=db83f9c6-a698-4a6a-89fb-c29c85426748
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.208.154 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-208-154.fra56.r.cloudfront.net
Software: Server /
Resource Hash: 9cd28222b76db9ecead97bdea2b69bce8777da737c9e242502def4a5f1c96675

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 18:08:02 GMT
via: 1.1 eaedf92fd05c53aa96f20b6322b473e6.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P3
age: 9280
x-cache: Hit from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
content-length: 335
x-amz-cf-id: VP1zIVN-pyx8kiVjiVuXbUdXSconlKpsJGYNSEWNI9PG-773Oz16Jg==

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ 58 B
498 B 65ms
65ms XHR
text/javascript 108.138.9.235
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.newtimes.co.rw%2F&pr=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&pid=BPMPWXwX13VOE&cb=0&ws=1600x1200&v=23.505.1627&t=900&slots=%5B%7B%22sd%22%3A%22top%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%5D%2C%22sn%22%3A%22%2F21828795265%2FTNT%2FTNT_home%22%7D%5D&sg=%7B%22ortb2%22%3A%7B%22device%22%3A%7B%22sua%22%3A%7B%22mobile%22%3A0%2C%22source%22%3A1%2C%22browsers%22%3A%5B%5D%7D%7D%7D%7D&schain=1.0%2C1!yourbow.com%2C76%2C1%2C%2C%2C&pubid=db83f9c6-a698-4a6a-89fb-c29c85426748&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.9.235 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-9-235.fra56.r.cloudfront.net

Software

Server /

Resource Hash

a1467c6ed682df808cf830c429ebaec42c32c2033369aa48446fb9e7f592769d

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:43 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 3a4987afa567e120a2fa0d82969d4c0a.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P6
x-amz-rid: 1AD7TGJREE14FWV0E86X
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 58
x-amz-cf-id: o5qx2jP51KzfgdgSARpVxfNHNzk5d-uc1OvcQSNCQmKiVUqomMBu7Q==

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ 23 B
463 B 55ms
55ms XHR
text/javascript 108.138.9.235
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.newtimes.co.rw%2F&pr=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&pid=BPMPWXwX13VOE&cb=1&ws=1600x1200&v=23.505.1627&t=900&slots=%5B%7B%22sd%22%3A%22mid_1%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F21828795265%2FTNT%2FTNT_home%22%7D%5D&sg=%7B%22ortb2%22%3A%7B%22device%22%3A%7B%22sua%22%3A%7B%22mobile%22%3A0%2C%22source%22%3A1%2C%22browsers%22%3A%5B%5D%7D%7D%7D%7D&schain=1.0%2C1!yourbow.com%2C76%2C1%2C%2C%2C&pubid=db83f9c6-a698-4a6a-89fb-c29c85426748&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.9.235 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-9-235.fra56.r.cloudfront.net

Software

Server /

Resource Hash

89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:43 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 3a4987afa567e120a2fa0d82969d4c0a.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P6
x-amz-rid: 1HFFJ8SJ9M661VDJF7PR
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: 4jPfn02UH6zJwtbYQq_xfGwSYJAeeSFJ47xza7b4RuWzgvRipu-xhQ==

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ 23 B
465 B 47ms
47ms XHR
text/javascript 108.138.9.235
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.newtimes.co.rw%2F&pr=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&pid=BPMPWXwX13VOE&cb=2&ws=1600x1200&v=23.505.1627&t=900&slots=%5B%7B%22sd%22%3A%22mid_2%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F21828795265%2FTNT%2FTNT_home%22%7D%5D&sg=%7B%22ortb2%22%3A%7B%22device%22%3A%7B%22sua%22%3A%7B%22mobile%22%3A0%2C%22source%22%3A1%2C%22browsers%22%3A%5B%5D%7D%7D%7D%7D&schain=1.0%2C1!yourbow.com%2C76%2C1%2C%2C%2C&pubid=db83f9c6-a698-4a6a-89fb-c29c85426748&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.9.235 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-9-235.fra56.r.cloudfront.net

Software

Server /

Resource Hash

5d7c7d25a0da74c0dd466120c3c09bd94cb982fc66ebc4a78675339f37323bf5

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:43 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 3a4987afa567e120a2fa0d82969d4c0a.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P6
x-amz-rid: Z1XV9XN7P5YXMMQAWV3S
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: RSrb5CcOBJPMeeZkOjLWpoWP_XPSO0deW6EaEQ-THMmYOli77NY8kA==

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ 23 B
463 B 48ms
48ms XHR
text/javascript 108.138.9.235
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.newtimes.co.rw%2F&pr=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&pid=BPMPWXwX13VOE&cb=3&ws=1600x1200&v=23.505.1627&t=900&slots=%5B%7B%22sd%22%3A%22mid_3%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F21828795265%2FTNT%2FTNT_home%22%7D%5D&sg=%7B%22ortb2%22%3A%7B%22device%22%3A%7B%22sua%22%3A%7B%22mobile%22%3A0%2C%22source%22%3A1%2C%22browsers%22%3A%5B%5D%7D%7D%7D%7D&schain=1.0%2C1!yourbow.com%2C76%2C1%2C%2C%2C&pubid=db83f9c6-a698-4a6a-89fb-c29c85426748&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.9.235 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-9-235.fra56.r.cloudfront.net

Software

Server /

Resource Hash

1c4777fe3a673a05492e27d08032cc91c23ac5389897c9235b09b8b0f5a74db3

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:43 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 3a4987afa567e120a2fa0d82969d4c0a.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P6
x-amz-rid: P147GDTDT8Y7E7QPRA7V
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: b1po3dinkJowQMgSRNfFo8KzSzmxsk4KNFVTt2ZXOTr7qjHiAM06KQ==

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ 23 B
462 B 46ms
45ms XHR
text/javascript 108.138.9.235
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.newtimes.co.rw%2F&pr=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&pid=BPMPWXwX13VOE&cb=4&ws=1600x1200&v=23.505.1627&t=900&slots=%5B%7B%22sd%22%3A%22halfpage_1%22%2C%22s%22%3A%5B%22300x600%22%5D%2C%22sn%22%3A%22%2F21828795265%2FTNT%2FTNT_home%22%7D%5D&sg=%7B%22ortb2%22%3A%7B%22device%22%3A%7B%22sua%22%3A%7B%22mobile%22%3A0%2C%22source%22%3A1%2C%22browsers%22%3A%5B%5D%7D%7D%7D%7D&schain=1.0%2C1!yourbow.com%2C76%2C1%2C%2C%2C&pubid=db83f9c6-a698-4a6a-89fb-c29c85426748&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.9.235 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-9-235.fra56.r.cloudfront.net

Software

Server /

Resource Hash

6139dddd3b6b6b847bccd476918dc8fb4f4f5a10908e5707c704f155e0918e84

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:43 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 3a4987afa567e120a2fa0d82969d4c0a.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P6
x-amz-rid: J4W79BWRR22FN5AK81DZ
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: vkyDaX-7-Ep-vb63FE7i9EVJ57g1Bep2-WK2IYC70sovqsUIytR5UA==

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ 23 B
463 B 47ms
47ms XHR
text/javascript 108.138.9.235
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.newtimes.co.rw%2F&pr=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&pid=BPMPWXwX13VOE&cb=5&ws=1600x1200&v=23.505.1627&t=900&slots=%5B%7B%22sd%22%3A%22mid_4%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F21828795265%2FTNT%2FTNT_home%22%7D%5D&sg=%7B%22ortb2%22%3A%7B%22device%22%3A%7B%22sua%22%3A%7B%22mobile%22%3A0%2C%22source%22%3A1%2C%22browsers%22%3A%5B%5D%7D%7D%7D%7D&schain=1.0%2C1!yourbow.com%2C76%2C1%2C%2C%2C&pubid=db83f9c6-a698-4a6a-89fb-c29c85426748&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.9.235 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-9-235.fra56.r.cloudfront.net

Software

Server /

Resource Hash

111041158b9290ae7cc0c6da69d7c4f5600e8a73b4c7399d675df7f15ba7b063

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:43 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 3a4987afa567e120a2fa0d82969d4c0a.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P6
x-amz-rid: RX0A445KCQ5HA7CND7FX
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: pOlqBSR1Ue5pbr6tOqqBLlGERcijOQY0qisHMXxxCbFHaxmmID8O5w==

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ 23 B
462 B 44ms
43ms XHR
text/javascript 108.138.9.235
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.newtimes.co.rw%2F&pr=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&pid=BPMPWXwX13VOE&cb=6&ws=1600x1200&v=23.505.1627&t=900&slots=%5B%7B%22sd%22%3A%22mid_5%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F21828795265%2FTNT%2FTNT_home%22%7D%5D&sg=%7B%22ortb2%22%3A%7B%22device%22%3A%7B%22sua%22%3A%7B%22mobile%22%3A0%2C%22source%22%3A1%2C%22browsers%22%3A%5B%5D%7D%7D%7D%7D&schain=1.0%2C1!yourbow.com%2C76%2C1%2C%2C%2C&pubid=db83f9c6-a698-4a6a-89fb-c29c85426748&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.9.235 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-9-235.fra56.r.cloudfront.net

Software

Server /

Resource Hash

0cff03129f16a73a8ff89d06578b0b1a1127bddb582fd05f0ab62f8ccc6b62f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:43 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 3a4987afa567e120a2fa0d82969d4c0a.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P6
x-amz-rid: HY6AHANT9TVEFJ2262V8
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: qU5rMMt3YggcqQdkiksNbDcSaXpeaSY3xtnEwHL8Ms4FXUn-Fs7Pvw==

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ 23 B
463 B 48ms
47ms XHR
text/javascript 108.138.9.235
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.newtimes.co.rw%2F&pr=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&pid=BPMPWXwX13VOE&cb=7&ws=1600x1200&v=23.505.1627&t=900&slots=%5B%7B%22sd%22%3A%22halfpage_2%22%2C%22s%22%3A%5B%22300x600%22%5D%2C%22sn%22%3A%22%2F21828795265%2FTNT%2FTNT_home%22%7D%5D&sg=%7B%22ortb2%22%3A%7B%22device%22%3A%7B%22sua%22%3A%7B%22mobile%22%3A0%2C%22source%22%3A1%2C%22browsers%22%3A%5B%5D%7D%7D%7D%7D&schain=1.0%2C1!yourbow.com%2C76%2C1%2C%2C%2C&pubid=db83f9c6-a698-4a6a-89fb-c29c85426748&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.9.235 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-9-235.fra56.r.cloudfront.net

Software

Server /

Resource Hash

8ec3cdfcdc79223ee04ed060812314854cb3b3d9d1914390c755934366fc3693

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:43 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 3a4987afa567e120a2fa0d82969d4c0a.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P6
x-amz-rid: 38925MDECP4DN10636BK
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: mN85EdE4JUyUXNVt1NR9Zl8lC7oGWABUHX2R1PDKxMIo3T5MqcDpzg==

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ 23 B
463 B 51ms
51ms XHR
text/javascript 108.138.9.235
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.newtimes.co.rw%2F&pr=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&pid=BPMPWXwX13VOE&cb=8&ws=1600x1200&v=23.505.1627&t=900&slots=%5B%7B%22sd%22%3A%22mid_6%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F21828795265%2FTNT%2FTNT_home%22%7D%5D&sg=%7B%22ortb2%22%3A%7B%22device%22%3A%7B%22sua%22%3A%7B%22mobile%22%3A0%2C%22source%22%3A1%2C%22browsers%22%3A%5B%5D%7D%7D%7D%7D&schain=1.0%2C1!yourbow.com%2C76%2C1%2C%2C%2C&pubid=db83f9c6-a698-4a6a-89fb-c29c85426748&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.9.235 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-9-235.fra56.r.cloudfront.net

Software

Server /

Resource Hash

c905a799c91593b68a840f7aae0bd411b7f0d2d475c8f5f5a780d54018fb61b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:43 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 3a4987afa567e120a2fa0d82969d4c0a.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P6
x-amz-rid: CN341QRN4A248X3Z42MB
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: Zbqkin1zO_TFD6PSjr1kHWuKH7kXw37ACXusiYN1FcL5ZBn0wxM6uQ==

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ 23 B
464 B 48ms
47ms XHR
text/javascript 108.138.9.235
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.newtimes.co.rw%2F&pr=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&pid=BPMPWXwX13VOE&cb=9&ws=1600x1200&v=23.505.1627&t=900&slots=%5B%7B%22sd%22%3A%22halfpage_3%22%2C%22s%22%3A%5B%22300x600%22%5D%2C%22sn%22%3A%22%2F21828795265%2FTNT%2FTNT_home%22%7D%5D&sg=%7B%22ortb2%22%3A%7B%22device%22%3A%7B%22sua%22%3A%7B%22mobile%22%3A0%2C%22source%22%3A1%2C%22browsers%22%3A%5B%5D%7D%7D%7D%7D&schain=1.0%2C1!yourbow.com%2C76%2C1%2C%2C%2C&pubid=db83f9c6-a698-4a6a-89fb-c29c85426748&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.9.235 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-9-235.fra56.r.cloudfront.net

Software

Server /

Resource Hash

4b8f230af668f20a7b50021f1edb1fac1c96cab1aa576933a2064e5d7807179b

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:43 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 3a4987afa567e120a2fa0d82969d4c0a.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P6
x-amz-rid: F2WH7VM4D2NS586Y6KFD
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: SRQRxQbk_VRQNXdo-YdDC2qgipGrxzO3BDM_K1S68iCWiPNYdj-uIA==

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ 24 B
464 B 43ms
42ms XHR
text/javascript 108.138.9.235
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.newtimes.co.rw%2F&pr=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&pid=BPMPWXwX13VOE&cb=10&ws=1600x1200&v=23.505.1627&t=900&slots=%5B%7B%22sd%22%3A%22mid_7%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F21828795265%2FTNT%2FTNT_home%22%7D%5D&sg=%7B%22ortb2%22%3A%7B%22device%22%3A%7B%22sua%22%3A%7B%22mobile%22%3A0%2C%22source%22%3A1%2C%22browsers%22%3A%5B%5D%7D%7D%7D%7D&schain=1.0%2C1!yourbow.com%2C76%2C1%2C%2C%2C&pubid=db83f9c6-a698-4a6a-89fb-c29c85426748&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.9.235 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-9-235.fra56.r.cloudfront.net

Software

Server /

Resource Hash

b84677c9d507861ede2db86349957b3fff926d3857fb11595ab96d8866314798

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:43 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 3a4987afa567e120a2fa0d82969d4c0a.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P6
x-amz-rid: X9ECKJPEMN893G96B6NN
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 24
x-amz-cf-id: o_Iqm-E3QU63JmoZw4ISSP-UreaTixHVjRNM1sEZ49s3cq1oTm9NAg==

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ 24 B
465 B 49ms
49ms XHR
text/javascript 108.138.9.235
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.newtimes.co.rw%2F&pr=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&pid=BPMPWXwX13VOE&cb=11&ws=1600x1200&v=23.505.1627&t=900&slots=%5B%7B%22sd%22%3A%22halfpage_4%22%2C%22s%22%3A%5B%22300x600%22%5D%2C%22sn%22%3A%22%2F21828795265%2FTNT%2FTNT_home%22%7D%5D&sg=%7B%22ortb2%22%3A%7B%22device%22%3A%7B%22sua%22%3A%7B%22mobile%22%3A0%2C%22source%22%3A1%2C%22browsers%22%3A%5B%5D%7D%7D%7D%7D&schain=1.0%2C1!yourbow.com%2C76%2C1%2C%2C%2C&pubid=db83f9c6-a698-4a6a-89fb-c29c85426748&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.9.235 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-9-235.fra56.r.cloudfront.net

Software

Server /

Resource Hash

843ca27aa5a55f23f36493f7a6c93bd16bae165e07e4be441ea45723b586eae2

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:43 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 3a4987afa567e120a2fa0d82969d4c0a.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P6
x-amz-rid: 7F9ZMP7CQ9VH709PX2B6
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 24
x-amz-cf-id: 0UKOYJUDV0KRLpp2tjl2nkpS6dxlZ8BA0rMY0f3GYgFFMPSRSNPArQ==

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ 24 B
466 B 48ms
48ms XHR
text/javascript 108.138.9.235
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.newtimes.co.rw%2F&pr=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&pid=BPMPWXwX13VOE&cb=12&ws=1600x1200&v=23.505.1627&t=900&slots=%5B%7B%22sd%22%3A%22mid_8%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F21828795265%2FTNT%2FTNT_home%22%7D%5D&sg=%7B%22ortb2%22%3A%7B%22device%22%3A%7B%22sua%22%3A%7B%22mobile%22%3A0%2C%22source%22%3A1%2C%22browsers%22%3A%5B%5D%7D%7D%7D%7D&schain=1.0%2C1!yourbow.com%2C76%2C1%2C%2C%2C&pubid=db83f9c6-a698-4a6a-89fb-c29c85426748&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.9.235 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-9-235.fra56.r.cloudfront.net

Software

Server /

Resource Hash

63c3f35eed8f9fae951373f4f0642d09521b1b86c8d3a6d679047bc5440790fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:43 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 3a4987afa567e120a2fa0d82969d4c0a.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P6
x-amz-rid: KFYQRNTW9WBXGKX4PS9N
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 24
x-amz-cf-id: j7LSvaH5UzFjk_Ox7PrLLq5KexrRkAW-CYVlD94fTQ36vgVPTZ-jog==

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ 24 B
464 B 49ms
48ms XHR
text/javascript 108.138.9.235
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.newtimes.co.rw%2F&pr=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&pid=BPMPWXwX13VOE&cb=13&ws=1600x1200&v=23.505.1627&t=900&slots=%5B%7B%22sd%22%3A%22mid_9%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F21828795265%2FTNT%2FTNT_home%22%7D%5D&sg=%7B%22ortb2%22%3A%7B%22device%22%3A%7B%22sua%22%3A%7B%22mobile%22%3A0%2C%22source%22%3A1%2C%22browsers%22%3A%5B%5D%7D%7D%7D%7D&schain=1.0%2C1!yourbow.com%2C76%2C1%2C%2C%2C&pubid=db83f9c6-a698-4a6a-89fb-c29c85426748&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.9.235 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-9-235.fra56.r.cloudfront.net

Software

Server /

Resource Hash

af058bc0a949d80a2234f297e983e6fb3438a7f360daf4cdecd3d717ce047ea7

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:43 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 3a4987afa567e120a2fa0d82969d4c0a.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P6
x-amz-rid: 96YHGTHCJH1DZHM9GESC
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 24
x-amz-cf-id: 5dGf_-iZm6gL2v7ozvfueVw9H6FyH3xOS27YRAzSKdYCSa7LDL-t2g==

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ 24 B
464 B 50ms
49ms XHR
text/javascript 108.138.9.235
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.newtimes.co.rw%2F&pr=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&pid=BPMPWXwX13VOE&cb=14&ws=1600x1200&v=23.505.1627&t=900&slots=%5B%7B%22sd%22%3A%22halfpage_5%22%2C%22s%22%3A%5B%22300x600%22%5D%2C%22sn%22%3A%22%2F21828795265%2FTNT%2FTNT_home%22%7D%5D&sg=%7B%22ortb2%22%3A%7B%22device%22%3A%7B%22sua%22%3A%7B%22mobile%22%3A0%2C%22source%22%3A1%2C%22browsers%22%3A%5B%5D%7D%7D%7D%7D&schain=1.0%2C1!yourbow.com%2C76%2C1%2C%2C%2C&pubid=db83f9c6-a698-4a6a-89fb-c29c85426748&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.9.235 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-9-235.fra56.r.cloudfront.net

Software

Server /

Resource Hash

36a74661dfb652c289dd3bdccf3c31dc9ba453a328a4318aa72a34f1454f0842

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:43 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 3a4987afa567e120a2fa0d82969d4c0a.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P6
x-amz-rid: 8V50NPCE10S2ZCZSE8A3
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 24
x-amz-cf-id: 7vHV6iHSYTrRMHSYPCle4JsgYd6WudW7iq9r3EAbivQfZRaZt3eZag==

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ 24 B
465 B 47ms
47ms XHR
text/javascript 108.138.9.235
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.newtimes.co.rw%2F&pr=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&pid=BPMPWXwX13VOE&cb=15&ws=1600x1200&v=23.505.1627&t=900&slots=%5B%7B%22sd%22%3A%22mid_10%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F21828795265%2FTNT%2FTNT_home%22%7D%5D&sg=%7B%22ortb2%22%3A%7B%22device%22%3A%7B%22sua%22%3A%7B%22mobile%22%3A0%2C%22source%22%3A1%2C%22browsers%22%3A%5B%5D%7D%7D%7D%7D&schain=1.0%2C1!yourbow.com%2C76%2C1%2C%2C%2C&pubid=db83f9c6-a698-4a6a-89fb-c29c85426748&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.9.235 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-9-235.fra56.r.cloudfront.net

Software

Server /

Resource Hash

08ec332c446e727696ff53c4c9ee2f3f5f605ce5672021e9691f89bd12c02f43

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:43 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 3a4987afa567e120a2fa0d82969d4c0a.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P6
x-amz-rid: 62WYMPYHZAT7Q5YEW0TM
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 24
x-amz-cf-id: MfqTU09DvHmzX3lNs-mUGYq7aFfMlOQiDkVoqWkQ7bNZGOXxje7dVA==

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ 24 B
464 B 63ms
63ms XHR
text/javascript 108.138.9.235
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.newtimes.co.rw%2F&pr=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&pid=BPMPWXwX13VOE&cb=16&ws=1600x1200&v=23.505.1627&t=900&slots=%5B%7B%22sd%22%3A%22mid_11%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22%2F21828795265%2FTNT%2FTNT_home%22%7D%5D&sg=%7B%22ortb2%22%3A%7B%22device%22%3A%7B%22sua%22%3A%7B%22mobile%22%3A0%2C%22source%22%3A1%2C%22browsers%22%3A%5B%5D%7D%7D%7D%7D&schain=1.0%2C1!yourbow.com%2C76%2C1%2C%2C%2C&pubid=db83f9c6-a698-4a6a-89fb-c29c85426748&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.9.235 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-9-235.fra56.r.cloudfront.net

Software

Server /

Resource Hash

134f4a39b11972e436ad81464caa48cf07310f1d14e4397a763c4b30782ea3bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:43 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 3a4987afa567e120a2fa0d82969d4c0a.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P6
x-amz-rid: VDW95QK8F8WR3MHGDAJF
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 24
x-amz-cf-id: amlP5w6yBAu1xXLW5Po41rPJ6fjm3D0dNN38XM_74kXoqd9pdqryHg==

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ 24 B
466 B 56ms
56ms XHR
text/javascript 108.138.9.235
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.newtimes.co.rw%2F&pr=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&pid=BPMPWXwX13VOE&cb=17&ws=1600x1200&v=23.505.1627&t=900&slots=%5B%7B%22sd%22%3A%22bottom%22%2C%22s%22%3A%5B%22970x250%22%5D%2C%22sn%22%3A%22%2F21828795265%2FTNT%2FTNT_home%22%7D%5D&sg=%7B%22ortb2%22%3A%7B%22device%22%3A%7B%22sua%22%3A%7B%22mobile%22%3A0%2C%22source%22%3A1%2C%22browsers%22%3A%5B%5D%7D%7D%7D%7D&schain=1.0%2C1!yourbow.com%2C76%2C1%2C%2C%2C&pubid=db83f9c6-a698-4a6a-89fb-c29c85426748&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.9.235 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-9-235.fra56.r.cloudfront.net

Software

Server /

Resource Hash

c1059d522f4c639f77427fa309b77d7c5f02e42a44d45e2edc5113394cb51822

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:43 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 3a4987afa567e120a2fa0d82969d4c0a.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P6
x-amz-rid: MPAXMQPGNSHS42TMKGBP
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 24
x-amz-cf-id: RQ3VLmHL3M0VW6ZN0O_cfXcPzhurU3hr_IeKPRZhhMTlv4I8LUg_Mw==

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ 24 B
466 B 47ms
46ms XHR
text/javascript 108.138.9.235
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.newtimes.co.rw%2F&pr=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&pid=BPMPWXwX13VOE&cb=18&ws=1600x1200&v=23.505.1627&t=900&slots=%5B%7B%22sd%22%3A%22adhesion%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%5D%2C%22sn%22%3A%22%2F21828795265%2FTNT%2FTNT_home%22%7D%5D&sg=%7B%22ortb2%22%3A%7B%22device%22%3A%7B%22sua%22%3A%7B%22mobile%22%3A0%2C%22source%22%3A1%2C%22browsers%22%3A%5B%5D%7D%7D%7D%7D&schain=1.0%2C1!yourbow.com%2C76%2C1%2C%2C%2C&pubid=db83f9c6-a698-4a6a-89fb-c29c85426748&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.9.235 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-9-235.fra56.r.cloudfront.net

Software

Server /

Resource Hash

ffc733276efc796c146eccf6bc3b111f917b8e2203d25df67884786903b64c05

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:43 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 3a4987afa567e120a2fa0d82969d4c0a.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P6
x-amz-rid: BCH6YMBBCDXJRX8EC2T9
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 24
x-amz-cf-id: _8_9uSbuMdlCT8UMcK-DVn3XanLDoZU69XhICaIkYE4NyjbsMlXCBg==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 6ms
6ms XHR
application/javascript 52.222.208.154
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.208.154 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-208-154.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

x-amz-version-id: yHpogsakS7iCluwAmUa6Y9ccBYm32d5h
content-encoding: gzip
via: 1.1 51bcd21e941ceaec99864557d86202ae.cloudfront.net (CloudFront)
date: Mon, 15 May 2023 03:27:31 GMT
x-amz-cf-pop: FRA56-P3
age: 62113
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Thu, 11 May 2023 21:16:48 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: HW5jzRcUXE8j2cE-WeWiUrB_5wyjYr5vGvKftEXfE3d7HUsdnpe07A==

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 28 KB
12 KB 312ms
312ms XHR
text/plain 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3441115050061315&correlator=85179850002930&eid=31074646&output=ldjh&gdfp_req=1&vrg=202305090101&ptt=17&impl=fif&iu_parts=21828795265%2CTNT%2CTNT_home&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90&ifi=2&adks=3783589184&sfv=1-0-40&prev_scp=pos%3Dmid_1%26amznbid%3D1%26amznp%3D1%26hb_format%3Dbanner%26hb_size%3D728x90%26hb_pb%3D0.00%26hb_adid%3D2427263dd5e8feb9%26hb_bidder%3DbluTonic&eri=1&sc=1&cookie=ID%3D9aaffe5e15c1aac3%3AT%3D1684183362%3AS%3DALNI_Ma9jKnX2iRWyThg5ibpFngNLZiOxw&gpic=UID%3D00000c17af5f1690%3AT%3D1684183362%3ART%3D1684183362%3AS%3DALNI_MbiM4NLUrzgVL4HLfPYJSLMvXKpsQ&abxe=1&dt=1684183363946&lmt=1684183363&dlt=1684183363227&idt=398&adxs=436&adys=804&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=2&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.newtimes.co.rw%2F&ref=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&frm=20&vis=1&psz=1200x90&msz=728x0&fws=4&ohw=1600&ga_vid=1224847520.1684183361&ga_sid=1684183364&ga_hid=1824289973&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

11e2e5366682cfbc1724040eebd26a62af7717641125b00a97dfa880807dc351

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12765
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 70ms
69ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 15 May 2023 20:42:44 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 17 KB
9 KB 157ms
157ms XHR
application/json 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

75064d77cc5f5c4b7f6d89dcf63bbdf22cc937498ecba3775c65b9e89c77c7a6

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 15 May 2023 20:42:44 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 73a3743c-7603-4221-8dc5-cd0196abae0b
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.newtimes.co.rw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 144 B
1 KB 130ms
130ms XHR
application/json 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

791aaec16b483ddbbdbb1d928183daf3f22d464493ef48840701dbe59cde10cd

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:44 GMT
AN-X-Request-Uuid: e27f1336-daef-4c60-9133-11da64b26692
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.newtimes.co.rw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 144
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
62 B 32ms
32ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.newtimes.co.rw
date: Mon, 15 May 2023 20:42:43 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
781 B 55ms
55ms XHR
application/json 34.107.148.139
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CUN4B97C
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: c290e019a065a6ea35765f1aaf7382400c733662fae4de335a9a944b5bc5bc2d

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: gzip
via: 1.1 google
server: nginx
accept-ch: Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
expires: Mon, 15 May 2023 20:42:43 GMT

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
159 B 8ms
8ms XHR
text/plain 54.93.178.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.93.178.54 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-93-178-54.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.newtimes.co.rw
date: Mon, 15 May 2023 20:42:43 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 405 B
463 B 98ms
98ms XHR
application/json 2602:803:c003:200::41
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17046&site_id=315192&zone_id=1608182&size_id=10&rp_schain=1.0,1!yourbow.com,76,1,,,&rf=http%3A%2F%2Fwww.newtimes.co.rw%2F&kw=newtimes%2Crwandanews%2Ctnt%2Crwanda%2Ckigali%2Cnews%2Ceastafrica&tg_i.ref=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&tg_i.page=http%3A%2F%2Fwww.newtimes.co.rw%2F&tg_i.domain=newtimes.co.rw&tg_i.pbadslot=%2F21828795265%2FTNT%2FTNT_home&tk_flint=pbjs_lite_v7.18.0&x_source.tid=3b8dc15a-96a2-4861-85c2-0641190b0583&l_pb_bid_id=661e88b6a7a965&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F21828795265%2FTNT%2FTNT_home&slots=1&rand=0.558517645437058
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::41 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 76b2bb0279e8e3ef31f9f66d4c49f9eeb3c9397935d545bd1923b5723f024dde

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.newtimes.co.rw
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 405
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 pubcid.min.js Show response
secure.cdn.fastclick.net/js/pubcid/latest/ 54 KB
17 KB 32ms
31ms Script
application/javascript 23.218.48.210
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.cdn.fastclick.net/js/pubcid/latest/pubcid.min.js
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.218.48.210 Haarlem, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-48-210.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 43f804d38a294c6df1ce8ee64fb95ad0ff5a8d6d5685d9537df02212668a1dff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: gzip
last-modified: Mon, 23 Jan 2023 19:40:17 GMT
server: Apache
etag: "d734-5f2f3919e751f-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=900
accept-ranges: bytes
content-length: 17407
expires: Mon, 15 May 2023 20:57:44 GMT

POST
H2 200 recordVendorsLoaded Show response
prod.us-east-1.cxm-bcn.publisher-services.amazon.dev/v1/ 0
455 B 99ms
98ms XHR
text/plain 34.239.75.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://prod.us-east-1.cxm-bcn.publisher-services.amazon.dev/v1/recordVendorsLoaded
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.239.75.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-239-75-135.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: *
date: Mon, 15 May 2023 20:42:44 GMT
content-length: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers

OPTIONS
H2 200 recordVendorsLoaded
prod.us-east-1.cxm-bcn.publisher-services.amazon.dev/v1/ Frame 0
0 99ms
99ms Preflight 34.239.75.135
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://prod.us-east-1.cxm-bcn.publisher-services.amazon.dev/v1/recordVendorsLoaded
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.239.75.135 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-239-75-135.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.newtimes.co.rw
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 1800
allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
content-length: 0
date: Mon, 15 May 2023 20:42:44 GMT
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 404 B
439 B 149ms
149ms XHR
application/json 2602:803:c003:200::41
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17046&site_id=315192&zone_id=1608182&size_id=2&rp_schain=1.0,1!yourbow.com,76,1,,,&rf=http%3A%2F%2Fwww.newtimes.co.rw%2F&kw=newtimes%2Crwandanews%2Ctnt%2Crwanda%2Ckigali%2Cnews%2Ceastafrica&tg_i.ref=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&tg_i.page=http%3A%2F%2Fwww.newtimes.co.rw%2F&tg_i.domain=newtimes.co.rw&tg_i.pbadslot=%2F21828795265%2FTNT%2FTNT_home&tk_flint=pbjs_lite_v7.18.0&x_source.tid=e533c1dd-1bb9-4719-891c-a0eb990cc5ae&l_pb_bid_id=6871a78bd180866&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F21828795265%2FTNT%2FTNT_home&slots=1&rand=0.10581410751031917
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::41 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 7b3aa85db7929378a752626dd3296d9105488aa2e9e5993ac40023739bed10c7

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.newtimes.co.rw
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 404
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 145 B
1 KB 190ms
189ms XHR
application/json 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

19959980600c65d0e3b66afdd0a27d9eb9c1de2032468eaaeff9f731da03e070

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:44 GMT
AN-X-Request-Uuid: da515989-a7c5-4363-9947-1790a10538c8
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.newtimes.co.rw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
62 B 192ms
192ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.newtimes.co.rw
date: Mon, 15 May 2023 20:42:44 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
804 B 40ms
39ms XHR
application/json 34.107.148.139
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CUN4B97C
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 2d88070bfa5f758c46cccdf74d265444d16fea4c110b46fb7796c5cdf8f499b5

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: gzip
via: 1.1 google
server: nginx
accept-ch: Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
expires: Mon, 15 May 2023 20:42:44 GMT

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
159 B 10ms
9ms XHR
text/plain 54.93.178.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.93.178.54 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-93-178-54.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.newtimes.co.rw
date: Mon, 15 May 2023 20:42:44 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 17 KB
9 KB 145ms
145ms XHR
application/json 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

cb21cb57088177c6d8735d579be0e5789ecf3feac69e02ec6e491f8d1a588b8b

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 15 May 2023 20:42:44 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: a581cab5-9ab0-4230-adce-d795c382bb1d
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.newtimes.co.rw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 90E0 13 KB
5 KB 8ms
7ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 7647
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 18:35:17 GMT
expires: Tue, 14 May 2024 18:35:17 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 4EBB 783 B
535 B 17ms
16ms Document
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

1abe6c632e3674085b965c9188ef68b1b0febdb524972aa3a0b583dbdcb6ee4a

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-rURqwuYkUqWwwU-GkFxstQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.newtimes.co.rw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-rURqwuYkUqWwwU-GkFxstQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:44 GMT
expires: Mon, 15 May 2023 20:42:44 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 16ms
16ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.newtimes.co.rw

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 17ms
16ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.newtimes.co.rw

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 21 KB
9 KB 282ms
282ms XHR
text/plain 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3441115050061315&correlator=963081509563791&eid=31074646&output=ldjh&gdfp_req=1&vrg=202305090101&ptt=17&impl=fif&iu_parts=21828795265%2CTNT%2CTNT_home&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90&ifi=3&adks=3591600024&sfv=1-0-40&prev_scp=pos%3Dmid_3%26amznbid%3D2%26amznp%3D2&eri=1&sc=1&cookie=ID%3D9aaffe5e15c1aac3%3AT%3D1684183362%3AS%3DALNI_Ma9jKnX2iRWyThg5ibpFngNLZiOxw&gpic=UID%3D00000c17af5f1690%3AT%3D1684183362%3ART%3D1684183362%3AS%3DALNI_MbiM4NLUrzgVL4HLfPYJSLMvXKpsQ&abxe=1&dt=1684183364053&lmt=1684183364&dlt=1684183363227&idt=398&adxs=231&adys=1132&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=3&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.newtimes.co.rw%2F&ref=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&frm=20&vis=1&psz=790x90&msz=728x0&fws=4&ohw=1600&ga_vid=1224847520.1684183361&ga_sid=1684183364&ga_hid=1824289973&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b8c1412f0d2a976635c63760e265d3d7a926b14efaeb21a770648ec8afe51295

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9641
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 4EBB 0
0 40ms
40ms Image
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202305090101&jk=3441115050061315&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

GET
H3 200 08cn5b8EVMSc5l6e1YWDk0jg24yFrQ2cZ845B_qPECM.js Show response
pagead2.googlesyndication.com/bg/ Frame 90E0 37 KB
14 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/08cn5b8EVMSc5l6e1YWDk0jg24yFrQ2cZ845B_qPECM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d3c727e5bf0454c49ce65e9ed585839348e0db8c85ad0d9c67ce3907fa8f1023

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:38:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 246
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14732
x-xss-protection: 0
last-modified: Mon, 08 May 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 14 May 2024 20:38:38 GMT

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
782 B 40ms
40ms XHR
application/json 34.107.148.139
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CUN4B97C
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: ff9477d93493093c56d5e3f08c3d69fef348f5cfa94fd226b3f32e0cc5c1331f

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: gzip
via: 1.1 google
server: nginx
accept-ch: Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
expires: Mon, 15 May 2023 20:42:44 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 404 B
439 B 106ms
106ms XHR
application/json 2602:803:c003:200::41
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17046&site_id=315192&zone_id=1608182&size_id=2&rp_schain=1.0,1!yourbow.com,76,1,,,&rf=http%3A%2F%2Fwww.newtimes.co.rw%2F&kw=newtimes%2Crwandanews%2Ctnt%2Crwanda%2Ckigali%2Cnews%2Ceastafrica&tg_i.ref=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&tg_i.page=http%3A%2F%2Fwww.newtimes.co.rw%2F&tg_i.domain=newtimes.co.rw&tg_i.pbadslot=%2F21828795265%2FTNT%2FTNT_home&tk_flint=pbjs_lite_v7.18.0&x_source.tid=07fb19d5-a6a4-4790-b5dd-93b916cf118f&l_pb_bid_id=82dfcfb1fa8eabe&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F21828795265%2FTNT%2FTNT_home&slots=1&rand=0.020637292788130646
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::41 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: d3da337a403ec8e40a98595e5089f1935b39cc04da24a7fb701e37bec044bd55

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.newtimes.co.rw
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 404
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
159 B 10ms
9ms XHR
text/plain 54.93.178.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.93.178.54 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-93-178-54.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.newtimes.co.rw
date: Mon, 15 May 2023 20:42:44 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 145 B
1 KB 134ms
133ms XHR
application/json 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

1fd0e8b5b583480a0a931798fc2f0493b81ba0cb810961c68e6ae838e2ca5cc6

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:44 GMT
AN-X-Request-Uuid: 96a46ba9-d35c-4691-bfda-adf21c26c32e
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.newtimes.co.rw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
62 B 217ms
217ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.newtimes.co.rw
date: Mon, 15 May 2023 20:42:44 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 17 KB
9 KB 154ms
154ms XHR
application/json 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

2648ee50d6b51a31e914bc9309f92884fc0b7870274fc3be73693eb9dd9326b1

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 15 May 2023 20:42:44 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: f34ac788-0082-439b-8afb-43d2c1c7a66a
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.newtimes.co.rw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 17ms
17ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.newtimes.co.rw

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 15ms
15ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.newtimes.co.rw

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 27 KB
12 KB 283ms
282ms XHR
text/plain 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3441115050061315&correlator=4224045919226101&eid=31074646&output=ldjh&gdfp_req=1&vrg=202305090101&ptt=17&impl=fif&iu_parts=21828795265%2CTNT%2CTNT_home&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x600&ifi=4&adks=386114933&sfv=1-0-40&prev_scp=pos%3Dhalfpage_1%26amznbid%3D2%26amznp%3D2%26hb_format%3Dbanner%26hb_size%3D300x600%26hb_pb%3D0.00%26hb_adid%3D250607cbc5e3b9bb%26hb_bidder%3DbluTonic&eri=1&sc=1&cookie=ID%3D9aaffe5e15c1aac3%3AT%3D1684183362%3AS%3DALNI_Ma9jKnX2iRWyThg5ibpFngNLZiOxw&gpic=UID%3D00000c17af5f1690%3AT%3D1684183362%3ART%3D1684183362%3AS%3DALNI_MbiM4NLUrzgVL4HLfPYJSLMvXKpsQ&abxe=1&dt=1684183364139&lmt=1684183364&dlt=1684183363227&idt=398&adxs=1060&adys=1377&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1&ucis=4&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.newtimes.co.rw%2F&ref=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&frm=20&vis=1&psz=300x600&msz=300x0&fws=4&ohw=1600&ga_vid=1224847520.1684183361&ga_sid=1684183364&ga_hid=1824289973&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

08fe9a1596f8dde4ab173d6f5baeeae18bb8d6dfabe51537f99d8547f8fbd76f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12328
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 21 KB
9 KB 302ms
302ms XHR
text/plain 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3441115050061315&correlator=4466464630560171&eid=31074646&output=ldjh&gdfp_req=1&vrg=202305090101&ptt=17&impl=fif&iu_parts=21828795265%2CTNT%2CTNT_home&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90&ifi=5&adks=3869717851&sfv=1-0-40&prev_scp=pos%3Dmid_2%26amznbid%3D2%26amznp%3D2%26hb_format%3Dbanner%26hb_size%3D728x90%26hb_pb%3D0.00%26hb_adid%3D2481f00926ce90b4%26hb_bidder%3DbluTonic&eri=1&sc=1&cookie=ID%3D9aaffe5e15c1aac3%3AT%3D1684183362%3AS%3DALNI_Ma9jKnX2iRWyThg5ibpFngNLZiOxw&gpic=UID%3D00000c17af5f1690%3AT%3D1684183362%3ART%3D1684183362%3AS%3DALNI_MbiM4NLUrzgVL4HLfPYJSLMvXKpsQ&abxe=1&dt=1684183364150&lmt=1684183364&dlt=1684183363227&idt=398&adxs=436&adys=968&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=5&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.newtimes.co.rw%2F&ref=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&frm=20&vis=1&psz=1200x90&msz=728x0&fws=4&ohw=1600&ga_vid=1224847520.1684183361&ga_sid=1684183364&ga_hid=1824289973&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dfcb60c803ac7edaa1670cbf7445c9f6ec4019c7b7445bd2f2a533de61838ff4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9563
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 145 B
1 KB 151ms
150ms XHR
application/json 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

b0b14302b3544a070d422bcd27864c45ed78cd2a7379888364e53ae5f476f198

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:44 GMT
AN-X-Request-Uuid: d84e23d9-2f0a-46a5-9381-779079d7d169
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.newtimes.co.rw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 145
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 139 B
1 KB 27ms
27ms XHR
application/json 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

abb158091f326c30eba27a787b330d3f1d96a0a625b7d00be7305f00688b62cb

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:44 GMT
AN-X-Request-Uuid: aa2110f0-a37b-4aa9-9b12-162dea7628b8
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.newtimes.co.rw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 139
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
62 B 168ms
167ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.newtimes.co.rw
date: Mon, 15 May 2023 20:42:43 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
781 B 44ms
44ms XHR
application/json 34.107.148.139
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CUN4B97C
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: f1f660e3feb06ed4ba7173188c369b7442e55edfced06cf97212ba649624c371

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: gzip
via: 1.1 google
server: nginx
accept-ch: Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
expires: Mon, 15 May 2023 20:42:44 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 405 B
440 B 91ms
91ms XHR
application/json 2602:803:c003:200::41
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17046&site_id=315192&zone_id=1608182&size_id=10&rp_schain=1.0,1!yourbow.com,76,1,,,&rf=http%3A%2F%2Fwww.newtimes.co.rw%2F&kw=newtimes%2Crwandanews%2Ctnt%2Crwanda%2Ckigali%2Cnews%2Ceastafrica&tg_i.ref=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&tg_i.page=http%3A%2F%2Fwww.newtimes.co.rw%2F&tg_i.domain=newtimes.co.rw&tg_i.pbadslot=%2F21828795265%2FTNT%2FTNT_home&tk_flint=pbjs_lite_v7.18.0&x_source.tid=598fe971-3240-40cf-8e9c-0bb4f633eaa9&l_pb_bid_id=10000066ad05fb26&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F21828795265%2FTNT%2FTNT_home&slots=1&rand=0.8099673492612303
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::41 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 890573fad34b6da411a61454be50ca2edaa7bb9126f1f8e8d12bf322721f8a52

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.newtimes.co.rw
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 405
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
159 B 11ms
11ms XHR
text/plain 54.93.178.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.93.178.54 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-93-178-54.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.newtimes.co.rw
date: Mon, 15 May 2023 20:42:44 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

GET
H3 200 container.html Show response
a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 7AA3 6 KB
3 KB 8ms
8ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:43 GMT
expires: Tue, 14 May 2024 20:42:43 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
782 B 45ms
44ms XHR
application/json 34.107.148.139
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CUN4B97C
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 8d2707526bbc14b7c6e83b6d093f6df912485ac5863c7e217f0b9ef811d91433

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: gzip
via: 1.1 google
server: nginx
accept-ch: Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
expires: Mon, 15 May 2023 20:42:44 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 404 B
439 B 87ms
86ms XHR
application/json 2602:803:c003:200::41
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17046&site_id=315192&zone_id=1608182&size_id=2&rp_schain=1.0,1!yourbow.com,76,1,,,&rf=http%3A%2F%2Fwww.newtimes.co.rw%2F&kw=newtimes%2Crwandanews%2Ctnt%2Crwanda%2Ckigali%2Cnews%2Ceastafrica&tg_i.ref=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&tg_i.page=http%3A%2F%2Fwww.newtimes.co.rw%2F&tg_i.domain=newtimes.co.rw&tg_i.pbadslot=%2F21828795265%2FTNT%2FTNT_home&tk_flint=pbjs_lite_v7.18.0&x_source.tid=8f5abb37-50a1-465b-a868-6641a027521f&l_pb_bid_id=106b4e32004d0492&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F21828795265%2FTNT%2FTNT_home&slots=1&rand=0.4154553552774256
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::41 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 3736910735da204d07466305b577e77b3ba74a715e890b01c6c4781637516f88

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.newtimes.co.rw
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 404
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 140 B
1 KB 17ms
17ms XHR
application/json 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

8a85ee91769d3a837be5f825fc676683165f589c34b4b88bce785ba8c8a040b4

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:44 GMT
AN-X-Request-Uuid: 3ddea5ec-26d4-4d52-9818-ce4e352616cb
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.newtimes.co.rw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 140
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
159 B 10ms
10ms XHR
text/plain 54.93.178.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.93.178.54 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-93-178-54.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.newtimes.co.rw
date: Mon, 15 May 2023 20:42:44 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 146 B
1 KB 329ms
329ms XHR
application/json 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e6544827c76834421e5f8212bad944529c60a2562ffe2fc21f3054773669babd

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:44 GMT
AN-X-Request-Uuid: d144a0ab-da16-4820-901e-973b867ef250
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.newtimes.co.rw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 146
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
62 B 166ms
165ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.newtimes.co.rw
date: Mon, 15 May 2023 20:42:42 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 17ms
17ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.newtimes.co.rw

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 18ms
18ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.newtimes.co.rw

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 27 KB
12 KB 244ms
244ms XHR
text/plain 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3441115050061315&correlator=1230756648680542&eid=31074646&output=ldjh&gdfp_req=1&vrg=202305090101&ptt=17&impl=fif&iu_parts=21828795265%2CTNT%2CTNT_home&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90&ifi=6&adks=4112398860&sfv=1-0-40&prev_scp=pos%3Dmid_4%26amznbid%3D2%26amznp%3D2%26hb_format%3Dbanner%26hb_size%3D728x90%26hb_pb%3D0.00%26hb_adid%3D2522e587e23ffb8e%26hb_bidder%3DbluTonic&eri=1&sc=1&cookie=ID%3D9aaffe5e15c1aac3%3AT%3D1684183362%3AS%3DALNI_Ma9jKnX2iRWyThg5ibpFngNLZiOxw&gpic=UID%3D00000c17af5f1690%3AT%3D1684183362%3ART%3D1684183362%3AS%3DALNI_MbiM4NLUrzgVL4HLfPYJSLMvXKpsQ&abxe=1&dt=1684183364229&lmt=1684183364&dlt=1684183363227&idt=398&adxs=436&adys=1760&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=2&ucis=6&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.newtimes.co.rw%2F&ref=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&frm=20&vis=1&psz=1200x90&msz=728x0&fws=4&ohw=1600&psts=ABHeCvj2NDl10ZMRfTdogB6jJvsMf9fNOHOULUivHy3Eq3QT1F0BkRMdakRjnTbEeZTgY0EHrrAGfwnOug-5JgjaxPr2XqKt&ga_vid=1224847520.1684183361&ga_sid=1684183364&ga_hid=1824289973&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a73af5aeefe4ab9b11046eb3dcf22aac0b007b3af5471c0acf158dd63e143d81

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12491
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 90E0 0
10 B 7ms
6ms Image
text/plain 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?qQ-UWA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 7AA3 24 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Fri, 12 May 2023 14:52:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 280229
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 11 May 2024 14:52:15 GMT

GET
H2 200 creative.js Show response
cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/ Frame 7AA3 26 KB
10 KB 656ms
215ms Script
application/javascript 2a04:4e42:400::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e0bfcf41c566f571ea252620518b4bee4496dba2b1df9a1aa3e436f81592e1b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 15 May 2023 20:42:44 GMT
x-content-type-options: nosniff
content-encoding: br
age: 27667
x-jsd-version: 1.15.0
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 9276
x-served-by: cache-fra-eddf8230064-FRA, cache-gig2250047-GIG
x-jsd-version-type: version
etag: W/"6658-uUC6DsKFQz3nsj0JP3lp528lwJQ"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7AA3 169 KB
52 KB 101ms
99ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fdc79b8c47c6d5c20def82fa5f6a91e3cbe3057bff3f8b14b5c2c71dc9b57ec4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53545
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1683718549123860"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 15 May 2023 20:42:44 GMT

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
159 B 11ms
9ms XHR
text/plain 54.93.178.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.93.178.54 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-93-178-54.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.newtimes.co.rw
date: Mon, 15 May 2023 20:42:44 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 146 B
1 KB 154ms
152ms XHR
application/json 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

1b80f8cd7a57f91ef28853282221a218a1df3073495c5fb6dde9134d2817a396

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:44 GMT
AN-X-Request-Uuid: 6e0c89e9-c8d2-444f-a890-d5ab5e6cfc70
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.newtimes.co.rw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 146
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 17 KB
9 KB 106ms
105ms XHR
application/json 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

1d8d650cbafe69c07b17b6b8528bc60f9109110ce8d49e5b330a24e48367e71a

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 15 May 2023 20:42:44 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 1368f0d7-1641-4bb7-8157-2e52ef52253f
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.newtimes.co.rw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 405 B
440 B 93ms
90ms XHR
application/json 2602:803:c003:200::41
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17046&site_id=315192&zone_id=1608182&size_id=10&rp_schain=1.0,1!yourbow.com,76,1,,,&rf=http%3A%2F%2Fwww.newtimes.co.rw%2F&kw=newtimes%2Crwandanews%2Ctnt%2Crwanda%2Ckigali%2Cnews%2Ceastafrica&tg_i.ref=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&tg_i.page=http%3A%2F%2Fwww.newtimes.co.rw%2F&tg_i.domain=newtimes.co.rw&tg_i.pbadslot=%2F21828795265%2FTNT%2FTNT_home&tk_flint=pbjs_lite_v7.18.0&x_source.tid=27b33819-2940-4137-b6e0-874884a817db&l_pb_bid_id=1227ffa83f0f873d&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F21828795265%2FTNT%2FTNT_home&slots=1&rand=0.9568782401524158
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::41 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 523d262589ca8b105b99ed6e9ac93e080910c0eb956d90c703e56d26fb9b2f87

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.newtimes.co.rw
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 405
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
62 B 20ms
19ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.newtimes.co.rw
date: Mon, 15 May 2023 20:42:44 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
783 B 40ms
39ms XHR
application/json 34.107.148.139
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CUN4B97C
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 49bdaab7518178471ae9d17c477529200b4935cfde5d603b9e649ce78b9eec9c

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: gzip
via: 1.1 google
server: nginx
accept-ch: Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
expires: Mon, 15 May 2023 20:42:44 GMT

GET
H3 200 container.html Show response
a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 1166 6 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:43 GMT
expires: Tue, 14 May 2024 20:42:43 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 7AA3 0
0 44ms
44ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstgD3zRVQHqdBPerWIEidNeTAwDE9P-KID3cOUm2owtHJaaKgqGaMrpHNAj6TWJfcjf76leOiVylWR9ffwKJEFrvCWudxr7ZpGXt1xjmr52L2_mbTE43N_ZKYwFcCewMKkjDAStKN4DX1dcLwBqvvenRZ9dBQbkSE01SlBZMKt9sDPmLM6XJ-WHvySI5PkxV_7Gdz8ZcLdcM2-h0HWP2X_Hi_HfnH7SwY_pkax1KdQjcQvk_KpptPGiEcmMeDtU6qC9l7Q8DrDjIG1DGHqVY5n45Ij6fdl1tfHxrm8LBayOgr5RI3qisa14vqf2EwvyRWz-MsSkxzxGhjo&sai=AMfl-YS5GmE6pazP4ZWeEOsDjn0-V0fyOpjDmU34MX5UCJFBx5vXHDOkVXknlhOG3sV59vVIfd9hatuEcOdbg_mY6UXW20ddHcYrkahLzZMK2BK0x2cN-mJvXjhkDMMkCWs&sig=Cg0ArKJSzLjw87WuuXA-EAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 1166 0
0 49ms
48ms Fetch
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CUQSDQ5liZLSBPdajlgSVvavwDcme0rFc1Z2R93DAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCakCuEm_tTNnsj7gAgCoAwGqBO8BT9BlEac5EqXx13Nx6-vQDMCnuNxYEyeVH3uEsYqRuKAVWzvISsykXO82Vtv3hCYN1jxy28WVZowdb8tBIqA5IC3OqvYRS2V4hNYm1fn6aBVUC_ZFysbPAne5xBS2M5LzogBhzrxYvyd-VWhaHrCMU_fvS_Oo3tDCygehKQBOrPbpo8-Bf16R4is6OF9c9Msti0O9_Cu4kzbqZg_TXhLLgWxIdWYT_pJJ2OivGn3Ccv4v50cioUvlhl_CGwBoR7-05Wb3WUdG_ubCBwLY6tFTFXaS6Fm-fR5EaSRhe8DXy8lTRv9werPgxOYIWSDRS1XgBAGABpHNpJqwz_r1nQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBAgAoD-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTc1NTQ3OTM0OTcxOTIzNjIY_KBy&sigh=yY_61yHhi5o&uach_m=[UACH]&cid=CAQSPABygQiDHIUfhMjqZ9nq5bGr-frIJ8cT75FH017pUKePc1hE9gOMg7jOhP8C1bs-A3RFvAbgVL5pGgxlExgB
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

GET
H2 200 notify
rtb.nl3.eu.criteo.com/google/auction/ Frame 1166 0
0 13ms
12ms Fetch 2a02:2638:3::9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.nl3.eu.criteo.com/google/auction/notify?profile=14&payload=kP7cFsg12AVanYNiAgIAAAAcjTZAv_FZDhBEmWJktZRx6HWlY4eU5AAAEgAACgpBUVVCQVFFUEFR&wp=ZGKZQwAPQLQKhZHWAArelSR7iFRp5foQp2NfbQ

Requested by

Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:43 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 227014
server: Kestrel
content-length: 0

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame A2FE 48 KB
19 KB 23ms
23ms Document
text/html 2a02:2638:d::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZGKZQwAPQLQKhZHWAArelSR7iFRp5foQp2NfbQ&u=%7ClPoQj%2FclhXfQxcpR0ZBejVdhABwdtwMV0Itz3TgBfQI%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNy44cDHK1QYNdJ71gdyCWvw29y1GxtacI6iVoVnLQ5srUOwC-sDBJIjvRCy3Ss-BiCTuGilNUvwWnBBu_EXHaPkH5RNgJ0KnX81D7_f_dj6C4lHuSeJmHtU4kVV_nk3PInoMPa3DzXxIneR-eoKPFqW4a0RmcolbAT_oAM0bsj249Uxkyj8SLK3GC41W4UbA1MdhNUkSVNn0Mlt40RMWAtKjIQgKGX7Pn8PnHBceG_m3q2EHzzLLfXgr_lXTegOIGYtprp8OsL2d7CpQBOfO5-QuyDgxE944qGM66Q2z7cTVBY9RNCt37cFupYoTvVnpd4lvARbF5OaYr-L3RwJuB7qKstX6FBMcR0O3StfleUZkMeWxWB_PojhDDUw4iA9hl8yGJ3Xh5zWW4ciT7y_MGJerzrIR8Xb5kUOJgYfMV9BRsUk1_Ky5vLHO3ytTqQSS1IYHIeQqorEKO2McPWEu8sN6EqoL1LvUWwVAfG_svrE9pjRRjo1IYoHkWILlcT2xsmlMsfBrnfkex0ShyHq18XqFis_dKa-j7heGAbfeZfh_OPNBOlwyHjYUHTM_xALfZNZz_1F0i_8-UiZLKa0i4lt54QDYP4_tP&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCXl68Q5liZLSBPdajlgSVvavwDcme0rFc1Z2R93DAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCakCuEm_tTNnsj7gAgCoAwGqBPIBT9BlEac5EqXx13Nx6-vQDMCnuNxYEyeVH3uEsYqRuKAVWzvISsykXO82Vtv3hCYN1jxy28WVZowdb8tBIqA5IC3OqvYRS2V4hNYm1fn6aBVUC_ZFysbPAne5xBS2M5LzogBhzrxYvyd-VWhaHrCMU_fvS_Oo3tDCygehKQBOrPbpo8-Bf16R4is6OF9c9Msti0O9_Cu4kzbqZg_TXhLLgWxIdWYT_pJJ2OivGn3Ccv4v50cioUvlhl_CGwBoR7-05Wb3WUdG_ubCRQD5eFbciWUtdE0drSPikS11cXbd5dHR8jdN3EFf2soQ3IpVWOp_K0fgBAGABpHNpJqwz_r1nQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3atL_huolOcdev-Bicb8uUxwM-8g%26client%3Dca-pub-7554793497192362%26adurl%3D

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e9115b01e43fa7b3d6d77de1e601c51c247f5494816264e6c5c48fb0b5c3c4da

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:43 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=b-6_hFw-_Msrj2Khnp71XyqZmbMp0QFQVEwp9sxB7Fx0TEL3gJbXrANr0A0kZ6_jT7V9qcFxcRHjqAUWfQtyqiR43HN3bU1oyCqHl81OKyx3Rh8cAVm8zHxh0wRdrC8ADbKMDEiCDhxoL7D47OHT4XTJ9irwasj3X7jb0kpm34px3ZOQ_0rA0uEaQUInqt23SeWd5NE9rYWpd5qQKxi_80QZ-EuIzQxOxdQoH2PmNmoresWveLSt1bMX2S9_2ScXvqxqXQ"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 3735052
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/ Frame 1166 3 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/window_focus_fy2021.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 18:31:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7893
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 May 2023 18:31:11 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 9CDE 1 KB
643 B 8ms
7ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34711
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 11:04:13 GMT
etag: 48472445140208031
expires: Tue, 16 May 2023 11:04:13 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/ Frame 1166 19 KB
8 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

01dcaf85f2ae23a30115cf4a663e90b4a507dc688c4c17f9ebddc3cf19fee780

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 12:20:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30106
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7937
x-xss-protection: 0
server: cafe
etag: 2499949999788435271
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 May 2023 12:20:58 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 1166 0
0 15ms
14ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSNPXvksDKXAOfBPx_-AqkzsxtNd3xkQ6vmN18Gs-hahlH4V_BYhlqbMvXKtSNvmA3rLufjQv4C21c0XbBuFqZR1Pua5A
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 1166 24 KB
6 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Fri, 12 May 2023 14:52:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 280229
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 11 May 2024 14:52:15 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1166 169 KB
52 KB 62ms
61ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fdc79b8c47c6d5c20def82fa5f6a91e3cbe3057bff3f8b14b5c2c71dc9b57ec4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53545
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1683718549123860"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 15 May 2023 20:42:44 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 144 B
1 KB 153ms
153ms XHR
application/json 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

7b56d35f59e78b65b242ba7c49dc35837980e931b52de592a75e77e2b7b5f798

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:44 GMT
AN-X-Request-Uuid: 27807104-d4b8-430b-a193-d0d0b4b40b89
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.newtimes.co.rw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 144
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 140 B
1 KB 7ms
7ms XHR
application/json 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

78384465ed789c6a76c58ea1fdec8042b6ec90dd1a192afdd9c335bc2094b78b

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:44 GMT
AN-X-Request-Uuid: 73a2030d-45f9-4f21-9abd-faa58baa3040
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.newtimes.co.rw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 140
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
62 B 26ms
22ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.newtimes.co.rw
date: Mon, 15 May 2023 20:42:43 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
782 B 56ms
51ms XHR
application/json 34.107.148.139
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CUN4B97C
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 48a171b6ea8df8aa67c5f58b8ec3a9afcf419fcddc6a272aef561f8c8f4c580b

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: gzip
via: 1.1 google
server: nginx
accept-ch: Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
expires: Mon, 15 May 2023 20:42:44 GMT

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
159 B 13ms
8ms XHR
text/plain 54.93.178.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.93.178.54 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-93-178-54.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.newtimes.co.rw
date: Mon, 15 May 2023 20:42:44 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 404 B
439 B 82ms
78ms XHR
application/json 2602:803:c003:200::41
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17046&site_id=315192&zone_id=1608182&size_id=2&rp_schain=1.0,1!yourbow.com,76,1,,,&rf=http%3A%2F%2Fwww.newtimes.co.rw%2F&kw=newtimes%2Crwandanews%2Ctnt%2Crwanda%2Ckigali%2Cnews%2Ceastafrica&tg_i.ref=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&tg_i.page=http%3A%2F%2Fwww.newtimes.co.rw%2F&tg_i.domain=newtimes.co.rw&tg_i.pbadslot=%2F21828795265%2FTNT%2FTNT_home&tk_flint=pbjs_lite_v7.18.0&x_source.tid=62a5cdeb-56d7-4ea1-af4f-9ff7238d756a&l_pb_bid_id=138f19a1940439e4&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F21828795265%2FTNT%2FTNT_home&slots=1&rand=0.14067182345934848
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::41 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 7743c2cd070a04da34186a5847db1e8638d42f41485cffb4c3a0df9ba404e8dc

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.newtimes.co.rw
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 404
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
DATA 200
OK truncated
/ Frame 1166 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 465214a4b929506e490a9fcfb588d2e6441a8b1591c7ca85a5f7c0e525ace697

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 9CDE
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEKUW5kVV0h3ac2GfVbbl9c8&google_cver=1&google_push=ATf1kGNLhJEQNvLn1JWByWyJa7SanM3h-Z9eUif0hMzTLmEk_OmJaweL-Rt0zcyBTtpN7mMbJVLWqoCMK5CUCBUS7lf9uCtxpRYcv...
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MjcxNDYyMTQ5MDU5ODMxNzE3OA==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEKUW5kVV0h3ac2GfVbbl9c8&google_cver=1

43 B
398 B

73ms
13ms

Image
image/gif

46.228.164.11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEKUW5kVV0h3ac2GfVbbl9c8&google_cver=1
Protocol: H2
Server: 46.228.164.11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEKUW5kVV0h3ac2GfVbbl9c8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9CDE
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEDKGGkhNgndgI4HErOXrCkU&google_push=ATf1kGPzx5ZjHY9p_urW72-4SRM9UY4J8a3kR9F7vOClInfAP_JyYvbIqo...

170 B
188 B

18ms
18ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEDKGGkhNgndgI4HErOXrCkU&google_push=ATf1kGPzx5ZjHY9p_urW72-4SRM9UY4J8a3kR9F7vOClInfAP_JyYvbIqoWyIQ7DwCUoAiEhoA-1EY8JTa3-b6Kj1EtGhAFVo-01j4PpvxqzS-7hI_sjGdEqAguOjq0K6k-3yuNir6BFt9PK

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-gig2250049-GIG
pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1684183365.909206,VS0,VE132
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEDKGGkhNgndgI4HErOXrCkU&google_push=ATf1kGPzx5ZjHY9p_urW72-4SRM9UY4J8a3kR9F7vOClInfAP_JyYvbIqoWyIQ7DwCUoAiEhoA-1EY8JTa3-b6Kj1EtGhAFVo-01j4PpvxqzS-7hI_sjGdEqAguOjq0K6k-3yuNir6BFt9PK
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9CDE
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEDI_PUIbBJFYCv6VwoC0hI4&google_cver=1&google_push=ATf1kGNMwYhInWdT7l3XwUmLRCbpWiHdaXv8VGFBL5Tv819seMH7XFfbq4VN91rpjVT-BnxN_AakLvhBCjwxg38H5Jrn...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEDI_PUIbBJFYCv6VwoC0hI4&google_cver=1&google_push=ATf1kGNMwYhInWdT7l3XwUmLRCbpWiHdaXv8VGFBL5Tv819seMH7XFfbq4VN91rpjVT-BnxN_AakLvhBCjwxg3...
https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=google&bsw_custom_parameter=8a126298-bee8-44c9-bd96-f06275f7d961
https://pool.admedo.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=google&bsw_custom_parameter=8a126298-bee8-44c9-bd96-f06275f7d961
https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=c4c2253b-a26c-483d-a5dd-058d8627e020&user_group=1&ssp=google&bsw_param=8a126298-bee8-44c9-bd96-f06275f7d961
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ATf1kGNMwYhInWdT7l3XwUmLRCbpWiHdaXv8VGFBL5Tv819seMH7XFfbq4VN91rpjVT-BnxN_AakLvhBCjwxg38H5JrnNIsCVIbOJhdoKMwjPPoHLeCoKxG6Li6DBpDvtfISWr...

170 B
188 B

19ms
18ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ATf1kGNMwYhInWdT7l3XwUmLRCbpWiHdaXv8VGFBL5Tv819seMH7XFfbq4VN91rpjVT-BnxN_AakLvhBCjwxg38H5JrnNIsCVIbOJhdoKMwjPPoHLeCoKxG6Li6DBpDvtfISWrEGpyx54kSg&google_hm=ihJimL7oRMm9lvBidffZYQ==

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ATf1kGNMwYhInWdT7l3XwUmLRCbpWiHdaXv8VGFBL5Tv819seMH7XFfbq4VN91rpjVT-BnxN_AakLvhBCjwxg38H5JrnNIsCVIbOJhdoKMwjPPoHLeCoKxG6Li6DBpDvtfISWrEGpyx54kSg&google_hm=ihJimL7oRMm9lvBidffZYQ==
date: Mon, 15 May 2023 20:42:45 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame 9CDE 43 B
363 B 47ms
13ms Image
image/gif 178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DPUSH_DATA&google_gid=CAESEKW5RyA_gKOz3FlQvmotDhE&google_cver=1&google_push=ATf1kGO7J4Xy6Ji6lfXIjosiiZWVYmixV8-1UCGVMzR--xuz_E3MW4Woxl1yWedehjIGAmR7bS-OBo-pcuS9yljHQQWPEuvL8pPc_FmnVOPj1LoeO1wDUS1thNdNvnJLrriRsFIkyih0PBY

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 273874
expires: Mon, 15 May 2023 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9CDE
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEDTK9lx580COF8UGNTAT7OM&google_cver=1&google_push=ATf1kGMuLVPklBL1ZtRylSlFthUff7wCSnAbsWmoUKsGb-BxFojSgnSSgwqdYna8abxJfLhl5Lp0OvRC...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEDTK9lx580COF8UGNTAT7OM&google_cver=1&google_push=ATf1kGMuLVPklBL1ZtRylSlFthUff7wCSnAbsWmoUKsGb-BxFojSgnSSgwqdYna8abxJfLhl5Lp...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzYxODcwODY3NDI1NTgwMzA1Ng&google_push=ATf1kGMuLVPklBL1ZtRylSlFthUff7wCSnAbsWmoUKsGb-BxFojSgnSSgwqdYna8abxJfLhl5Lp0Ov...

170 B
188 B

17ms
17ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzYxODcwODY3NDI1NTgwMzA1Ng&google_push=ATf1kGMuLVPklBL1ZtRylSlFthUff7wCSnAbsWmoUKsGb-BxFojSgnSSgwqdYna8abxJfLhl5Lp0OvRCrjxJF85UPntKbBfFLY8H54lbAOCPqpOvqLSt0Vmo2SNRwjv4oH4s6IRMbKLfjf_L

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzYxODcwODY3NDI1NTgwMzA1Ng&google_push=ATf1kGMuLVPklBL1ZtRylSlFthUff7wCSnAbsWmoUKsGb-BxFojSgnSSgwqdYna8abxJfLhl5Lp0OvRCrjxJF85UPntKbBfFLY8H54lbAOCPqpOvqLSt0Vmo2SNRwjv4oH4s6IRMbKLfjf_L
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 dds
rtb.openx.net/sync/ Frame 9CDE 43 B
245 B 61ms
17ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEJktBEQvC-6pnzoSTsKdE-Y&google_cver=1&google_push=ATf1kGNNf21pZRSbvgXmGh0UyfoYZrW3Xmbr4EOPASaiP3QE15RcYtjKqZ7nnqd9d4XHeZeqiRytmEz1NWAe9GRxVOFpIjijf4CgBC1PqTdZ-Tqw-0sMPTUk3w7ZG9Juy4Q3de3Uo4mKynyA
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43

GET
H2

200

/
onetag-sys.com/match/ Frame 9CDE
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESELQXSGJqEpsDJB_bsWeFOf0&google_cver=1&google_push=ATf1kGPS3a8m4Jgu8BEjtO3hCa4oj3HN9i-s9hYbKjTPhNSDjjYnUIAsWdaRfMWy-RlVDhjgvdnKf8blJzU...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGPS3a8m4Jgu8BEjtO3hCa4oj3HN9i-s9hYbKjTPhNSDjjYnUIAsWdaRfMWy-RlVDhjgvdnKf8blJzUElESsv1MPKTQFs7R_BB5SOJVo_teWegsbVi9e...
https://onetag-sys.com/match/?int_id=19&google_error=5

0
151 B

9ms
8ms

Image
text/plain

51.38.120.206
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

51.38.120.206 Hessen, Germany, ASN16276 (OVH, FR),

Reverse DNS

ip206.ip-51-38-120.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 9CDE 0
139 B 85ms
26ms Image
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JSed2YILjFeUZrrltTKKAMBtS8DI2hSu7o-hHW9wBOZSM97liUC2HYJkCiwWrjxX9IOiUPtA

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 17ms
16ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.newtimes.co.rw

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 16ms
15ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.newtimes.co.rw

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 28 KB
13 KB 427ms
427ms XHR
text/plain 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3441115050061315&correlator=2054770699042392&eid=31074646&output=ldjh&gdfp_req=1&vrg=202305090101&ptt=17&impl=fif&iu_parts=21828795265%2CTNT%2CTNT_home&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90&ifi=7&adks=1466315519&sfv=1-0-40&prev_scp=pos%3Dmid_5%26amznbid%3D2%26amznp%3D2%26hb_format%3Dbanner%26hb_size%3D728x90%26hb_pb%3D0.00%26hb_adid%3D25410b23120555b9%26hb_bidder%3DbluTonic&eri=1&sc=1&cookie=ID%3D9aaffe5e15c1aac3%3AT%3D1684183362%3AS%3DALNI_Ma9jKnX2iRWyThg5ibpFngNLZiOxw&gpic=UID%3D00000c17af5f1690%3AT%3D1684183362%3ART%3D1684183362%3AS%3DALNI_MbiM4NLUrzgVL4HLfPYJSLMvXKpsQ&abxe=1&dt=1684183364353&lmt=1684183364&dlt=1684183363227&idt=398&adxs=231&adys=1906&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=3&ucis=7&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.newtimes.co.rw%2F&ref=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&frm=20&vis=1&psz=790x90&msz=728x0&fws=4&ohw=1600&psts=ABHeCvj2NDl10ZMRfTdogB6jJvsMf9fNOHOULUivHy3Eq3QT1F0BkRMdakRjnTbEeZTgY0EHrrAGfwnOug-5JgjaxPr2XqKt&ga_vid=1224847520.1684183361&ga_sid=1684183364&ga_hid=1824289973&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2caca3a8f4096611a9078977b7b23ff759142bf5aad2c10c94be4212bc60e5d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12925
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 31 KB
14 KB 418ms
418ms XHR
text/plain 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3441115050061315&correlator=3771764821633039&eid=31074646&output=ldjh&gdfp_req=1&vrg=202305090101&ptt=17&impl=fif&iu_parts=21828795265%2CTNT%2CTNT_home&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x600&ifi=8&adks=331861308&sfv=1-0-40&prev_scp=pos%3Dhalfpage_2%26amznbid%3D2%26amznp%3D2&eri=1&sc=1&cookie=ID%3D9aaffe5e15c1aac3%3AT%3D1684183362%3AS%3DALNI_Ma9jKnX2iRWyThg5ibpFngNLZiOxw&gpic=UID%3D00000c17af5f1690%3AT%3D1684183362%3ART%3D1684183362%3AS%3DALNI_MbiM4NLUrzgVL4HLfPYJSLMvXKpsQ&abxe=1&dt=1684183364392&lmt=1684183364&dlt=1684183363227&idt=398&adxs=1060&adys=2151&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=4&ucis=8&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.newtimes.co.rw%2F&ref=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&frm=20&vis=1&psz=300x600&msz=300x0&fws=4&ohw=1600&psts=ABHeCvj2NDl10ZMRfTdogB6jJvsMf9fNOHOULUivHy3Eq3QT1F0BkRMdakRjnTbEeZTgY0EHrrAGfwnOug-5JgjaxPr2XqKt&ga_vid=1224847520.1684183361&ga_sid=1684183364&ga_hid=1824289973&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

370e7505063f09eb8f1664dba12c8be80d61b62963ab13c3060b43752a29e093

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14286
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 container.html Show response
a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 34A1 6 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:43 GMT
expires: Tue, 14 May 2024 20:42:43 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame A2FE 2 KB
1 KB 14ms
13ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZGKZQwAPQLQKhZHWAArelSR7iFRp5foQp2NfbQ&u=%7ClPoQj%2FclhXfQxcpR0ZBejVdhABwdtwMV0Itz3TgBfQI%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNy44cDHK1QYNdJ71gdyCWvw29y1GxtacI6iVoVnLQ5srUOwC-sDBJIjvRCy3Ss-BiCTuGilNUvwWnBBu_EXHaPkH5RNgJ0KnX81D7_f_dj6C4lHuSeJmHtU4kVV_nk3PInoMPa3DzXxIneR-eoKPFqW4a0RmcolbAT_oAM0bsj249Uxkyj8SLK3GC41W4UbA1MdhNUkSVNn0Mlt40RMWAtKjIQgKGX7Pn8PnHBceG_m3q2EHzzLLfXgr_lXTegOIGYtprp8OsL2d7CpQBOfO5-QuyDgxE944qGM66Q2z7cTVBY9RNCt37cFupYoTvVnpd4lvARbF5OaYr-L3RwJuB7qKstX6FBMcR0O3StfleUZkMeWxWB_PojhDDUw4iA9hl8yGJ3Xh5zWW4ciT7y_MGJerzrIR8Xb5kUOJgYfMV9BRsUk1_Ky5vLHO3ytTqQSS1IYHIeQqorEKO2McPWEu8sN6EqoL1LvUWwVAfG_svrE9pjRRjo1IYoHkWILlcT2xsmlMsfBrnfkex0ShyHq18XqFis_dKa-j7heGAbfeZfh_OPNBOlwyHjYUHTM_xALfZNZz_1F0i_8-UiZLKa0i4lt54QDYP4_tP&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCXl68Q5liZLSBPdajlgSVvavwDcme0rFc1Z2R93DAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCakCuEm_tTNnsj7gAgCoAwGqBPIBT9BlEac5EqXx13Nx6-vQDMCnuNxYEyeVH3uEsYqRuKAVWzvISsykXO82Vtv3hCYN1jxy28WVZowdb8tBIqA5IC3OqvYRS2V4hNYm1fn6aBVUC_ZFysbPAne5xBS2M5LzogBhzrxYvyd-VWhaHrCMU_fvS_Oo3tDCygehKQBOrPbpo8-Bf16R4is6OF9c9Msti0O9_Cu4kzbqZg_TXhLLgWxIdWYT_pJJ2OivGn3Ccv4v50cioUvlhl_CGwBoR7-05Wb3WUdG_ubCRQD5eFbciWUtdE0drSPikS11cXbd5dHR8jdN3EFf2soQ3IpVWOp_K0fgBAGABpHNpJqwz_r1nQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3atL_huolOcdev-Bicb8uUxwM-8g%26client%3Dca-pub-7554793497192362%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:44 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame A2FE 2 KB
1 KB 17ms
17ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:44 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame A2FE 308 B
636 B 14ms
12ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Thu, 09 May 2024 20:42:44 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame A2FE 293 B
621 B 14ms
13ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Thu, 09 May 2024 20:42:44 GMT

GET
H2 200 lg.php
cat.fr3.eu.criteo.com/delivery/ Frame A2FE 43 B
347 B 19ms
18ms Image
image/gif 178.250.7.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.fr3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=4OWqPJTf_M2yoDUfVFEMIP-ZYpbGZZJeEWLZHNdI1d2bexUFgHeKBiEjpLH31vmduBDMztg3BMIrIxN2nbBek05hUR_iHQ3zq_hVJMFUFfwpJpt6MXdDMIbwjM4dvx2YEzhKfSXvmZtKLX3spe8e-dzQPNmT0QOoCz0JDKCIbWkwMe1WFJlyQn7exjsk0QuWD7PssDpqkR6kaKSFoT_j8SshSDGRMTg1t_rq_ZDdbqsKCPmq59bDsCat-LQ4XcIb4YQjk2lpw_L4X0QcuuArZX-Sq9E3y_xZCqwM-oDDzbLuay84BOG5jQ8d9Nu8JLlJiF6IrZ2qMd3smonC5TshxMvRkYHpVPx3CBlKBJWuA9HFBG_FuOZ7pIuajQMWtciBw49nj0Bp3uHSraWwQPrH05CTsakY3Z0uTIHypHZMsg4MoJ69

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1835279
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

B29933196.366647091;dc_pre=CMqUtvmX-P4CFQae_Qcd98ABiQ;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=64629944ade0bc3dfa8d7745acdff480;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tf...
ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/ Frame A2FE
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/B29933196.366647091;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=64629944ade0bc3dfa8d7745acdff480;dc_lat=;dc_rdid=;tag_for_...
https://ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/B29933196.366647091;dc_pre=CMqUtvmX-P4CFQae_Qcd98ABiQ;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=64629944ade0bc3dfa8d7745...

42 B
118 B

26ms
25ms

Image
image/gif

142.250.186.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/B29933196.366647091;dc_pre=CMqUtvmX-P4CFQae_Qcd98ABiQ;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=64629944ade0bc3dfa8d7745acdff480;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=1;;ltd=;dc_tdv=1?

Requested by

Protocol

Server

142.250.186.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/B29933196.366647091;dc_pre=CMqUtvmX-P4CFQae_Qcd98ABiQ;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=64629944ade0bc3dfa8d7745acdff480;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=1;;ltd=;dc_tdv=1?
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 4debdac53ee04751bc04e558cff50a52_image_ad_728x90.png
static.criteo.net/design/dt/102052/230505/ Frame A2FE 121 KB
122 KB 20ms
19ms Image
image/png 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/design/dt/102052/230505/4debdac53ee04751bc04e558cff50a52_image_ad_728x90.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

e9f4804016ce37219673d8ff2f1720cf85d410d80f25c30c95d2c63af87b356c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 05 May 2023 09:28:27 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "6454cc3b-1e5b2"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 124338
expires: Thu, 09 May 2024 20:42:44 GMT

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
159 B 10ms
9ms XHR
text/plain 54.93.178.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.93.178.54 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-93-178-54.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.newtimes.co.rw
date: Mon, 15 May 2023 20:42:44 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 17 KB
9 KB 120ms
118ms XHR
application/json 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

6057d2f6a2e6adc5409b6989fc40e3987b5dfe26a4a1ea0c67c010d3b39ef470

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 15 May 2023 20:42:44 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 486ccea3-32d6-4c4e-890d-63be8fdf802a
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.newtimes.co.rw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
62 B 21ms
18ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.newtimes.co.rw
date: Mon, 15 May 2023 20:42:44 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 5 KB
3 KB 79ms
77ms XHR
application/json 2602:803:c003:200::41
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17046&site_id=315192&zone_id=1608182&size_id=10&rp_schain=1.0,1!yourbow.com,76,1,,,&rf=http%3A%2F%2Fwww.newtimes.co.rw%2F&kw=newtimes%2Crwandanews%2Ctnt%2Crwanda%2Ckigali%2Cnews%2Ceastafrica&tg_i.ref=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&tg_i.page=http%3A%2F%2Fwww.newtimes.co.rw%2F&tg_i.domain=newtimes.co.rw&tg_i.pbadslot=%2F21828795265%2FTNT%2FTNT_home&tk_flint=pbjs_lite_v7.18.0&x_source.tid=23a1da92-3d93-4e81-a28f-d80c2cec48cc&l_pb_bid_id=146779bae48ccc83&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F21828795265%2FTNT%2FTNT_home&slots=1&rand=0.49118247308067264
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::41 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 476eb398666953b1eb8f720fce8373dcd7b3143c0942e9449fa41fea325ccef6

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: gzip
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.newtimes.co.rw
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 140 B
1 KB 8ms
7ms XHR
application/json 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

865b3edd4c3bca3bc6cdc089ccdea0443754434c01dd96084a0eaae4e1da3aa4

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:44 GMT
AN-X-Request-Uuid: 282f6ef5-caf9-4893-9033-20e8e7386723
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.newtimes.co.rw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 140
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
782 B 47ms
46ms XHR
application/json 34.107.148.139
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CUN4B97C
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: d806e9e11b3c848d4b72bd33f961764cb8c9557ca6351749f90275ea05183055

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: gzip
via: 1.1 google
server: nginx
accept-ch: Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
expires: Mon, 15 May 2023 20:42:44 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 27 KB
12 KB 427ms
426ms XHR
text/plain 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3441115050061315&correlator=2892973737100360&eid=31074646&output=ldjh&gdfp_req=1&vrg=202305090101&ptt=17&impl=fif&iu_parts=21828795265%2CTNT%2CTNT_home&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x600&ifi=9&adks=1400786959&sfv=1-0-40&prev_scp=pos%3Dhalfpage_3%26amznbid%3D2%26amznp%3D2%26hb_format%3Dbanner%26hb_size%3D300x600%26hb_pb%3D0.01%26hb_adid%3D256f0a2c40013e2f%26hb_bidder%3DbluTonic&eri=1&sc=1&cookie=ID%3D9aaffe5e15c1aac3%3AT%3D1684183362%3AS%3DALNI_Ma9jKnX2iRWyThg5ibpFngNLZiOxw&gpic=UID%3D00000c17af5f1690%3AT%3D1684183362%3ART%3D1684183362%3AS%3DALNI_MbiM4NLUrzgVL4HLfPYJSLMvXKpsQ&abxe=1&dt=1684183364464&lmt=1684183364&dlt=1684183363227&idt=398&adxs=1060&adys=2925&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=5&ucis=9&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.newtimes.co.rw%2F&ref=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&frm=20&vis=1&psz=300x600&msz=300x0&fws=4&ohw=1600&psts=ABHeCvj2NDl10ZMRfTdogB6jJvsMf9fNOHOULUivHy3Eq3QT1F0BkRMdakRjnTbEeZTgY0EHrrAGfwnOug-5JgjaxPr2XqKt&ga_vid=1224847520.1684183361&ga_sid=1684183364&ga_hid=1824289973&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c393438c42a8da364ae5b6456c31add84859b53a0a62239796a5c7d78ce8f46c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12551
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 container.html Show response
a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame FF84 6 KB
3 KB 7ms
6ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:43 GMT
expires: Tue, 14 May 2024 20:42:43 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame F425 624 B
577 B 70ms
46ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPL6BhCIo0gYxNG26AEwAQ&v=APEucNXyW61cRFhlkQf8sJj7kA9ide9dAnKXUJlfGF3CHBrt98RFby7sm3a4HYO0ul2D9u_Msv6KDzrMPb0fzgqvq_-Tom1A0KnRiAs2sdvfnf7gUMAwUcqWKMXJB_vauw7L0aZpGWF4ZXLtnob3Rpje8QljRm9RM9V9fWIZqxFQd8emNa2Ju7U

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:44 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 34A1 78 KB
27 KB 84ms
84ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Mon, 15 May 2023 20:42:44 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 34A1 42 B
63 B 43ms
41ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DiuXEwQxyvGvE9BUJgirWxIr7-ehapI3QEXE5qjgsu8Fnn0oOb9T4tRdCWswVAVnacXbfifne1NHNVtrMeASIp8rN6JzU27GWGKgpEaYf8pLPwMHI

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 34A1 0
20 B 43ms
42ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=12117149635090073868&x=1&ct=77

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
track.adform.net/adfscript/ Frame 34A1 3 KB
3 KB 113ms
31ms Script
text/javascript 37.157.3.20
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfscript/?bn=64253744;click=https://m.exactag.com/cl.aspx?extProvId=327&extPu=vf-dv360&extLi=17041625256&extPm=17041625256&extCr=487434436&url=https://googleads.g.doubleclick.net/dbm/clk?sa=L&ai=CrqQkRJliZL6lBsGllgTkwK6oA_KR0cZrz5aTwvYRmJL4h7MCEAEgsL2jkAFglfqXgqwHoAGR_tGiA8gBCakCuEm_tTNnsj6oAwGqBIkCT9CB-Sc0PIt7x3ohWXjC8X9spFNiH3x2kro_ABnwbTIy1B-9M2pznZA5MT9oFHLRI5faDFDPyOnwmmKVMENmu4txmplvb2kOr1aNF4EGqrpxudX4zpJR_lRsVANdXpbGphLhy4larPwyZ5_EWI3PuxCuGjaoa6jh8Mk9MlvfntFuW4t0qnAw3Lj-u-7oCM4ByQLkC4GySXRGbVmTXSiZgh1e3Eal609hT5uAlK6PtHMqZ2Kwohwc14RtRo1TA8HbVsjEF4e98flVKQXKVE7RcT7AmxrboP6eIeLc2Zhkdu9-a-Pr0W1npDrBb0pCh2yOyR3FeNmg-Z3Log9vAc2I6sV-NZQc5DmBSMAEhJybw_oD4AQDkAYBoAZNgAfXga5dqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHTICqgI6AoBASL39wTqACgOYCwHICwGADAGwE6yFrRPQEwDYEwrYFAHQFQH4FgGAFwHoFwQ&ae=1&num=1&cid=CAQSPABygQiDp2tdQgqR_73fjJ94LVTaZCu4XQQapi-BI0Up1zY-Yj7ZuMP0wvZN-UuAS_zrr_zp52ZVbdfmdhgB&sig=AOD64_0GU8AMnAPWUKzfuzG6LLFZb6nztQ&client=ca-pub-7554793497192362&dbm_c=AKAmf-BmXboRN0G3u4RFCQGEO9W3LP1fEAEbAFO656GpylDTRcbD6Vr13Qkxclho9dQV474tAOq3j2qa8RdOi72kgUKqpbOkI-CXpFLsn5O6w2fStH44mIe-K2cW-SMC0R8gSVOO7PBHchUlmNOt0cKQp2KLIgC9WM1rBfM99z4bC9oTc0H2QVg&cry=1&dbm_d=AKAmf-BFNNfozZ8QbF1g8YN2OaJ6kcO9U0H1LKN1O3s38jf7MaK2TgBK01h_BwOjnY_bQ3QaYpsXnUBJTy6F5o-99YEyLHem8ccC2qVVhM4WOVmnDEV71p1V55HVghpaBs8_z3qSOMOaRRubRgt_EhwBo_Eyb26HLMscya1yBlPmDhz3-QoX9sgQz9rY_AipVaMSmw26fs56nLIoYzJs7JjmbxpA5KdcjmSrbEa6wc5RqTmXaZj2IL3E8hm0rqIRxYWPnw6_R9q1X91QSI4sb7X6Qfa4F1ldiIj922-xcY68H89_6IhF84TYp2p80YuuvH_XTtl2UKW572NkuCMXWAjiScFTL7c_3NO-Nj1X0SeJrkxs2dpso-OUoI2noT56nqoL9kRiW6nuDtE7b__1S8pwkEuDg--PWW_uK8OgA4eBzDiMawqHR9_50jUUydPiSHcGTxU2-VfoIsqxHH_ZGrn8HfxOZ8qTtiR0HIvBxXHakRja52JEbUJPWi9xfM22he5BnbPxL2V66C-zqltYxKBl6MLU_vg9oA&adurl=

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.20 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

efe07ef16a3c928477d486d33b681e6258bf89947de2dd34b3413677bdf20f01

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 2809
expires: -1

GET
H/1.1 200
OK ai.aspx Show response
m.exactag.com/ Frame 34A1 43 B
1 KB 87ms
25ms Script
image/gif 213.202.235.10
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL

https://m.exactag.com/ai.aspx?extProvId=327&extPu=vf-dv360&extLi=17041625256&extPm=17041625256&extCr=487434436&rnd=1684183364103102

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

213.202.235.10 Nagold, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Resource Hash

6b3da89922d333d106b84fefeebd7b16bfebf4cfbd7bef37fa10a47c471ae64c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Date: Mon, 15 May 2023 20:42:43 GMT
X-Content-Type-Options: nosniff
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
cross-origin-resource-policy: cross-origin
Connection: close
X-ET-Monitoring: 1
Content-Length: 43
X-Xss-Protection: 0
Pragma: no-cache
Last-Modified: Mo, 15 Mai 2023 08:42:44 GMT
X-ET-Code: 0
Accept-CH: sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
Access-Control-Max-Age: 1000
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
Cache-Control: private
Access-Control-Allow-Credentials: true
X-ET-Camp: 1756
Access-Control-Allow-Headers: *
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/ Frame 34A1 3 KB
1 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/window_focus_fy2021.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 18:31:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7893
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 May 2023 18:31:11 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/ Frame 34A1 19 KB
8 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

01dcaf85f2ae23a30115cf4a663e90b4a507dc688c4c17f9ebddc3cf19fee780

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 12:20:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30106
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7937
x-xss-protection: 0
server: cafe
etag: 2499949999788435271
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 May 2023 12:20:58 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 34A1 0
0 17ms
15ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRibw-Csgmfitgl-iLEuTn1V4Ok3csCc0-y3NxhuQT0wdrWG1Y02MTDGFV-NvmZudsC70YfFaBdENFr1nV9wsoU4YO4cw
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 34A1 169 KB
52 KB 55ms
53ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fdc79b8c47c6d5c20def82fa5f6a91e3cbe3057bff3f8b14b5c2c71dc9b57ec4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53545
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1683718549123860"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 15 May 2023 20:42:44 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame A2FE 0
127 B 13ms
13ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=b-6_hFw-_Msrj2Khnp71XyqZmbMp0QFQVEwp9sxB7Fx0TEL3gJbXrANr0A0kZ6_jT7V9qcFxcRHjqAUWfQtyqiR43HN3bU1oyCqHl81OKyx3Rh8cAVm8zHxh0wRdrC8ADbKMDEiCDhxoL7D47OHT4XTJ9irwasj3X7jb0kpm34px3ZOQ_0rA0uEaQUInqt23SeWd5NE9rYWpd5qQKxi_80QZ-EuIzQxOxdQoH2PmNmoresWveLSt1bMX2S9_2ScXvqxqXQ&sds=2&rev=86118.2&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 15 May 2023 20:42:43 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame A2FE 2 KB
1 KB 14ms
14ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:44 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame A2FE 2 KB
1 KB 13ms
13ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:44 GMT

GET
H3 200 container.html Show response
a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 9151 6 KB
3 KB 8ms
8ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:43 GMT
expires: Tue, 14 May 2024 20:42:43 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
782 B 63ms
63ms XHR
application/json 34.107.148.139
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CUN4B97C
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 4123286ddf4737410cf8c0a221113d893446d78ccac8eaab928150d428f055bc

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: gzip
via: 1.1 google
server: nginx
accept-ch: Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
expires: Mon, 15 May 2023 20:42:44 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 146 B
1 KB 199ms
199ms XHR
application/json 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

deb8fb5f788a02003259546a7cc16c3cbc86c93299b04f4cef8cb10cda0bba71

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:44 GMT
AN-X-Request-Uuid: b7f8601c-79e4-42ac-ac91-4ed99f36c335
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.newtimes.co.rw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 146
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 404 B
439 B 98ms
98ms XHR
application/json 2602:803:c003:200::41
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17046&site_id=315192&zone_id=1608182&size_id=2&rp_schain=1.0,1!yourbow.com,76,1,,,&rf=http%3A%2F%2Fwww.newtimes.co.rw%2F&kw=newtimes%2Crwandanews%2Ctnt%2Crwanda%2Ckigali%2Cnews%2Ceastafrica&tg_i.ref=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&tg_i.page=http%3A%2F%2Fwww.newtimes.co.rw%2F&tg_i.domain=newtimes.co.rw&tg_i.pbadslot=%2F21828795265%2FTNT%2FTNT_home&tk_flint=pbjs_lite_v7.18.0&x_source.tid=2612d1e5-ba31-4eb7-bd95-a0e288b38458&l_pb_bid_id=15681c117664458d&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F21828795265%2FTNT%2FTNT_home&slots=1&rand=0.32422541962078455
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::41 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 43772d0c0912ae0105fe6e233954f712abfd00988887b9fdf82155ff6f7f6a08

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.newtimes.co.rw
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 404
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
62 B 28ms
28ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.newtimes.co.rw
date: Mon, 15 May 2023 20:42:44 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
159 B 9ms
9ms XHR
text/plain 54.93.178.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.93.178.54 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-93-178-54.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.newtimes.co.rw
date: Mon, 15 May 2023 20:42:44 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 17 KB
9 KB 103ms
103ms XHR
application/json 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

657167e520d451316ece919aca23fec1febdb362a3d3e3fc4167650994162810

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 15 May 2023 20:42:44 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 314f57e9-b2eb-47ef-8dfa-2dc08b1d56fc
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.newtimes.co.rw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 27 KB
12 KB 432ms
432ms XHR
text/plain 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3441115050061315&correlator=1570970253006354&eid=31074646&output=ldjh&gdfp_req=1&vrg=202305090101&ptt=17&impl=fif&iu_parts=21828795265%2CTNT%2CTNT_home&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90&ifi=10&adks=4183145969&sfv=1-0-40&prev_scp=pos%3Dmid_7%26amznbid%3D2%26amznp%3D2&eri=1&sc=1&cookie=ID%3D9aaffe5e15c1aac3%3AT%3D1684183362%3AS%3DALNI_Ma9jKnX2iRWyThg5ibpFngNLZiOxw&gpic=UID%3D00000c17af5f1690%3AT%3D1684183362%3ART%3D1684183362%3AS%3DALNI_MbiM4NLUrzgVL4HLfPYJSLMvXKpsQ&abxe=1&dt=1684183364536&lmt=1684183364&dlt=1684183363227&idt=398&adxs=436&adys=3308&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=6&ucis=a&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.newtimes.co.rw%2F&ref=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&frm=20&vis=1&psz=1200x90&msz=728x0&fws=4&ohw=1600&psts=ABHeCvj2NDl10ZMRfTdogB6jJvsMf9fNOHOULUivHy3Eq3QT1F0BkRMdakRjnTbEeZTgY0EHrrAGfwnOug-5JgjaxPr2XqKt&ga_vid=1224847520.1684183361&ga_sid=1684183364&ga_hid=1824289973&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bd94b067d8b7054e2843e9e9f36f37bfcfcbccdd6af9b802b17592e25ec0364c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12434
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 container.html Show response
a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame DAFA 6 KB
3 KB 7ms
6ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:43 GMT
expires: Tue, 14 May 2024 20:42:43 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
782 B 40ms
40ms XHR
application/json 34.107.148.139
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CUN4B97C
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 1aa56732c8650e0428f71aaf8f34af692aa6ddbd7d69c2b027ad3dced5c1ae74

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: gzip
via: 1.1 google
server: nginx
accept-ch: Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
expires: Mon, 15 May 2023 20:42:44 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 139 B
1 KB 19ms
19ms XHR
application/json 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

76043d66d53eba14dd3f9e79b968ccd9256fb819baac13bcb73b99abc8bbd484

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:44 GMT
AN-X-Request-Uuid: 3f47e307-bc75-48fc-b49e-9b256754c6eb
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.newtimes.co.rw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 139
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 17 KB
9 KB 173ms
173ms XHR
application/json 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

88564507655af146da38c51488f494e6bd017c94ef9046a04b7dd2692deb5966

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 15 May 2023 20:42:44 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: c8a5da17-37fd-4bc7-874f-398e1bf4739d
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.newtimes.co.rw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
159 B 9ms
8ms XHR
text/plain 54.93.178.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.93.178.54 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-93-178-54.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.newtimes.co.rw
date: Mon, 15 May 2023 20:42:44 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 404 B
439 B 86ms
86ms XHR
application/json 2602:803:c003:200::41
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17046&site_id=315192&zone_id=1608182&size_id=2&rp_schain=1.0,1!yourbow.com,76,1,,,&rf=http%3A%2F%2Fwww.newtimes.co.rw%2F&kw=newtimes%2Crwandanews%2Ctnt%2Crwanda%2Ckigali%2Cnews%2Ceastafrica&tg_i.ref=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&tg_i.page=http%3A%2F%2Fwww.newtimes.co.rw%2F&tg_i.domain=newtimes.co.rw&tg_i.pbadslot=%2F21828795265%2FTNT%2FTNT_home&tk_flint=pbjs_lite_v7.18.0&x_source.tid=c55ea841-e6a2-462d-bcf1-ed859a564b7d&l_pb_bid_id=172957f39d3c7ee8&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F21828795265%2FTNT%2FTNT_home&slots=1&rand=0.48978815414163224
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::41 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 00c1589aade28c29bf3a73a986dbbd46497ab5ca0e8dd15a3dab2c5683f5a385

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.newtimes.co.rw
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 404
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
62 B 158ms
158ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.newtimes.co.rw
date: Mon, 15 May 2023 20:42:44 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 28 KB
13 KB 419ms
419ms XHR
text/plain 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3441115050061315&correlator=4139426748835976&eid=31074646&output=ldjh&gdfp_req=1&vrg=202305090101&ptt=17&impl=fif&iu_parts=21828795265%2CTNT%2CTNT_home&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90&ifi=11&adks=3618979420&sfv=1-0-40&prev_scp=pos%3Dmid_6%26amznbid%3D2%26amznp%3D2&eri=1&sc=1&cookie=ID%3D9aaffe5e15c1aac3%3AT%3D1684183362%3AS%3DALNI_Ma9jKnX2iRWyThg5ibpFngNLZiOxw&gpic=UID%3D00000c17af5f1690%3AT%3D1684183362%3ART%3D1684183362%3AS%3DALNI_MbiM4NLUrzgVL4HLfPYJSLMvXKpsQ&abxe=1&dt=1684183364587&lmt=1684183364&dlt=1684183363227&idt=398&adxs=436&adys=2534&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=7&ucis=b&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.newtimes.co.rw%2F&ref=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&frm=20&vis=1&psz=1200x90&msz=728x0&fws=4&ohw=1600&psts=ABHeCvj2NDl10ZMRfTdogB6jJvsMf9fNOHOULUivHy3Eq3QT1F0BkRMdakRjnTbEeZTgY0EHrrAGfwnOug-5JgjaxPr2XqKt&ga_vid=1224847520.1684183361&ga_sid=1684183364&ga_hid=1824289973&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6f25619d3b1d1c77455851ea1f8051fadf8fedd8886b5e8066ad648b46aef2ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12925
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 28 KB
13 KB 246ms
246ms XHR
text/plain 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3441115050061315&correlator=1329258028957521&eid=31074646&output=ldjh&gdfp_req=1&vrg=202305090101&ptt=17&impl=fif&iu_parts=21828795265%2CTNT%2CTNT_home&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x600&ifi=12&adks=2044953979&sfv=1-0-40&prev_scp=pos%3Dhalfpage_4%26amznbid%3D2%26amznp%3D2%26hb_format%3Dbanner%26hb_size%3D300x600%26hb_pb%3D0.02%26hb_adid%3D258b1af75d99b17d%26hb_bidder%3Drubicon&eri=1&sc=1&cookie=ID%3D9aaffe5e15c1aac3%3AT%3D1684183362%3AS%3DALNI_Ma9jKnX2iRWyThg5ibpFngNLZiOxw&gpic=UID%3D00000c17af5f1690%3AT%3D1684183362%3ART%3D1684183362%3AS%3DALNI_MbiM4NLUrzgVL4HLfPYJSLMvXKpsQ&abxe=1&dt=1684183364597&lmt=1684183364&dlt=1684183363227&idt=398&adxs=1060&adys=3699&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=8&ucis=c&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.newtimes.co.rw%2F&ref=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&frm=20&vis=1&psz=300x600&msz=300x0&fws=4&ohw=1600&psts=ABHeCvj2NDl10ZMRfTdogB6jJvsMf9fNOHOULUivHy3Eq3QT1F0BkRMdakRjnTbEeZTgY0EHrrAGfwnOug-5JgjaxPr2XqKt&ga_vid=1224847520.1684183361&ga_sid=1684183364&ga_hid=1824289973&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3083fb6b3c52a3aa42a16a169bb5880bf2863ee12ebde92411f1786c57002946

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13067
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame FF84 0
0 63ms
63ms Fetch
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CqlNeRJliZKKgC5SQ9fgP3bKw4AnJntKxXNWdkfdwwI23ARABIABglfqXgqwHggEXY2EtcHViLTc1NTQ3OTM0OTcxOTIzNjLIAQmpArhJv7UzZ7I-4AIAqAMBqgT2AU_Q0H2qdv8g299fH6msNA5uX4iXfkbjwrfkSSLMWJ30o4RSION7mqbkaLNh5K01MyhzyZYw1lsJI93Gw8wgJCu0hfZqp9REKLSsdzk1bXAPfg94iAT4C6b-V0ozmV7pg-Q_OJSqtLN5pUs5_cuerLUpk-0rBmj3ebQp8LYb6IhVJ4CA0krsfmaxLLjeACqnfJcW-7eLu9OUyh5pjRT0DCgoHO6iD9j9evqKhxxNzQX-cDmLIjlhmnZCEHKs_R0HTbro9GqD1_Meb-n1LlwC8UniFdtsXV7e7yHR1NcSvRyTUBXDiDdgsbFU1aFpZeXBknMukIwV-OAEAYAGkc2kmrDP-vWdAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgECACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItNzU1NDc5MzQ5NzE5MjM2Mhj8oHI&sigh=_yFDY_aGgKQ&uach_m=[UACH]&cid=CAQSPABygQiDtWAvLa4L6VdzrSCWX_r72i6xOcSVqGAER2fIgZxwUfH0veZnIsGsTuFB5gHtWCqa7i3ijiGTGBgB
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

GET
H2 200 notify
rtb.nl3.eu.criteo.com/google/auction/ Frame FF84 0
0 22ms
14ms Fetch 2a02:2638:3::9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.nl3.eu.criteo.com/google/auction/notify?profile=14&payload=kP7cFo-lBKwC2ASdg2ICAgAAAByNNkC_8VkOEEOZYmSA040d0mnKJG1LAAASAAAKCkFRVUJBUUVCQVE&wp=ZGKZRAAC0CIJHUgUAAwZXX043s1SQ-B5p9s2IQ

Requested by

Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 196475
server: Kestrel
content-length: 0

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 2421 48 KB
19 KB 45ms
41ms Document
text/html 2a02:2638:d::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZGKZRAAC0CIJHUgUAAwZXX043s1SQ-B5p9s2IQ&u=%7ClPoQj%2FclhXf9WwOXP9QuTgwEw3HDIF8JxjgYB64EZRc%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNTJmLEv97WHnUtKOrKYxIgy15bW8W2rqt8moXOmZ61Js1hV2A5U12MlBuvHpjHFyABkMtCN3PGOM0RjLNu6hUrhecSBrGn2DX8YQCQMDfHNUVqEzAWaeEEyQASNw72j2bsUhFa1AEOIZ9zVz9Ir7gdtrLjiVONBhNAkQsvnmQJW8ktDaPjE3xJEkBusv6-PufQ-z71X7YXzB01C9ixarmSrQSMzQu6A6aeo7ySRkb_u0-o4HCyPJGVCm6Lbi18wqT7LkAduJGcX5sRtUdXsNTf2wE-9jdOSRbuKiFMKBmxwFGOXaQvDsRGoYGwLlyUbCyNs2BmPRM1otZePEM3rGQG2_G5VPRTlUEU32DsvEUm_ecFukIb7cH87qH_kpLgqzhgpVtICTFq750ck3kwHBIZGFvyySOB_-USuMyfTuJ78oZOr-RjDKzkK7Wcc6x7ASY5alFcmW57KYcrLpQLYrmZZ_cGdqf1c_H-1-NRiLyEwOGn9fVTo-4TOskRGr5DkQ3firlfhtjkqUZ_qurFOqBw0PMXXjhU0FTN2UjWWzvW2qk1CXKXKufNdOYAmjVJbASPkn4yS3U5MWcGlA_uktKh-PhFD09rAWSn5IH0q8sBVM&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCtGXJRJliZKKgC5SQ9fgP3bKw4AnJntKxXNWdkfdwwI23ARABIABglfqXgqwHggEXY2EtcHViLTc1NTQ3OTM0OTcxOTIzNjLIAQmpArhJv7UzZ7I-4AIAqAMBqgT5AU_Q0H2qdv8g299fH6msNA5uX4iXfkbjwrfkSSLMWJ30o4RSION7mqbkaLNh5K01MyhzyZYw1lsJI93Gw8wgJCu0hfZqp9REKLSsdzk1bXAPfg94iAT4C6b-V0ozmV7pg-Q_OJSqtLN5pUs5_cuerLUpk-0rBmj3ebQp8LYb6IhVJ4CA0krsfmaxLLjeACqnfJcW-7eLu9OUyh5pjRT0DCgoHO6iD9j9evqKhxxNzQX-cDmLIjlhmnZCEHKs_R0HTbro9GqD1_Meb-n1LlwC8UmgF_r-2tFC_J5NwHTCgLprWQHJPj1OqTPgHZzPl1rfvmurOggGR4DWFuAEAYAGkc2kmrDP-vWdAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_34QNOaOQL60_JzGoZ7Z9i76lY1jw%26client%3Dca-pub-7554793497192362%26adurl%3D

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e6269c74faf4e92126e6e69f925e200718eb51014c734cca380b0849e68d0b8e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:44 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=h8UPK1w-_Msrj2KhXGDUTGpoMDFTEB4qJO7gRqv-GsRVBwtjajorNgonRwcBsM7pr7oyTfK0wFF1-HzERrwzAJ1DU-eimEyo2UhjhKqWxL5UrPXFWdbbr8QPNn_aE6C3n9wCRrffhQar8OvdedW8_uLBknU421082HIWDmkvPOYtk5B4Joc_ARPCxMF-8_MSgPcAbWdB7i-GBnAnwGAOYdSwvAC2QTJUknJ6Os6rfIL2dvC6QqcuxVWOchGmESdXEncS8w"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 2962067
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/ Frame FF84 3 KB
1 KB 13ms
9ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/window_focus_fy2021.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 18:31:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7893
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 May 2023 18:31:11 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame E024 1 KB
643 B 21ms
14ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34711
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 11:04:13 GMT
etag: 48472445140208031
expires: Tue, 16 May 2023 11:04:13 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/ Frame FF84 19 KB
8 KB 16ms
13ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

01dcaf85f2ae23a30115cf4a663e90b4a507dc688c4c17f9ebddc3cf19fee780

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 12:20:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30106
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7937
x-xss-protection: 0
server: cafe
etag: 2499949999788435271
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 May 2023 12:20:58 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame FF84 0
0 22ms
18ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRHba4bF8d3ghg5pQbR_OMN4wy8QSZ_g1veC-WeIPf_L2e2Hhoq9SjuYQ_AO5FAtt8iLcwAyjrCZ8OcB-oTNKlscbSY5g
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame FF84 24 KB
6 KB 17ms
13ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Fri, 12 May 2023 14:52:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 280229
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 11 May 2024 14:52:15 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame FF84 169 KB
52 KB 68ms
65ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fdc79b8c47c6d5c20def82fa5f6a91e3cbe3057bff3f8b14b5c2c71dc9b57ec4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53545
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1683718549123860"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 15 May 2023 20:42:44 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame F425
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJDBTnLMHkZEUs7_qiqSR8s&google_cver=1

43 B
766 B

8ms
7ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJDBTnLMHkZEUs7_qiqSR8s&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPL6BhCIo0gYxNG26AEwAQ&v=APEucNXyW61cRFhlkQf8sJj7kA9ide9dAnKXUJlfGF3CHBrt98RFby7sm3a4HYO0ul2D9u_Msv6KDzrMPb0fzgqvq_-Tom1A0KnRiAs2sdvfnf7gUMAwUcqWKMXJB_vauw7L0aZpGWF4ZXLtnob3Rpje8QljRm9RM9V9fWIZqxFQd8emNa2Ju7U
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:44 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJDBTnLMHkZEUs7_qiqSR8s&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame F425
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZGKZRCybRghSAFROgsBfOQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJDBTnLMHkZEUs7_qiqSR8s&google_cver=1

43 B
766 B

7ms
7ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJDBTnLMHkZEUs7_qiqSR8s&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPL6BhCIo0gYxNG26AEwAQ&v=APEucNXyW61cRFhlkQf8sJj7kA9ide9dAnKXUJlfGF3CHBrt98RFby7sm3a4HYO0ul2D9u_Msv6KDzrMPb0fzgqvq_-Tom1A0KnRiAs2sdvfnf7gUMAwUcqWKMXJB_vauw7L0aZpGWF4ZXLtnob3Rpje8QljRm9RM9V9fWIZqxFQd8emNa2Ju7U
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:44 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEJDBTnLMHkZEUs7_qiqSR8s&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame F425
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESELwv1VITRpQ6NqHTvhQlmB8&google_cver=1

43 B
1 KB

8ms
7ms

Image
image/gif

37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESELwv1VITRpQ6NqHTvhQlmB8&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPL6BhCIo0gYxNG26AEwAQ&v=APEucNXyW61cRFhlkQf8sJj7kA9ide9dAnKXUJlfGF3CHBrt98RFby7sm3a4HYO0ul2D9u_Msv6KDzrMPb0fzgqvq_-Tom1A0KnRiAs2sdvfnf7gUMAwUcqWKMXJB_vauw7L0aZpGWF4ZXLtnob3Rpje8QljRm9RM9V9fWIZqxFQd8emNa2Ju7U

Protocol

HTTP/1.1

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:44 GMT
AN-X-Request-Uuid: 77c5022e-180c-48f6-850d-178aa1f199f1
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESELwv1VITRpQ6NqHTvhQlmB8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F425
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTIwNDYxNzg3Mjg2MTM0MzMyOA%3D%3D

170 B
188 B

23ms
23ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTIwNDYxNzg3Mjg2MTM0MzMyOA%3D%3D

Requested by

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Mon, 15 May 2023 20:42:44 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: e0723055-3ec3-4c19-a4ea-2689f5817ad4
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTIwNDYxNzg3Mjg2MTM0MzMyOA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 8109 640 B
308 B 61ms
42ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMbfsgIQuOmt-QIY7cL05QEwAQ&v=APEucNUSK0V_idwQzashypXQfxsot3Dy7H1BDqPgT73CBCpaz_kt2XId0uv86kkKtHIGwIDmbbHfUuG4ZY61HsUWV3DrjETDhCyU32LoBWefvwTKoiPKOs5LFXVLhg5fj0PG7cCt-gLo1Sd3KBySw-sSROSsAoLvzOe2iycv-noEraFcB9DCYhM

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:44 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 9151 78 KB
27 KB 86ms
77ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Mon, 15 May 2023 20:42:44 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9151 42 B
63 B 51ms
42ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BYNAapaWR96QRBnDLdiKTtfQ9sUlgvraMu-GG9ntWUhlnPx7cLXtKo8EfWvS3FsfNOfjgR2fEJ5RuDiSslkyU0Hy6236Vaibqu__ioUsek1KFS9ts

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9151 0
20 B 51ms
43ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=5103912680228166944&x=1&ct=77

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
track.adform.net/adfscript/ Frame 9151 3 KB
3 KB 41ms
22ms Script
text/javascript 37.157.3.20
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfscript/?bn=63096195;click=https://m.exactag.com/cl.aspx?extProvId=327&extPu=vf-dv360&extLi=19904691783&extPm=19904691783&extCr=482156909&url=https://googleads.g.doubleclick.net/dbm/clk?sa=L&ai=CcTRaRJliZJ2JDI6elgSnxou4CLvD9uhvqeiMxPoQ8p7coNQBEAEgsL2jkAFglfqXgqwHoAH2vq2YKMgBCakCuEm_tTNnsj6oAwGqBIYCT9CIvKejrV9t6dS9up0yEYAk2Gcb3E5B95DR_aaW7W-DabiPvOM_T423zcDKSbhcUnNo7Zzr72V7uxLJWr4ckh4AZehKR3eJ1OBIn0z1hmUczqJUfQjvXt4JxO8WUEesN8_c21_Z5VZF-SYKIGnTGkpU4dwYBf8jo6m6EvX_tEDhxzUeXPeqQiSPxU2teMrniXB9HuEy_X8qTeRUJE8aU_cGUxKyAfMyPP7yw4V4-QYIfjvrfXoP5Tu_eAXFJthRRbfOOGavMbYX0rhuUN9wP-ZM8BucgnILLy3pSOz4PokCjt-Xq0XTcEw72BPiuBSMDBuAdKp8DXuvy0kov-8t3KKZjAqhdsAEtffWsqUE4AQDkAYBoAZNgAf29v33AqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoDmAsByAsBgAwBsBP2hJUT0BMA2BMN2BQB0BUB-BYBgBcB&ae=1&num=1&cid=CAQSPABygQiDU_BaR7EWUPMD1rq-ha8Woieb3mwLymwmAIz2mBqPLdkaxn7uaVqszBjJ6JLpNcn5uOfSJVz4jhgB&sig=AOD64_0qps1bzJijZzdqqYZuHjntYJRPPg&client=ca-pub-7554793497192362&dbm_c=AKAmf-DaSWTmfKBwq7xrKajGmUC3nWXY73Um7pGlCiVOSFG82N_guictalNl1ut0rSSRyk9vKhCB8kv8Juev7mELxYkIYzSEaT3V7MJN4lF18oKYgIj7nDNOPXPiNGMuqFZ0pgIoAopITmgcfI2MnNpQu-A7p0pMbl4vCV5X1KOOFQH6RyW_lGY&cry=1&dbm_d=AKAmf-B6B3Zi6RRs38jyLM4ZGIoD3hblQ4WIbJHIjwtz1WoqIoxXMxlK6DthtRIgdnN72pRoFLKsSis90BUowRlF3vjbJr5VB61tkMtmW07_CrV8Pop8wGpXfoHE5_Xxtgee4L7Jq45l_S5T5b8gvwHaHZhyONdEt8RsdZR_EkGyiV9rzeNMugAgTgkCr4LW68upfaJxvnHGjgshmPVd-2o6mWDDhOLtfalyo-MYnA3sUikbVDCOeE-W5NusED8Osc8tuecSDjKeA_vP2B23IGsTSFmKpxtul67Q2hBZC225Dugut3MVQ9rqPqmf09fdruevPz_FvYqPznG9lrOVIpWyj7yWy3qK8h_CL6cSMzIBjuQxdqW-9_5gv0xHPAkLK4phndL0KnrO9ilRZYFbqmQS_nQWI7MTfFhK6xBUMlOp1TYGpxz6tjRolNbRUPM0FKH4ujAcpSKeYEyqhotPmoEvT8rX9p1ET_0J26SDnxBcVP2y4nrDNA-UkKmk5LkbKauW9sqAnoQY9Mp60g-nJAywB84dc59BF1ixVckCl5RDsZU3GnCht6s&adurl=

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.20 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

0ff6b83e67efbd51581ea1d99ebff57169b8b174d9b1785f7ad53d415c5e44ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 2828
expires: -1

GET
H/1.1 200
OK ai.aspx Show response
m.exactag.com/ Frame 9151 43 B
1 KB 78ms
21ms Script
image/gif 213.202.235.10
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL

https://m.exactag.com/ai.aspx?extProvId=327&extPu=vf-dv360&extLi=19904691783&extPm=19904691783&extCr=482156909&rnd=1684183364197789

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

213.202.235.10 Nagold, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Resource Hash

6b3da89922d333d106b84fefeebd7b16bfebf4cfbd7bef37fa10a47c471ae64c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Date: Mon, 15 May 2023 20:42:44 GMT
X-Content-Type-Options: nosniff
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
cross-origin-resource-policy: cross-origin
Connection: close
X-ET-Monitoring: 1
Content-Length: 43
X-Xss-Protection: 0
Pragma: no-cache
Last-Modified: Mo, 15 Mai 2023 08:42:44 GMT
X-ET-Code: 0
Accept-CH: sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
Access-Control-Max-Age: 1000
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
Cache-Control: private
Access-Control-Allow-Credentials: true
X-ET-Camp: 1756
Access-Control-Allow-Headers: *
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/ Frame 9151 3 KB
1 KB 20ms
11ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/window_focus_fy2021.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 18:31:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7893
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 May 2023 18:31:11 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/ Frame 9151 19 KB
8 KB 20ms
11ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

01dcaf85f2ae23a30115cf4a663e90b4a507dc688c4c17f9ebddc3cf19fee780

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 12:20:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30106
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7937
x-xss-protection: 0
server: cafe
etag: 2499949999788435271
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 May 2023 12:20:58 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 9151 0
0 32ms
23ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTWZ79nxtF0VlR5pPoQBIwY1p3lxiNKsUqTkaqGB2-mUCu34a0bI9xulzEUnWiq33BF5AxKHcoHq-uiUPtVAVl-wckQrA
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9151 169 KB
52 KB 106ms
96ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fdc79b8c47c6d5c20def82fa5f6a91e3cbe3057bff3f8b14b5c2c71dc9b57ec4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53545
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1683718549123860"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 15 May 2023 20:42:44 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame DAFA 0
0 59ms
49ms Fetch
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Ce5fSRJliZJjuEJWYbeH_pbgMyZ7SsVzVnZH3cMCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE9QFP0FwdSYfUC1yKwU9E7IRrH-56Bk4eWIrd1aPU0Rf0X0roFAC6QCrvdoJPZ02GP2NvnQ1NDuI27YIbuDNDH5uH-oP_q6SGtZzbm6NhhHcCdUTwtrFkigPVLjHXZ8wdkoybtfbxNvdJKSSz16bGpDCAbNALySEBM3ZaWgT_VDRaHLr17WF-TKhJq79lKvVsOsiUTOjIgNAU_EdEgKnuaSmlvvK3EcTyI4FMj-KfjehNSmXHb-y4mXgp0FU4yemIKj-6sJQOfkdK_fW_j3OYHldSU7aiTAYVTBErnh9Lmdajz4SGLRokt6kwYsU74ZxGaLDM9huBk-AEAYAGkc2kmrDP-vWdAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgECACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItNzU1NDc5MzQ5NzE5MjM2Mhj8oHI&sigh=muW1J7C6930&uach_m=[UACH]&cid=CAQSPABygQiDuQg1QZwOLtRRkEPMPUZdaGz7yM5aD60phCvZNJ5xtvYq1x-yh19Q4J4PLARc6OPnyLZPv0GvGBgB
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

GET
H2 200 notify
rtb.nl3.eu.criteo.com/google/auction/ Frame DAFA 0
0 32ms
15ms Fetch 2a02:2638:3::9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.nl3.eu.criteo.com/google/auction/notify?profile=14&payload=kP7cFsg12AVanYNiAgIAAAAcjTZAv_FZDhBDmWJkKVw22O4RFYYT_gAAEgAACgpBUVVEQVFFQkFR&wp=ZGKZRAAENxgKG0wVAAl_4V1qe1bezqWiM_3aEw

Requested by

Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 155463
server: Kestrel
content-length: 0

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 5CC1 48 KB
19 KB 35ms
20ms Document
text/html 2a02:2638:d::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZGKZRAAENxgKG0wVAAl_4V1qe1bezqWiM_3aEw&u=%7ClPoQj%2FclhXdbHUfr%2FX73WjLxhBjYb27T4ZbEbit3kBw%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNy44cDHK1QYNdJ71gdyCWvw29y1GxtacI6iVoVnLQ5srUOwC-sDBJIjvRCy3Ss-BiCTuGilNUvwXseut9fTbPXJYA_7Vjbs5ATnAPuy_R_bhNUf-w337NAAY9hUNK9tG0iTJcPJkWL7XWwoGO073hxHA4DNKP2XGSSVCLgVSP5442mS6EqxtdqzIzkhcumSfbz6soShuz67h_6Sd07f4AyOsUURnzSTTIyIlm5mfswWEBzCtEuXkh6FLvdG-cr1Gw7q8OCgUKFkoglNEAzIwBQwxZd8G9LeVHhcTPwzjytUJSNo8S_NYrAPLVb18jKPIrUotULoKL2utESgRAQnU7NEYQA3gV29VApOwq8e6XIuhtpNS7_EV63oySLYcND71t3UOrQM_ddMgWgok7v1ri7s8oE8LxFLbgC9W_t5ikv1O9l10phi1yI_XAApE_IcaICF7vF0g5Xh-BQk8z7LQQcaMAhTpGeejITjB9XDJ9A-xnHegYAeTcmqWhwPLWYKAsBEqBe5byvVY3pl-aaXig2M9F3yKOW-sG9XvgMl0VDCtKhYsrotcbuIf5gToYa8zsCeYZW31aubsbuRwBs1ge5yr_XcmPHt8i&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCt5ByRJliZJjuEJWYbeH_pbgMyZ7SsVzVnZH3cMCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE-AFP0FwdSYfUC1yKwU9E7IRrH-56Bk4eWIrd1aPU0Rf0X0roFAC6QCrvdoJPZ02GP2NvnQ1NDuI27YIbuDNDH5uH-oP_q6SGtZzbm6NhhHcCdUTwtrFkigPVLjHXZ8wdkoybtfbxNvdJKSSz16bGpDCAbNALySEBM3ZaWgT_VDRaHLr17WF-TKhJq79lKvVsOsiUTOjIgNAU_EdEgKnuaSmlvvK3EcTyI4FMj-KfjehNSmXHb-y4mXgp0FU4yemIKj-6sJQOfkdK_fW_j3OYHlcQUZcwy4mJX663irybpHBbxpCMmxAKryuEqvidEyNYRKhJXJ-SLJKusOAEAYAGkc2kmrDP-vWdAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3omGGcLVhzNfFyWnIiORE5nm1PEQ%26client%3Dca-pub-7554793497192362%26adurl%3D

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

6f917ef15ec223173e9da8db68c85664819c68625a790c56c63f046b6c240440

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:44 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=48x2f1w-_Msrj2KhD1Sd86Xa5Te00kpAziiJvwngkafz-4XQUH3FLvRkRgsLGIzLFZ07lCoLqxhKVQKvZSW3DsaAQwkcuDgw4R7kduXCLhPyOgszfbsNIMpHKy7SOIKJt49CQdiKKs47q2e9UVb4kMIoI2Dg9uGiFRBOIKnGg9nfeZ1ppXR-p3DmKlEMPNBKVG2gVjOvKZiY0bF-vKWQ0e67cthQNS5CoBcfKJo-otIxXNuSHk-ZmKwYIqNrVh3_I9-LxQ"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 3096379
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/ Frame DAFA 3 KB
1 KB 25ms
16ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/window_focus_fy2021.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 18:31:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7893
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 May 2023 18:31:11 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame A3E2 1 KB
643 B 22ms
12ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34711
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 11:04:13 GMT
etag: 48472445140208031
expires: Tue, 16 May 2023 11:04:13 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/ Frame DAFA 19 KB
8 KB 24ms
16ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

01dcaf85f2ae23a30115cf4a663e90b4a507dc688c4c17f9ebddc3cf19fee780

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 12:20:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30106
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7937
x-xss-protection: 0
server: cafe
etag: 2499949999788435271
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 May 2023 12:20:58 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame DAFA 24 KB
6 KB 37ms
27ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Fri, 12 May 2023 14:52:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 280229
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 11 May 2024 14:52:15 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame DAFA 169 KB
52 KB 92ms
82ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fdc79b8c47c6d5c20def82fa5f6a91e3cbe3057bff3f8b14b5c2c71dc9b57ec4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53545
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1683718549123860"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 15 May 2023 20:42:44 GMT

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
782 B 45ms
42ms XHR
application/json 34.107.148.139
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CUN4B97C
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: bf3b9586388ca250dead7595436f0de31a4608469c1cd526aa8ae10206f50203

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: gzip
via: 1.1 google
server: nginx
accept-ch: Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
expires: Mon, 15 May 2023 20:42:44 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 146 B
1 KB 145ms
144ms XHR
application/json 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

a5a411d9638ded410191f31c6172ff6c1ce2af23b809d322dc42e1ea21412c3d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:44 GMT
AN-X-Request-Uuid: a44a204e-43b0-4f15-ad43-43f3cb0855c6
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.newtimes.co.rw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 146
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
159 B 13ms
12ms XHR
text/plain 54.93.178.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.93.178.54 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-93-178-54.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.newtimes.co.rw
date: Mon, 15 May 2023 20:42:44 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
62 B 18ms
18ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.newtimes.co.rw
date: Mon, 15 May 2023 20:42:44 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 12 KB
7 KB 102ms
102ms XHR
application/json 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

cb12266c8acc6741d969c1e042bf7bd04cc326714970e125ba455e3d8d31994f

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 15 May 2023 20:42:44 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 2a99410a-587b-4e3c-8c0d-ab05312e4814
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.newtimes.co.rw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 5 KB
3 KB 87ms
76ms XHR
application/json 2602:803:c003:200::41
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17046&site_id=315192&zone_id=1608182&size_id=10&rp_schain=1.0,1!yourbow.com,76,1,,,&rf=http%3A%2F%2Fwww.newtimes.co.rw%2F&kw=newtimes%2Crwandanews%2Ctnt%2Crwanda%2Ckigali%2Cnews%2Ceastafrica&tg_i.ref=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&tg_i.page=http%3A%2F%2Fwww.newtimes.co.rw%2F&tg_i.domain=newtimes.co.rw&tg_i.pbadslot=%2F21828795265%2FTNT%2FTNT_home&tk_flint=pbjs_lite_v7.18.0&x_source.tid=d2c959ba-8a7d-48dd-a325-e179b6834403&l_pb_bid_id=1865ca9dbf32a41e&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F21828795265%2FTNT%2FTNT_home&slots=1&rand=0.1899210634217443
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::41 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 0c48bf7497e2799db68a7bf097c1162d440f53071faab472405b7afd88e0b127

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: gzip
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.newtimes.co.rw
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 34A1 0
20 B 43ms
42ms Ping
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=8888896110093&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 34A1 0
20 B 41ms
40ms Ping
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=8888896110093&version=m202301230201&ct=77&x=1&cor=12117149635090074000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 34A1 28 KB
16 KB 44ms
44ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DEtwcwiAxQi7i0WKECUwUTEmzDYOWeRxvwDLlV3QLncKm3WgGXYSfrvM7rohvIo3SHJUUVO2ThUe8rcZYhh2rLwaDsR7G_mgmdCUbwIk-h6yL07glXd0VzlBbjxO6be50dMFDX_In4I0nE-RVSJmMnUyrp-JSuypHJMnddedXUwgCdGtg&cry=1&dbm_d=AKAmf-ALl1sywrc_-JNFF91CzpkvYq_UM3uWPUHZk0lj3LJfVEKleUfHL04mGvjponiiX1YhviPeIky-ykWdiqJSX1Sy5Hn58QQ5I5cCD9QizzmJqxalni1SNZS36sGmIrFft3iE5bJ7gVRT5xna0VvvAO8cxDm5qkIYgHjEgS3T64w8TsPk48MUtkhqWJJs75frYkj1wOWNzUOewt-iyRs1i85huv_5ru6wdYyDHHDDCCRnBp8qfLwBYl4K8JFuqi4M5xxSQYWCAH6E4LCmnUw2-QqzjprUs1dKmQIFsB2W5UmKhRQCWaQFQp65AFf94-E4vXRzefCg595xSc9QnAizuw-ZVxoUbAdR5F0aEeePQTeu1aHf_5C2FxIj_dDbx3EgQvz222P7pP1QI06h8AkCc7M7ERFCNnazJAygbnty2GW5ptGx45zTk-LwSHwOCVxRReiblhSgyRhgQPfWj2Oo9AFAejrC8FikZ8YHHhP5BW3o5ri_UI0LeOgoA1FtNNZZo-btvV8dEEyKpPnrhgu_Ipd3Dht5JMpDO0rzdkfWnuwh2vYOWsoqCPf8WvjEKUkADPZKDKr9eUDKYIQXfLTQ2qlhBf-uG4NXbVHx3yiYR63sJ6XLOEi3vM9498moKRDg4RhQvGOzGQz5QwwYZ8OV93y7tbtbSOr8hZCWD5ipN7Nt93GrIkx2hx9dlIjcn8hJhFB3G2llD6T0vSieFa-sRH4dDssDbtxPmUSrkLgOTiz1HzGlB0-oNGv5eyWSfIa7Lu6Xx1pqpqkZdRDxUHZjHixqjsY_GSBR_31-h-RzMNnVoYruCKWie6czUNY3CLZXwwFXVkOsz6wqzjSgEaTlHD_XI2qOFqrol0DZxQjl6uAzsqEban2e4wt868LASIKcejOVyBvGSWY94-xnM2FqP2mlp86P_jCVtOKLHG1jBPkM1PNUGN7YcyTTQv5ZPBUtJx6FoV6QIQMLvYGENJboNSTgAvm6LvbjnLHIZduaXhml5q1aCobcPXo6llGyjNcXt1iJOIUtt_rTg0eC7fBKNwMOv57qeSg3WKHGGJS6eBDY1U61xeS_CxJpZ4Lbq-DAw0uUjybl2sBxplwJloOigHZjs6yoB9wrk4FjHtGHB_73dQhC8h2Yba6A_9HN2EVBM3q3t2-HOEUqm1TN-BbgslxEWvh8W0fncyC0lKjhKhUzcnQ1efMxqnsCotg8lRBvIJiQ49_-SigXIgCW5CJmRF-z5SQwI1DP-3tkt2lpesyjhCvkNoPkoYrq4a8Jt8q9m0RPdGuprt8si7u6VTu83wDGJXDID0AAnPgPtPXgZCSdjlyq-eWHThfXGxzv9E0KDampQ5bVgLO3xXy4yvc316yp_NUBc36AWwPgk29He6ApJy7rmnxNAVTIK-9TmzFT3UgVbeRWOv3S17ES3S3u9LvO-0zm9C5OnsiwKPRxD3qpK45BwSl3yO3Bguo8PE0vODFlOvmfllghiHiYoX0VfYuHfU1PAkBuAsDonAspbYJook6KX1dbiYKYlX4C_1Ma2UN4nw1sVKLMadP-cLoh5qU0S0n-ZEra3vI7OHU-NTCa4qQeZvDKzRiMA19fn0Ovid4ungJ_o1TmCQBMhOqxw6fpK7uEQ7MZvaoY3_aESKuhz-VLS76PhLf5bb74hRL2lJ6yY84MQZqk--r91Jb1TodIa8jqnr7L0C4tAOA73mjt8rl7Vt5WEdAcz3RTLmcrRS61tyTmZizNaR24WVxNcocZ04kHB9cV1vHBGr-EywXW23q2UdsPfi9EaBiz900kjws-UcHDlQ-0TiS60SxoEaeLIXEJ4q5vr9CvGNlx3SRUviqr1Nm7PAh9RhqRNFymm1F227KrD38LrJFX17s-QjXS_GRNvsWqbXDq8swfDH7SYJ6YobKDqDxEwoth_iaJRIPlVNoYAsFlYEq12FVHnNgouNM21v8gyqkOWV0Ey9rHF6ZZjy9pNSBBmkSZYxWkDXf-fOLhPmDndzpd2_Yv5fMtlbPkMpwf3Blnp_sBK1WknqW5Z4d1QXx3GA9s0Fg-HMRp6pY0QREvgcTPbJjHCWRql6tAnBgcYLavPhoxUwWcVnHSukoBxijIvqyBF9Pl9B-9FMWEYfLy-5UNwiSGQOrQWpt6uG_yGrgX-Qmu71vZ0pB-4jTnFVJM1KlmACa0VNuGQxnkHKQM15zNg59edK_hQvPFYKiOzoe7wAy4Sm_utIeW9fLMMH_UAxscH9mgRcE1HRUaBWZAfPML5Z1IsnQLrLpabKqVvLu2zJihNmlX3d4PaFO0wlRdHfgytj8r4G1jw2n00b14ebAtSbkby86xYf5K8q9FsT56rQnDIIte39YSjdg4jQv6SvXnJhzdxDGmB1vWtvt8n0XnDcVdfhhZe82Y_wmOPGq4OvXXBQPv01d5gBE1u8TBuO5X7C_KWIjg-nQI-4JtwWPBpnm-AVthJl4YyTQ7ee5vEuCmxBb1HrzGYYNWKKJhS4W-Sa8ewEk5he4amQzqvTWyHFQJDF1dnY0umdh4QEKyQHdLUxqjofjF_iti2Bft2LR72VMV_rxhqZZnaEaxOqRu4_WZzOJczSM_ajNEruE8Yx8Rz5IM0sKekY-v6oc9nbiOPXRpMXDsvbPuqa-TXTZyqxdDZFYP6KbL1sd8zHaJ3yCciZBV-XLmbKRlsjzCLOuYt682OqUj6G65ojwuf8tSQHxtO2yZEQdTtJdVe-zqiD59QuLP8fhmQIugdMDZBL5j0EDTHfjnBxXRwupRYYZpvGSzvlEKdPcFKxk6feFFoVWbSvbxnhFNPZlOo9nKoBOxIzL_U3qJzB8a_IQfMqzZy11DUguVHPV8Y8VCxva8zb3a-eQvon8_wUrs5-bP-Gf-8SD82VBt4kpjnjGcLpUrgrpYSpfzOf4Nrzq2pftwRHTRmfsRF2BKEskNjcb-rmR6-27_s2y59bFyivbz4oNrZd6tkeX1V3cmJcD7m4phHXYXvOlUQ0camqCAigBiOTa7LxK7WaZFeUvoGRk_gdCf3dZ8I6Ep4UoXC3lAtAhIDh-UoowYrSVMv9yL9_2oVpa0U-5qAIoWx6Zo2bdqbkWXRW7kDrhtDKxmOxko0TmE7QYAY-iGtscmCGuJFxcGQ7nc3DKWtdxa1xjrgx-toPyMGyr9u9SBfFIGdCTLLvPwyoeXx5lnW3WtlIFrU6ssBfgVfFDX55dLHQZLEddxl-93hpLigAmHWa8N_NBKXOKhq7ev7zzZhvMnmJOPOmd9f1UHSscTuIOVV1Mw4EjIRkprBY49SqgKBNMYk7tzUwI0pUZ3axbHiiFuZ9Bx-84Y0AbNYatKbFcAitYSA9la0BmFVvQXWy40ultzMEz_vduFT0Ssib0NNKsPJ4hTTumBplDLbflX8_muqxdkMa953A4Y5spvhXi_a7CGzmKoLBNGcyGUiFBSFEWLaWmHs9lTF3NLrDfGA9rAMzo4RKntdzxKI6ZO9Koysa5V7g&cid=CAQSPABygQiDp2tdQgqR_73fjJ94LVTaZCu4XQQapi-BI0Up1zY-Yj7ZuMP0wvZN-UuAS_zrr_zp52ZVbdfmdhgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.newtimes.co.rw%2F&ds=l&xdt=1&iif=1&cor=12117149635090074000&adk=3047537735&idt=90&cac=0&dtd=42

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

46d6f26d8aec2034b41b51d68be347c7601c8b5399fd7ad56508ffd1e31db075

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16815
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 2421 2 KB
1 KB 13ms
12ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZGKZRAAC0CIJHUgUAAwZXX043s1SQ-B5p9s2IQ&u=%7ClPoQj%2FclhXf9WwOXP9QuTgwEw3HDIF8JxjgYB64EZRc%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNTJmLEv97WHnUtKOrKYxIgy15bW8W2rqt8moXOmZ61Js1hV2A5U12MlBuvHpjHFyABkMtCN3PGOM0RjLNu6hUrhecSBrGn2DX8YQCQMDfHNUVqEzAWaeEEyQASNw72j2bsUhFa1AEOIZ9zVz9Ir7gdtrLjiVONBhNAkQsvnmQJW8ktDaPjE3xJEkBusv6-PufQ-z71X7YXzB01C9ixarmSrQSMzQu6A6aeo7ySRkb_u0-o4HCyPJGVCm6Lbi18wqT7LkAduJGcX5sRtUdXsNTf2wE-9jdOSRbuKiFMKBmxwFGOXaQvDsRGoYGwLlyUbCyNs2BmPRM1otZePEM3rGQG2_G5VPRTlUEU32DsvEUm_ecFukIb7cH87qH_kpLgqzhgpVtICTFq750ck3kwHBIZGFvyySOB_-USuMyfTuJ78oZOr-RjDKzkK7Wcc6x7ASY5alFcmW57KYcrLpQLYrmZZ_cGdqf1c_H-1-NRiLyEwOGn9fVTo-4TOskRGr5DkQ3firlfhtjkqUZ_qurFOqBw0PMXXjhU0FTN2UjWWzvW2qk1CXKXKufNdOYAmjVJbASPkn4yS3U5MWcGlA_uktKh-PhFD09rAWSn5IH0q8sBVM&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCtGXJRJliZKKgC5SQ9fgP3bKw4AnJntKxXNWdkfdwwI23ARABIABglfqXgqwHggEXY2EtcHViLTc1NTQ3OTM0OTcxOTIzNjLIAQmpArhJv7UzZ7I-4AIAqAMBqgT5AU_Q0H2qdv8g299fH6msNA5uX4iXfkbjwrfkSSLMWJ30o4RSION7mqbkaLNh5K01MyhzyZYw1lsJI93Gw8wgJCu0hfZqp9REKLSsdzk1bXAPfg94iAT4C6b-V0ozmV7pg-Q_OJSqtLN5pUs5_cuerLUpk-0rBmj3ebQp8LYb6IhVJ4CA0krsfmaxLLjeACqnfJcW-7eLu9OUyh5pjRT0DCgoHO6iD9j9evqKhxxNzQX-cDmLIjlhmnZCEHKs_R0HTbro9GqD1_Meb-n1LlwC8UmgF_r-2tFC_J5NwHTCgLprWQHJPj1OqTPgHZzPl1rfvmurOggGR4DWFuAEAYAGkc2kmrDP-vWdAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_34QNOaOQL60_JzGoZ7Z9i76lY1jw%26client%3Dca-pub-7554793497192362%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:44 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 2421 2 KB
1 KB 19ms
17ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:44 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 2421 308 B
636 B 17ms
15ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Thu, 09 May 2024 20:42:44 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 2421 293 B
621 B 16ms
14ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Thu, 09 May 2024 20:42:44 GMT

GET
H2 200 lg.php
cat.fr3.eu.criteo.com/delivery/ Frame 2421 43 B
347 B 29ms
27ms Image
image/gif 178.250.7.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.fr3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=Xks-aqCe-vkS-N0Ml81120Ppf1CivK-iJ8N5tCvit0bsLbs6W-xD6P2flmXd0Jb9My62w8hrqwHN13o2ts3jfzdz9PRaBxxIPVyB_i1Ts3y0YJwThZlfkyGXvshK9KZDHTdPNiJyck46It8aP4bJLnTVPFF64bM2ga2QB3--14JvAQplxC6dRQ-jIxeeFlswUeE7NVFhdnxtg8WiXBXbmxEJI67tJo1bPgdRM_3CgwiNlMHkyEYWlLqAcPjsEQJU-XYPXGlpXV9RB5A2dBVOM4TfEIJ-g5y4ol4gHJGOusQBksShBgp2W8_9uZBFRJmEiRQ9E5D5HGoefWD3iuCLE75mQkm8yhQQBxbu5O0ToPHDsiMChxz7pYkNUP7fbOOf7yOFh5jxqDcpVs2AOaP6j7RYKbm0Fq1Clp__hjfOmDMPWEyx

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2662037
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3

200

B29933196.366647091;dc_pre=CPO1xvmX-P4CFfbiuwgdSBwMaw;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=64629943423f8d2dd9e44d0829445900;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tf...
ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/ Frame 2421
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/B29933196.366647091;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=64629943423f8d2dd9e44d0829445900;dc_lat=;dc_rdid=;tag_for_...
https://ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/B29933196.366647091;dc_pre=CPO1xvmX-P4CFfbiuwgdSBwMaw;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=64629943423f8d2dd9e44d08...

42 B
63 B

25ms
25ms

Image
image/gif

142.250.186.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/B29933196.366647091;dc_pre=CPO1xvmX-P4CFfbiuwgdSBwMaw;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=64629943423f8d2dd9e44d0829445900;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=1;;ltd=;dc_tdv=1?

Requested by

Protocol

Server

142.250.186.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/B29933196.366647091;dc_pre=CPO1xvmX-P4CFfbiuwgdSBwMaw;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=64629943423f8d2dd9e44d0829445900;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=1;;ltd=;dc_tdv=1?
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 a0184b4ac39b4097bf4cf67532efa17a_image_ad_300x600.png
static.criteo.net/design/dt/102052/230505/ Frame 2421 296 KB
297 KB 18ms
17ms Image
image/png 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/design/dt/102052/230505/a0184b4ac39b4097bf4cf67532efa17a_image_ad_300x600.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

1b59b519aadb3949082264df9916f65d92d85c1cd5b294576f66958879778242

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 05 May 2023 09:28:26 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "6454cc3a-4a025"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 303141
expires: Thu, 09 May 2024 20:42:44 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 5CC1 2 KB
1 KB 16ms
16ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZGKZRAAENxgKG0wVAAl_4V1qe1bezqWiM_3aEw&u=%7ClPoQj%2FclhXdbHUfr%2FX73WjLxhBjYb27T4ZbEbit3kBw%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNy44cDHK1QYNdJ71gdyCWvw29y1GxtacI6iVoVnLQ5srUOwC-sDBJIjvRCy3Ss-BiCTuGilNUvwXseut9fTbPXJYA_7Vjbs5ATnAPuy_R_bhNUf-w337NAAY9hUNK9tG0iTJcPJkWL7XWwoGO073hxHA4DNKP2XGSSVCLgVSP5442mS6EqxtdqzIzkhcumSfbz6soShuz67h_6Sd07f4AyOsUURnzSTTIyIlm5mfswWEBzCtEuXkh6FLvdG-cr1Gw7q8OCgUKFkoglNEAzIwBQwxZd8G9LeVHhcTPwzjytUJSNo8S_NYrAPLVb18jKPIrUotULoKL2utESgRAQnU7NEYQA3gV29VApOwq8e6XIuhtpNS7_EV63oySLYcND71t3UOrQM_ddMgWgok7v1ri7s8oE8LxFLbgC9W_t5ikv1O9l10phi1yI_XAApE_IcaICF7vF0g5Xh-BQk8z7LQQcaMAhTpGeejITjB9XDJ9A-xnHegYAeTcmqWhwPLWYKAsBEqBe5byvVY3pl-aaXig2M9F3yKOW-sG9XvgMl0VDCtKhYsrotcbuIf5gToYa8zsCeYZW31aubsbuRwBs1ge5yr_XcmPHt8i&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCt5ByRJliZJjuEJWYbeH_pbgMyZ7SsVzVnZH3cMCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE-AFP0FwdSYfUC1yKwU9E7IRrH-56Bk4eWIrd1aPU0Rf0X0roFAC6QCrvdoJPZ02GP2NvnQ1NDuI27YIbuDNDH5uH-oP_q6SGtZzbm6NhhHcCdUTwtrFkigPVLjHXZ8wdkoybtfbxNvdJKSSz16bGpDCAbNALySEBM3ZaWgT_VDRaHLr17WF-TKhJq79lKvVsOsiUTOjIgNAU_EdEgKnuaSmlvvK3EcTyI4FMj-KfjehNSmXHb-y4mXgp0FU4yemIKj-6sJQOfkdK_fW_j3OYHlcQUZcwy4mJX663irybpHBbxpCMmxAKryuEqvidEyNYRKhJXJ-SLJKusOAEAYAGkc2kmrDP-vWdAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3omGGcLVhzNfFyWnIiORE5nm1PEQ%26client%3Dca-pub-7554793497192362%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:44 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 5CC1 2 KB
1 KB 14ms
14ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:44 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 5CC1 308 B
636 B 27ms
26ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Thu, 09 May 2024 20:42:44 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 5CC1 293 B
621 B 19ms
19ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Thu, 09 May 2024 20:42:44 GMT

GET
H2 200 lg.php
cat.fr3.eu.criteo.com/delivery/ Frame 5CC1 43 B
347 B 24ms
24ms Image
image/gif 178.250.7.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.fr3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=-it3UZTf_M2yoDUfVFEMIP-ZYpal1RD0zJkuThVduSts2huZIE7lLu9yj66skZ2IXBOXzD0lP--yuKZLeQ3VDaa847JuwadZhqVyQBz0NjWvhusY6tMpsVlqfrW6osTqWqEW5CLTSr7UGJG0ThTRoqpfxLiqw-DQ2kO818j0B9y4YK7w1zVlxQwVlpmafFk7txiLETx4QVcSn8w2ZvESP0IgjL5buLHI57YoIqieYrOZXvdIcfTz8mBiE8ItOFnXDfPrndDEbNHhnB6SZsYtgeVFfUHn4XNzpQo0bAsMVrX17uKN1--pdMszXFKyrndeEOeMQbfO-OPiPAqH4Fyqla4kARVYKq7LDjnIhn72RFcw_l5kyVmeymKKFGcUOP0Pw4HMBSnON9YB80BOcwC3AgCCQzhqms-kXYPqzEg_Rr70sEra

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1661389
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3

200

B29933196.366647091;dc_pre=CLCLyPmX-P4CFRPluwgdG3UMVw;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=64629944c4b607535dab2f51c9379b7c;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tf...
ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/ Frame 5CC1
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/B29933196.366647091;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=64629944c4b607535dab2f51c9379b7c;dc_lat=;dc_rdid=;tag_for_...
https://ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/B29933196.366647091;dc_pre=CLCLyPmX-P4CFRPluwgdG3UMVw;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=64629944c4b607535dab2f51...

42 B
63 B

32ms
28ms

Image
image/gif

142.250.186.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/B29933196.366647091;dc_pre=CLCLyPmX-P4CFRPluwgdG3UMVw;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=64629944c4b607535dab2f51c9379b7c;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=1;;ltd=;dc_tdv=1?

Requested by

Protocol

Server

142.250.186.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/B29933196.366647091;dc_pre=CLCLyPmX-P4CFRPluwgdG3UMVw;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=64629944c4b607535dab2f51c9379b7c;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=1;;ltd=;dc_tdv=1?
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 4debdac53ee04751bc04e558cff50a52_image_ad_728x90.png
static.criteo.net/design/dt/102052/230505/ Frame 5CC1 121 KB
122 KB 20ms
20ms Image
image/png 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/design/dt/102052/230505/4debdac53ee04751bc04e558cff50a52_image_ad_728x90.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

e9f4804016ce37219673d8ff2f1720cf85d410d80f25c30c95d2c63af87b356c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 05 May 2023 09:28:27 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "6454cc3b-1e5b2"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 124338
expires: Thu, 09 May 2024 20:42:44 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 8109
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEL613HWWqPmHxHoXGotLrBo&google_cver=1

43 B
114 B

24ms
23ms

Image
image/gif

34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEL613HWWqPmHxHoXGotLrBo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMbfsgIQuOmt-QIY7cL05QEwAQ&v=APEucNUSK0V_idwQzashypXQfxsot3Dy7H1BDqPgT73CBCpaz_kt2XId0uv86kkKtHIGwIDmbbHfUuG4ZY61HsUWV3DrjETDhCyU32LoBWefvwTKoiPKOs5LFXVLhg5fj0PG7cCt-gLo1Sd3KBySw-sSROSsAoLvzOe2iycv-noEraFcB9DCYhM
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEL613HWWqPmHxHoXGotLrBo&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 8109 43 B
304 B 61ms
21ms Image
image/gif 34.98.64.218
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMbfsgIQuOmt-QIY7cL05QEwAQ&v=APEucNUSK0V_idwQzashypXQfxsot3Dy7H1BDqPgT73CBCpaz_kt2XId0uv86kkKtHIGwIDmbbHfUuG4ZY61HsUWV3DrjETDhCyU32LoBWefvwTKoiPKOs5LFXVLhg5fj0PG7cCt-gLo1Sd3KBySw-sSROSsAoLvzOe2iycv-noEraFcB9DCYhM
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 8109
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESENf5YJ7QsnqTWOpjYls8-74&google_cver=1

23 B
172 B

218ms
217ms

Image
image/gif

104.111.217.42
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESENf5YJ7QsnqTWOpjYls8-74&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMbfsgIQuOmt-QIY7cL05QEwAQ&v=APEucNUSK0V_idwQzashypXQfxsot3Dy7H1BDqPgT73CBCpaz_kt2XId0uv86kkKtHIGwIDmbbHfUuG4ZY61HsUWV3DrjETDhCyU32LoBWefvwTKoiPKOs5LFXVLhg5fj0PG7cCt-gLo1Sd3KBySw-sSROSsAoLvzOe2iycv-noEraFcB9DCYhM
Protocol: H2
Server: 104.111.217.42 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-217-42.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

expires: Mon, 15 May 2023 20:42:45 GMT
pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESENf5YJ7QsnqTWOpjYls8-74&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 8109 23 B
172 B 590ms
483ms Image
image/gif 104.111.217.42
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMbfsgIQuOmt-QIY7cL05QEwAQ&v=APEucNUSK0V_idwQzashypXQfxsot3Dy7H1BDqPgT73CBCpaz_kt2XId0uv86kkKtHIGwIDmbbHfUuG4ZY61HsUWV3DrjETDhCyU32LoBWefvwTKoiPKOs5LFXVLhg5fj0PG7cCt-gLo1Sd3KBySw-sSROSsAoLvzOe2iycv-noEraFcB9DCYhM
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.217.42 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-217-42.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

expires: Mon, 15 May 2023 20:42:45 GMT
pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
159 B 10ms
9ms XHR
text/plain 54.93.178.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.93.178.54 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-93-178-54.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.newtimes.co.rw
date: Mon, 15 May 2023 20:42:44 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 17 KB
9 KB 148ms
147ms XHR
application/json 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

d6f0572e43f8d8bd0aafc1548f912b534fa787b37232ef1303ab3e7fb344e075

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 15 May 2023 20:42:44 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: fbc90e51-56ee-415a-b79f-543752f62490
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.newtimes.co.rw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
782 B 42ms
42ms XHR
application/json 34.107.148.139
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CUN4B97C
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: efbf6b8f727d86f895f4e286be5a67d91a9f80b567534103f85635d2af0d2fa6

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: gzip
via: 1.1 google
server: nginx
accept-ch: Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
expires: Mon, 15 May 2023 20:42:44 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
62 B 26ms
26ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.newtimes.co.rw
date: Mon, 15 May 2023 20:42:44 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 404 B
439 B 135ms
135ms XHR
application/json 2602:803:c003:200::41
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17046&site_id=315192&zone_id=1608182&size_id=2&rp_schain=1.0,1!yourbow.com,76,1,,,&rf=http%3A%2F%2Fwww.newtimes.co.rw%2F&kw=newtimes%2Crwandanews%2Ctnt%2Crwanda%2Ckigali%2Cnews%2Ceastafrica&tg_i.ref=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&tg_i.page=http%3A%2F%2Fwww.newtimes.co.rw%2F&tg_i.domain=newtimes.co.rw&tg_i.pbadslot=%2F21828795265%2FTNT%2FTNT_home&tk_flint=pbjs_lite_v7.18.0&x_source.tid=c33c7b11-2f25-4358-a36b-6dfbd3db9147&l_pb_bid_id=1968ffcf8e8a9908&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F21828795265%2FTNT%2FTNT_home&slots=1&rand=0.38794779963251114
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::41 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 12e8c565006ccfecbed1b2c446a396f19cbd172d4bac5e2823536bc7ff9c4296

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.newtimes.co.rw
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 404
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 146 B
1 KB 237ms
237ms XHR
application/json 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

79a530f58491704112a0945b0e21d296434e20b1169e3faea9c495fde56377d9

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:45 GMT
AN-X-Request-Uuid: 258bb72e-2e9e-491f-af0c-a069f7acc906
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.newtimes.co.rw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 146
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 19ms
19ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.newtimes.co.rw

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 19ms
19ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.newtimes.co.rw

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 28 KB
12 KB 377ms
377ms XHR
text/plain 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3441115050061315&correlator=551663563978077&eid=31074646&output=ldjh&gdfp_req=1&vrg=202305090101&ptt=17&impl=fif&iu_parts=21828795265%2CTNT%2CTNT_home&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90&ifi=13&adks=3209226735&sfv=1-0-40&prev_scp=pos%3Dmid_8%26amznbid%3D2%26amznp%3D2%26hb_format%3Dbanner%26hb_size%3D728x90%26hb_pb%3D0.00%26hb_adid%3D2616a876b5e6d96e%26hb_bidder%3DbluTonic&eri=1&sc=1&cookie=ID%3D9aaffe5e15c1aac3%3AT%3D1684183362%3AS%3DALNI_Ma9jKnX2iRWyThg5ibpFngNLZiOxw&gpic=UID%3D00000c17af5f1690%3AT%3D1684183362%3ART%3D1684183362%3AS%3DALNI_MbiM4NLUrzgVL4HLfPYJSLMvXKpsQ&abxe=1&dt=1684183364774&lmt=1684183364&dlt=1684183363227&idt=398&adxs=436&adys=4082&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=9&ucis=d&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.newtimes.co.rw%2F&ref=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&frm=20&vis=1&psz=1200x90&msz=728x0&fws=4&ohw=1600&psts=ABHeCvj2NDl10ZMRfTdogB6jJvsMf9fNOHOULUivHy3Eq3QT1F0BkRMdakRjnTbEeZTgY0EHrrAGfwnOug-5JgjaxPr2XqKt&ga_vid=1224847520.1684183361&ga_sid=1684183364&ga_hid=1824289973&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7048a4604321f35939f9cc468728f11aa0500336f2ee8bbe528e94f82bf4415a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12624
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 27 KB
12 KB 428ms
428ms XHR
text/plain 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3441115050061315&correlator=2772380965847789&eid=31074646&output=ldjh&gdfp_req=1&vrg=202305090101&ptt=17&impl=fif&iu_parts=21828795265%2CTNT%2CTNT_home&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90&ifi=14&adks=1895272320&sfv=1-0-40&prev_scp=pos%3Dmid_9%26amznbid%3D2%26amznp%3D2%26hb_format%3Dbanner%26hb_size%3D728x90%26hb_pb%3D0.00%26hb_adid%3D2643eb71940849db%26hb_bidder%3DbluTonic&eri=1&sc=1&cookie=ID%3D9aaffe5e15c1aac3%3AT%3D1684183362%3AS%3DALNI_Ma9jKnX2iRWyThg5ibpFngNLZiOxw&gpic=UID%3D00000c17af5f1690%3AT%3D1684183362%3ART%3D1684183362%3AS%3DALNI_MbiM4NLUrzgVL4HLfPYJSLMvXKpsQ&abxe=1&dt=1684183364802&lmt=1684183364&dlt=1684183363227&idt=398&adxs=231&adys=4228&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=10&ucis=e&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.newtimes.co.rw%2F&ref=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&frm=20&vis=1&psz=790x90&msz=728x0&fws=4&ohw=1600&psts=ABHeCvj2NDl10ZMRfTdogB6jJvsMf9fNOHOULUivHy3Eq3QT1F0BkRMdakRjnTbEeZTgY0EHrrAGfwnOug-5JgjaxPr2XqKt&ga_vid=1224847520.1684183361&ga_sid=1684183364&ga_hid=1824289973&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bb19a4e165f0dd3ab9ea9d1f11cc2e4e8f7b77ee8042fd4f04e61535e0173ef0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12426
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame E024
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEKUW5kVV0h3ac2GfVbbl9c8&google_cver=1&google_push=ATf1kGNUgvI4XNgZI-J9pvurNhZ54hp8cAeDKxRqrmw_599E1ObVbfvFse3GLtVxaI4z76TByHaMlQiitdDjKo0L9A6d4Voh0RJjWQ
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MjcxNDYyMTQ5MDU5ODMxNzE3OA==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEKUW5kVV0h3ac2GfVbbl9c8&google_cver=1

43 B
398 B

14ms
13ms

Image
image/gif

46.228.164.11
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEKUW5kVV0h3ac2GfVbbl9c8&google_cver=1
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 46.228.164.11 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEKUW5kVV0h3ac2GfVbbl9c8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame E024 70 B
265 B 108ms
33ms Image
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEK-Ba0DIvZ50GQq8VgQHsj8&google_cver=1&google_push=ATf1kGMB94RTLbuRNTA7xw12aA01QGR9I_kaiOFHcPBzvXPb08cMXVRZenRWaIPowdFiFXTV5Dm6QIYP5bX6ej1O90WNog4m97DboQ
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E024
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEOli8LDG3vrhjUPyQK4o1pc&google_cver=1&google_push=ATf1kGPQprAZLWHPst2myC5As8ZZBLR9qhvFFLxoZKqfC41X3wClc0Gwf0ThWqwEjU18tp-JFsc2s_4SWwP...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGPQprAZLWHPst2myC5As8ZZBLR9qhvFFLxoZKqfC41X3wClc0Gwf0ThWqwEjU18tp-JFsc2s_4SWwPBn_zkjNDglJYkXoduaQ&google_hm=5A9XPSFWTc-cixafZo...

170 B
188 B

20ms
19ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGPQprAZLWHPst2myC5As8ZZBLR9qhvFFLxoZKqfC41X3wClc0Gwf0ThWqwEjU18tp-JFsc2s_4SWwPBn_zkjNDglJYkXoduaQ&google_hm=5A9XPSFWTc-cixafZoob1YY

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=ATf1kGPQprAZLWHPst2myC5As8ZZBLR9qhvFFLxoZKqfC41X3wClc0Gwf0ThWqwEjU18tp-JFsc2s_4SWwPBn_zkjNDglJYkXoduaQ&google_hm=5A9XPSFWTc-cixafZoob1YY
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E024
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEG-r3gCok_CQ6HTKS-rezLU&google_cver=1&google_push=ATf1kGP9uGaAljXdkrPGAZ1uzrx6SPPB1QXJnDenZpRcOD8JpQy37Olwu326AkhNCYPDXoeObZk...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEhQQkFFWlgtMjQtNVBNNw==&google_push=ATf1kGP9uGaAljXdkrPGAZ1uzrx6SPPB1QXJnDenZpRcOD8JpQy37Olwu326AkhNCYPDXoeObZk0gv2FOMcFUVS0gxhGaM9-vpIScw

170 B
188 B

17ms
17ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEhQQkFFWlgtMjQtNVBNNw==&google_push=ATf1kGP9uGaAljXdkrPGAZ1uzrx6SPPB1QXJnDenZpRcOD8JpQy37Olwu326AkhNCYPDXoeObZk0gv2FOMcFUVS0gxhGaM9-vpIScw

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEhQQkFFWlgtMjQtNVBNNw==&google_push=ATf1kGP9uGaAljXdkrPGAZ1uzrx6SPPB1QXJnDenZpRcOD8JpQy37Olwu326AkhNCYPDXoeObZk0gv2FOMcFUVS0gxhGaM9-vpIScw
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 5b959e9b7aef6dd90a6fa539ca64ac62
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E024
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEHcTNlvqESKPS0amoxugak4&google_cver=1&google_push=ATf1kGMOXkAcIG9MwYT4YUb-MYE71SPIri32r9Iv47NfQzoKMD83PfuydAqwGrk0gxSdGFqfAfY8b856jKItC-WWJ...
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEHcTNlvqESKPS0amoxugak4&google_cver=1&google_push=ATf1kGMOXkAcIG9MwYT4YUb-MYE71SPIri32r9Iv47NfQzoKMD83PfuydAqwGrk0gxSdGFqfAfY8b856jKItC-WWJ...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGMOXkAcIG9MwYT4YUb-MYE71SPIri32r9Iv47NfQzoKMD83PfuydAqwGrk0gxSdGFqfAfY8b856jKItC-WWJE34eTUcjc9zgw&google_hm=GpsatGZHaeNOCZpHRJuw...

170 B
188 B

18ms
18ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGMOXkAcIG9MwYT4YUb-MYE71SPIri32r9Iv47NfQzoKMD83PfuydAqwGrk0gxSdGFqfAfY8b856jKItC-WWJE34eTUcjc9zgw&google_hm=GpsatGZHaeNOCZpHRJuw4U2V

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Mon, 15 May 2023 20:42:45 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGMOXkAcIG9MwYT4YUb-MYE71SPIri32r9Iv47NfQzoKMD83PfuydAqwGrk0gxSdGFqfAfY8b856jKItC-WWJE34eTUcjc9zgw&google_hm=GpsatGZHaeNOCZpHRJuw4U2V
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap5ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E024
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEHyVjsheMpGIXOOYl4QaQ-k&google_cver=1&google_push=ATf1kGN7vrmLEJJqi0hajc1k0d5b23Zi_CMf2jyuC9IL7Q9tlizaFNKosOFpQxBzZwsnuohe7gweaOZvXa_qrdFK...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ATf1kGN7vrmLEJJqi0hajc1k0d5b23Zi_CMf2jyuC9IL7Q9tlizaFNKosOFpQxBzZwsnuohe7gweaOZvXa_qrdFKixJ2hSr9g3JBrg

170 B
188 B

18ms
18ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ATf1kGN7vrmLEJJqi0hajc1k0d5b23Zi_CMf2jyuC9IL7Q9tlizaFNKosOFpQxBzZwsnuohe7gweaOZvXa_qrdFKixJ2hSr9g3JBrg

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 15 May 2023 20:42:44 GMT
via: 1.1 747e99d9d8c5e29fdc713cf866bc3f82.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA56-C2
x-cache: FunctionGeneratedResponse from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ATf1kGN7vrmLEJJqi0hajc1k0d5b23Zi_CMf2jyuC9IL7Q9tlizaFNKosOFpQxBzZwsnuohe7gweaOZvXa_qrdFKixJ2hSr9g3JBrg
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: T3nZQnFzYKuCi_yiB535b1H-yp_AJOMV9lAlx6ah7MKtKbuNf__sVw==

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E024
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESELQXSGJqEpsDJB_bsWeFOf0&google_cver=1&google_push=ATf1kGPhUJzNz0a6Yxv5LSDwpdSSDv0QQh8YxUE4oMc9m9bfI1bSK5cid8x3lPHFiF-ia3xNz3HMC-85B62B...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGPhUJzNz0a6Yxv5LSDwpdSSDv0QQh8YxUE4oMc9m9bfI1bSK5cid8x3lPHFiF-ia3xNz3HMC-85B62B1OwEO-kDvURIKn16xg

170 B
188 B

18ms
18ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGPhUJzNz0a6Yxv5LSDwpdSSDv0QQh8YxUE4oMc9m9bfI1bSK5cid8x3lPHFiF-ia3xNz3HMC-85B62B1OwEO-kDvURIKn16xg

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGPhUJzNz0a6Yxv5LSDwpdSSDv0QQh8YxUE4oMc9m9bfI1bSK5cid8x3lPHFiF-ia3xNz3HMC-85B62B1OwEO-kDvURIKn16xg
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame E024 0
12 B 19ms
15ms Image
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KHs-T8Lgp4dV9_fnP53yl77lodOgfCDPhO0NcDoH_0wC7UDhMQRkth1u6zp1LU-iHnhygt

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9151 0
20 B 42ms
41ms Ping
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=1969841284490&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9151 0
20 B 43ms
42ms Ping
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=1969841284490&version=m202301230201&ct=77&x=1&cor=5103912680228167000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 9151 28 KB
17 KB 41ms
41ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CrN0f5gzES1ylBt8DZBZaCzLFheCqtesgzdAyScBfnZJksFQU16tM-qnC2ZhU09CSfRBgx2mvqLyHlYp0UmYj0Y-yMqkSitI0myeA7jEiIMQ8zy-S-V_BI5Ys23OOM4UBp54RoXlBEgbVhGE0RNJE9UyceE585XYbXpYut1m2e539fvMo&cry=1&dbm_d=AKAmf-DaACtPy5CkHHbySFB-ZN50Sz2ithiHidw5GSvBWQ0AdZ3roVnxIKk8x-_Q3dlTDRj_ykd8BiNj21lBRMthAMOuEtdwbYp-L9k7MyvWjqxY-xyNPRdO2VsiJK4iWL9ffkYzpfdn3i7T6Gq2hceg6Bdmo4NNdQiw7g4TIvNUb6Sii1CSCQxJKouYfIiL_bpZbStJHCoAX-PRWn90URkX3OTdf_lfpJ97p3RvBtpnv2R8dFwS875rAOUZ-fSuhaTWfz3FNtkt6GLLC51tjIikfCVNjJbInu0CCECoxYYV8y8Z8hcMl_H4jfWP7x3P2y-knNFpFUwqgHAdeHrB-QptsAKCgexdbHFk-quYhjN3KgXSyz8pnyxJf2iqnAoMiso5a5btcqpzT2bwRQPf0qbgIgLopj_AqDFk2jEMlmTVeKvCLl-AQ2yEP43ZIgo_Pw9WkPh9hsWJsRi7_t4qklksbbCZC2EpMGfkuXPRHFdpsLmXqpuQX_tWoKlt7N-Z3UyMn_FY5X-rFsln3zw5Tj-CS7ANGlmv4dDS8RhnOLdfIejcLbCkaK5Zxwv-2DVPHUo5bbtj18anGJr_yHT3R9BD8CR2cXYTAP_w-TvmsrqSIS8atElyffJCNGRcw-flv-pe2pXiaF2MXK6b7toTCfm1Z34QWx8KXU0cErtCwNe6A5mGvkSfcvNH11AdUYu6prDh-gue0M4GUwEll8g5CQ_ZaAPM_poIyVRUN6eRw4q_fc_o5P9Tkb_Sp5S6PDwXvm7XC-wrepuBxLEP642BehHt9KiFOVtO99ulIn7KHSKyfsIRC9GJvzB_mw1Xx0AmaCk5OCTUu24KG1-E3y-0T05KdB9Nky2P27Lud1cEsP6h8rVc3k9lFx8684Vy2AmgJ-5Gt_ASgmwsS8Q8YkOnYuNvz-h-Bx20vIe2_wmAANQBSCKBIPpbDTL9jAJIEyb6Y886rEcs5TPGpdCmUI0falp3ZLmA2_kB8X_Fg0lDymqsQ3Ec-ArQKgNdNc3PZaaVZw3uMiVFhATXbGnNVD5rgXKWNNWuGixLkMc9YGCQayMXHfEyXfD7jVDpJibaQo1_syPCoJIk5eJ5KZd3OU3EovIJt-a87A_evICkh5oxf6ub32GzrKm-5NIxX29QAn5qyXHVudgCjtTcwvB8B9QAzyfk_3F6WMt_ggxM2ToDAiNOTuKmj6nIF9Fypb6Ucn_GpOx1CP7vjkKLa5UolWE3c0qfRuQvFEq9Nj_S1Q4b7ptrrT_klrQQ4Vd2oCDe62Q6iaUhoSHOJm-X98gujd1H_pOm3VlsMhrPO6eRKxW_Qapm5UHANBg9zkQ0OYAj5_1LnwoBG0nOONBVQ4eotyqsY7y4cnp8hJfysaoLTNJhTVrKASLrG5S7M0wv4J715CQQGTPGjEb0brgCgAsptj00JJn8IPZ9eZNq7C12sIpWsp_xdRB0mYxRaFpQUzvaTVdum-U9hd1SBjEontrUOPVESvqxgd0rtzfrQigCI_0pBpQnmMf9p-jpElBUeVN236BKYwIMmI0lQMM08Y58oF1gU3L5lEYO9e8GFeyNtgt8PyqU3fJr6xgB6RfY0-nN8ASNBZwCylHGYjmbkGdzg-nKN1OY8tAaXxDGzvueeB61oM-TBkc3TmwMj9s57htwukfDZpBSeFPzK08AHDKctHeImOmT6sbrkvIhPZIQmkucf7vhdMeexUtjX1r-3nR9TTv0nuiXcZNDyOEVvgtJlpj5QF787T6XY3GZcUajY1gNJOiaDS1C1IbufavPFjLkhCnR2o3gExuHeLeSz65Bs3J-X6RSX0FkBIJnBpljZm5xdVHKO5vHMqM1nuOWq84t96BKpXEQZWb3p8na0kmN87EixTaSRBwEHFfuSFmQePT2dGR0WTn9wwOTL3ym8RxTwq-aYT2Fmf1I96lT8iyjYGfH_HHlzKwpogtdJj3MPBcTXQBIlYPcffIWDza3qSZeL2f2Tepydf1efcig-2fQs-5Rt6ERCU35hvFTk2mLCZ96kinmhtdgN6eKV2q136PBZJiurEvmHyJMtGE1giUToL22QThnMsm0GuojichyeZ39iZTmEM5bFeE_iBxD47rUP9ZoIka6tkoSVo1UUgRHlhWEUevd-8rbrMZFznj3yTAzJx_9fATuuw4f1StTNoNWse4-LXO9ugMHvzuEBQVfOTjDOFvq-RxtK7oPbwhsSHe0RQPd2U_xHQTK6YVJT4gGMneEnmig_nGXaFSejGirw2LEX68UUsYAOKkMrp4CALuJD5j3tzg_2yO8ArYNZ0lbqtHU59ioyQNqyznom2JwnA2hTpFCFBDsRHjgqRthpvkamuuXtKPzfD3qxGU3L-E1eDY9tQa9n-L3U8uh4-etwMF9CquzuAMfoFm1qF46o761tgE78tz0RrNIaJgg82xyTrQNnpPBeSfGaUS6drDEfuAUrgFaLOZ04D7Tt7SQwhiGuFe9P7WiDWEsQOJsAFa0V67OyVaNxKBxQOaKanKKGAuULvsgFXAHSFfv2fJ9seX8ZpB4tBTAZ0t4GBXPPAZzZlF-ZBKS9k_JW-892kNEvsv3mLIjmuVrHpKNdoWII8D767L8q8MHtp-278tBf-I_Fzar0zEGnuVEnhn4ubPb_zrl6byBCK1EZN-B53bZCuUE-jmu2LkYRpWuxy-VyHA2MicnFAUys7-CqpvcYa74yWSZTo0s30XWRFVVccPa5cbJg6AdV3P1A0kI3Av2bcXYW-pdKhcF4vA28j_I6oxGBe9GLZqJRVZE9TLrP5T2Bkjo9ZVIqzBXANiqZaAH3HXR6vIz-_XihuPkKYP7rSbLmDNByauWOjYFQyl7xXrPiwO24oC7Kl3azvAiLS1upcyKFgNlb-_agRMg1e742voSBnaEJ5JiDHFEM3SI3i1akhWXPVfKGMnk3gsLXgcTo6YQicuLmq7FFfxxBOJQDt8l4E6XnrhYFPBGjFMHDeOfRSqDLBtRzD_yvlkegZkP4NQqnoqCiD1C06mBvTy-53Hkv9nuw8aY4wL17EqjNihzZQcvtoLFfbFh_gWPuVNv-96dWXfh0tkYIaOt4SrsRMZ1RWXZULNH_eTid4C6RZVxIUZ597vCQPIwVlQ2VLKiZmxukb30XxiUOh-sVJ7lR8H749d-BMU9xC4pndTTm59LPeLThZkMF72uE2t6OMro2-tdXLF3pAqrx7J80Mdz1hwKjv-IHINLNcjPl1KXxZOmsGCVumwGIqEMS1mgHqac5l2JXaD8P8IYwBX__7H9MyWADFQAg7x-ZmpRwIMo4zI68x8WXTuDvEo_eUtc1USPoow7-ffkSEwrzmRLOEK-OmjVek9_uJTuDxxaVKgPKoIqcEZwbHC4makBK3a_QhXSmLvCIzaH7ssi87aykzf15Py9_gkdzCzHOC70Ipefbd5ant226cr8ecA3X0SWJnL_gtJb5C0WIWc0mbyHjOAea0lu0Y_5hYwOhndul0cv9mIpQLmPPH4zLoeKbrkgKEDfDBaKP3EesneI1PRiO9hD4ooxOoKnPaP8TxtOlPsZzg&cid=CAQSPABygQiDU_BaR7EWUPMD1rq-ha8Woieb3mwLymwmAIz2mBqPLdkaxn7uaVqszBjJ6JLpNcn5uOfSJVz4jhgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.newtimes.co.rw%2F&ds=l&xdt=1&iif=1&cor=5103912680228167000&adk=2086295851&idt=92&cac=0&dtd=3

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bcbcd8f050e7629dbf6663a2d4b8013bad3ab03d2d32ab5f918741241cc01235

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17130
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 404 B
439 B 118ms
118ms XHR
application/json 2602:803:c003:200::41
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17046&site_id=315192&zone_id=1608182&size_id=2&rp_schain=1.0,1!yourbow.com,76,1,,,&rf=http%3A%2F%2Fwww.newtimes.co.rw%2F&kw=newtimes%2Crwandanews%2Ctnt%2Crwanda%2Ckigali%2Cnews%2Ceastafrica&tg_i.ref=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&tg_i.page=http%3A%2F%2Fwww.newtimes.co.rw%2F&tg_i.domain=newtimes.co.rw&tg_i.pbadslot=%2F21828795265%2FTNT%2FTNT_home&tk_flint=pbjs_lite_v7.18.0&x_source.tid=47a69f08-5075-471b-af98-122e225e2253&l_pb_bid_id=200e38229386aa3b&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F21828795265%2FTNT%2FTNT_home&slots=1&rand=0.6386894554491922
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::41 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: e046b5ad85590608ce986ee762bee5fb1d146dd193647689f5089e20e6346ef7

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.newtimes.co.rw
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 404
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
159 B 10ms
10ms XHR
text/plain 54.93.178.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.93.178.54 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-93-178-54.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.newtimes.co.rw
date: Mon, 15 May 2023 20:42:44 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
62 B 189ms
188ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.newtimes.co.rw
date: Mon, 15 May 2023 20:42:44 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
781 B 42ms
42ms XHR
application/json 34.107.148.139
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CUN4B97C
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 1fac0a8214bf90455697f0e7db726dbf5e22773aa13258751ec2cff3524ce374

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: gzip
via: 1.1 google
server: nginx
accept-ch: Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
expires: Mon, 15 May 2023 20:42:44 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 146 B
1 KB 196ms
195ms XHR
application/json 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

936c621d678e7516b793eee07b8847446f96e00ceda5c6583a8598b07042345e

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:45 GMT
AN-X-Request-Uuid: 1be06b9a-5651-40a2-932e-05d8d44590c6
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.newtimes.co.rw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 146
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 17 KB
9 KB 201ms
201ms XHR
application/json 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

d17774d8aadb3697bc1fd13ff0ea6beb1d48c5bdf76e34c77831e7d1bd9e9152

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 15 May 2023 20:42:45 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: dadd9c94-5034-488c-9a01-8355c32a6311
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.newtimes.co.rw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame 2421 0
127 B 14ms
13ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=h8UPK1w-_Msrj2KhXGDUTGpoMDFTEB4qJO7gRqv-GsRVBwtjajorNgonRwcBsM7pr7oyTfK0wFF1-HzERrwzAJ1DU-eimEyo2UhjhKqWxL5UrPXFWdbbr8QPNn_aE6C3n9wCRrffhQar8OvdedW8_uLBknU421082HIWDmkvPOYtk5B4Joc_ARPCxMF-8_MSgPcAbWdB7i-GBnAnwGAOYdSwvAC2QTJUknJ6Os6rfIL2dvC6QqcuxVWOchGmESdXEncS8w&sds=2&rev=86118.2&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 15 May 2023 20:42:44 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 2421 2 KB
1 KB 15ms
15ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:44 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 2421 2 KB
1 KB 14ms
14ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:44 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame A3E2 35 B
465 B 56ms
8ms Image
image/gif 2620:116:800d:21:7eb1:3826:be7e:d981
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEPYbpoVJNDFNoQ42PDag9UQ&google_cver=1&google_push=ATf1kGNkk3I8l8L1-jrrAlS0ldpNbqzPIY8Z1MRUAh9v0wxSfthtnuXhXkdXJOyOUvhaTsHPciPeDviglW_SG4R1N-1baf9SDUo

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:7eb1:3826:be7e:d981 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame A3E2
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEHMKmf6dvbxCkAgG8Nlv0T0&google_cver=1&google_push=ATf1kGMdA4BL1SHI997jApgfldWANBdFg26c5VaRk2kq1otJlmzXDC1vdNkjzx-zr2OJ6j1gQgF8utuuJ-yZBWEbZLKhhbVzV_s&r...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEHMKmf6dvbxCkAgG8Nlv0T0&google_cver=1&google_push=ATf1kGMdA4BL1SHI997jApgfldWANBdFg26c5VaRk2kq1otJlmzXDC1vdNkjzx-zr2OJ6j1gQgF8utuuJ-yZBWEbZLKhhbVzV_s...

43 B
429 B

187ms
163ms

Image
image/gif

2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEHMKmf6dvbxCkAgG8Nlv0T0&google_cver=1&google_push=ATf1kGMdA4BL1SHI997jApgfldWANBdFg26c5VaRk2kq1otJlmzXDC1vdNkjzx-zr2OJ6j1gQgF8utuuJ-yZBWEbZLKhhbVzV_s&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DATf1kGMdA4BL1SHI997jApgfldWANBdFg26c5VaRk2kq1otJlmzXDC1vdNkjzx-zr2OJ6j1gQgF8utuuJ-yZBWEbZLKhhbVzV_s%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7c7e35904add8fee-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 1259
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEHMKmf6dvbxCkAgG8Nlv0T0&google_cver=1&google_push=ATf1kGMdA4BL1SHI997jApgfldWANBdFg26c5VaRk2kq1otJlmzXDC1vdNkjzx-zr2OJ6j1gQgF8utuuJ-yZBWEbZLKhhbVzV_s&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DATf1kGMdA4BL1SHI997jApgfldWANBdFg26c5VaRk2kq1otJlmzXDC1vdNkjzx-zr2OJ6j1gQgF8utuuJ-yZBWEbZLKhhbVzV_s%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7c7e358e79258fee-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame A3E2 43 B
362 B 16ms
14ms Image
image/gif 178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DPUSH_DATA&google_gid=CAESEKW5RyA_gKOz3FlQvmotDhE&google_cver=1&google_push=ATf1kGO7v7aEEkGYnLZ2QsYO5jULBo7NMakgkFi0rQ5Qf11kqqqmjTCb2pwP2IrfPM5JzaAKyUjyn8Cyo0GYZar2F2rEuVRWHQ

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 242978
expires: Mon, 15 May 2023 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A3E2
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEHcTNlvqESKPS0amoxugak4&google_cver=1&google_push=ATf1kGMCsbZEGF3T4V8vFNhAuXoB9lPa5pdKn3ni5yh8NTRsgiIcwWME0jQIMl3NzbEpwGqsmJu_fpCF_DbPCZBcJ...
https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEHcTNlvqESKPS0amoxugak4&google_cver=1&google_push=ATf1kGMCsbZEGF3T4V8vFNhAuXoB9lPa5pdKn3ni5yh8NTRsgiIcwWME0jQIMl3NzbEpwGqsmJu_fpCF_DbPCZBcJ...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGMCsbZEGF3T4V8vFNhAuXoB9lPa5pdKn3ni5yh8NTRsgiIcwWME0jQIMl3NzbEpwGqsmJu_fpCF_DbPCZBcJuPbXtBjSZA&google_hm=GpsatGZHaeNOCZpHRJuw4U2V

170 B
188 B

18ms
17ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGMCsbZEGF3T4V8vFNhAuXoB9lPa5pdKn3ni5yh8NTRsgiIcwWME0jQIMl3NzbEpwGqsmJu_fpCF_DbPCZBcJuPbXtBjSZA&google_hm=GpsatGZHaeNOCZpHRJuw4U2V

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Mon, 15 May 2023 20:42:45 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGMCsbZEGF3T4V8vFNhAuXoB9lPa5pdKn3ni5yh8NTRsgiIcwWME0jQIMl3NzbEpwGqsmJu_fpCF_DbPCZBcJuPbXtBjSZA&google_hm=GpsatGZHaeNOCZpHRJuw4U2V
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap5ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame A3E2
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESELghKnXhXdIiJ2YGroFYnAU&google_cver=1&google_push=ATf1kGPXNlT0cpczqr_7cn8aTZDsJAAVuDnjGkYkSrU6MdeFC9oC-dgxld2OHsfmQ_JVgSrV2xktx0ShchtW9xP-De61diZ0GNM
https://eb2.3lift.com/sync/google/supply?ld=1&gdpr=1&gdpr_consent=&us_privacy=&sync=1&google_push=ATf1kGPXNlT0cpczqr_7cn8aTZDsJAAVuDnjGkYkSrU6MdeFC9oC-dgxld2OHsfmQ_JVgSrV2xktx0ShchtW9xP-De61diZ0GNM...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDY0NTM4NjM3NTk5NDc4ODc5ODQz&google_push=ATf1kGPXNlT0cpczqr_7cn8aTZDsJAAVuDnjGkYkSrU6MdeFC9oC-dgxld2OHsfm...

170 B
188 B

18ms
18ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDY0NTM4NjM3NTk5NDc4ODc5ODQz&google_push=ATf1kGPXNlT0cpczqr_7cn8aTZDsJAAVuDnjGkYkSrU6MdeFC9oC-dgxld2OHsfmQ_JVgSrV2xktx0ShchtW9xP-De61diZ0GNM

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDY0NTM4NjM3NTk5NDc4ODc5ODQz&google_push=ATf1kGPXNlT0cpczqr_7cn8aTZDsJAAVuDnjGkYkSrU6MdeFC9oC-dgxld2OHsfmQ_JVgSrV2xktx0ShchtW9xP-De61diZ0GNM
date: Mon, 15 May 2023 20:42:44 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 sync
ssbsync.smartadserver.com/api/ Frame A3E2 0
45 B 166ms
18ms Image
text/plain 185.86.139.93
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEFE3Aw1rOlM-_BW7nTU-7Pg&google_cver=1&google_push=ATf1kGPKMpkhSACWxX6pVm28J-tm6_O_06X9DNItdjHMl8BxeAvoLEqbn-F0k_CDYUBracvdv8mm6jzJChwNd9CPxEfbLw2DnjI
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.93 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:43 GMT
content-length: 0

GET
H2

200

/
onetag-sys.com/match/ Frame A3E2
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESELQXSGJqEpsDJB_bsWeFOf0&google_cver=1&google_push=ATf1kGNpK0S0neQfGMwvrvYn0xhPSIsscdhqwcCnoHqCXvd0vPBb4N8uflQ4ePKp3VKp358BmmN9SpgrIsz...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGNpK0S0neQfGMwvrvYn0xhPSIsscdhqwcCnoHqCXvd0vPBb4N8uflQ4ePKp3VKp358BmmN9SpgrIszSDpAYJCeKzVkhSuB8
https://onetag-sys.com/match/?int_id=19&google_error=5

0
151 B

7ms
7ms

Image
text/plain

51.38.120.206
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

51.38.120.206 Hessen, Germany, ASN16276 (OVH, FR),

Reverse DNS

ip206.ip-51-38-120.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame A3E2 0
12 B 19ms
18ms Image
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13ICiouKLFptzroYGJckvMzsmOxDaYJxK_IfoY-w44veoXnsYNuwa-Pj58a2s7upgUZUZKPVOg

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

POST
H2 200 all
csm.eu.criteo.net/ Frame 5CC1 0
127 B 13ms
13ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=48x2f1w-_Msrj2KhD1Sd86Xa5Te00kpAziiJvwngkafz-4XQUH3FLvRkRgsLGIzLFZ07lCoLqxhKVQKvZSW3DsaAQwkcuDgw4R7kduXCLhPyOgszfbsNIMpHKy7SOIKJt49CQdiKKs47q2e9UVb4kMIoI2Dg9uGiFRBOIKnGg9nfeZ1ppXR-p3DmKlEMPNBKVG2gVjOvKZiY0bF-vKWQ0e67cthQNS5CoBcfKJo-otIxXNuSHk-ZmKwYIqNrVh3_I9-LxQ&sds=2&rev=86118.2&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 15 May 2023 20:42:44 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 5CC1 2 KB
1 KB 14ms
12ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:44 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 5CC1 2 KB
1 KB 17ms
15ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:44 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230510/r20110914/ Frame 34A1 28 KB
11 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230510/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DEtwcwiAxQi7i0WKECUwUTEmzDYOWeRxvwDLlV3QLncKm3WgGXYSfrvM7rohvIo3SHJUUVO2ThUe8rcZYhh2rLwaDsR7G_mgmdCUbwIk-h6yL07glXd0VzlBbjxO6be50dMFDX_In4I0nE-RVSJmMnUyrp-JSuypHJMnddedXUwgCdGtg&cry=1&dbm_d=AKAmf-ALl1sywrc_-JNFF91CzpkvYq_UM3uWPUHZk0lj3LJfVEKleUfHL04mGvjponiiX1YhviPeIky-ykWdiqJSX1Sy5Hn58QQ5I5cCD9QizzmJqxalni1SNZS36sGmIrFft3iE5bJ7gVRT5xna0VvvAO8cxDm5qkIYgHjEgS3T64w8TsPk48MUtkhqWJJs75frYkj1wOWNzUOewt-iyRs1i85huv_5ru6wdYyDHHDDCCRnBp8qfLwBYl4K8JFuqi4M5xxSQYWCAH6E4LCmnUw2-QqzjprUs1dKmQIFsB2W5UmKhRQCWaQFQp65AFf94-E4vXRzefCg595xSc9QnAizuw-ZVxoUbAdR5F0aEeePQTeu1aHf_5C2FxIj_dDbx3EgQvz222P7pP1QI06h8AkCc7M7ERFCNnazJAygbnty2GW5ptGx45zTk-LwSHwOCVxRReiblhSgyRhgQPfWj2Oo9AFAejrC8FikZ8YHHhP5BW3o5ri_UI0LeOgoA1FtNNZZo-btvV8dEEyKpPnrhgu_Ipd3Dht5JMpDO0rzdkfWnuwh2vYOWsoqCPf8WvjEKUkADPZKDKr9eUDKYIQXfLTQ2qlhBf-uG4NXbVHx3yiYR63sJ6XLOEi3vM9498moKRDg4RhQvGOzGQz5QwwYZ8OV93y7tbtbSOr8hZCWD5ipN7Nt93GrIkx2hx9dlIjcn8hJhFB3G2llD6T0vSieFa-sRH4dDssDbtxPmUSrkLgOTiz1HzGlB0-oNGv5eyWSfIa7Lu6Xx1pqpqkZdRDxUHZjHixqjsY_GSBR_31-h-RzMNnVoYruCKWie6czUNY3CLZXwwFXVkOsz6wqzjSgEaTlHD_XI2qOFqrol0DZxQjl6uAzsqEban2e4wt868LASIKcejOVyBvGSWY94-xnM2FqP2mlp86P_jCVtOKLHG1jBPkM1PNUGN7YcyTTQv5ZPBUtJx6FoV6QIQMLvYGENJboNSTgAvm6LvbjnLHIZduaXhml5q1aCobcPXo6llGyjNcXt1iJOIUtt_rTg0eC7fBKNwMOv57qeSg3WKHGGJS6eBDY1U61xeS_CxJpZ4Lbq-DAw0uUjybl2sBxplwJloOigHZjs6yoB9wrk4FjHtGHB_73dQhC8h2Yba6A_9HN2EVBM3q3t2-HOEUqm1TN-BbgslxEWvh8W0fncyC0lKjhKhUzcnQ1efMxqnsCotg8lRBvIJiQ49_-SigXIgCW5CJmRF-z5SQwI1DP-3tkt2lpesyjhCvkNoPkoYrq4a8Jt8q9m0RPdGuprt8si7u6VTu83wDGJXDID0AAnPgPtPXgZCSdjlyq-eWHThfXGxzv9E0KDampQ5bVgLO3xXy4yvc316yp_NUBc36AWwPgk29He6ApJy7rmnxNAVTIK-9TmzFT3UgVbeRWOv3S17ES3S3u9LvO-0zm9C5OnsiwKPRxD3qpK45BwSl3yO3Bguo8PE0vODFlOvmfllghiHiYoX0VfYuHfU1PAkBuAsDonAspbYJook6KX1dbiYKYlX4C_1Ma2UN4nw1sVKLMadP-cLoh5qU0S0n-ZEra3vI7OHU-NTCa4qQeZvDKzRiMA19fn0Ovid4ungJ_o1TmCQBMhOqxw6fpK7uEQ7MZvaoY3_aESKuhz-VLS76PhLf5bb74hRL2lJ6yY84MQZqk--r91Jb1TodIa8jqnr7L0C4tAOA73mjt8rl7Vt5WEdAcz3RTLmcrRS61tyTmZizNaR24WVxNcocZ04kHB9cV1vHBGr-EywXW23q2UdsPfi9EaBiz900kjws-UcHDlQ-0TiS60SxoEaeLIXEJ4q5vr9CvGNlx3SRUviqr1Nm7PAh9RhqRNFymm1F227KrD38LrJFX17s-QjXS_GRNvsWqbXDq8swfDH7SYJ6YobKDqDxEwoth_iaJRIPlVNoYAsFlYEq12FVHnNgouNM21v8gyqkOWV0Ey9rHF6ZZjy9pNSBBmkSZYxWkDXf-fOLhPmDndzpd2_Yv5fMtlbPkMpwf3Blnp_sBK1WknqW5Z4d1QXx3GA9s0Fg-HMRp6pY0QREvgcTPbJjHCWRql6tAnBgcYLavPhoxUwWcVnHSukoBxijIvqyBF9Pl9B-9FMWEYfLy-5UNwiSGQOrQWpt6uG_yGrgX-Qmu71vZ0pB-4jTnFVJM1KlmACa0VNuGQxnkHKQM15zNg59edK_hQvPFYKiOzoe7wAy4Sm_utIeW9fLMMH_UAxscH9mgRcE1HRUaBWZAfPML5Z1IsnQLrLpabKqVvLu2zJihNmlX3d4PaFO0wlRdHfgytj8r4G1jw2n00b14ebAtSbkby86xYf5K8q9FsT56rQnDIIte39YSjdg4jQv6SvXnJhzdxDGmB1vWtvt8n0XnDcVdfhhZe82Y_wmOPGq4OvXXBQPv01d5gBE1u8TBuO5X7C_KWIjg-nQI-4JtwWPBpnm-AVthJl4YyTQ7ee5vEuCmxBb1HrzGYYNWKKJhS4W-Sa8ewEk5he4amQzqvTWyHFQJDF1dnY0umdh4QEKyQHdLUxqjofjF_iti2Bft2LR72VMV_rxhqZZnaEaxOqRu4_WZzOJczSM_ajNEruE8Yx8Rz5IM0sKekY-v6oc9nbiOPXRpMXDsvbPuqa-TXTZyqxdDZFYP6KbL1sd8zHaJ3yCciZBV-XLmbKRlsjzCLOuYt682OqUj6G65ojwuf8tSQHxtO2yZEQdTtJdVe-zqiD59QuLP8fhmQIugdMDZBL5j0EDTHfjnBxXRwupRYYZpvGSzvlEKdPcFKxk6feFFoVWbSvbxnhFNPZlOo9nKoBOxIzL_U3qJzB8a_IQfMqzZy11DUguVHPV8Y8VCxva8zb3a-eQvon8_wUrs5-bP-Gf-8SD82VBt4kpjnjGcLpUrgrpYSpfzOf4Nrzq2pftwRHTRmfsRF2BKEskNjcb-rmR6-27_s2y59bFyivbz4oNrZd6tkeX1V3cmJcD7m4phHXYXvOlUQ0camqCAigBiOTa7LxK7WaZFeUvoGRk_gdCf3dZ8I6Ep4UoXC3lAtAhIDh-UoowYrSVMv9yL9_2oVpa0U-5qAIoWx6Zo2bdqbkWXRW7kDrhtDKxmOxko0TmE7QYAY-iGtscmCGuJFxcGQ7nc3DKWtdxa1xjrgx-toPyMGyr9u9SBfFIGdCTLLvPwyoeXx5lnW3WtlIFrU6ssBfgVfFDX55dLHQZLEddxl-93hpLigAmHWa8N_NBKXOKhq7ev7zzZhvMnmJOPOmd9f1UHSscTuIOVV1Mw4EjIRkprBY49SqgKBNMYk7tzUwI0pUZ3axbHiiFuZ9Bx-84Y0AbNYatKbFcAitYSA9la0BmFVvQXWy40ultzMEz_vduFT0Ssib0NNKsPJ4hTTumBplDLbflX8_muqxdkMa953A4Y5spvhXi_a7CGzmKoLBNGcyGUiFBSFEWLaWmHs9lTF3NLrDfGA9rAMzo4RKntdzxKI6ZO9Koysa5V7g&cid=CAQSPABygQiDp2tdQgqR_73fjJ94LVTaZCu4XQQapi-BI0Up1zY-Yj7ZuMP0wvZN-UuAS_zrr_zp52ZVbdfmdhgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.newtimes.co.rw%2F&ds=l&xdt=1&iif=1&cor=12117149635090074000&adk=3047537735&idt=90&cac=0&dtd=42

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ce7aa9a76e1ef06e22d13a5c8678b9b7440f5b1f854ecb62b447ad383927abb6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 11:04:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34711
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10883
x-xss-protection: 0
server: cafe
etag: 6886435266232968791
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 May 2023 11:04:13 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 34A1 41 KB
15 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Wed, 10 May 2023 04:43:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 489527
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 09 May 2024 04:43:57 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 22 KB
10 KB 417ms
412ms XHR
text/plain 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3441115050061315&correlator=4000448079770461&eid=31074646&output=ldjh&gdfp_req=1&vrg=202305090101&ptt=17&impl=fif&iu_parts=21828795265%2CTNT%2CTNT_home&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=300x600&ifi=15&adks=3369079359&sfv=1-0-40&prev_scp=pos%3Dhalfpage_5%26amznbid%3D2%26amznp%3D2%26hb_format%3Dbanner%26hb_size%3D300x600%26hb_pb%3D0.10%26hb_adid%3D266a76853301c63d%26hb_bidder%3DbluTonic&eri=1&sc=1&cookie=ID%3D9aaffe5e15c1aac3%3AT%3D1684183362%3AS%3DALNI_Ma9jKnX2iRWyThg5ibpFngNLZiOxw&gpic=UID%3D00000c17af5f1690%3AT%3D1684183362%3ART%3D1684183362%3AS%3DALNI_MbiM4NLUrzgVL4HLfPYJSLMvXKpsQ&abxe=1&dt=1684183364853&lmt=1684183364&dlt=1684183363227&idt=398&adxs=1060&adys=4473&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=11&ucis=f&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.newtimes.co.rw%2F&ref=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&frm=20&vis=1&psz=300x600&msz=300x0&fws=4&ohw=1600&psts=ABHeCvj2NDl10ZMRfTdogB6jJvsMf9fNOHOULUivHy3Eq3QT1F0BkRMdakRjnTbEeZTgY0EHrrAGfwnOug-5JgjaxPr2XqKt&ga_vid=1224847520.1684183361&ga_sid=1684183364&ga_hid=1824289973&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6ccd14ba8a0224fa486fe0b41f22224cc0c7d77cbc027fae59610e2442e5dcb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10216
x-xss-protection: 0
google-lineitem-id: 5406822616
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138315209579
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 container.html Show response
a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 83DE 6 KB
3 KB 7ms
6ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:43 GMT
expires: Tue, 14 May 2024 20:42:43 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame FF84 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0780e2017aa5a52d57069f07bd2b817a437b56dc76d9e8b1a3f8aa258f7f06ba

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 container.html Show response
a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame A168 6 KB
3 KB 7ms
6ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:43 GMT
expires: Tue, 14 May 2024 20:42:43 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 8C30 6 KB
3 KB 7ms
6ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:43 GMT
expires: Tue, 14 May 2024 20:42:43 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame DAFA 208 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4a91eabb9f41d2164e9885c128153192439203b10873fa7071980e58131e0d23

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 container.html Show response
a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 56DE 6 KB
3 KB 8ms
7ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:43 GMT
expires: Tue, 14 May 2024 20:42:43 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 17 KB
9 KB 150ms
150ms XHR
application/json 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

04a0d2f4aacc34ed91e45e51c5e93b00483484c78f954bf3c8fc384a12047ccf

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 15 May 2023 20:42:45 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 2f150254-9e48-4cd7-9d60-ab43b2cb6cda
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.newtimes.co.rw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
159 B 11ms
11ms XHR
text/plain 54.93.178.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.93.178.54 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-93-178-54.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.newtimes.co.rw
date: Mon, 15 May 2023 20:42:45 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 140 B
1 KB 45ms
45ms XHR
application/json 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

8cfec012df6cd29172f4b3020c481b94e149ddd8bd3d4dbc9da39bd1791e470d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:45 GMT
AN-X-Request-Uuid: 6c92a124-e886-4b27-a819-c35efe245b0c
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.newtimes.co.rw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 140
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
805 B 77ms
76ms XHR
application/json 34.107.148.139
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CUN4B97C
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 962564f65642886f325700226cde5ce3037d3465eba70afc6eae6015782f3602

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
content-encoding: gzip
via: 1.1 google
server: nginx
accept-ch: Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
expires: Mon, 15 May 2023 20:42:45 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
62 B 40ms
39ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.newtimes.co.rw
date: Mon, 15 May 2023 20:42:45 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 5 KB
3 KB 111ms
110ms XHR
application/json 2602:803:c003:200::41
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17046&site_id=315192&zone_id=1608182&size_id=57&rp_schain=1.0,1!yourbow.com,76,1,,,&rf=http%3A%2F%2Fwww.newtimes.co.rw%2F&kw=newtimes%2Crwandanews%2Ctnt%2Crwanda%2Ckigali%2Cnews%2Ceastafrica&tg_i.ref=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&tg_i.page=http%3A%2F%2Fwww.newtimes.co.rw%2F&tg_i.domain=newtimes.co.rw&tg_i.pbadslot=%2F21828795265%2FTNT%2FTNT_home&tk_flint=pbjs_lite_v7.18.0&x_source.tid=05a67bc2-ed6c-4670-b952-c130c1bae7a4&l_pb_bid_id=222c016eec460f7a&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F21828795265%2FTNT%2FTNT_home&slots=1&rand=0.02088145920788831
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::41 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 7d93b38042ee49a0bbefc94df30cc82e02efaed10792e72597ff498d9c903c09

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
content-encoding: gzip
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.newtimes.co.rw
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230510/r20110914/ Frame 9151 28 KB
11 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230510/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CrN0f5gzES1ylBt8DZBZaCzLFheCqtesgzdAyScBfnZJksFQU16tM-qnC2ZhU09CSfRBgx2mvqLyHlYp0UmYj0Y-yMqkSitI0myeA7jEiIMQ8zy-S-V_BI5Ys23OOM4UBp54RoXlBEgbVhGE0RNJE9UyceE585XYbXpYut1m2e539fvMo&cry=1&dbm_d=AKAmf-DaACtPy5CkHHbySFB-ZN50Sz2ithiHidw5GSvBWQ0AdZ3roVnxIKk8x-_Q3dlTDRj_ykd8BiNj21lBRMthAMOuEtdwbYp-L9k7MyvWjqxY-xyNPRdO2VsiJK4iWL9ffkYzpfdn3i7T6Gq2hceg6Bdmo4NNdQiw7g4TIvNUb6Sii1CSCQxJKouYfIiL_bpZbStJHCoAX-PRWn90URkX3OTdf_lfpJ97p3RvBtpnv2R8dFwS875rAOUZ-fSuhaTWfz3FNtkt6GLLC51tjIikfCVNjJbInu0CCECoxYYV8y8Z8hcMl_H4jfWP7x3P2y-knNFpFUwqgHAdeHrB-QptsAKCgexdbHFk-quYhjN3KgXSyz8pnyxJf2iqnAoMiso5a5btcqpzT2bwRQPf0qbgIgLopj_AqDFk2jEMlmTVeKvCLl-AQ2yEP43ZIgo_Pw9WkPh9hsWJsRi7_t4qklksbbCZC2EpMGfkuXPRHFdpsLmXqpuQX_tWoKlt7N-Z3UyMn_FY5X-rFsln3zw5Tj-CS7ANGlmv4dDS8RhnOLdfIejcLbCkaK5Zxwv-2DVPHUo5bbtj18anGJr_yHT3R9BD8CR2cXYTAP_w-TvmsrqSIS8atElyffJCNGRcw-flv-pe2pXiaF2MXK6b7toTCfm1Z34QWx8KXU0cErtCwNe6A5mGvkSfcvNH11AdUYu6prDh-gue0M4GUwEll8g5CQ_ZaAPM_poIyVRUN6eRw4q_fc_o5P9Tkb_Sp5S6PDwXvm7XC-wrepuBxLEP642BehHt9KiFOVtO99ulIn7KHSKyfsIRC9GJvzB_mw1Xx0AmaCk5OCTUu24KG1-E3y-0T05KdB9Nky2P27Lud1cEsP6h8rVc3k9lFx8684Vy2AmgJ-5Gt_ASgmwsS8Q8YkOnYuNvz-h-Bx20vIe2_wmAANQBSCKBIPpbDTL9jAJIEyb6Y886rEcs5TPGpdCmUI0falp3ZLmA2_kB8X_Fg0lDymqsQ3Ec-ArQKgNdNc3PZaaVZw3uMiVFhATXbGnNVD5rgXKWNNWuGixLkMc9YGCQayMXHfEyXfD7jVDpJibaQo1_syPCoJIk5eJ5KZd3OU3EovIJt-a87A_evICkh5oxf6ub32GzrKm-5NIxX29QAn5qyXHVudgCjtTcwvB8B9QAzyfk_3F6WMt_ggxM2ToDAiNOTuKmj6nIF9Fypb6Ucn_GpOx1CP7vjkKLa5UolWE3c0qfRuQvFEq9Nj_S1Q4b7ptrrT_klrQQ4Vd2oCDe62Q6iaUhoSHOJm-X98gujd1H_pOm3VlsMhrPO6eRKxW_Qapm5UHANBg9zkQ0OYAj5_1LnwoBG0nOONBVQ4eotyqsY7y4cnp8hJfysaoLTNJhTVrKASLrG5S7M0wv4J715CQQGTPGjEb0brgCgAsptj00JJn8IPZ9eZNq7C12sIpWsp_xdRB0mYxRaFpQUzvaTVdum-U9hd1SBjEontrUOPVESvqxgd0rtzfrQigCI_0pBpQnmMf9p-jpElBUeVN236BKYwIMmI0lQMM08Y58oF1gU3L5lEYO9e8GFeyNtgt8PyqU3fJr6xgB6RfY0-nN8ASNBZwCylHGYjmbkGdzg-nKN1OY8tAaXxDGzvueeB61oM-TBkc3TmwMj9s57htwukfDZpBSeFPzK08AHDKctHeImOmT6sbrkvIhPZIQmkucf7vhdMeexUtjX1r-3nR9TTv0nuiXcZNDyOEVvgtJlpj5QF787T6XY3GZcUajY1gNJOiaDS1C1IbufavPFjLkhCnR2o3gExuHeLeSz65Bs3J-X6RSX0FkBIJnBpljZm5xdVHKO5vHMqM1nuOWq84t96BKpXEQZWb3p8na0kmN87EixTaSRBwEHFfuSFmQePT2dGR0WTn9wwOTL3ym8RxTwq-aYT2Fmf1I96lT8iyjYGfH_HHlzKwpogtdJj3MPBcTXQBIlYPcffIWDza3qSZeL2f2Tepydf1efcig-2fQs-5Rt6ERCU35hvFTk2mLCZ96kinmhtdgN6eKV2q136PBZJiurEvmHyJMtGE1giUToL22QThnMsm0GuojichyeZ39iZTmEM5bFeE_iBxD47rUP9ZoIka6tkoSVo1UUgRHlhWEUevd-8rbrMZFznj3yTAzJx_9fATuuw4f1StTNoNWse4-LXO9ugMHvzuEBQVfOTjDOFvq-RxtK7oPbwhsSHe0RQPd2U_xHQTK6YVJT4gGMneEnmig_nGXaFSejGirw2LEX68UUsYAOKkMrp4CALuJD5j3tzg_2yO8ArYNZ0lbqtHU59ioyQNqyznom2JwnA2hTpFCFBDsRHjgqRthpvkamuuXtKPzfD3qxGU3L-E1eDY9tQa9n-L3U8uh4-etwMF9CquzuAMfoFm1qF46o761tgE78tz0RrNIaJgg82xyTrQNnpPBeSfGaUS6drDEfuAUrgFaLOZ04D7Tt7SQwhiGuFe9P7WiDWEsQOJsAFa0V67OyVaNxKBxQOaKanKKGAuULvsgFXAHSFfv2fJ9seX8ZpB4tBTAZ0t4GBXPPAZzZlF-ZBKS9k_JW-892kNEvsv3mLIjmuVrHpKNdoWII8D767L8q8MHtp-278tBf-I_Fzar0zEGnuVEnhn4ubPb_zrl6byBCK1EZN-B53bZCuUE-jmu2LkYRpWuxy-VyHA2MicnFAUys7-CqpvcYa74yWSZTo0s30XWRFVVccPa5cbJg6AdV3P1A0kI3Av2bcXYW-pdKhcF4vA28j_I6oxGBe9GLZqJRVZE9TLrP5T2Bkjo9ZVIqzBXANiqZaAH3HXR6vIz-_XihuPkKYP7rSbLmDNByauWOjYFQyl7xXrPiwO24oC7Kl3azvAiLS1upcyKFgNlb-_agRMg1e742voSBnaEJ5JiDHFEM3SI3i1akhWXPVfKGMnk3gsLXgcTo6YQicuLmq7FFfxxBOJQDt8l4E6XnrhYFPBGjFMHDeOfRSqDLBtRzD_yvlkegZkP4NQqnoqCiD1C06mBvTy-53Hkv9nuw8aY4wL17EqjNihzZQcvtoLFfbFh_gWPuVNv-96dWXfh0tkYIaOt4SrsRMZ1RWXZULNH_eTid4C6RZVxIUZ597vCQPIwVlQ2VLKiZmxukb30XxiUOh-sVJ7lR8H749d-BMU9xC4pndTTm59LPeLThZkMF72uE2t6OMro2-tdXLF3pAqrx7J80Mdz1hwKjv-IHINLNcjPl1KXxZOmsGCVumwGIqEMS1mgHqac5l2JXaD8P8IYwBX__7H9MyWADFQAg7x-ZmpRwIMo4zI68x8WXTuDvEo_eUtc1USPoow7-ffkSEwrzmRLOEK-OmjVek9_uJTuDxxaVKgPKoIqcEZwbHC4makBK3a_QhXSmLvCIzaH7ssi87aykzf15Py9_gkdzCzHOC70Ipefbd5ant226cr8ecA3X0SWJnL_gtJb5C0WIWc0mbyHjOAea0lu0Y_5hYwOhndul0cv9mIpQLmPPH4zLoeKbrkgKEDfDBaKP3EesneI1PRiO9hD4ooxOoKnPaP8TxtOlPsZzg&cid=CAQSPABygQiDU_BaR7EWUPMD1rq-ha8Woieb3mwLymwmAIz2mBqPLdkaxn7uaVqszBjJ6JLpNcn5uOfSJVz4jhgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.newtimes.co.rw%2F&ds=l&xdt=1&iif=1&cor=5103912680228167000&adk=2086295851&idt=92&cac=0&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ce7aa9a76e1ef06e22d13a5c8678b9b7440f5b1f854ecb62b447ad383927abb6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 11:04:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34712
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10883
x-xss-protection: 0
server: cafe
etag: 6886435266232968791
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 May 2023 11:04:13 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 9151 41 KB
15 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Wed, 10 May 2023 04:43:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 489528
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 09 May 2024 04:43:57 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 43ms
43ms Image
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202305090101&jk=3441115050061315&bg=!mJulm8_NAAYldGN0BXQ7ADkAdvg8Whs7Jdt0CMCZHtBTKlsgXICi2ndC16rYEqrP3PWWBkZre1BFQGmw2_6LiDTc6P5NWsBbd4wCAAAAxVIAAAACaAEHmQKmlbbHOuXletz0eIeJvlQPyg6qV8kntWSEWxplE0ZIgRleyQUXQHlg77DONKtOgM-yTlhavQotFScEoHfEQj4pT1q9Fab1Jjge2tbl6baHMoNRIL2TWSAapLWook6x3eh2QjcXY_PfY7Q6SpMNl9efXcRcWvdbHPKgju1iZZlhO0UriNUa1cPK_T1H2KUSLXQNqEg7c7lIRx6o5Sc8eTroJgfMmLpVr-69GJYuJUvMGymkZshX4Q_dt-HPm4CjREOJK9S1dGK6LlBsEnXF7DZziaUcppipLjy8psuFzy1vwySis_zTk8RleSF5qiEbETggg8Znf25rfCwX2BjkknwWmORUPR1sCC7NuQkq2_4d02z28gOY0irvYKSSf8-I87rI8O5CvlYUccbPUF8mK3OQWrGj4Otp0r_hYcfTBMepsdh4p5SSnd4hiXrR08kcMHt51qohREFIFy5_tYTjvRFFHvSqYgKzNkNv_svm1ycyY6Q9eVAt30rrlMmhQLdhEq55w538O_useraXZ6_PnyLO7nyT7bjHTjfBoUkQmog8sRzk5kimMXFetjs_UL0FBV1LbeKQO10gJl_FGcmvEyDeTjytn8x388GFNLX_TXmMZiPEvUv3ynZY0PY7X3k7IdpH9bdFPP_XeReI5Pi8_J4OeZBqERTUp0LWrJU_SENOtySwQVoy5o3B7Qal0O4KG7xMAFXRw3GPGYkyD3Hh8D_M9s4-JTMIYnXfpPZCaPYMbjCbcEHFp9Q_3PoEZXkIJPUq91LVq_CiOFRyA7z-W6rnKwCyLhg1mOAfUlPuoNgu5WDMveO8DCv2x1KAMgg3OAN81nX42gSuRPwsnPg3KN566OxKEK0dJbHZ3VNfKacDFGS1rsF-aQCy-zcvC4-9L-8VOm3US4JE
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

GET
H3 200 container.html Show response
a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 765D 6 KB
3 KB 8ms
6ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:43 GMT
expires: Tue, 14 May 2024 20:42:43 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK js Show response
tags.mathtag.com/notify/ Frame 83DE 3 KB
2 KB 67ms
25ms Script
application/x-javascript 185.29.134.245
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvTkRGaVpXTmtNemN0WkRSaE5pMHhNbUU0TFRBd01EQXRNREF3TURBd01EQXdNREF3Lzg3Mjk0ODcwOTk0NDYxMTgxNTgvNjYyMjMyNy80NTYyMzA2LzQvREhTQzNzbG9TcnFoOXpyclIxRHU1M1FLOUN4QjZNdTdJc2p5VzNydHFBTS8xLzQvMC8wLzk1NjgwMy8wLzIxNjUzNi82NTE4NzEvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC84NzI5NDg3MDk5NDQ2MTE4MTU4L3pyaC8wLzQ2OC85NC85OTkvMzIyLzJhMDI6NmVhMDpjNzFiOjovMC4wMDAvMTY4NDE4MzM2NC8xNjg0MTk1OTY0LzQvcHViLTc1NTQ3OTM0OTcxOTIzNjIv/pcy8RyjhD4npMhX3XvVWqrJjNpQ&nodeid=3770&group=zrh&auctionid=8729487099446118158&pbs_auctionid=8729487099446118158&shardkey=8729487099446118158&sid=4562306&cid=6622327&bp=a_aiebbd&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.132.67&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCzlTgRJliZMTKGpfAbY_rleABz4eOm1zAhtmCxgLAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCeACAKgDAaoE-QFP0EwrU6v5G0YDZTOnOJeV9arg-id_R9ibzq-fT7AFxHhE9lLyQBlFoOWhPyEuoi2z42nyw8t4QNgQpP01SfySDvcQa5BbtIAAcO3fUXdbbVXwt6vtyali-Y2HF9GSEWjTSCu50fPNKbnnSfWlMrSHqptwZh7N_f-BgZlntjQ8AnbOBI-wZS7dC8Ct72Wk6R9YvS_MxAipJBmMdVwvjxfQn1E3foZqjsv0X9owJZgOOyFQ5vWQGF8HY6ilAvG0-shlfT2DrDL2MO8JThar-7BSNGUhgjvbW7uQa3Sg2neJLNiVbO8RdmdP3GJtaDTflTQqmGwc0FKv43bgBAGABrPp9fjfzMC4uQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2X2YfjPd3eWDpqGLQzBh2UYx4riw%26client%3Dca-pub-7554793497192362%26adurl%3D
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.245 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.387.2 /
Resource Hash: 9354d00aaf4f47e50cef883a3eb1bdf8946f308d0dc5076886defd6ee93fb35f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 20:42:45 GMT
x-mm-nodeid: 3770
Content-Encoding: gzip
x-mm-bid-request-time: 1684183364
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Connection: close
x-mm-handled-by-owner: true
Last-Modified: Mon, 15 May 2023 20:42:44 GMT
Server: MMBD/3.387.2
x-mm-latency: 11 (0)
Content-Type: application/x-javascript; charset=UTF-8
x-mm-dbg: NotCount
Cache-Control: no-cache
x-mm-host: cdg-router-x80, zrh-bidder-x156
x-mm-lag: 1
Expires: Mon, 15 May 2023 20:42:44 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/ Frame 83DE 3 KB
1 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/window_focus_fy2021.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 18:31:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7894
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 May 2023 18:31:11 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/ Frame 83DE 19 KB
8 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

01dcaf85f2ae23a30115cf4a663e90b4a507dc688c4c17f9ebddc3cf19fee780

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 12:20:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30107
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7937
x-xss-protection: 0
server: cafe
etag: 2499949999788435271
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 May 2023 12:20:58 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 83DE 24 KB
6 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Fri, 12 May 2023 14:52:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 280230
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 11 May 2024 14:52:15 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 83DE 169 KB
52 KB 71ms
70ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fdc79b8c47c6d5c20def82fa5f6a91e3cbe3057bff3f8b14b5c2c71dc9b57ec4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53545
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1683718549123860"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 15 May 2023 20:42:45 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 17ms
17ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.newtimes.co.rw

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 15ms
15ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.newtimes.co.rw

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 30 KB
13 KB 480ms
479ms XHR
text/plain 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3441115050061315&correlator=2702850497264243&eid=31074646&output=ldjh&gdfp_req=1&vrg=202305090101&ptt=17&impl=fif&iu_parts=21828795265%2CTNT%2CTNT_home&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90&ifi=16&adks=195989020&sfv=1-0-40&prev_scp=pos%3Dmid_10%26amznbid%3D2%26amznp%3D2%26hb_format%3Dbanner%26hb_size%3D728x90%26hb_pb%3D0.00%26hb_adid%3D268d83a9e8a66c28%26hb_bidder%3DbluTonic&eri=1&sc=1&cookie=ID%3D9aaffe5e15c1aac3%3AT%3D1684183362%3AS%3DALNI_Ma9jKnX2iRWyThg5ibpFngNLZiOxw&gpic=UID%3D00000c17af5f1690%3AT%3D1684183362%3ART%3D1684183362%3AS%3DALNI_MbiM4NLUrzgVL4HLfPYJSLMvXKpsQ&abxe=1&dt=1684183365072&lmt=1684183365&dlt=1684183363227&idt=398&adxs=436&adys=4856&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=12&ucis=g&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.newtimes.co.rw%2F&ref=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&frm=20&vis=1&psz=1200x90&msz=728x0&fws=4&ohw=1600&psts=ABHeCvj2NDl10ZMRfTdogB6jJvsMf9fNOHOULUivHy3Eq3QT1F0BkRMdakRjnTbEeZTgY0EHrrAGfwnOug-5JgjaxPr2XqKt&ga_vid=1224847520.1684183361&ga_sid=1684183364&ga_hid=1824289973&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9929932627f757a2bf923b61a9a461fde8dbe2038e6c18c4f228ae9ba1b4191a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13530
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 container.html Show response
a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 8768 6 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:43 GMT
expires: Tue, 14 May 2024 20:42:43 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame A168 0
0 51ms
50ms Fetch
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CH_0HRJliZKSdGpqB9fgP5K-K0AGQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE9QFP0CIO-mZyQiahzgS6hGfeY8A2pgFLowFFkpayfcFqpU3Ff7GvEDEYXDRfWCAaHY0lOZKoa-gqU8QeWcR0-d9P3CGEYQ15A0dUya_W-y7-W0tsT1S4bu1Av5u4RgmTChelHkyGxMu6CUO8Wvy7iPMlRjlt6oACVseK9dC8T_IVpbKoA6H_d9NTbkapOyqqNKBzc9D7btcPK1u_okA_BajnnAtBeuQutZaRaK3UKjvjAgP-mcC-2yzLP-GBOWCMeyZxVBRu9XSV-rNG2rTyq2MU_tsvrTr6LxuAGwDR36H9S13EyXKLolxMF6rSO38NxiFgIJZO5uAEAYAGxNGe9MiAzrylAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgECACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItNzU1NDc5MzQ5NzE5MjM2Mhj8oHI&sigh=8OI2Qm_e25Y&uach_m=[UACH]&cid=CAQSPABygQiDGQaaTVRQYOARubQ8fR9odBxKJMuV2irPZQiT2ctASUebAX7ifnqfCQGuzvyO9kmlHXauVjnzGBgB
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

GET
H2 204 winResponse
prod-rtb.ad4mat.net/ Frame A168 0
0 52ms
17ms Fetch
image/gif 2600:1901:0:76b9::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-rtb.ad4mat.net/winResponse?a=1gxp2haz6jcpvz6qjr8fsbexw1f29d6qh66freh7xms8t7yyqn8cx7hd409kwptgpr4kctdky0ts6pzm3v0twp4bgsjjwdjfx2mme7546j0t6da75yas25wpvs6ndka1v9qb9keknehvy6q2qqrw5wnfzzxf9p665z2wgmcdj8czkxz8s123bhpsec5gpdxatfbx5thy9jfngjj3z4p6dmx30f2wg5m8vrvx8mvqjbxdhxbym15pn8vwj15thsyzpxt81cmvd0qzbr3vrnwz1ab7d0vtdqq1bck2b8r83am26rx28mhda460582d53rj33311gtt7kf3gg9nv2brhg10wtaz535039das3ww2ry2mf6eg3x0n4v5wzqw3qyqpy59p0tfxyqqfv18&b=ZGKZRAAGjqQJHUCaAAKX5IiH5apEz3JexuhnvQ
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:76b9:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 15 May 2023 20:42:45 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: image/gif

GET
H2 200 dr Show response
as.ad4m.at/ad/ Frame 0DF0 2 KB
3 KB 66ms
33ms Document
text/html 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/dr?ed=1kteyh50x7cpchem3eccg990peba0ty1dgqn5xgr7wvnma1pb39hqqkx2qez2k4td1ysa3wwvjaqk57y0e10pyt7se8btg2kft62grkmb0h3pj60tbmqv0jjjw3gxxe2j50agkez66846ww0d9harqgq7hetpqtjbp7qdj8d8w6j1qtq8txhe0xk3cjfrv2tym9ncevknmbc3gzrrw00ey9e4ng74enjae319pzrvph13a87rfjg1cymc61tzn7h4exqkvgqw9zwdbbw6156xwz092tfn6zccmme2ramkas23x5x05z7cg5znm9t1g4k5r2g96r4cbesapcf65g2j935jfzyy8sry0y8x31azqqtbwbxk0k6ckq6tsbey80jfdarpyr0mxy7ey4g9vrnrpqkt8v0bdkcda82d7ap8s2q033crep665gatsybpbek2c9zmny62c&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DClw_NRJliZKSdGpqB9fgP5K-K0AGQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE-AFP0CIO-mZyQiahzgS6hGfeY8A2pgFLowFFkpayfcFqpU3Ff7GvEDEYXDRfWCAaHY0lOZKoa-gqU8QeWcR0-d9P3CGEYQ15A0dUya_W-y7-W0tsT1S4bu1Av5u4RgmTChelHkyGxMu6CUO8Wvy7iPMlRjlt6oACVseK9dC8T_IVpbKoA6H_d9NTbkapOyqqNKBzc9D7btcPK1u_okA_BajnnAtBeuQutZaRaK3UKjvjAgP-mcC-2yzLP-GBOWCMeyZxVBRu9XSV-rNG2rTyq2NW_Pq9esN9b9MHU5YLljMPcknOZHiluoHM1eNAw-sT6jm1_AkOLgLWUuAEAYAGxNGe9MiAzrylAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0herB7Ds3i_gUflTiCJ2XNousZcw%26client%3Dca-pub-7554793497192362%26adurl%3D

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

94f8e16904bccd826c6647eb16be13a4c9e3ed322c4a0569c8ba5078a424d890

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-src ;img-src data:;manifest-src 'none';media-src 'none';object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7c7e35901d611913-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-src *;img-src * data:;manifest-src 'none';media-src 'none';object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:45 GMT
expires: 0
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/ Frame A168 3 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/window_focus_fy2021.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 18:31:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7894
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 May 2023 18:31:11 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 2484 1 KB
643 B 8ms
7ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34712
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 11:04:13 GMT
etag: 48472445140208031
expires: Tue, 16 May 2023 11:04:13 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/ Frame A168 19 KB
8 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

01dcaf85f2ae23a30115cf4a663e90b4a507dc688c4c17f9ebddc3cf19fee780

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 12:20:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30107
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7937
x-xss-protection: 0
server: cafe
etag: 2499949999788435271
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 May 2023 12:20:58 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame A168 0
0 16ms
15ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSLnBHmugKOaMoLA9wjAt3UEomBOocf-UPjEQXWIfNj-ba27q9-4nR9pUBHJOho1iFUuT6ubovB1sLv1Lcql9Uyj4OPcw
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame A168 24 KB
6 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Fri, 12 May 2023 14:52:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 280230
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 11 May 2024 14:52:15 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A168 169 KB
52 KB 86ms
85ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fdc79b8c47c6d5c20def82fa5f6a91e3cbe3057bff3f8b14b5c2c71dc9b57ec4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53545
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1683718549123860"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 15 May 2023 20:42:45 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 34 KB
11 KB 182ms
182ms XHR
application/json 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

00809aa4800eb8e06c5d012ca85a754961a6a93966dd8ae964e8218809f07b2b

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

Date: Mon, 15 May 2023 20:42:45 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 7bb7e750-0b37-4e2f-80ba-71468d49a0d5
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://www.newtimes.co.rw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
782 B 69ms
69ms XHR
application/json 34.107.148.139
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CUN4B97C
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.107.148.139 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 139.148.107.34.bc.googleusercontent.com
Software: nginx /
Resource Hash: 1dfefd75c2258708a700b7b621b2d4bf8e10a9d148983c1a67b8c254d18a5766

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
content-encoding: gzip
via: 1.1 google
server: nginx
accept-ch: Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
expires: Mon, 15 May 2023 20:42:45 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 424 B
459 B 99ms
98ms XHR
application/json 2602:803:c003:200::41
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17046&site_id=315192&zone_id=1608182&size_id=2&alt_size_ids=55&rp_schain=1.0,1!yourbow.com,76,1,,,&rf=http%3A%2F%2Fwww.newtimes.co.rw%2F&kw=newtimes%2Crwandanews%2Ctnt%2Crwanda%2Ckigali%2Cnews%2Ceastafrica&tg_i.ref=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&tg_i.page=http%3A%2F%2Fwww.newtimes.co.rw%2F&tg_i.domain=newtimes.co.rw&tg_i.pbadslot=%2F21828795265%2FTNT%2FTNT_home&tk_flint=pbjs_lite_v7.18.0&x_source.tid=885db5b7-6d29-45a5-996b-5ed28d93e50b&l_pb_bid_id=2303939f29930308&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F21828795265%2FTNT%2FTNT_home&slots=1&rand=0.4464803325387863
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::41 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 51b07863bc58fba2d34a65bbfa245173f05ae20226c64d0b25d85993c1376d3e

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.newtimes.co.rw
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 424
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 424 B
459 B 94ms
93ms XHR
application/json 2602:803:c003:200::41
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17046&site_id=315192&zone_id=1608182&size_id=2&alt_size_ids=55&rp_schain=1.0,1!yourbow.com,76,1,,,&rf=http%3A%2F%2Fwww.newtimes.co.rw%2F&kw=newtimes%2Crwandanews%2Ctnt%2Crwanda%2Ckigali%2Cnews%2Ceastafrica&tg_i.ref=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&tg_i.page=http%3A%2F%2Fwww.newtimes.co.rw%2F&tg_i.domain=newtimes.co.rw&tg_i.pbadslot=%2F21828795265%2FTNT%2FTNT_home&tk_flint=pbjs_lite_v7.18.0&x_source.tid=885db5b7-6d29-45a5-996b-5ed28d93e50b&l_pb_bid_id=23190dbdafea0b4&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F21828795265%2FTNT%2FTNT_home&slots=1&rand=0.552826103676892
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::41 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: b0543b1569a30e570e585647f553f48599be283bedc5018ecfc2ba7de1f0d729

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.newtimes.co.rw
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 424
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 264 B
1 KB 193ms
192ms XHR
application/json 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

49473980386c8bd3319f8330bc217b6caccba02632b2031607f7b052255faac6

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:45 GMT
AN-X-Request-Uuid: b8035f86-7b70-4abf-bf9d-972b88151105
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: application/json; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.newtimes.co.rw
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 264
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
159 B 10ms
10ms XHR
text/plain 54.93.178.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.93.178.54 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-93-178-54.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.newtimes.co.rw
date: Mon, 15 May 2023 20:42:45 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
159 B 10ms
10ms XHR
text/plain 54.93.178.54
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.93.178.54 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-93-178-54.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.newtimes.co.rw
date: Mon, 15 May 2023 20:42:45 GMT
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
vary: Origin

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
62 B 33ms
32ms XHR
text/plain 185.64.189.112
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.newtimes.co.rw/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.newtimes.co.rw
date: Mon, 15 May 2023 20:42:45 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 28 KB
13 KB 296ms
296ms XHR
text/plain 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3441115050061315&correlator=2495576135083057&eid=31074646&output=ldjh&gdfp_req=1&vrg=202305090101&ptt=17&impl=fif&iu_parts=21828795265%2CTNT%2CTNT_home&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90&ifi=17&adks=3379919332&sfv=1-0-40&prev_scp=pos%3Dmid_11%26amznbid%3D2%26amznp%3D2%26hb_format%3Dbanner%26hb_size%3D728x90%26hb_pb%3D0.00%26hb_adid%3D27065bce85ee3dea%26hb_bidder%3DbluTonic&eri=1&sc=1&cookie=ID%3D9aaffe5e15c1aac3%3AT%3D1684183362%3AS%3DALNI_Ma9jKnX2iRWyThg5ibpFngNLZiOxw&gpic=UID%3D00000c17af5f1690%3AT%3D1684183362%3ART%3D1684183362%3AS%3DALNI_MbiM4NLUrzgVL4HLfPYJSLMvXKpsQ&abxe=1&dt=1684183365119&lmt=1684183365&dlt=1684183363227&idt=398&adxs=436&adys=5002&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=13&ucis=h&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.newtimes.co.rw%2F&ref=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&frm=20&vis=1&psz=1200x90&msz=728x0&fws=4&ohw=1600&psts=ABHeCvj2NDl10ZMRfTdogB6jJvsMf9fNOHOULUivHy3Eq3QT1F0BkRMdakRjnTbEeZTgY0EHrrAGfwnOug-5JgjaxPr2XqKt&ga_vid=1224847520.1684183361&ga_sid=1684183364&ga_hid=1824289973&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a8319f6700e5e28a7c214cc99bf7e8fbca403c19317fa73fcc18f5a057f449

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12933
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 8C30 0
0 52ms
51ms Fetch
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C4CoWRJliZL-eJ_KS9fgPscejmATPh46bXMCG2YLGAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJ4AIAqAMBqgT2AU_Qor0h8qRafqfT5-vcktRwYA3cMl-diWvkxiKPi6BpXPT0CWTLu_DsHJbpsYUG36GtzShgv8gNv7X2IAdfaZ4e5TfZmMkUCeXLvxyKOeGn_1Kn6k1JoVuG25Vp7OoIziU9mSCMNWGz76x5vDX8YLiSo_LmMFP_1Da9GVPd5fokKTdIu_BeRgffzpXvhBXvh98O8dtUTRJRCxR0K-Y8pdJp8P6k_b42jYhPpd3wxa4VOxmNN3HgpBAYB3H6YMrh0U6mPZAOLYQA7GXCcyTXr7UpIpR3hcantoFirw06_7lzBWGQK_WX2T075gnrglBxII8xKyPwOOAEAYAGs-n1-N_MwLi5AaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgECACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItNzU1NDc5MzQ5NzE5MjM2Mhj8oHI&sigh=PAlV9JLl1kE&uach_m=[UACH]&cid=CAQSPABygQiDyPERAkcC0c2e10JPA77p2UKz8gGfqqJiSa13PSbfkit4niOT3wqo_g9yUKjwS74SQyt8sZqfXhgB&tpd=AGWhJmt7afgN8bR1eyOv3BosV9NXcPv1GI6td-bFXlYMYmsVdOSneJ-op9tGcXg1rr1l0xsIC-nHrwG6VVfHmTPOrCUcTTVgqI9pY-TMZFeBkp8T6gnYUH0eNGqE7WA7ztiY2F9gFGLrEVxdvtAGbHlpdyFExLXMSjkf6TAmNqFuc9dfHqt2x8DjOJ5XrJmAcd66UnPNCaBN2N9PT3bg6z_jTmFtDur6Jmj8niWHKu0PnMngn9TqrLguNZD1W6c3E2b1yoSel7MbMDulkCd-wKyB3PV6bfVjL1KP7I-rY8-QDbe4BvS7-nyaNzdg08PIRAqiEwNlOhQnSBYanQnIlo4T_8ctonlCMpMGduXKyFkiqKkF793W0c6ntuYXrM87K3Rw6qQ1WjK4s8vXrW3y1lSOiamTqR1YiEtjTWy-HOjT_JgIayxg0ZfAhlh0l-p1dg0Ub5tkFIoyHHyQnCJJT30yAqmg42oIoZ_Qk-qFOBjmkcwP0Axsntor9madykVtT5-3pB_qWqeZvJuIWIGPE8S-S3x3rhhsn8QsR8OteVBT3BgG3A52nRcBAO_bOuoKfFuSQiLI4uoQBLkVB1i-vWwqvE-sCOIGLK1FOE6gYCgcOoeKqhx-8H7vvsJaE7-dLjsT8YWf7u6QTiVZIhe4ylWvWUqCPGO1Y29cu3_xzL2POQQH33PyTpwADuAXK2GUCp-H4wPXN7VGcq9enfn_OYAK6l5m8Gid_KkRUQ4MFx9S23hYGRmA6lVw17g8tLCI_k1wqZPOGG7bPeqd8YjBkVeQgi509tlnJWDfLrgOLOsgnQCh0lQEhN5KPOMYNDxaK3oFZ-jOvmGG4BKZiLx8YwgDPMWNNx7bpfKsrW-O0QBmP3D1aQ2F4nbHWOTIsioMLbkxzIZNh33kOhfydlxWmL9856Tgs6O8ifVcq004QKpR_Y9TDZlN4YeZYiNudvmOmq08PQl5x5qCnUfVXvVjwfs7QSSci8UGm0ivCYwQ0ogWcdRBaT2379aul579TKdqns0Xziy3rgcVFIJticHyReJf7FnuY13E8_Jps8Wz_cJ_0hu6_ViEIva4-s1FBo0j07xQTlk30kn-6ZpSS3UFqCyeYDgNQudtfQ-V4VO33JZrDDsvkg-4Zpvly_c
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

GET
H/1.1 200
OK js Show response
tags.mathtag.com/notify/ Frame 8C30 3 KB
2 KB 53ms
25ms Script
application/x-javascript 185.29.134.245
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvTkRGaVpXTmtNemN0WkRSaE5pMHhNbUU0TFRBd01EQXRNREF3TURBd01EQXdNREF3LzE4MTE5NTgwNzE4MDUwMzg1ODkvNjYyMjMyNy80NTYyMzA2LzQvREhTQzNzbG9TcnFoOXpyclIxRHU1LXJKRDI2TmxVOXJoekpTcklranM4Zy8xLzQvMC8wLzk1NjgwMy8wLzIxNjUzNi82NTE4NzEvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC8xODExOTU4MDcxODA1MDM4NTg5L3pyaC8wLzQ2OC85NC85OTkvMzIyLzJhMDI6NmVhMDpjNzFiOjovMC4wMDAvMTY4NDE4MzM2NC8xNjg0MTk1OTY0LzQvcHViLTc1NTQ3OTM0OTcxOTIzNjIv/to17DbeEBrp-OYo8rXHhQwB0KN8&nodeid=3770&group=zrh&auctionid=1811958071805038589&pbs_auctionid=1811958071805038589&shardkey=1811958071805038589&sid=4562306&cid=6622327&bp=a_aiebbd&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.142&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCsn9URJliZL-eJ_KS9fgPscejmATPh46bXMCG2YLGAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJ4AIAqAMBqgT5AU_Qor0h8qRafqfT5-vcktRwYA3cMl-diWvkxiKPi6BpXPT0CWTLu_DsHJbpsYUG36GtzShgv8gNv7X2IAdfaZ4e5TfZmMkUCeXLvxyKOeGn_1Kn6k1JoVuG25Vp7OoIziU9mSCMNWGz76x5vDX8YLiSo_LmMFP_1Da9GVPd5fokKTdIu_BeRgffzpXvhBXvh98O8dtUTRJRCxR0K-Y8pdJp8P6k_b42jYhPpd3wxa4VOxmNN3HgpBAYB3H6YMrh0U6mPZAOLYQA7GXCcyTXr7VrILXlKXoDsQzG56bivxaDGHWal_-5wdyGJklEePFvDJefsp_3tT9y0-AEAYAGs-n1-N_MwLi5AaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2A3ttfVGF0WmwyLTaQbjC9xyH8rQ%26client%3Dca-pub-7554793497192362%26adurl%3D
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.245 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.387.2 /
Resource Hash: 641d183a71e76e3aa6da3a2d31be2cbd1590a99e0df6ba2bdcde740f3cb5e79c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 20:42:45 GMT
x-mm-nodeid: 3770
Content-Encoding: gzip
x-mm-bid-request-time: 1684183364
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Connection: close
x-mm-handled-by-owner: true
Last-Modified: Mon, 15 May 2023 20:42:44 GMT
Server: MMBD/3.387.2
x-mm-latency: 12 (0)
Content-Type: application/x-javascript; charset=UTF-8
x-mm-dbg: NotCount
Cache-Control: no-cache
x-mm-host: cdg-router-x99, zrh-bidder-x156
x-mm-lag: 1
Expires: Mon, 15 May 2023 20:42:44 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/ Frame 8C30 3 KB
1 KB 11ms
9ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/window_focus_fy2021.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 18:31:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7894
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 May 2023 18:31:11 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/ Frame 8C30 19 KB
8 KB 12ms
9ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

01dcaf85f2ae23a30115cf4a663e90b4a507dc688c4c17f9ebddc3cf19fee780

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 12:20:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30107
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7937
x-xss-protection: 0
server: cafe
etag: 2499949999788435271
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 May 2023 12:20:58 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 8C30 0
0 17ms
14ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQlePLaa_4VMPGk2eo0T_xm8kUPFc94CjeMqLIg57x73rf6_0f4WBLcVZwlGO_W6YwFGFtIITP9v0_wvnn2GMpXXcOcng
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 8C30 24 KB
6 KB 13ms
10ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Fri, 12 May 2023 14:52:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 280230
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 11 May 2024 14:52:15 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8C30 169 KB
52 KB 61ms
59ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fdc79b8c47c6d5c20def82fa5f6a91e3cbe3057bff3f8b14b5c2c71dc9b57ec4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53545
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1683718549123860"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 15 May 2023 20:42:45 GMT

GET
H2 200 bootstrap.js Show response
s1.adform.net/stoat/626/s1.adform.net/ Frame 34A1 34 KB
16 KB 113ms
19ms Script
text/javascript 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by: Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=64253744;click=https://m.exactag.com/cl.aspx?extProvId=327&extPu=vf-dv360&extLi=17041625256&extPm=17041625256&extCr=487434436&url=https://googleads.g.doubleclick.net/dbm/clk?sa=L&ai=CrqQkRJliZL6lBsGllgTkwK6oA_KR0cZrz5aTwvYRmJL4h7MCEAEgsL2jkAFglfqXgqwHoAGR_tGiA8gBCakCuEm_tTNnsj6oAwGqBIkCT9CB-Sc0PIt7x3ohWXjC8X9spFNiH3x2kro_ABnwbTIy1B-9M2pznZA5MT9oFHLRI5faDFDPyOnwmmKVMENmu4txmplvb2kOr1aNF4EGqrpxudX4zpJR_lRsVANdXpbGphLhy4larPwyZ5_EWI3PuxCuGjaoa6jh8Mk9MlvfntFuW4t0qnAw3Lj-u-7oCM4ByQLkC4GySXRGbVmTXSiZgh1e3Eal609hT5uAlK6PtHMqZ2Kwohwc14RtRo1TA8HbVsjEF4e98flVKQXKVE7RcT7AmxrboP6eIeLc2Zhkdu9-a-Pr0W1npDrBb0pCh2yOyR3FeNmg-Z3Log9vAc2I6sV-NZQc5DmBSMAEhJybw_oD4AQDkAYBoAZNgAfXga5dqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHTICqgI6AoBASL39wTqACgOYCwHICwGADAGwE6yFrRPQEwDYEwrYFAHQFQH4FgGAFwHoFwQ&ae=1&num=1&cid=CAQSPABygQiDp2tdQgqR_73fjJ94LVTaZCu4XQQapi-BI0Up1zY-Yj7ZuMP0wvZN-UuAS_zrr_zp52ZVbdfmdhgB&sig=AOD64_0GU8AMnAPWUKzfuzG6LLFZb6nztQ&client=ca-pub-7554793497192362&dbm_c=AKAmf-BmXboRN0G3u4RFCQGEO9W3LP1fEAEbAFO656GpylDTRcbD6Vr13Qkxclho9dQV474tAOq3j2qa8RdOi72kgUKqpbOkI-CXpFLsn5O6w2fStH44mIe-K2cW-SMC0R8gSVOO7PBHchUlmNOt0cKQp2KLIgC9WM1rBfM99z4bC9oTc0H2QVg&cry=1&dbm_d=AKAmf-BFNNfozZ8QbF1g8YN2OaJ6kcO9U0H1LKN1O3s38jf7MaK2TgBK01h_BwOjnY_bQ3QaYpsXnUBJTy6F5o-99YEyLHem8ccC2qVVhM4WOVmnDEV71p1V55HVghpaBs8_z3qSOMOaRRubRgt_EhwBo_Eyb26HLMscya1yBlPmDhz3-QoX9sgQz9rY_AipVaMSmw26fs56nLIoYzJs7JjmbxpA5KdcjmSrbEa6wc5RqTmXaZj2IL3E8hm0rqIRxYWPnw6_R9q1X91QSI4sb7X6Qfa4F1ldiIj922-xcY68H89_6IhF84TYp2p80YuuvH_XTtl2UKW572NkuCMXWAjiScFTL7c_3NO-Nj1X0SeJrkxs2dpso-OUoI2noT56nqoL9kRiW6nuDtE7b__1S8pwkEuDg--PWW_uK8OgA4eBzDiMawqHR9_50jUUydPiSHcGTxU2-VfoIsqxHH_ZGrn8HfxOZ8qTtiR0HIvBxXHakRja52JEbUJPWi9xfM22he5BnbPxL2V66C-zqltYxKBl6MLU_vg9oA&adurl=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: ae684e653cf5edc8bec110ff0669b6daa58f690d550735f98954697799f963da

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-encoding: gzip
last-modified: Tue, 18 Apr 2023 08:19:00 GMT
server: nginx
x-cache-status: STALE
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Wed, 19 Apr 2023 13:55:16 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 56DE 0
0 50ms
50ms Fetch
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cgs8qRJliZO2dH82B9fgPtYi5qAbJntKxXNWdkfdwwI23ARABIABglfqXgqwHggEXY2EtcHViLTc1NTQ3OTM0OTcxOTIzNjLIAQmpArhJv7UzZ7I-4AIAqAMBqgT2AU_QatxxxKP3kIITN-KDm2uGJw2ImOnP2vm-6v8FhNEv7MjtTHEjGHRqD3LV39LzkF6KianmYWS1huuBoF8anjlfoEdCYV0EYUFfRILoNkmDS7zhQzkOLQAogwz33A9SOImLA2_NaXQZKNgJqRxKJM6W654TiVrtkD6VTStHqS7odJGg4a4vkZT9J6YMYnOwIwslmJLTOFD14FI-O0hrLahZG3RrC8MrhecWzyBgbuYP7-T86caf7L8FjUF3KGIDq3NT_pP_6Rd-iqoNMwEIR7prjWTkyrHvvPhpGHB-G3_Zy1TviB_k60_TgZZd77MoRhNnuqLrAuAEAYAGkc2kmrDP-vWdAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgECACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItNzU1NDc5MzQ5NzE5MjM2Mhj8oHI&sigh=tEW3a_7rQ6I&uach_m=[UACH]&cid=CAQSPABygQiD_W3pzXNa7swgITdgBOayPqoBvLmkdN1I0_C6YkqD4zFlZalgsTqQl89gCnhBR2kb23Go2SrmFBgB
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

GET
H2 200 notify
rtb.nl3.eu.criteo.com/google/auction/ Frame 56DE 0
0 13ms
13ms Fetch 2a02:2638:3::9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.nl3.eu.criteo.com/google/auction/notify?profile=14&payload=kP7cFo-lBKwC2ASdg2ICAgAAAByNNkC_8VkOEEOZYmTIXk-Qrg2L4QwdAAASAAAKCkFRVUJBUUVCQVE&wp=ZGKZRAAHzu0JHUDNAA5ENXY37SNg9MZ1nBG9Rg

Requested by

Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 201809
server: Kestrel
content-length: 0

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 5072 53 KB
20 KB 21ms
21ms Document
text/html 2a02:2638:d::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZGKZRAAHzu0JHUDNAA5ENXY37SNg9MZ1nBG9Rg&u=%7ClPoQj%2FclhXftJgSi%2F6UinLIOpDfxbLkIS2OAdi9OtxE%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNTJmLEv97WHnUtKOrKYxIgy15bW8W2rqt8moXOmZ61Js1hV2A5U12MlBuvHpjHFyABkMtCN3PGOOyCgUDGd33DSyoKYdQXRIyKkMQwcKXXdqoxy2CXD2Z3_zkz0hI7mIyvItocaG11lshaz_O8E8rR6uWiyUVOjUEIASd9St0gAmRzQBkpsTZUr-WMn59hINGDWA_dt12S3SChoSB1hZq1rAgkeAUwaepYrDx7k5H_qobIS9XspY9_Z-L7rGf2c12qeUllI1CimJ3ZOpDMmimXW3iKv7Bs3K1tOcVLJd-TpSQRBzug1M40jGObWFsFTmmQumAx7r5b5XwWTEJx5I3RROj6TblEy9_sSRcpWAcZ265WZAC7auZsKzI1r_1yhIm0kJMSenELdOkKHOP1XH-btV7PuZE9ExaQimWy3yBErwI3PbQ0y1agT3WZDOaSDOcAzsvX3j_4ICimTeY0MiDRsLJoCywKD_MglpXgqbBZ-Z_Lvotwb2mDphkkAPkzfKCxT7rB0ABZOwlsCX9u0BUEsEBzYjH517egOwobe7Al2x6iNVL_MojshHB77Sy_pUbKrpVNlcnKQ6rT_89dOytbo2qpl2MqFdl&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DChHVERJliZO2dH82B9fgPtYi5qAbJntKxXNWdkfdwwI23ARABIABglfqXgqwHggEXY2EtcHViLTc1NTQ3OTM0OTcxOTIzNjLIAQmpArhJv7UzZ7I-4AIAqAMBqgT5AU_QatxxxKP3kIITN-KDm2uGJw2ImOnP2vm-6v8FhNEv7MjtTHEjGHRqD3LV39LzkF6KianmYWS1huuBoF8anjlfoEdCYV0EYUFfRILoNkmDS7zhQzkOLQAogwz33A9SOImLA2_NaXQZKNgJqRxKJM6W654TiVrtkD6VTStHqS7odJGg4a4vkZT9J6YMYnOwIwslmJLTOFD14FI-O0hrLahZG3RrC8MrhecWzyBgbuYP7-T86caf7L8FjUF3KGIDq3NT_pP_6Rd-iqoNMwEIR7opj0V2TT5zr0f1DNOuJtkhwkDlPhXK881nSav7HQw2agviECb4vYVhn-AEAYAGkc2kmrDP-vWdAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_33D3VadGi3zggGqQv20DsmUC0Vuw%26client%3Dca-pub-7554793497192362%26adurl%3D

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

5381ba904f9aaf519819c403881a5189991b9cd7bffa3c4681c58dbcfe972da9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:44 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=-toyOVw-_Msrj2KhyrG1VkboScN0ETmAa42gXwoM1pdXmcfFFHhqgmmV7h9WVNQkooEM56AUBo-uBWnBiL0d0RI9QIE0OKBlgfD3f1Amb5mh8XBkcaX68zfq9GC7wlkK1AsN77Ibp1vrbnPstmOW0jKCTwn-LLs9OyiYo9-KCotsVqnUcxZuQToA_LY6vhWM39hGztajZtgtunwgxESdLFjh2uK15SowgL2xnTspWDwod6hlBlWC1rVVLk66PZZPypNZPg"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 3075513
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/ Frame 56DE 3 KB
1 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/window_focus_fy2021.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 18:31:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7894
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 May 2023 18:31:11 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 227B 1 KB
643 B 10ms
9ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34712
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 11:04:13 GMT
etag: 48472445140208031
expires: Tue, 16 May 2023 11:04:13 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/ Frame 56DE 19 KB
8 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

01dcaf85f2ae23a30115cf4a663e90b4a507dc688c4c17f9ebddc3cf19fee780

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 12:20:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30107
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7937
x-xss-protection: 0
server: cafe
etag: 2499949999788435271
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 May 2023 12:20:58 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 56DE 0
0 15ms
15ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTApPq1FDb0DMmiuudFeyetGbLKMHdKhkPZuUdhl0XgzNPeIsyTT0jFkhYPnRZ8rXXsE5jfMNzI90YYxtsP23Seq2Db0Q
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 56DE 24 KB
6 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Fri, 12 May 2023 14:52:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 280230
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 11 May 2024 14:52:15 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 56DE 169 KB
52 KB 85ms
85ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fdc79b8c47c6d5c20def82fa5f6a91e3cbe3057bff3f8b14b5c2c71dc9b57ec4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53545
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1683718549123860"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 15 May 2023 20:42:45 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 765D 0
0 53ms
49ms Fetch
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C5apuRJliZOnTI4SglgS7grL4BZDhgYRctqjCivACwI23ARABIABglfqXgqwHggEXY2EtcHViLTc1NTQ3OTM0OTcxOTIzNjLIAQmpArhJv7UzZ7I-4AIAqAMBqgT1AU_Qm2cwHRJq8x2mkUf0GK3tCeGzXDNnyO2GqSGGzaZhJQo5FykRax4-HhAGSgNK2QSc7uPGSq3qUbao3Eqc_Kd_rJGclJbpBwfT_l8mX6-Z3qQDDfjFkGMlNzeVc6RcbBufW9cAjgUyzA7KYFvwF-uxMu9kz8Hqhypz2D3nlaIDXgRtI1ahHpFE8cM9CBYPn-ZYh7wuUDf-yYlA_1_YekoTOVyW8OAlW7tT27cksi7tgg7tGCYPYyVeopjLiRAvRUZvKNtD2_dlMJ1ozeyE4zm6-jaG96dURf-exuEthXoBzPLMvgTcWPhcYoFRvLeNCSUWswxv4AQBgAbE0Z70yIDOvKUBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQIAKA_oLAggBgAwB0BUBgBcBshccChoSFHB1Yi03NTU0NzkzNDk3MTkyMzYyGPygcg&sigh=URWYfuh5Wa4&uach_m=[UACH]&cid=CAQSPABygQiD02PvuztRDjxB1DLrQmwghlDyfdWWvat4h1RhB7ou8dF0B8PDmhO2Lwh9hmN2X8kXrsPKPKZbKBgB
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

GET
H2 204 winResponse
prod-rtb.ad4mat.net/ Frame 765D 0
0 24ms
15ms Fetch
image/gif 2600:1901:0:76b9::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-rtb.ad4mat.net/winResponse?a=1hqecvn1evsr0vwk3fnf7myxzby2syk0f6hwt1tq1f3686090js8ddz8g0p7ketp1vpzbmzkp5t1a6vn6dtbg82xmw6bew3cgf4p12ddvhaghyz22j2k8tbz89jtyv2zqtnrby8rw4ddg9g2n8any1qk0r7wwd9xdhynj9parsjv01dhk0fg75r8dw18be929xzwcz3kaxa3df4xhhht3c51r51zn0fw6bzbbmczz2qv3zrmeb9gp4jn4ykgyc1057vwwqb82x9rze88e4gth2a3cgbgfp9s7yn2rd46ddkrqh3yd6rvr8a422zg1gyjqt6de02caeq3sa54b2cbaddf7p4bdxgs3a05wc8rmataaprdxztwk79c41zhk5py302fca53ymwyyfgr&b=ZGKZRAAI6ekKhZAEAAyBOwejZC6ZgubG0ngG8w
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:76b9:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 15 May 2023 20:42:45 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: image/gif

GET
H2 200 dr Show response
as.ad4m.at/ad/ Frame D299 2 KB
1 KB 39ms
33ms Document
text/html 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/dr?ed=1j0sd5kc2dh37e315h4ysrq35wtrfrgkxfbqgg6tjg2gg98449fszn6vdg5gr6n5v77rkktnz5v1afjgwvessm5nadkk075913fd5kf01vt0tj61715xe5d3jx33nj218kvw592e2djnfr7r7szmf9xav8sfcss6srpjhyhj9ec6a05z6eegah2s3zpwhbj8npn33bcxnbc11d9zqa01a2wk81gfypccfp72gczn2wy5bw9087kzwz46bt0nkyk2tn0jy6e2sa9v3qqam4kh4mh0ek3ms3mdt17er94tzbh7hw20ht0yehjgtck933e24m2fjxa5pyvv4zwyrbspedqvxq795wppjb8r0e6g2xfb312tm9femqg9np49y33h7z4zpet0mfpmvzsxjg5460tygn9rgac42f4k9he98qs4kq6x3frjxszzd7rz9tb69f8a2b60vc&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-MODRJliZOnTI4SglgS7grL4BZDhgYRctqjCivACwI23ARABIABglfqXgqwHggEXY2EtcHViLTc1NTQ3OTM0OTcxOTIzNjLIAQmpArhJv7UzZ7I-4AIAqAMBqgT4AU_Qm2cwHRJq8x2mkUf0GK3tCeGzXDNnyO2GqSGGzaZhJQo5FykRax4-HhAGSgNK2QSc7uPGSq3qUbao3Eqc_Kd_rJGclJbpBwfT_l8mX6-Z3qQDDfjFkGMlNzeVc6RcbBufW9cAjgUyzA7KYFvwF-uxMu9kz8Hqhypz2D3nlaIDXgRtI1ahHpFE8cM9CBYPn-ZYh7wuUDf-yYlA_1_YekoTOVyW8OAlW7tT27cksi7tgg7tGCYPYyVeopjLiRAvRUZvKNtD2_dlMJ1ozeyE43u426RRDiAUjXjWUDtkF4g42PhhtCrEhXieKxOpKKmhEfDKLEynXXMx4AQBgAbE0Z70yIDOvKUBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1fWoXb9j5p6leW3a656AtniIfMZQ%26client%3Dca-pub-7554793497192362%26adurl%3D

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0785da147ba638c347911291259410c39293b751a86a0b2fbc818a38c5684010

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-src ;img-src data:;manifest-src 'none';media-src 'none';object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7c7e35908dfb1913-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-src *;img-src * data:;manifest-src 'none';media-src 'none';object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:45 GMT
expires: 0
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/ Frame 765D 3 KB
1 KB 13ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/window_focus_fy2021.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 18:31:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7894
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 May 2023 18:31:11 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 15EC 1 KB
643 B 15ms
9ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34712
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 11:04:13 GMT
etag: 48472445140208031
expires: Tue, 16 May 2023 11:04:13 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/ Frame 765D 19 KB
8 KB 14ms
9ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

01dcaf85f2ae23a30115cf4a663e90b4a507dc688c4c17f9ebddc3cf19fee780

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 12:20:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30107
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7937
x-xss-protection: 0
server: cafe
etag: 2499949999788435271
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 May 2023 12:20:58 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 765D 0
0 19ms
14ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaStI5QeviFU7ehizSntz_ntn1LiAn5wsQMWbuQQanLptdFkNAfea_RcPh1KJ2Ek6RMooM01meMSAa8iIadq6y0a_EGaPw
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 765D 24 KB
6 KB 15ms
10ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Fri, 12 May 2023 14:52:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 280230
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 11 May 2024 14:52:15 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 765D 169 KB
52 KB 68ms
63ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fdc79b8c47c6d5c20def82fa5f6a91e3cbe3057bff3f8b14b5c2c71dc9b57ec4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53545
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1683718549123860"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 15 May 2023 20:42:45 GMT

GET
H3 200 container.html Show response
a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 3738 6 KB
3 KB 7ms
6ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:43 GMT
expires: Tue, 14 May 2024 20:42:43 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 22 KB
10 KB 277ms
277ms XHR
text/plain 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3441115050061315&correlator=3686153710925226&eid=31074646&output=ldjh&gdfp_req=1&vrg=202305090101&ptt=17&impl=fif&iu_parts=21828795265%2CTNT%2CTNT_home&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=970x250&ifi=18&adks=1806634924&sfv=1-0-40&prev_scp=pos%3Dbottom%26amznbid%3D2%26amznp%3D2%26hb_format%3Dbanner%26hb_size%3D970x250%26hb_pb%3D0.02%26hb_adid%3D272d5e995021992c%26hb_bidder%3Drubicon&eri=1&sc=1&cookie=ID%3D9aaffe5e15c1aac3%3AT%3D1684183362%3AS%3DALNI_Ma9jKnX2iRWyThg5ibpFngNLZiOxw&gpic=UID%3D00000c17af5f1690%3AT%3D1684183362%3ART%3D1684183362%3AS%3DALNI_MbiM4NLUrzgVL4HLfPYJSLMvXKpsQ&abxe=1&dt=1684183365256&lmt=1684183365&dlt=1684183363227&idt=398&adxs=315&adys=5138&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=14&ucis=i&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.newtimes.co.rw%2F&ref=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&frm=20&vis=1&psz=1200x90&msz=970x0&fws=4&ohw=1600&psts=ABHeCvj2NDl10ZMRfTdogB6jJvsMf9fNOHOULUivHy3Eq3QT1F0BkRMdakRjnTbEeZTgY0EHrrAGfwnOug-5JgjaxPr2XqKt&ga_vid=1224847520.1684183361&ga_sid=1684183364&ga_hid=1824289973&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c6a21b176540feb83d0e3ec1caf2bc67a966b5bd100636a96c67746cbd2a4e52

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10207
x-xss-protection: 0
google-lineitem-id: 5407151513
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138315235905
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.40/one-ad/ Frame 0DF0 103 KB
13 KB 17ms
17ms Stylesheet
text/css 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://as.ad4m.at/ad/style/0.1.40/one-ad/default.css
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1kteyh50x7cpchem3eccg990peba0ty1dgqn5xgr7wvnma1pb39hqqkx2qez2k4td1ysa3wwvjaqk57y0e10pyt7se8btg2kft62grkmb0h3pj60tbmqv0jjjw3gxxe2j50agkez66846ww0d9harqgq7hetpqtjbp7qdj8d8w6j1qtq8txhe0xk3cjfrv2tym9ncevknmbc3gzrrw00ey9e4ng74enjae319pzrvph13a87rfjg1cymc61tzn7h4exqkvgqw9zwdbbw6156xwz092tfn6zccmme2ramkas23x5x05z7cg5znm9t1g4k5r2g96r4cbesapcf65g2j935jfzyy8sry0y8x31azqqtbwbxk0k6ckq6tsbey80jfdarpyr0mxy7ey4g9vrnrpqkt8v0bdkcda82d7ap8s2q033crep665gatsybpbek2c9zmny62c&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DClw_NRJliZKSdGpqB9fgP5K-K0AGQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE-AFP0CIO-mZyQiahzgS6hGfeY8A2pgFLowFFkpayfcFqpU3Ff7GvEDEYXDRfWCAaHY0lOZKoa-gqU8QeWcR0-d9P3CGEYQ15A0dUya_W-y7-W0tsT1S4bu1Av5u4RgmTChelHkyGxMu6CUO8Wvy7iPMlRjlt6oACVseK9dC8T_IVpbKoA6H_d9NTbkapOyqqNKBzc9D7btcPK1u_okA_BajnnAtBeuQutZaRaK3UKjvjAgP-mcC-2yzLP-GBOWCMeyZxVBRu9XSV-rNG2rTyq2NW_Pq9esN9b9MHU5YLljMPcknOZHiluoHM1eNAw-sT6jm1_AkOLgLWUuAEAYAGxNGe9MiAzrylAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0herB7Ds3i_gUflTiCJ2XNousZcw%26client%3Dca-pub-7554793497192362%26adurl%3D
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d77b5f2ca03eb8dab2acc515548b7b1ce7eeb4ca2189268552649e0391ee8c21

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/dr?ed=1kteyh50x7cpchem3eccg990peba0ty1dgqn5xgr7wvnma1pb39hqqkx2qez2k4td1ysa3wwvjaqk57y0e10pyt7se8btg2kft62grkmb0h3pj60tbmqv0jjjw3gxxe2j50agkez66846ww0d9harqgq7hetpqtjbp7qdj8d8w6j1qtq8txhe0xk3cjfrv2tym9ncevknmbc3gzrrw00ey9e4ng74enjae319pzrvph13a87rfjg1cymc61tzn7h4exqkvgqw9zwdbbw6156xwz092tfn6zccmme2ramkas23x5x05z7cg5znm9t1g4k5r2g96r4cbesapcf65g2j935jfzyy8sry0y8x31azqqtbwbxk0k6ckq6tsbey80jfdarpyr0mxy7ey4g9vrnrpqkt8v0bdkcda82d7ap8s2q033crep665gatsybpbek2c9zmny62c&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DClw_NRJliZKSdGpqB9fgP5K-K0AGQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE-AFP0CIO-mZyQiahzgS6hGfeY8A2pgFLowFFkpayfcFqpU3Ff7GvEDEYXDRfWCAaHY0lOZKoa-gqU8QeWcR0-d9P3CGEYQ15A0dUya_W-y7-W0tsT1S4bu1Av5u4RgmTChelHkyGxMu6CUO8Wvy7iPMlRjlt6oACVseK9dC8T_IVpbKoA6H_d9NTbkapOyqqNKBzc9D7btcPK1u_okA_BajnnAtBeuQutZaRaK3UKjvjAgP-mcC-2yzLP-GBOWCMeyZxVBRu9XSV-rNG2rTyq2NW_Pq9esN9b9MHU5YLljMPcknOZHiluoHM1eNAw-sT6jm1_AkOLgLWUuAEAYAGxNGe9MiAzrylAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0herB7Ds3i_gUflTiCJ2XNousZcw%26client%3Dca-pub-7554793497192362%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-meta-goog-reserved-file-mtime: 1683559916
age: 623008
cf-polished: origSize=105839
x-guploader-uploadid: ADPycdv9IJsM9Nda_T-YCF8tGjLSR9_5GyrPWBCiXo7o_2KPFa29jeIDurPOQJdzBat54FnfGmUqvpjJPo5BCE2ydDX2ig
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Mon, 08 May 2023 15:32:28 GMT
server: cloudflare
etag: W/"44fa96b813e145cb8b915ae1fb6a3b7a"
vary: Accept-Encoding
x-goog-generation: 1683559948253618
content-type: text/css
x-goog-hash: crc32c=FELYSw==, md5=RPqWuBPhRcuLkVrh+2o7eg==
cache-control: public, max-age=3600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ME%2BuGPZVO4nGr1zyW1bMk1HYrdzA2rXsSs3rSPTVWRuG7imMCzQcwW1WqyIi15b9Q33OHkYXFbgLMHnV2Lvi3X1dOvEq2nvBBECtw%2FCJ1%2B9Eg1S4jyzB4mgG3m9rwAeLjt3HB6oKViw%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 105839
cf-ray: 7c7e3590ed911c2c-FRA
expires: Mon, 15 May 2023 21:42:45 GMT

GET
H2 200 r62eglto.js Show response
ad4m.at/ Frame 0DF0 25 KB
10 KB 41ms
22ms Script
application/javascript 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/r62eglto.js
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1kteyh50x7cpchem3eccg990peba0ty1dgqn5xgr7wvnma1pb39hqqkx2qez2k4td1ysa3wwvjaqk57y0e10pyt7se8btg2kft62grkmb0h3pj60tbmqv0jjjw3gxxe2j50agkez66846ww0d9harqgq7hetpqtjbp7qdj8d8w6j1qtq8txhe0xk3cjfrv2tym9ncevknmbc3gzrrw00ey9e4ng74enjae319pzrvph13a87rfjg1cymc61tzn7h4exqkvgqw9zwdbbw6156xwz092tfn6zccmme2ramkas23x5x05z7cg5znm9t1g4k5r2g96r4cbesapcf65g2j935jfzyy8sry0y8x31azqqtbwbxk0k6ckq6tsbey80jfdarpyr0mxy7ey4g9vrnrpqkt8v0bdkcda82d7ap8s2q033crep665gatsybpbek2c9zmny62c&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DClw_NRJliZKSdGpqB9fgP5K-K0AGQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE-AFP0CIO-mZyQiahzgS6hGfeY8A2pgFLowFFkpayfcFqpU3Ff7GvEDEYXDRfWCAaHY0lOZKoa-gqU8QeWcR0-d9P3CGEYQ15A0dUya_W-y7-W0tsT1S4bu1Av5u4RgmTChelHkyGxMu6CUO8Wvy7iPMlRjlt6oACVseK9dC8T_IVpbKoA6H_d9NTbkapOyqqNKBzc9D7btcPK1u_okA_BajnnAtBeuQutZaRaK3UKjvjAgP-mcC-2yzLP-GBOWCMeyZxVBRu9XSV-rNG2rTyq2NW_Pq9esN9b9MHU5YLljMPcknOZHiluoHM1eNAw-sT6jm1_AkOLgLWUuAEAYAGxNGe9MiAzrylAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0herB7Ds3i_gUflTiCJ2XNousZcw%26client%3Dca-pub-7554793497192362%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2d5e67a38c9a11424cac19ce192c9fd124a6d74e64d3791a01561dbd3e39c0b4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 14 Mar 2023 13:45:21 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 543414
etag: W/"fcb2a26b07bd76d9a925cae661d6d94d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n1ICmyj5yjzpWvAS5nmOa6mlmshpyqRHo8QcGnn5pbgkF3a%2BUx0qjdjXKZKgmJ23XrBqJRZTq%2Fn0p8SVKmoV62SqfV5nUoU%2FZXTQUSXbwiBk6oaA9ydajhBxo5p6QHMz%2FoLjh34%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
cf-ray: 7c7e35910ea71913-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Tue, 02 May 2023 13:46:04 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 8768 0
0 50ms
50ms Fetch
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CP0_WRJliZMDBJuCV9fgP3N67uA7JntKxXNWdkfdwwI23ARABIABglfqXgqwHggEXY2EtcHViLTc1NTQ3OTM0OTcxOTIzNjLIAQmpArhJv7UzZ7I-4AIAqAMBqgT1AU_QnPVoUAAbbuQnbWG9fTR0m-9yS8TDwbXUR1LflZc2jk8FmbDMEqPFkfg3dyQTA6UZLyVYUa27YyAEVts6XHgKEJ12ofARrpNdh7nVzUNz8cYQWad35ODvuoeEuQnO_3qZ-g50z_95ZDyMSNBjN72MLiG3NQ8VxBrwuF0mTORFfU2Z3rh32UmZTxthIorBTEntmZDMknrMhGNA6NgcW8vWnnA0LjU2JHa6JqRTj2Ih7IfKQK2lNzhf__ESS4AHbYIqP51FzWbvnKXsbCbH4c4cqq33VoOuTfTtJvweJydkQ2vshTItU_4J0BUoGOwzbIDG6iSu4AQBgAaRzaSasM_69Z0BoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQIAKA_oLAggBgAwB0BUBgBcBshccChoSFHB1Yi03NTU0NzkzNDk3MTkyMzYyGPygcg&sigh=DYQ0i4QKYfA&uach_m=[UACH]&cid=CAQSPABygQiDD65Lp8FQXXoKbwqSR2CuP0JGTrI42656FJgjHk-hmTvqQ33IHwcm1XdaHKQbu8PRkHhJF8OnERgB
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

GET
H2 200 notify
rtb.nl3.eu.criteo.com/google/auction/ Frame 8768 0
0 13ms
13ms Fetch 2a02:2638:3::9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.nl3.eu.criteo.com/google/auction/notify?profile=14&payload=kP7cFsg12AVanYNiAgIAAAAcjTZAv_FZDhBEmWJkgp0wqh8k8HlG8wAAEgAACgpBUVVCQVFFQkFR&wp=ZGKZRAAJoMAJHUrgAA7vXErYZ2MCOWqkyfyQVA

Requested by

Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 224752
server: Kestrel
content-length: 0

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 766E 54 KB
21 KB 24ms
20ms Document
text/html 2a02:2638:d::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZGKZRAAJoMAJHUrgAA7vXErYZ2MCOWqkyfyQVA&u=%7ClPoQj%2FclhXe%2BzRN6PRX3nMw%2FlQXbSe%2B1xkD1k9PgfeY%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNy44cDHK1QYNdJ71gdyCWvw29y1GxtacI6iVoVnLQ5srUOwC-sDBJIjvRCy3Ss-BiCTuGilNUvwXKWgmjkBimEDMLzpRLmnsMpjOgbz_LVgMCNERFhaNlvUnpRl3XeBsucKM0Op_B2WC05RkcKDCS77VUIwXKroQc8kznaJ-QxSlgfWcoVsvQ0cxAFtT46nz3Xfud2uHmtWJ0Q65bTIxFEpQLA7Vzj8nj7m7MaxVG-IXQfY8AeUE0-MGKqI7pEAXf9ga4QFlBZgheIwwwpmFZc34VEy00yUcoa_Id8wb8WE0x2tXIYytPlvT37q60TG4MpzC4PDrGxDqTJuGI6V1jTzWdqZpVe3bhnPmEzyctR7nYxQUgUX-LHo9zp-IY9ppUKIwLyUs-7mVzOh9U06mm_t4TYDSnr0oBHi7Wu4ZN1wUG3Nld66qCFm-FuJNMl-_LLmdSLFOf2VQWdD7BQC4qzCQ-rlb8DmAXSMN8DPGCQwYRPRzzAO8qx2EqaqvsXA6fER3TV-lHaD5uB3y8sI_Jgb1MbXC0MtJelqaxOLGhc-Gzir0U_NH4MjNtOH_ydOwVmA8H-RyrMtsV6_nfynGdTFXccdFchnvyaJeBekQsOPU&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCuIxfRJliZMDBJuCV9fgP3N67uA7JntKxXNWdkfdwwI23ARABIABglfqXgqwHggEXY2EtcHViLTc1NTQ3OTM0OTcxOTIzNjLIAQmpArhJv7UzZ7I-4AIAqAMBqgT4AU_QnPVoUAAbbuQnbWG9fTR0m-9yS8TDwbXUR1LflZc2jk8FmbDMEqPFkfg3dyQTA6UZLyVYUa27YyAEVts6XHgKEJ12ofARrpNdh7nVzUNz8cYQWad35ODvuoeEuQnO_3qZ-g50z_95ZDyMSNBjN72MLiG3NQ8VxBrwuF0mTORFfU2Z3rh32UmZTxthIorBTEntmZDMknrMhGNA6NgcW8vWnnA0LjU2JHa6JqRTj2Ih7IfKQK2lNzhf__ESS4AHbYIqP51FzWbvnKXsbCbH4Yweiz9w2R-98mj5hSwjgd9tV2Fajxw10UrB7bPap_IfdAVsbjcRjrUY4AQBgAaRzaSasM_69Z0BoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3glJ7OMXSedse8syDXCIP3ltnQEg%26client%3Dca-pub-7554793497192362%26adurl%3D

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

9c379b0b7354573c99a9e5a00a56fbe5a854adf2b0d615b458fa36802c604edc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:44 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=8ZTNlFw-_Msrj2KhfBkoA5boH5c8H56aqwry_z9zUVO5mQJMMrqp7GHczeYT-LY0BXuU0a0ZljL9H2Ic-c7m_vBJUw0WWPeiZUOl5t1MtAUjipPOApDISKOQexReVEb0vpAnKtmO6mXo4EVX7RWUjCE7HNuooiFZhG3XtQgodI-1VVUi6CtZhn7DsdcElm3JIYNl9MCymy7hINe0NCFf3x3iA76h6T_oCZCyUL-XJ74QPOk1BGlBNtF-v3kfzIV2hS8rzw"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 3021104
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/ Frame 8768 3 KB
1 KB 10ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/window_focus_fy2021.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 18:31:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7894
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 May 2023 18:31:11 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 906A 1 KB
643 B 10ms
8ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34712
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 11:04:13 GMT
etag: 48472445140208031
expires: Tue, 16 May 2023 11:04:13 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/ Frame 8768 19 KB
8 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

01dcaf85f2ae23a30115cf4a663e90b4a507dc688c4c17f9ebddc3cf19fee780

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 12:20:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30107
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7937
x-xss-protection: 0
server: cafe
etag: 2499949999788435271
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 May 2023 12:20:58 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 8768 24 KB
6 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Fri, 12 May 2023 14:52:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 280230
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 11 May 2024 14:52:15 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8768 169 KB
52 KB 78ms
76ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fdc79b8c47c6d5c20def82fa5f6a91e3cbe3057bff3f8b14b5c2c71dc9b57ec4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53545
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1683718549123860"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 15 May 2023 20:42:45 GMT

GET
DATA 200
OK truncated
/ Frame 7AA3 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1b13ba0e7781f63dd85f9c09f666b3404bfd385e74a77e780dbf3bde7d13f1c6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK yrsa821xsiee Show response
hal9000.redintelligence.net/zone/ Frame 83DE 10 KB
4 KB 48ms
12ms Script
text/html 136.243.149.243
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/yrsa821xsiee?subid=&gdpr=1&gdpr_consent=li&rnd=8729487099446118158&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:adx&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DOcLKBqXs4PUzRjyOPV5oug%26exch_seat%3D20035004448%26mt_aid%3D8729487099446118158%26mt_id%3D6622327%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D41296462-9945-4901-80b6-19bce004af2d%26mt_cid%3D41296462-9945-4901-80b6-19bce004af2d%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCzlTgRJliZMTKGpfAbY_rleABz4eOm1zAhtmCxgLAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCeACAKgDAaoE-QFP0EwrU6v5G0YDZTOnOJeV9arg-id_R9ibzq-fT7AFxHhE9lLyQBlFoOWhPyEuoi2z42nyw8t4QNgQpP01SfySDvcQa5BbtIAAcO3fUXdbbVXwt6vtyali-Y2HF9GSEWjTSCu50fPNKbnnSfWlMrSHqptwZh7N_f-BgZlntjQ8AnbOBI-wZS7dC8Ct72Wk6R9YvS_MxAipJBmMdVwvjxfQn1E3foZqjsv0X9owJZgOOyFQ5vWQGF8HY6ilAvG0-shlfT2DrDL2MO8JThar-7BSNGUhgjvbW7uQa3Sg2neJLNiVbO8RdmdP3GJtaDTflTQqmGwc0FKv43bgBAGABrPp9fjfzMC4uQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_2X2YfjPd3eWDpqGLQzBh2UYx4riw%2526client%253Dca-pub-7554793497192362%2526adurl%253D%26redirect%3D
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.149.243 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.243.149.243.136.clients.your-server.de
Software: Apache /
Resource Hash: 648effa15e3979f231a237d422388c122f5b25c5228776009be6d3802fb38aad

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 20:42:45 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3398
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK ck-confirm
tags.mathtag.com/ Frame 83DE 49 B
331 B 69ms
42ms Image
image/gif 185.29.134.245
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/ck-confirm?bid_id=8729487099446118158&node_id=3770&exch_id=4
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvTkRGaVpXTmtNemN0WkRSaE5pMHhNbUU0TFRBd01EQXRNREF3TURBd01EQXdNREF3Lzg3Mjk0ODcwOTk0NDYxMTgxNTgvNjYyMjMyNy80NTYyMzA2LzQvREhTQzNzbG9TcnFoOXpyclIxRHU1M1FLOUN4QjZNdTdJc2p5VzNydHFBTS8xLzQvMC8wLzk1NjgwMy8wLzIxNjUzNi82NTE4NzEvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC84NzI5NDg3MDk5NDQ2MTE4MTU4L3pyaC8wLzQ2OC85NC85OTkvMzIyLzJhMDI6NmVhMDpjNzFiOjovMC4wMDAvMTY4NDE4MzM2NC8xNjg0MTk1OTY0LzQvcHViLTc1NTQ3OTM0OTcxOTIzNjIv/pcy8RyjhD4npMhX3XvVWqrJjNpQ&nodeid=3770&group=zrh&auctionid=8729487099446118158&pbs_auctionid=8729487099446118158&shardkey=8729487099446118158&sid=4562306&cid=6622327&bp=a_aiebbd&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.132.67&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCzlTgRJliZMTKGpfAbY_rleABz4eOm1zAhtmCxgLAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCeACAKgDAaoE-QFP0EwrU6v5G0YDZTOnOJeV9arg-id_R9ibzq-fT7AFxHhE9lLyQBlFoOWhPyEuoi2z42nyw8t4QNgQpP01SfySDvcQa5BbtIAAcO3fUXdbbVXwt6vtyali-Y2HF9GSEWjTSCu50fPNKbnnSfWlMrSHqptwZh7N_f-BgZlntjQ8AnbOBI-wZS7dC8Ct72Wk6R9YvS_MxAipJBmMdVwvjxfQn1E3foZqjsv0X9owJZgOOyFQ5vWQGF8HY6ilAvG0-shlfT2DrDL2MO8JThar-7BSNGUhgjvbW7uQa3Sg2neJLNiVbO8RdmdP3GJtaDTflTQqmGwc0FKv43bgBAGABrPp9fjfzMC4uQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2X2YfjPd3eWDpqGLQzBh2UYx4riw%26client%3Dca-pub-7554793497192362%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.245 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.387.2 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 20:42:45 GMT
Server: MMBD/3.387.2
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: cdg-router-x110, zrh-bidder-x156
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Mon, 15 May 2023 20:42:44 GMT

GET
H/1.1 200
OK img
pixel.mathtag.com/event/ Frame 83DE 43 B
416 B 54ms
23ms Image
image/gif 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/event/img?mt_id=1368875&mt_adid=216764&v1=4&v2=8729487099446118158&v3=651871&v4=4562306&v5=6622327&mt_nsync=1&no_attr=1
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvTkRGaVpXTmtNemN0WkRSaE5pMHhNbUU0TFRBd01EQXRNREF3TURBd01EQXdNREF3Lzg3Mjk0ODcwOTk0NDYxMTgxNTgvNjYyMjMyNy80NTYyMzA2LzQvREhTQzNzbG9TcnFoOXpyclIxRHU1M1FLOUN4QjZNdTdJc2p5VzNydHFBTS8xLzQvMC8wLzk1NjgwMy8wLzIxNjUzNi82NTE4NzEvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC84NzI5NDg3MDk5NDQ2MTE4MTU4L3pyaC8wLzQ2OC85NC85OTkvMzIyLzJhMDI6NmVhMDpjNzFiOjovMC4wMDAvMTY4NDE4MzM2NC8xNjg0MTk1OTY0LzQvcHViLTc1NTQ3OTM0OTcxOTIzNjIv/pcy8RyjhD4npMhX3XvVWqrJjNpQ&nodeid=3770&group=zrh&auctionid=8729487099446118158&pbs_auctionid=8729487099446118158&shardkey=8729487099446118158&sid=4562306&cid=6622327&bp=a_aiebbd&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.132.67&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCzlTgRJliZMTKGpfAbY_rleABz4eOm1zAhtmCxgLAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCeACAKgDAaoE-QFP0EwrU6v5G0YDZTOnOJeV9arg-id_R9ibzq-fT7AFxHhE9lLyQBlFoOWhPyEuoi2z42nyw8t4QNgQpP01SfySDvcQa5BbtIAAcO3fUXdbbVXwt6vtyali-Y2HF9GSEWjTSCu50fPNKbnnSfWlMrSHqptwZh7N_f-BgZlntjQ8AnbOBI-wZS7dC8Ct72Wk6R9YvS_MxAipJBmMdVwvjxfQn1E3foZqjsv0X9owJZgOOyFQ5vWQGF8HY6ilAvG0-shlfT2DrDL2MO8JThar-7BSNGUhgjvbW7uQa3Sg2neJLNiVbO8RdmdP3GJtaDTflTQqmGwc0FKv43bgBAGABrPp9fjfzMC4uQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2X2YfjPd3eWDpqGLQzBh2UYx4riw%26client%3Dca-pub-7554793497192362%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 851 9bd98ae master cdg-pixel-x35 config_version:"unknown" /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 20:42:45 GMT
Server: MT3 851 9bd98ae master cdg-pixel-x35 config_version:"unknown"
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Content-Type: image/gif
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 43
Expires: Mon, 15 May 2023 20:42:44 GMT

GET
H/1.1 200
OK img
tags.mathtag.com/event/ Frame 83DE 49 B
330 B 80ms
29ms Image
image/gif 185.29.134.245
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/event/img?type=mmImpTrack&exch=adx&bid=8729487099446118158&st=4562306&time=1684183365&nodeid=3770
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvTkRGaVpXTmtNemN0WkRSaE5pMHhNbUU0TFRBd01EQXRNREF3TURBd01EQXdNREF3Lzg3Mjk0ODcwOTk0NDYxMTgxNTgvNjYyMjMyNy80NTYyMzA2LzQvREhTQzNzbG9TcnFoOXpyclIxRHU1M1FLOUN4QjZNdTdJc2p5VzNydHFBTS8xLzQvMC8wLzk1NjgwMy8wLzIxNjUzNi82NTE4NzEvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC84NzI5NDg3MDk5NDQ2MTE4MTU4L3pyaC8wLzQ2OC85NC85OTkvMzIyLzJhMDI6NmVhMDpjNzFiOjovMC4wMDAvMTY4NDE4MzM2NC8xNjg0MTk1OTY0LzQvcHViLTc1NTQ3OTM0OTcxOTIzNjIv/pcy8RyjhD4npMhX3XvVWqrJjNpQ&nodeid=3770&group=zrh&auctionid=8729487099446118158&pbs_auctionid=8729487099446118158&shardkey=8729487099446118158&sid=4562306&cid=6622327&bp=a_aiebbd&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.132.67&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCzlTgRJliZMTKGpfAbY_rleABz4eOm1zAhtmCxgLAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCeACAKgDAaoE-QFP0EwrU6v5G0YDZTOnOJeV9arg-id_R9ibzq-fT7AFxHhE9lLyQBlFoOWhPyEuoi2z42nyw8t4QNgQpP01SfySDvcQa5BbtIAAcO3fUXdbbVXwt6vtyali-Y2HF9GSEWjTSCu50fPNKbnnSfWlMrSHqptwZh7N_f-BgZlntjQ8AnbOBI-wZS7dC8Ct72Wk6R9YvS_MxAipJBmMdVwvjxfQn1E3foZqjsv0X9owJZgOOyFQ5vWQGF8HY6ilAvG0-shlfT2DrDL2MO8JThar-7BSNGUhgjvbW7uQa3Sg2neJLNiVbO8RdmdP3GJtaDTflTQqmGwc0FKv43bgBAGABrPp9fjfzMC4uQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2X2YfjPd3eWDpqGLQzBh2UYx4riw%26client%3Dca-pub-7554793497192362%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.245 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.387.2 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 20:42:45 GMT
Server: MMBD/3.387.2
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: cdg-router-x53, zrh-bidder-x156
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Mon, 15 May 2023 20:42:44 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame DFE1 22 KB
8 KB 7ms
7ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 489528
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 10 May 2023 04:43:57 GMT
expires: Thu, 09 May 2024 04:43:57 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 bootstrap.js Show response
s1.adform.net/stoat/626/s1.adform.net/ Frame 9151 34 KB
16 KB 25ms
25ms Script
text/javascript 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by: Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=63096195;click=https://m.exactag.com/cl.aspx?extProvId=327&extPu=vf-dv360&extLi=19904691783&extPm=19904691783&extCr=482156909&url=https://googleads.g.doubleclick.net/dbm/clk?sa=L&ai=CcTRaRJliZJ2JDI6elgSnxou4CLvD9uhvqeiMxPoQ8p7coNQBEAEgsL2jkAFglfqXgqwHoAH2vq2YKMgBCakCuEm_tTNnsj6oAwGqBIYCT9CIvKejrV9t6dS9up0yEYAk2Gcb3E5B95DR_aaW7W-DabiPvOM_T423zcDKSbhcUnNo7Zzr72V7uxLJWr4ckh4AZehKR3eJ1OBIn0z1hmUczqJUfQjvXt4JxO8WUEesN8_c21_Z5VZF-SYKIGnTGkpU4dwYBf8jo6m6EvX_tEDhxzUeXPeqQiSPxU2teMrniXB9HuEy_X8qTeRUJE8aU_cGUxKyAfMyPP7yw4V4-QYIfjvrfXoP5Tu_eAXFJthRRbfOOGavMbYX0rhuUN9wP-ZM8BucgnILLy3pSOz4PokCjt-Xq0XTcEw72BPiuBSMDBuAdKp8DXuvy0kov-8t3KKZjAqhdsAEtffWsqUE4AQDkAYBoAZNgAf29v33AqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoDmAsByAsBgAwBsBP2hJUT0BMA2BMN2BQB0BUB-BYBgBcB&ae=1&num=1&cid=CAQSPABygQiDU_BaR7EWUPMD1rq-ha8Woieb3mwLymwmAIz2mBqPLdkaxn7uaVqszBjJ6JLpNcn5uOfSJVz4jhgB&sig=AOD64_0qps1bzJijZzdqqYZuHjntYJRPPg&client=ca-pub-7554793497192362&dbm_c=AKAmf-DaSWTmfKBwq7xrKajGmUC3nWXY73Um7pGlCiVOSFG82N_guictalNl1ut0rSSRyk9vKhCB8kv8Juev7mELxYkIYzSEaT3V7MJN4lF18oKYgIj7nDNOPXPiNGMuqFZ0pgIoAopITmgcfI2MnNpQu-A7p0pMbl4vCV5X1KOOFQH6RyW_lGY&cry=1&dbm_d=AKAmf-B6B3Zi6RRs38jyLM4ZGIoD3hblQ4WIbJHIjwtz1WoqIoxXMxlK6DthtRIgdnN72pRoFLKsSis90BUowRlF3vjbJr5VB61tkMtmW07_CrV8Pop8wGpXfoHE5_Xxtgee4L7Jq45l_S5T5b8gvwHaHZhyONdEt8RsdZR_EkGyiV9rzeNMugAgTgkCr4LW68upfaJxvnHGjgshmPVd-2o6mWDDhOLtfalyo-MYnA3sUikbVDCOeE-W5NusED8Osc8tuecSDjKeA_vP2B23IGsTSFmKpxtul67Q2hBZC225Dugut3MVQ9rqPqmf09fdruevPz_FvYqPznG9lrOVIpWyj7yWy3qK8h_CL6cSMzIBjuQxdqW-9_5gv0xHPAkLK4phndL0KnrO9ilRZYFbqmQS_nQWI7MTfFhK6xBUMlOp1TYGpxz6tjRolNbRUPM0FKH4ujAcpSKeYEyqhotPmoEvT8rX9p1ET_0J26SDnxBcVP2y4nrDNA-UkKmk5LkbKauW9sqAnoQY9Mp60g-nJAywB84dc59BF1ixVckCl5RDsZU3GnCht6s&adurl=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: ae684e653cf5edc8bec110ff0669b6daa58f690d550735f98954697799f963da

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-encoding: gzip
last-modified: Tue, 18 Apr 2023 08:19:00 GMT
server: nginx
x-cache-status: STALE
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Wed, 19 Apr 2023 13:55:16 GMT

GET
H/1.1 200
OK js Show response
tags.mathtag.com/notify/ Frame AAD3 2 KB
1 KB 37ms
36ms Script
application/x-javascript 185.29.134.245
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.mathtag.com/notify/js?exch=ruc&s_exch=ruc&id=5aW95q2jLzIzLyAvWkRJM05ETmxaREF0Wm1VME15MHdZbUptTFRBd01EQXRNREF3TURBd01EQXdNREF3LzQxMTc4MDEwNzk5NDUwMDQ1MDQvMTE2NDQ4NjYvMTM1MjcwODYvOS9jSGRFdmg2M3BIVnJqNXRsQzhUanMzT0VvM0JtUVc3R0RUcThVLWg3NmZBLzEvOS8wLzAvMjEzNDIwMS8wLzIxNTU0My8xMzQzNjQwLzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvNDExNzgwMTA3OTk0NTAwNDUwNC96cmgvMC8xMDAxMy83MS85OTkvMi8yYTAyOjZlYTA6YzcxYjo6LzAuMDAwLzE2ODQxODMzNjMvMTY4NDE5NTk2My85LzE3MDQ2Lw/wVfGoPEVGDuGcm62fcgBAXF67pc&nodeid=3772&group=zrh&auctionid=4117801079945004504&pbs_auctionid=4117801079945004504&shardkey=4117801079945004504&sid=13527086&cid=11644866&bp=a_bjiibd&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.133.220&3pck=https%3A%2F%2Fbeacon-nf.rubiconproject.com%2Fbeacon%2Fv3%2Ft%2Fams3%2F0%2F8c2834a0-3760-4975-bad7-65f9bd1ce8fd%2F
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.245 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.387.2 /
Resource Hash: 760406934c7f1e7f57d9b4ac69bb9e23b51a31efabaa7e68abd34298163a56e6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 20:42:45 GMT
x-mm-nodeid: 3772
x-mm-handled-by-owner: true
x-mm-bid-request-time: 1684183363
Last-Modified: Mon, 15 May 2023 20:42:43 GMT
Server: MMBD/3.387.2
Content-Encoding: gzip
x-mm-latency: 22 (1)
Content-Type: application/x-javascript; charset=UTF-8
x-mm-dbg: NotCount
Cache-Control: no-cache
x-mm-host: cdg-router-x40, zrh-bidder-x158
Connection: close
x-mm-lag: 2
Expires: Mon, 15 May 2023 20:42:44 GMT

GET
H2 200 8c2834a0-3760-4975-bad7-65f9bd1ce8fd
beacon-ams3.rubiconproject.com/beacon/d/ Frame AAD3 43 B
227 B 121ms
13ms Image
image/avif 2602:803:c003:200::67
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://beacon-ams3.rubiconproject.com/beacon/d/8c2834a0-3760-4975-bad7-65f9bd1ce8fd?oo=0&accountId=17046&siteId=315192&zoneId=1608182&sizeId=2&e=6A1E40E384DA563B8A31BB0CF467337319CA01D92A7F8845779986B8A1B15835A78B3AAAF4A6EEFC359E87880C7F029F683D50851BF2EEDFD7A4C49F4A7620B34A629BC97F5E2802248233EB694013CBF17FA44AA1DC940327C69A487547EE733639FEC8427849A4C832561EAF8CACE50C06894A176AC4978441702E4EB738AF2605645952F60178F5502CD953431F60DC40D55E2318D81CEE7B595B7F5C599717DC44126EAD937D5C57FC6A7836C666CF4819144E94C2B2

Requested by

Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2602:803:c003:200::67 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),

Reverse DNS

Software

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
x-content-type-options: nosniff
x-frame-options: DENY
content-type: image/avif
cache-control: private, max-age=0, no-cache
content-length: 43
x-xss-protection: 1; mode=block
expires: 01 Jan 1970 10:00:00 GMT

GET
H/1.1 200
OK img
tags.mathtag.com/notify/ Frame AAD3 49 B
512 B 58ms
31ms Image
image/gif 185.29.134.245
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/notify/img?exch=ruc&s_exch=ruc&id=5aW95q2jLzIzLyAvWkRJM05ETmxaREF0Wm1VME15MHdZbUptTFRBd01EQXRNREF3TURBd01EQXdNREF3LzQxMTc4MDEwNzk5NDUwMDQ1MDQvMTE2NDQ4NjYvMTM1MjcwODYvOS9jSGRFdmg2M3BIVnJqNXRsQzhUanMwRUJEcDluR0FYQk1TUmFYQjB4S21BLzEvOS8wLzAvMjEzNDIwMS8wLzIxNTU0My8xMzQzNjQwLzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvNDExNzgwMTA3OTk0NTAwNDUwNC96cmgvMC8xMDAxMy83MS85OTkvMi8yYTAyOjZlYTA6YzcxYjo6LzAuMDAwLzE2ODQxODMzNjMvMTY4NDE5NTk2My85LzE3MDQ2Lw/wUtboQjUkt-XJLPJjHIC6cuNIig&nodeid=3772&group=zrh&auctionid=4117801079945004504&pbs_auctionid=4117801079945004504&shardkey=4117801079945004504&sid=13527086&cid=11644866&price=4D1A3F7F3E4667B2&bp=a_bjiibd&nfy_act=LD5wfn0&src=imp&type=burl&client=c2s&bfip=185.29.133.220
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.245 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.387.2 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 20:42:45 GMT
x-mm-nodeid: 3772
x-mm-bid-request-time: 1684183363
Connection: keep-alive
Content-Length: 49
x-mm-handled-by-owner: true
Last-Modified: Mon, 15 May 2023 20:42:43 GMT
Server: MMBD/3.387.2
x-mm-latency: 18 (1)
Content-Type: image/gif
x-mm-dbg: Count
Cache-Control: no-cache
x-mm-host: cdg-router-x105, zrh-bidder-x158
Keep-Alive: timeout=360
x-mm-lag: 2
Expires: Mon, 15 May 2023 20:42:44 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 5072 2 KB
1 KB 16ms
15ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZGKZRAAHzu0JHUDNAA5ENXY37SNg9MZ1nBG9Rg&u=%7ClPoQj%2FclhXftJgSi%2F6UinLIOpDfxbLkIS2OAdi9OtxE%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNTJmLEv97WHnUtKOrKYxIgy15bW8W2rqt8moXOmZ61Js1hV2A5U12MlBuvHpjHFyABkMtCN3PGOOyCgUDGd33DSyoKYdQXRIyKkMQwcKXXdqoxy2CXD2Z3_zkz0hI7mIyvItocaG11lshaz_O8E8rR6uWiyUVOjUEIASd9St0gAmRzQBkpsTZUr-WMn59hINGDWA_dt12S3SChoSB1hZq1rAgkeAUwaepYrDx7k5H_qobIS9XspY9_Z-L7rGf2c12qeUllI1CimJ3ZOpDMmimXW3iKv7Bs3K1tOcVLJd-TpSQRBzug1M40jGObWFsFTmmQumAx7r5b5XwWTEJx5I3RROj6TblEy9_sSRcpWAcZ265WZAC7auZsKzI1r_1yhIm0kJMSenELdOkKHOP1XH-btV7PuZE9ExaQimWy3yBErwI3PbQ0y1agT3WZDOaSDOcAzsvX3j_4ICimTeY0MiDRsLJoCywKD_MglpXgqbBZ-Z_Lvotwb2mDphkkAPkzfKCxT7rB0ABZOwlsCX9u0BUEsEBzYjH517egOwobe7Al2x6iNVL_MojshHB77Sy_pUbKrpVNlcnKQ6rT_89dOytbo2qpl2MqFdl&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DChHVERJliZO2dH82B9fgPtYi5qAbJntKxXNWdkfdwwI23ARABIABglfqXgqwHggEXY2EtcHViLTc1NTQ3OTM0OTcxOTIzNjLIAQmpArhJv7UzZ7I-4AIAqAMBqgT5AU_QatxxxKP3kIITN-KDm2uGJw2ImOnP2vm-6v8FhNEv7MjtTHEjGHRqD3LV39LzkF6KianmYWS1huuBoF8anjlfoEdCYV0EYUFfRILoNkmDS7zhQzkOLQAogwz33A9SOImLA2_NaXQZKNgJqRxKJM6W654TiVrtkD6VTStHqS7odJGg4a4vkZT9J6YMYnOwIwslmJLTOFD14FI-O0hrLahZG3RrC8MrhecWzyBgbuYP7-T86caf7L8FjUF3KGIDq3NT_pP_6Rd-iqoNMwEIR7opj0V2TT5zr0f1DNOuJtkhwkDlPhXK881nSav7HQw2agviECb4vYVhn-AEAYAGkc2kmrDP-vWdAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_33D3VadGi3zggGqQv20DsmUC0Vuw%26client%3Dca-pub-7554793497192362%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:45 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 5072 2 KB
1 KB 16ms
16ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:45 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 5072 308 B
636 B 18ms
12ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Thu, 09 May 2024 20:42:45 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 5072 293 B
621 B 19ms
13ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Thu, 09 May 2024 20:42:45 GMT

GET
H2 200 lg.php
cat.fr3.eu.criteo.com/delivery/ Frame 5072 43 B
347 B 24ms
19ms Image
image/gif 178.250.7.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.fr3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=UIfMRaCe-vkS-N0Ml81120Ppf1CCF3zwM8dU6pwmT4DRcvHb0jtKLjUg51Xd6erWSUlhQnWt96wtZtKB0tWZVRA1aTCHzWxRushoA8G1aJ5J-E9qMVzKXqH1wP56Ye8sUDAozdK-jrYW374bzxBcQ2Vex1rqapPTskye7vrbE1wqTQBlLSUS_IhEJHYL7ArcfnmBuGnhpW9gB7Hixg83wdwL7tAwDXxf1gKzsTSXO3HB_-iS6RiH2giRhkZYcPTSz5L9NuGrr9dsqUZT4cJ8iL3yvIpCZ_twOzPimsy4hcakbfg6NC1vCc5VUX4ZRJrxcSuYviAmbMqyZ9Tyi3BliCzSafqSruWsPSMgReVSTQl7oUeiZ8Tu9TRBv2yWq88H__knv2G4tlmRwbyO7eI15y1G1mWK_vtlCb3DDtTma2jf8OYIsO4gUm5oGvtB1TNl6lcghQ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1916711
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3

200

B29933196.366647091;dc_pre=CNWe7PmX-P4CFbLLEQgd5ToIXQ;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=646299444ca15b4dfd164a47c1908af7;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tf...
ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/ Frame 5072
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/B29933196.366647091;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=646299444ca15b4dfd164a47c1908af7;dc_lat=;dc_rdid=;tag_for_...
https://ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/B29933196.366647091;dc_pre=CNWe7PmX-P4CFbLLEQgd5ToIXQ;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=646299444ca15b4dfd164a47...

42 B
63 B

26ms
25ms

Image
image/gif

142.250.186.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/B29933196.366647091;dc_pre=CNWe7PmX-P4CFbLLEQgd5ToIXQ;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=646299444ca15b4dfd164a47c1908af7;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=1;;ltd=;dc_tdv=1?

Requested by

Protocol

Server

142.250.186.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/B29933196.366647091;dc_pre=CNWe7PmX-P4CFbLLEQgd5ToIXQ;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=646299444ca15b4dfd164a47c1908af7;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=1;;ltd=;dc_tdv=1?
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 a0184b4ac39b4097bf4cf67532efa17a_image_ad_300x600.png
static.criteo.net/design/dt/102052/230505/ Frame 5072 296 KB
297 KB 18ms
14ms Image
image/png 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/design/dt/102052/230505/a0184b4ac39b4097bf4cf67532efa17a_image_ad_300x600.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

1b59b519aadb3949082264df9916f65d92d85c1cd5b294576f66958879778242

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 05 May 2023 09:28:26 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "6454cc3a-4a025"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 303141
expires: Thu, 09 May 2024 20:42:45 GMT

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.40/one-ad/ Frame D299 103 KB
13 KB 21ms
20ms Stylesheet
text/css 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://as.ad4m.at/ad/style/0.1.40/one-ad/default.css
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1j0sd5kc2dh37e315h4ysrq35wtrfrgkxfbqgg6tjg2gg98449fszn6vdg5gr6n5v77rkktnz5v1afjgwvessm5nadkk075913fd5kf01vt0tj61715xe5d3jx33nj218kvw592e2djnfr7r7szmf9xav8sfcss6srpjhyhj9ec6a05z6eegah2s3zpwhbj8npn33bcxnbc11d9zqa01a2wk81gfypccfp72gczn2wy5bw9087kzwz46bt0nkyk2tn0jy6e2sa9v3qqam4kh4mh0ek3ms3mdt17er94tzbh7hw20ht0yehjgtck933e24m2fjxa5pyvv4zwyrbspedqvxq795wppjb8r0e6g2xfb312tm9femqg9np49y33h7z4zpet0mfpmvzsxjg5460tygn9rgac42f4k9he98qs4kq6x3frjxszzd7rz9tb69f8a2b60vc&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-MODRJliZOnTI4SglgS7grL4BZDhgYRctqjCivACwI23ARABIABglfqXgqwHggEXY2EtcHViLTc1NTQ3OTM0OTcxOTIzNjLIAQmpArhJv7UzZ7I-4AIAqAMBqgT4AU_Qm2cwHRJq8x2mkUf0GK3tCeGzXDNnyO2GqSGGzaZhJQo5FykRax4-HhAGSgNK2QSc7uPGSq3qUbao3Eqc_Kd_rJGclJbpBwfT_l8mX6-Z3qQDDfjFkGMlNzeVc6RcbBufW9cAjgUyzA7KYFvwF-uxMu9kz8Hqhypz2D3nlaIDXgRtI1ahHpFE8cM9CBYPn-ZYh7wuUDf-yYlA_1_YekoTOVyW8OAlW7tT27cksi7tgg7tGCYPYyVeopjLiRAvRUZvKNtD2_dlMJ1ozeyE43u426RRDiAUjXjWUDtkF4g42PhhtCrEhXieKxOpKKmhEfDKLEynXXMx4AQBgAbE0Z70yIDOvKUBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1fWoXb9j5p6leW3a656AtniIfMZQ%26client%3Dca-pub-7554793497192362%26adurl%3D
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d77b5f2ca03eb8dab2acc515548b7b1ce7eeb4ca2189268552649e0391ee8c21

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/dr?ed=1j0sd5kc2dh37e315h4ysrq35wtrfrgkxfbqgg6tjg2gg98449fszn6vdg5gr6n5v77rkktnz5v1afjgwvessm5nadkk075913fd5kf01vt0tj61715xe5d3jx33nj218kvw592e2djnfr7r7szmf9xav8sfcss6srpjhyhj9ec6a05z6eegah2s3zpwhbj8npn33bcxnbc11d9zqa01a2wk81gfypccfp72gczn2wy5bw9087kzwz46bt0nkyk2tn0jy6e2sa9v3qqam4kh4mh0ek3ms3mdt17er94tzbh7hw20ht0yehjgtck933e24m2fjxa5pyvv4zwyrbspedqvxq795wppjb8r0e6g2xfb312tm9femqg9np49y33h7z4zpet0mfpmvzsxjg5460tygn9rgac42f4k9he98qs4kq6x3frjxszzd7rz9tb69f8a2b60vc&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-MODRJliZOnTI4SglgS7grL4BZDhgYRctqjCivACwI23ARABIABglfqXgqwHggEXY2EtcHViLTc1NTQ3OTM0OTcxOTIzNjLIAQmpArhJv7UzZ7I-4AIAqAMBqgT4AU_Qm2cwHRJq8x2mkUf0GK3tCeGzXDNnyO2GqSGGzaZhJQo5FykRax4-HhAGSgNK2QSc7uPGSq3qUbao3Eqc_Kd_rJGclJbpBwfT_l8mX6-Z3qQDDfjFkGMlNzeVc6RcbBufW9cAjgUyzA7KYFvwF-uxMu9kz8Hqhypz2D3nlaIDXgRtI1ahHpFE8cM9CBYPn-ZYh7wuUDf-yYlA_1_YekoTOVyW8OAlW7tT27cksi7tgg7tGCYPYyVeopjLiRAvRUZvKNtD2_dlMJ1ozeyE43u426RRDiAUjXjWUDtkF4g42PhhtCrEhXieKxOpKKmhEfDKLEynXXMx4AQBgAbE0Z70yIDOvKUBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1fWoXb9j5p6leW3a656AtniIfMZQ%26client%3Dca-pub-7554793497192362%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-meta-goog-reserved-file-mtime: 1683559916
age: 623008
cf-polished: origSize=105839
x-guploader-uploadid: ADPycdv9IJsM9Nda_T-YCF8tGjLSR9_5GyrPWBCiXo7o_2KPFa29jeIDurPOQJdzBat54FnfGmUqvpjJPo5BCE2ydDX2ig
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Mon, 08 May 2023 15:32:28 GMT
server: cloudflare
etag: W/"44fa96b813e145cb8b915ae1fb6a3b7a"
vary: Accept-Encoding
x-goog-generation: 1683559948253618
content-type: text/css
x-goog-hash: crc32c=FELYSw==, md5=RPqWuBPhRcuLkVrh+2o7eg==
cache-control: public, max-age=3600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZUlyaaXDWeiYPFQt5EK6quYiItSADmPkqIwOAY3YZEeNbBMSUm8cI6Iug3%2FA1rtEyy%2BhXT5bQ%2BqjBftB79Ogz%2Bd0osSmzehO1vSpM98lpYcImtocmD75J4d5FJr%2FryPLLYrHEe%2F85so%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 105839
cf-ray: 7c7e35914dee1c2c-FRA
expires: Mon, 15 May 2023 21:42:45 GMT

GET
H3 200 r62eglto.js Show response
ad4m.at/ Frame D299 25 KB
10 KB 19ms
18ms Script
application/javascript 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/r62eglto.js
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1j0sd5kc2dh37e315h4ysrq35wtrfrgkxfbqgg6tjg2gg98449fszn6vdg5gr6n5v77rkktnz5v1afjgwvessm5nadkk075913fd5kf01vt0tj61715xe5d3jx33nj218kvw592e2djnfr7r7szmf9xav8sfcss6srpjhyhj9ec6a05z6eegah2s3zpwhbj8npn33bcxnbc11d9zqa01a2wk81gfypccfp72gczn2wy5bw9087kzwz46bt0nkyk2tn0jy6e2sa9v3qqam4kh4mh0ek3ms3mdt17er94tzbh7hw20ht0yehjgtck933e24m2fjxa5pyvv4zwyrbspedqvxq795wppjb8r0e6g2xfb312tm9femqg9np49y33h7z4zpet0mfpmvzsxjg5460tygn9rgac42f4k9he98qs4kq6x3frjxszzd7rz9tb69f8a2b60vc&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-MODRJliZOnTI4SglgS7grL4BZDhgYRctqjCivACwI23ARABIABglfqXgqwHggEXY2EtcHViLTc1NTQ3OTM0OTcxOTIzNjLIAQmpArhJv7UzZ7I-4AIAqAMBqgT4AU_Qm2cwHRJq8x2mkUf0GK3tCeGzXDNnyO2GqSGGzaZhJQo5FykRax4-HhAGSgNK2QSc7uPGSq3qUbao3Eqc_Kd_rJGclJbpBwfT_l8mX6-Z3qQDDfjFkGMlNzeVc6RcbBufW9cAjgUyzA7KYFvwF-uxMu9kz8Hqhypz2D3nlaIDXgRtI1ahHpFE8cM9CBYPn-ZYh7wuUDf-yYlA_1_YekoTOVyW8OAlW7tT27cksi7tgg7tGCYPYyVeopjLiRAvRUZvKNtD2_dlMJ1ozeyE43u426RRDiAUjXjWUDtkF4g42PhhtCrEhXieKxOpKKmhEfDKLEynXXMx4AQBgAbE0Z70yIDOvKUBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1fWoXb9j5p6leW3a656AtniIfMZQ%26client%3Dca-pub-7554793497192362%26adurl%3D
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2d5e67a38c9a11424cac19ce192c9fd124a6d74e64d3791a01561dbd3e39c0b4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 14 Mar 2023 13:45:21 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 351407
etag: W/"fcb2a26b07bd76d9a925cae661d6d94d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kb5i4YnLrPPfseMgwRlJh3OXUdYqeZCarhvUetBRJ0bwEDGDzZOxVuJuUe8QQdTRWN5TA0UeMssQpo9Yi6HQfnAMTFGOua3BKpHQSA2X1c0Vi3oU8JiTuLKmr5Ha6aniA930siA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
cf-ray: 7c7e35914def1c2c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Tue, 09 May 2023 13:46:06 GMT

GET
H3 200 container.html Show response
a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 24A2 6 KB
3 KB 7ms
6ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:43 GMT
expires: Tue, 14 May 2024 20:42:43 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 0717 6 KB
3 KB 10ms
8ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:43 GMT
expires: Tue, 14 May 2024 20:42:43 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame 2484 0
104 B 144ms
23ms Image
text/plain 2a02:fa8:8806:13::1370
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEPR-fY1OsYwOqturqpL5EPI&google_cver=1&google_push=ATf1kGP4mGV6CpmKw2ZE3ZLr_tn7nLxHpm4UluqkJVO01ls16e9B_AXHlRzzZmAAz0V0pTjPeVWbM7l4a0eExKJXsSbsBEDbL7dZWgQEGvquWC_HNQwSuqIYkkDCV9gPr_BzKyX-lzkaYQu0
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:13::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2 200 i.match
a.tribalfusion.com/ Frame 2484 43 B
401 B 189ms
183ms Image
image/gif 2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.tribalfusion.com/i.match?p=b6&u=CAESEHMKmf6dvbxCkAgG8Nlv0T0&google_cver=1&google_push=ATf1kGO_HioHIRv5SRc_EqycicG-fPVoe2KbjE0rBIKEcOA8wlp4tmRIPuR6TDP5YpyayGwrqbBw3u9v0NZ_Ydy2Ka4bsRzCohLEYXgggSzbEVbWFGIjlFMPJ1Xd4B7MODq2iQyxinriCMwp&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DATf1kGO_HioHIRv5SRc_EqycicG-fPVoe2KbjE0rBIKEcOA8wlp4tmRIPuR6TDP5YpyayGwrqbBw3u9v0NZ_Ydy2Ka4bsRzCohLEYXgggSzbEVbWFGIjlFMPJ1Xd4B7MODq2iQyxinriCMwp%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7c7e35917bf68fee-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

google_sync_status
x.bidswitch.net/ Frame 2484
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEDI_PUIbBJFYCv6VwoC0hI4&google_cver=1&google_push=ATf1kGMf3KG7o36TOgYdJy8wIMSItEwA8Q7u1Mewxa-bxS0ngc-zw0QpGeg1MNH0rjN3uOoe_aD3VM96MN3P-Nnv9eqp...
https://a.sportradarserving.com/sync?ssp=bidswitch&bidswitch_ssp_id=google
https://a.sportradarserving.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=google
https://x.bidswitch.net/sync?dsp_id=409&expires=14&user_group=1&user_id=28518217-43a4-4d5a-bb0c-9322758a0795&ssp=google
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_cm=1&google_hm=ihJimL7oRMm9lvBidffZYQ==
https://x.bidswitch.net/google_sync_status?ssp_name=google&google_gid=CAESEDI_PUIbBJFYCv6VwoC0hI4&google_cver=1

43 B
145 B

8ms
7ms

Image
image/gif

3.65.173.148
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/google_sync_status?ssp_name=google&google_gid=CAESEDI_PUIbBJFYCv6VwoC0hI4&google_cver=1
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 3.65.173.148 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-65-173-148.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:46 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://x.bidswitch.net/google_sync_status?ssp_name=google&google_gid=CAESEDI_PUIbBJFYCv6VwoC0hI4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 316
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2484
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEDTK9lx580COF8UGNTAT7OM&google_cver=1&google_push=ATf1kGN0IVdPYU0eHc4Z_g_LKTHrBnYpNmOiVsbaEa6N05n1-kzxadRPI_KUr-jIL3NPYms71Bcg2rS0...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzYxODcwODY3NDI1NTgwMzA1Ng&google_push=ATf1kGN0IVdPYU0eHc4Z_g_LKTHrBnYpNmOiVsbaEa6N05n1-kzxadRPI_KUr-jIL3NPYms71Bcg2r...

170 B
188 B

17ms
17ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzYxODcwODY3NDI1NTgwMzA1Ng&google_push=ATf1kGN0IVdPYU0eHc4Z_g_LKTHrBnYpNmOiVsbaEa6N05n1-kzxadRPI_KUr-jIL3NPYms71Bcg2rS0Kmelat9eazM7dwrgAHgKnV4vRA68VsWswc3Niup4mRzHrSqcQXgjZPYWe-hZ-Olm

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzYxODcwODY3NDI1NTgwMzA1Ng&google_push=ATf1kGN0IVdPYU0eHc4Z_g_LKTHrBnYpNmOiVsbaEa6N05n1-kzxadRPI_KUr-jIL3NPYms71Bcg2rS0Kmelat9eazM7dwrgAHgKnV4vRA68VsWswc3Niup4mRzHrSqcQXgjZPYWe-hZ-Olm
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2484
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESENzWdJl3lTuhqjBpE8Q3jmo&google_cver=1&google_push=ATf1kGPy5ZEbiApOlT-YxgJdlRDW6qegOHgcfWPVqRwTTiNIezeCn2sqUspnOQzh0_3cDDjC03UBGG1j2TFxW6CR6fx2ZK...
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESENzWdJl3lTuhqjBpE8Q3jmo&google_cver=1&google_push=ATf1kGPy5ZEbiApOlT-YxgJdlRDW6qegOHgcfWPVqRwTTiNIezeCn2sqUspnOQzh0_3cDDjC03UBGG1j2TFxW6CR...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=8tnyQjZJSHe_2bT4Zk4sBQ&google_push=ATf1kGPy5ZEbiApOlT-YxgJdlRDW6qegOHgcfWPVqRwTTiNIezeCn2sqUspnOQzh0_3cDDjC03UBGG1j2TFxW6C...

170 B
188 B

20ms
20ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=8tnyQjZJSHe_2bT4Zk4sBQ&google_push=ATf1kGPy5ZEbiApOlT-YxgJdlRDW6qegOHgcfWPVqRwTTiNIezeCn2sqUspnOQzh0_3cDDjC03UBGG1j2TFxW6CR6fx2ZKhDAIRnEE88dbfGEry_3fdzS37wPiCjjPNzlnJ75S7RU6nz8d0j

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=8tnyQjZJSHe_2bT4Zk4sBQ&google_push=ATf1kGPy5ZEbiApOlT-YxgJdlRDW6qegOHgcfWPVqRwTTiNIezeCn2sqUspnOQzh0_3cDDjC03UBGG1j2TFxW6CR6fx2ZKhDAIRnEE88dbfGEry_3fdzS37wPiCjjPNzlnJ75S7RU6nz8d0j
access-control-allow-origin: *
date: Mon, 15 May 2023 20:42:45 GMT
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2484
Redirect Chain

https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEH72pxcy57T-ZGJS1_d4t4I&google_cver=1&google_push=ATf1kGM1lWzBUL2SFUYlhaXQSDsb5d3YAgOXRSiq0nX_q387ZZ4GyOQk-iggfvntjdfzy1oscB...
https://ups.analytics.yahoo.com/ups/58281/sync?redir=true&google_gid=CAESEH72pxcy57T-ZGJS1_d4t4I&google_cver=1&google_push=ATf1kGM1lWzBUL2SFUYlhaXQSDsb5d3YAgOXRSiq0nX_q387ZZ4GyOQk-iggfvntjdfzy1oscB...
https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1ucjlNVjFORTJ1SGZ5Mjl4RjlRa3N4ZFE3cXVFV3c1YX5B&google_push=ATf1kGM1lWzBUL2SFUYlhaXQSDsb5d3YAgOXRSiq0nX_q387ZZ4GyOQk-...

170 B
188 B

21ms
20ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1ucjlNVjFORTJ1SGZ5Mjl4RjlRa3N4ZFE3cXVFV3c1YX5B&google_push=ATf1kGM1lWzBUL2SFUYlhaXQSDsb5d3YAgOXRSiq0nX_q387ZZ4GyOQk-iggfvntjdfzy1oscBOMse7gP9woKyZE2JjmrRxuvzve3eujrQgGH202o6mE0ssDUuA6URK53NB107vXdvD3JFFdXA

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=oath__display__app_eb_&google_hm=eS1ucjlNVjFORTJ1SGZ5Mjl4RjlRa3N4ZFE3cXVFV3c1YX5B&google_push=ATf1kGM1lWzBUL2SFUYlhaXQSDsb5d3YAgOXRSiq0nX_q387ZZ4GyOQk-iggfvntjdfzy1oscBOMse7gP9woKyZE2JjmrRxuvzve3eujrQgGH202o6mE0ssDUuA6URK53NB107vXdvD3JFFdXA
date: Mon, 15 May 2023 20:42:45 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.57
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2484
Redirect Chain

https://secure.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=${BASE64_UID_ENC}&google_gid=CAESEJN3Bw77klw6nfyfqcWWASU&google_cver=1&google_push=ATf1kGOP0LqxUOlWM...
https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=MTIwNDYxNzg3Mjg2MTM0MzMyOA%3D%3D&google_gid=CAESEJN3Bw77klw6nfyfqcWWASU&google_cver=1&google_push=ATf1kGOP0LqxUOlWMVWTHpEb2yhSJpCbtW...

170 B
188 B

20ms
20ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=MTIwNDYxNzg3Mjg2MTM0MzMyOA%3D%3D&google_gid=CAESEJN3Bw77klw6nfyfqcWWASU&google_cver=1&google_push=ATf1kGOP0LqxUOlWMVWTHpEb2yhSJpCbtW8faM7IqWvQNajlIICHxZ5KP-_L0Bv9VaT7rBAhJqhSGlORxydgLrT-a4T8s8xNfOmgHJSAoC0gdcrPIE3tDXlyQ-_sLATcd41l51Bnf_s-BJb9

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Mon, 15 May 2023 20:42:45 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1002.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 43950fed-8b57-4862-a6e2-564115af355b
Server: nginx/1.23.2
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=MTIwNDYxNzg3Mjg2MTM0MzMyOA%3D%3D&google_gid=CAESEJN3Bw77klw6nfyfqcWWASU&google_cver=1&google_push=ATf1kGOP0LqxUOlWMVWTHpEb2yhSJpCbtW8faM7IqWvQNajlIICHxZ5KP-_L0Bv9VaT7rBAhJqhSGlORxydgLrT-a4T8s8xNfOmgHJSAoC0gdcrPIE3tDXlyQ-_sLATcd41l51Bnf_s-BJb9
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 2484 0
12 B 20ms
16ms Image
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13J8ArYhfQiMz_x-lYBE5aUSKlb7qvx6GEFoQlJ2e6-kUmnw4ayGBIyeLbuEbXixl1iLkbvgEi0

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H/1.1 200
OK yrsa821xsiee Show response
hal9000.redintelligence.net/zone/ Frame 8C30 10 KB
4 KB 37ms
13ms Script
text/html 136.243.149.243
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/yrsa821xsiee?subid=&gdpr=1&gdpr_consent=li&rnd=1811958071805038589&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:adx&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3Dskd03Xwid3db0cPMclxdrw%26exch_seat%3D20035004448%26mt_aid%3D1811958071805038589%26mt_id%3D6622327%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D42296462-9945-4b01-b126-3a5e83bcf37d%26mt_cid%3D42296462-9945-4b01-b126-3a5e83bcf37d%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCsn9URJliZL-eJ_KS9fgPscejmATPh46bXMCG2YLGAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJ4AIAqAMBqgT5AU_Qor0h8qRafqfT5-vcktRwYA3cMl-diWvkxiKPi6BpXPT0CWTLu_DsHJbpsYUG36GtzShgv8gNv7X2IAdfaZ4e5TfZmMkUCeXLvxyKOeGn_1Kn6k1JoVuG25Vp7OoIziU9mSCMNWGz76x5vDX8YLiSo_LmMFP_1Da9GVPd5fokKTdIu_BeRgffzpXvhBXvh98O8dtUTRJRCxR0K-Y8pdJp8P6k_b42jYhPpd3wxa4VOxmNN3HgpBAYB3H6YMrh0U6mPZAOLYQA7GXCcyTXr7VrILXlKXoDsQzG56bivxaDGHWal_-5wdyGJklEePFvDJefsp_3tT9y0-AEAYAGs-n1-N_MwLi5AaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_2A3ttfVGF0WmwyLTaQbjC9xyH8rQ%2526client%253Dca-pub-7554793497192362%2526adurl%253D%26redirect%3D
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.149.243 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.243.149.243.136.clients.your-server.de
Software: Apache /
Resource Hash: 3f437b633ab25ec6171af77bbe050f8d85c71f1bd162b10de964aa327bd572cf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 20:42:45 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3403
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK ck-confirm
tags.mathtag.com/ Frame 8C30 49 B
330 B 30ms
26ms Image
image/gif 185.29.134.245
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/ck-confirm?bid_id=1811958071805038589&node_id=3770&exch_id=4
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvTkRGaVpXTmtNemN0WkRSaE5pMHhNbUU0TFRBd01EQXRNREF3TURBd01EQXdNREF3LzE4MTE5NTgwNzE4MDUwMzg1ODkvNjYyMjMyNy80NTYyMzA2LzQvREhTQzNzbG9TcnFoOXpyclIxRHU1LXJKRDI2TmxVOXJoekpTcklranM4Zy8xLzQvMC8wLzk1NjgwMy8wLzIxNjUzNi82NTE4NzEvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC8xODExOTU4MDcxODA1MDM4NTg5L3pyaC8wLzQ2OC85NC85OTkvMzIyLzJhMDI6NmVhMDpjNzFiOjovMC4wMDAvMTY4NDE4MzM2NC8xNjg0MTk1OTY0LzQvcHViLTc1NTQ3OTM0OTcxOTIzNjIv/to17DbeEBrp-OYo8rXHhQwB0KN8&nodeid=3770&group=zrh&auctionid=1811958071805038589&pbs_auctionid=1811958071805038589&shardkey=1811958071805038589&sid=4562306&cid=6622327&bp=a_aiebbd&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.142&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCsn9URJliZL-eJ_KS9fgPscejmATPh46bXMCG2YLGAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJ4AIAqAMBqgT5AU_Qor0h8qRafqfT5-vcktRwYA3cMl-diWvkxiKPi6BpXPT0CWTLu_DsHJbpsYUG36GtzShgv8gNv7X2IAdfaZ4e5TfZmMkUCeXLvxyKOeGn_1Kn6k1JoVuG25Vp7OoIziU9mSCMNWGz76x5vDX8YLiSo_LmMFP_1Da9GVPd5fokKTdIu_BeRgffzpXvhBXvh98O8dtUTRJRCxR0K-Y8pdJp8P6k_b42jYhPpd3wxa4VOxmNN3HgpBAYB3H6YMrh0U6mPZAOLYQA7GXCcyTXr7VrILXlKXoDsQzG56bivxaDGHWal_-5wdyGJklEePFvDJefsp_3tT9y0-AEAYAGs-n1-N_MwLi5AaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2A3ttfVGF0WmwyLTaQbjC9xyH8rQ%26client%3Dca-pub-7554793497192362%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.245 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.387.2 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 20:42:45 GMT
Server: MMBD/3.387.2
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: cdg-router-x99, zrh-bidder-x156
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Mon, 15 May 2023 20:42:44 GMT

GET
H/1.1 200
OK img
pixel.mathtag.com/event/ Frame 8C30 43 B
416 B 26ms
22ms Image
image/gif 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/event/img?mt_id=1368875&mt_adid=216764&v1=4&v2=1811958071805038589&v3=651871&v4=4562306&v5=6622327&mt_nsync=1&no_attr=1
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvTkRGaVpXTmtNemN0WkRSaE5pMHhNbUU0TFRBd01EQXRNREF3TURBd01EQXdNREF3LzE4MTE5NTgwNzE4MDUwMzg1ODkvNjYyMjMyNy80NTYyMzA2LzQvREhTQzNzbG9TcnFoOXpyclIxRHU1LXJKRDI2TmxVOXJoekpTcklranM4Zy8xLzQvMC8wLzk1NjgwMy8wLzIxNjUzNi82NTE4NzEvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC8xODExOTU4MDcxODA1MDM4NTg5L3pyaC8wLzQ2OC85NC85OTkvMzIyLzJhMDI6NmVhMDpjNzFiOjovMC4wMDAvMTY4NDE4MzM2NC8xNjg0MTk1OTY0LzQvcHViLTc1NTQ3OTM0OTcxOTIzNjIv/to17DbeEBrp-OYo8rXHhQwB0KN8&nodeid=3770&group=zrh&auctionid=1811958071805038589&pbs_auctionid=1811958071805038589&shardkey=1811958071805038589&sid=4562306&cid=6622327&bp=a_aiebbd&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.142&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCsn9URJliZL-eJ_KS9fgPscejmATPh46bXMCG2YLGAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJ4AIAqAMBqgT5AU_Qor0h8qRafqfT5-vcktRwYA3cMl-diWvkxiKPi6BpXPT0CWTLu_DsHJbpsYUG36GtzShgv8gNv7X2IAdfaZ4e5TfZmMkUCeXLvxyKOeGn_1Kn6k1JoVuG25Vp7OoIziU9mSCMNWGz76x5vDX8YLiSo_LmMFP_1Da9GVPd5fokKTdIu_BeRgffzpXvhBXvh98O8dtUTRJRCxR0K-Y8pdJp8P6k_b42jYhPpd3wxa4VOxmNN3HgpBAYB3H6YMrh0U6mPZAOLYQA7GXCcyTXr7VrILXlKXoDsQzG56bivxaDGHWal_-5wdyGJklEePFvDJefsp_3tT9y0-AEAYAGs-n1-N_MwLi5AaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2A3ttfVGF0WmwyLTaQbjC9xyH8rQ%26client%3Dca-pub-7554793497192362%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 851 9bd98ae master cdg-pixel-x28 config_version:"unknown" /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 20:42:45 GMT
Server: MT3 851 9bd98ae master cdg-pixel-x28 config_version:"unknown"
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Content-Type: image/gif
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 43
Expires: Mon, 15 May 2023 20:42:44 GMT

GET
H/1.1 200
OK img
tags.mathtag.com/event/ Frame 8C30 49 B
330 B 39ms
29ms Image
image/gif 185.29.134.245
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/event/img?type=mmImpTrack&exch=adx&bid=1811958071805038589&st=4562306&time=1684183365&nodeid=3770
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=adx&s_exch=adx&id=5aW95q2jLzIzLyAvTkRGaVpXTmtNemN0WkRSaE5pMHhNbUU0TFRBd01EQXRNREF3TURBd01EQXdNREF3LzE4MTE5NTgwNzE4MDUwMzg1ODkvNjYyMjMyNy80NTYyMzA2LzQvREhTQzNzbG9TcnFoOXpyclIxRHU1LXJKRDI2TmxVOXJoekpTcklranM4Zy8xLzQvMC8wLzk1NjgwMy8wLzIxNjUzNi82NTE4NzEvMS8wLzAvTURBd01EQXdNREF0TURBd01DMHdNREF3TFRBd01EQXRNREF3TURBd01EQXdNREF3LzAvMC8wLzAvMC8xODExOTU4MDcxODA1MDM4NTg5L3pyaC8wLzQ2OC85NC85OTkvMzIyLzJhMDI6NmVhMDpjNzFiOjovMC4wMDAvMTY4NDE4MzM2NC8xNjg0MTk1OTY0LzQvcHViLTc1NTQ3OTM0OTcxOTIzNjIv/to17DbeEBrp-OYo8rXHhQwB0KN8&nodeid=3770&group=zrh&auctionid=1811958071805038589&pbs_auctionid=1811958071805038589&shardkey=1811958071805038589&sid=4562306&cid=6622327&bp=a_aiebbd&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.135.142&3pck=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCsn9URJliZL-eJ_KS9fgPscejmATPh46bXMCG2YLGAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJ4AIAqAMBqgT5AU_Qor0h8qRafqfT5-vcktRwYA3cMl-diWvkxiKPi6BpXPT0CWTLu_DsHJbpsYUG36GtzShgv8gNv7X2IAdfaZ4e5TfZmMkUCeXLvxyKOeGn_1Kn6k1JoVuG25Vp7OoIziU9mSCMNWGz76x5vDX8YLiSo_LmMFP_1Da9GVPd5fokKTdIu_BeRgffzpXvhBXvh98O8dtUTRJRCxR0K-Y8pdJp8P6k_b42jYhPpd3wxa4VOxmNN3HgpBAYB3H6YMrh0U6mPZAOLYQA7GXCcyTXr7VrILXlKXoDsQzG56bivxaDGHWal_-5wdyGJklEePFvDJefsp_3tT9y0-AEAYAGs-n1-N_MwLi5AaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_2A3ttfVGF0WmwyLTaQbjC9xyH8rQ%26client%3Dca-pub-7554793497192362%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.245 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.387.2 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 20:42:45 GMT
Server: MMBD/3.387.2
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: cdg-router-x52, zrh-bidder-x156
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Mon, 15 May 2023 20:42:44 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 766E 2 KB
1 KB 15ms
14ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZGKZRAAJoMAJHUrgAA7vXErYZ2MCOWqkyfyQVA&u=%7ClPoQj%2FclhXe%2BzRN6PRX3nMw%2FlQXbSe%2B1xkD1k9PgfeY%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNy44cDHK1QYNdJ71gdyCWvw29y1GxtacI6iVoVnLQ5srUOwC-sDBJIjvRCy3Ss-BiCTuGilNUvwXKWgmjkBimEDMLzpRLmnsMpjOgbz_LVgMCNERFhaNlvUnpRl3XeBsucKM0Op_B2WC05RkcKDCS77VUIwXKroQc8kznaJ-QxSlgfWcoVsvQ0cxAFtT46nz3Xfud2uHmtWJ0Q65bTIxFEpQLA7Vzj8nj7m7MaxVG-IXQfY8AeUE0-MGKqI7pEAXf9ga4QFlBZgheIwwwpmFZc34VEy00yUcoa_Id8wb8WE0x2tXIYytPlvT37q60TG4MpzC4PDrGxDqTJuGI6V1jTzWdqZpVe3bhnPmEzyctR7nYxQUgUX-LHo9zp-IY9ppUKIwLyUs-7mVzOh9U06mm_t4TYDSnr0oBHi7Wu4ZN1wUG3Nld66qCFm-FuJNMl-_LLmdSLFOf2VQWdD7BQC4qzCQ-rlb8DmAXSMN8DPGCQwYRPRzzAO8qx2EqaqvsXA6fER3TV-lHaD5uB3y8sI_Jgb1MbXC0MtJelqaxOLGhc-Gzir0U_NH4MjNtOH_ydOwVmA8H-RyrMtsV6_nfynGdTFXccdFchnvyaJeBekQsOPU&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCuIxfRJliZMDBJuCV9fgP3N67uA7JntKxXNWdkfdwwI23ARABIABglfqXgqwHggEXY2EtcHViLTc1NTQ3OTM0OTcxOTIzNjLIAQmpArhJv7UzZ7I-4AIAqAMBqgT4AU_QnPVoUAAbbuQnbWG9fTR0m-9yS8TDwbXUR1LflZc2jk8FmbDMEqPFkfg3dyQTA6UZLyVYUa27YyAEVts6XHgKEJ12ofARrpNdh7nVzUNz8cYQWad35ODvuoeEuQnO_3qZ-g50z_95ZDyMSNBjN72MLiG3NQ8VxBrwuF0mTORFfU2Z3rh32UmZTxthIorBTEntmZDMknrMhGNA6NgcW8vWnnA0LjU2JHa6JqRTj2Ih7IfKQK2lNzhf__ESS4AHbYIqP51FzWbvnKXsbCbH4Yweiz9w2R-98mj5hSwjgd9tV2Fajxw10UrB7bPap_IfdAVsbjcRjrUY4AQBgAaRzaSasM_69Z0BoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_3glJ7OMXSedse8syDXCIP3ltnQEg%26client%3Dca-pub-7554793497192362%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:45 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 766E 2 KB
1 KB 14ms
14ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:45 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 766E 308 B
636 B 14ms
13ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Thu, 09 May 2024 20:42:45 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 766E 293 B
621 B 13ms
12ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Thu, 09 May 2024 20:42:45 GMT

GET
H2 200 lg.php
cat.fr3.eu.criteo.com/delivery/ Frame 766E 43 B
347 B 19ms
19ms Image
image/gif 178.250.7.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.fr3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=ZaLub5Tf_M2yoDUfVFEMIP-ZYpZ3pHpPxHR6hSE6VMf94UnZx11F9vlE_ApZpz5D-Xy40_nZaDwhpjDnYJKvWcP2PKsvuF7W-X1MmujBxdvUdtzsujGp9skKbfIvc3UsV93WgHzsX6rZvDZliL3apOMobDOBjsd-NEbW8unRzjY4nWbvW4Kr_MqFbmji65qyLB0wx25umpY9VHAhzMKz3WjHEhYcI6byogeCKgKBjPSWRsXJDACtHElgrFzuLt_20Vs8gxf1MItabCphlchXBHVHSiN_hU0rRMY_x5DNxXAafoxU9a2EOTPactvaZTd_cq7ZMKe2ufN0kSyST3pCnL9s8-Kgsh6g2y_e0o9Q3wDKKl6bEGfxM-xo8b55LcDY6z6AcYttsFjfAPMFiZbyOXwTbS0D2mGCnKPfa-Dxl4BMpty5

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1720947
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3

200

B29933196.366647091;dc_pre=CPXc8fmX-P4CFbnluwgdQi0GuQ;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=64629945d4ef80b63fb966f9e3fef4e9;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tf...
ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/ Frame 766E
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/B29933196.366647091;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=64629945d4ef80b63fb966f9e3fef4e9;dc_lat=;dc_rdid=;tag_for_...
https://ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/B29933196.366647091;dc_pre=CPXc8fmX-P4CFbnluwgdQi0GuQ;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=64629945d4ef80b63fb966f9...

42 B
63 B

26ms
26ms

Image
image/gif

142.250.186.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/B29933196.366647091;dc_pre=CPXc8fmX-P4CFbnluwgdQi0GuQ;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=64629945d4ef80b63fb966f9e3fef4e9;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=1;;ltd=;dc_tdv=1?

Requested by

Protocol

Server

142.250.186.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/B29933196.366647091;dc_pre=CPXc8fmX-P4CFbnluwgdQi0GuQ;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=64629945d4ef80b63fb966f9e3fef4e9;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=1;;ltd=;dc_tdv=1?
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 4debdac53ee04751bc04e558cff50a52_image_ad_728x90.png
static.criteo.net/design/dt/102052/230505/ Frame 766E 121 KB
122 KB 21ms
21ms Image
image/png 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/design/dt/102052/230505/4debdac53ee04751bc04e558cff50a52_image_ad_728x90.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

e9f4804016ce37219673d8ff2f1720cf85d410d80f25c30c95d2c63af87b356c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 05 May 2023 09:28:27 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "6454cc3b-1e5b2"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 124338
expires: Thu, 09 May 2024 20:42:45 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 16ms
15ms Script
application/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.newtimes.co.rw

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 17ms
17ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.newtimes.co.rw

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 27 KB
12 KB 240ms
239ms XHR
text/plain 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3441115050061315&correlator=823363461190291&eid=31074646&output=ldjh&gdfp_req=1&vrg=202305090101&ptt=17&impl=fif&iu_parts=21828795265%2CTNT%2CTNT_home&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=970x90%7C728x90&ifi=19&adks=1556553135&sfv=1-0-40&prev_scp=pos%3Dadhesion%26amznbid%3D2%26amznp%3D2%26hb_format%3Dbanner%26hb_size%3D728x90%26hb_pb%3D0.02%26hb_adid%3D2765e65fa6cb2d7f%26hb_bidder%3DbluTonic&eri=1&sc=1&cookie=ID%3D9aaffe5e15c1aac3%3AT%3D1684183362%3AS%3DALNI_Ma9jKnX2iRWyThg5ibpFngNLZiOxw&gpic=UID%3D00000c17af5f1690%3AT%3D1684183362%3ART%3D1684183362%3AS%3DALNI_MbiM4NLUrzgVL4HLfPYJSLMvXKpsQ&abxe=1&dt=1684183365372&lmt=1684183365&dlt=1684183363227&idt=398&adxs=315&adys=1110&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=j&oid=2&u_his=3&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&url=https%3A%2F%2Fwww.newtimes.co.rw%2F&ref=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&frm=20&vis=1&psz=1600x5817&msz=1600x-1&fws=516&ohw=1600&psts=ABHeCvj2NDl10ZMRfTdogB6jJvsMf9fNOHOULUivHy3Eq3QT1F0BkRMdakRjnTbEeZTgY0EHrrAGfwnOug-5JgjaxPr2XqKt%2CABHeCvgrhHoSIB4onMs7sI_lYO8-i91IT7PM4RyFglGtFqK99muvbu1bO80_yAR2EVW6yTuTUGC0xKbqgyNo6_vNi08BBIZL&ga_vid=1224847520.1684183361&ga_sid=1684183364&ga_hid=1824289973&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e2938ed72160f5efe7fd38e3be3ba4c274e5fd74b9a372ed8e8f9e1bbf108db2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12399
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.newtimes.co.rw
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 3738 0
0 50ms
50ms Fetch
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C_HeZRJliZLSmNde8lgSOw4rYCsme0rFc1Z2R93DAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCakCuEm_tTNnsj7gAgCoAwGqBPUBT9BLRlARnZYEN_mWNpKXeyY22lGGufW_QmuyqSgZZXg-m-N0Ac6EMIQdImiI-raS5wvvCmo1C_rrOYJKVUrxR4U_WHYUKzs2mNSQ6sH5vIY42KeY-P7ccNeGZhz0Hh0-IRcu3tQ3j3xFeehRTWbMt3RQ6NHjfvOFE_BjwRcwYvgMJx7Vo1Q7GrM1VsU3rdvybJWVfJOt0fmVNGUvQcYGembC0tEWYCSvY02U8QTDYWVrIv_MZLUyUDyhPCu6ENajGbD1iTOdghOqa_y2naxqQjJIl2OkqmKx12e2AWurBxbTu1Y3JfJB2uxqho8Z_RfHn6XjyJ_gBAGABpHNpJqwz_r1nQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBAgAoD-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTc1NTQ3OTM0OTcxOTIzNjIY_KBy&sigh=xcKrYe8e_oM&uach_m=[UACH]&cid=CAQSPABygQiDIE3W90ylW3Su0wZrddM6FtS1YC-f3LpwjI3lZ113dBt1eJp-TBgwX4wmVMXN5Aee0JnpgqaboxgB
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

GET
H2 200 notify
rtb.fr3.eu.criteo.com/google/auction/ Frame 3738 0
0 58ms
17ms Fetch 2a02:2638:d::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.fr3.eu.criteo.com/google/auction/notify?profile=14&payload=kP7cFsg12AVanYNiAgIAAAAcjTZAv_FZDhBEmWJk0QDt6EX_Sn018wAAEgAACgpBUVVCRHdFQkR3&wp=ZGKZRAANUzQKhZ5XAAKhjiIm_-e-d2EdGMq2Aw

Requested by

Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 176610
server: Kestrel
content-length: 0

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame E194 50 KB
19 KB 21ms
18ms Document
text/html 2a02:2638:d::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZGKZRAANUzQKhZ5XAAKhjiIm_-e-d2EdGMq2Aw&u=%7ClPoQj%2FclhXecBmEy438X%2FHJS4GUup4DQuYpNN8Lz2qw%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNy44cDHK1QYNdJ71gdyCWvw29y1GxtacI6iVoVnLQ5srUOwC-sDBJIjvRCy3Ss-BiCTuGilNUvwWl_sxa8C-mAkgNESHrW4cfocwwU0fFERcUXaVimzaNmtft-zqwjxz0fwhBcJkJMCJsPs7bVDAxrImZCVXp5OA57i9nbKaJTl7PbWklNS0ZWsv2agltlLAo2krUHlmUWZd10RWT15UuMLRKhE0BZwaBs9qkwsQU0H7Zqi5AReM4D90xZ8M4uGbv_3f2XPLUXymXSmGpeE3p9ve9c-hWBsFWTecjevyfJSXRXXdDm1-j1lbDxJhgHtT44Ul-ziNcvBUeoM_KhXtqbTmYuKz9PLh-LSBjXuZId9jl5GnxjaL0MA1-NnyRUvRsbXdjl7jKdaPqgK0DjuH2BgvNhTYY-VQYm2o_jbKZUqVE9sWil28kgK7Y5_CHBV66VDch6Q5uiwOUb8_PWsGGmdu63VMNfq_6dtmcMo9Tpg-xsIQfJ0fdqjER8YejiQzc2S-CQ3VrKCXuH2lRcWGwmhoNSxzA0mrj7frwPbIy9wCEKemx5QulFZ8aoTldGzAeQRDaDkM-mhhFevAY_FyWoX-wQvy2qDtp&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC4GdCRJliZLSmNde8lgSOw4rYCsme0rFc1Z2R93DAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCakCuEm_tTNnsj7gAgCoAwGqBPgBT9BLRlARnZYEN_mWNpKXeyY22lGGufW_QmuyqSgZZXg-m-N0Ac6EMIQdImiI-raS5wvvCmo1C_rrOYJKVUrxR4U_WHYUKzs2mNSQ6sH5vIY42KeY-P7ccNeGZhz0Hh0-IRcu3tQ3j3xFeehRTWbMt3RQ6NHjfvOFE_BjwRcwYvgMJx7Vo1Q7GrM1VsU3rdvybJWVfJOt0fmVNGUvQcYGembC0tEWYCSvY02U8QTDYWVrIv_MZLUyUDyhPCu6ENajGbD1iTOdghOqa_y2naxqADBpBeQrNnEOS3MV0VYN_x_HseA9C-rDbiRXIH2m4zvfGg9n2yD5vpfgBAGABpHNpJqwz_r1nQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3fgiOUsz2t9mXAi5WAxr8FIo_7BQ%26client%3Dca-pub-7554793497192362%26adurl%3D

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

f259e459023f1a54dc223e498a06ca8109b83faaf54bd3897c87b6a1ae47edea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:45 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=6czkQVw-_Msrj2KhP0c1zJO-FgWKoTz5t4qMcdJD1eYK8VBuVYBJUefFqzdyrw_VG_5zWhQ-pL6ilr6sDLx3kPLHaQw2k3hQX6GowilORoTzB8ug55nHsqbJamlZj1XwOyiko1a9c-6L8uyUIytCY_v2jW9B_0VKm5Sp8qp8OwkWH4eTvvI2plgrIxPMTHEtPpGv0Pe2Fp1HlflFQ87gr9cIa8E7k2jac41AxAgFwif5ENE3QOl6pHvuweLC0PJNotI_eA"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 3513913
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/ Frame 3738 3 KB
1 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/window_focus_fy2021.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 18:31:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7894
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 May 2023 18:31:11 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame B769 1 KB
643 B 13ms
11ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34712
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 11:04:13 GMT
etag: 48472445140208031
expires: Tue, 16 May 2023 11:04:13 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/ Frame 3738 19 KB
8 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

01dcaf85f2ae23a30115cf4a663e90b4a507dc688c4c17f9ebddc3cf19fee780

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 12:20:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30107
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7937
x-xss-protection: 0
server: cafe
etag: 2499949999788435271
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 May 2023 12:20:58 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 3738 0
0 17ms
15ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTWtRcgapgkwXGAA1jUBjO7kJ2l5OwOAnCTefcvVbudnG5l5hGZcfYtG7fciIDwV4QdZJOSMq19ZmEEHTtZ2a8n4j_dIQ
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 3738 24 KB
6 KB 12ms
10ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Fri, 12 May 2023 14:52:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 280230
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 11 May 2024 14:52:15 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3738 169 KB
52 KB 60ms
58ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fdc79b8c47c6d5c20def82fa5f6a91e3cbe3057bff3f8b14b5c2c71dc9b57ec4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53545
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1683718549123860"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 15 May 2023 20:42:45 GMT

GET
H/1.1 200
OK dvbs_src.js Show response
cdn.doubleverify.com/ Frame 34A1 2 KB
1 KB 53ms
7ms Script
application/javascript 2a02:26f0:3500:d::1732:83d6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvbs_src.js?ctx=11655933&cmp=2661572&plc=64253744&sid=1523392&dvregion=0&unit=728x90&aufilter1=165376&autt=1&aubndl=&audeal=&auevent=0&prr=1&ppid=111&auadv=165376&aucmp=2661572&auorder=84037586&aucrtv=58775236&auadid=1523392&c6=1617446&c8=&auplc=9041754&turl=&c1=VF-DE+Deutschland&c2=DE_23_AO_P_W_G_M_emm-215-cre----per-nta--Tracking-SIMONLY&c3=PD_BC-215-nta-all-PRE-Tracking&c4=simonly_pre_doubledata_230427_728x90&c5=DV360-donotuse1&c7=DV360+(Media)&c9=&c10=DV360_PO_AL_NONE_SBN_CM_nta-all-tracking
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:d::1732:83d6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: e189eb8fb761166a6d657a8dbea2c5d73e224e565716f36406ec7f7b68cd78c7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 20:42:45 GMT
Content-Encoding: gzip
Last-Modified: Tue, 10 Jan 2023 10:59:51 GMT
Server: Microsoft-IIS/10.0
ETag: "2d4a10aae224d91:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 1170

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 9504 22 KB
8 KB 7ms
6ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 489528
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 10 May 2023 04:43:57 GMT
expires: Thu, 09 May 2024 04:43:57 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 227B 70 B
264 B 33ms
32ms Image
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEK-Ba0DIvZ50GQq8VgQHsj8&google_cver=1&google_push=ATf1kGMHK-B4sy1Zu6EL9Bca0dls2pyaoypQNByTkTuiC59zZp2dp8Zf8iwsrAJx1XY2E5vAbi-ZEshy7lsikTFkmVTjA1ex7hcO
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 227B
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEG-r3gCok_CQ6HTKS-rezLU&google_cver=1&google_push=ATf1kGPfuF5fy8MoOcPPCpsVVFhGtnLE5u7fgulMife6GuMk6BGWZFyCj3_fr6f9zqiL8EARv30...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEhQQkFFWlgtMjQtNVBNNw==&google_push=ATf1kGPfuF5fy8MoOcPPCpsVVFhGtnLE5u7fgulMife6GuMk6BGWZFyCj3_fr6f9zqiL8EARv300bBxNZ8aT2e0UpWj_TXY3jbWtrQ

170 B
188 B

27ms
26ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEhQQkFFWlgtMjQtNVBNNw==&google_push=ATf1kGPfuF5fy8MoOcPPCpsVVFhGtnLE5u7fgulMife6GuMk6BGWZFyCj3_fr6f9zqiL8EARv300bBxNZ8aT2e0UpWj_TXY3jbWtrQ

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEhQQkFFWlgtMjQtNVBNNw==&google_push=ATf1kGPfuF5fy8MoOcPPCpsVVFhGtnLE5u7fgulMife6GuMk6BGWZFyCj3_fr6f9zqiL8EARv300bBxNZ8aT2e0UpWj_TXY3jbWtrQ
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 5b959e9b7aef6dd90a6fa539ca64ac62
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 227B
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESELQXSGJqEpsDJB_bsWeFOf0&google_cver=1&google_push=ATf1kGN4OKpIcMoYSX4jC-zTVCjqIKL_vK0rkvp2-npARnsEMV_QAWISZCsRqS9hnQBvN3DuTm4VZ7jIE0PH...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGN4OKpIcMoYSX4jC-zTVCjqIKL_vK0rkvp2-npARnsEMV_QAWISZCsRqS9hnQBvN3DuTm4VZ7jIE0PHvtdzQJylADdh86_uhw

170 B
188 B

26ms
26ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGN4OKpIcMoYSX4jC-zTVCjqIKL_vK0rkvp2-npARnsEMV_QAWISZCsRqS9hnQBvN3DuTm4VZ7jIE0PHvtdzQJylADdh86_uhw

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGN4OKpIcMoYSX4jC-zTVCjqIKL_vK0rkvp2-npARnsEMV_QAWISZCsRqS9hnQBvN3DuTm4VZ7jIE0PHvtdzQJylADdh86_uhw
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 227B
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESELghKnXhXdIiJ2YGroFYnAU&google_cver=1&google_push=ATf1kGNFkDGIKRm5IFa7RyEGbztyto1a5QTDQo5UPOtzIv-guNoXuCYHybrCB7UkAQJllGX0tBdqJ_8guZYBEcAvRdr_b8VlqmTq
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDY0NTM4NjM3NTk5NDc4ODc5ODQz&google_push=ATf1kGNFkDGIKRm5IFa7RyEGbztyto1a5QTDQo5UPOtzIv-guNoXuCYHybrCB7Uk...

170 B
188 B

26ms
26ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDY0NTM4NjM3NTk5NDc4ODc5ODQz&google_push=ATf1kGNFkDGIKRm5IFa7RyEGbztyto1a5QTDQo5UPOtzIv-guNoXuCYHybrCB7UkAQJllGX0tBdqJ_8guZYBEcAvRdr_b8VlqmTq

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDY0NTM4NjM3NTk5NDc4ODc5ODQz&google_push=ATf1kGNFkDGIKRm5IFa7RyEGbztyto1a5QTDQo5UPOtzIv-guNoXuCYHybrCB7UkAQJllGX0tBdqJ_8guZYBEcAvRdr_b8VlqmTq
date: Mon, 15 May 2023 20:42:45 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 sync
ssbsync.smartadserver.com/api/ Frame 227B 0
44 B 17ms
16ms Image
text/plain 185.86.139.93
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEFE3Aw1rOlM-_BW7nTU-7Pg&google_cver=1&google_push=ATf1kGNWiDhVscAk5lmspYU34_q0PbjD16gkfAo0faXpdgeafCzWLAmzXjkGihxveM2WfrPLA2HQ3Uf-y8I3ZHmM6DSLflrGN_W9
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.93 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
content-length: 0

GET
H2

200

report
sync.teads.tv/um/ Frame 227B
Redirect Chain

https://sync.teads.tv/um?eid=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEJpYJqFNU3G0XdlUbcZGPqc&...
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=ATf1kGPmiE5dM6y6xQ7zEm_MbOj7QnFwuxGs48N2VI5bRk9PwXofAUnYlpQR8RigwbH_eBvbITfenwzbPYzYffJvSZVAHGGKSJQDPuQ
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

23 B
172 B

282ms
282ms

Image
image/gif

104.111.217.42
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Protocol: H2
Server: 104.111.217.42 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-217-42.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

expires: Mon, 15 May 2023 20:42:46 GMT
pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 227B
Redirect Chain

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEI2PMtZvp...
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=8a126298-bee8-44c9-bd96-f06275f7d961&%%GOOGLE_PUSH_PAIR%%

170 B
188 B

27ms
27ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=8a126298-bee8-44c9-bd96-f06275f7d961&%%GOOGLE_PUSH_PAIR%%

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=8a126298-bee8-44c9-bd96-f06275f7d961&%%GOOGLE_PUSH_PAIR%%
date: Mon, 15 May 2023 20:42:45 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 227B 0
12 B 16ms
15ms Image
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JZ9w_e7SLT5oNM11tFKkQezSqnlRiOn793O8kb_pnh5VezIjL-GQYKDpbFgXCoQtfnFd7u7pQ

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

POST
H2 200 all
csm.eu.criteo.net/ Frame 5072 0
127 B 13ms
11ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=-toyOVw-_Msrj2KhyrG1VkboScN0ETmAa42gXwoM1pdXmcfFFHhqgmmV7h9WVNQkooEM56AUBo-uBWnBiL0d0RI9QIE0OKBlgfD3f1Amb5mh8XBkcaX68zfq9GC7wlkK1AsN77Ibp1vrbnPstmOW0jKCTwn-LLs9OyiYo9-KCotsVqnUcxZuQToA_LY6vhWM39hGztajZtgtunwgxESdLFjh2uK15SowgL2xnTspWDwod6hlBlWC1rVVLk66PZZPypNZPg&sds=2&rev=86118.2&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 15 May 2023 20:42:45 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 5072 2 KB
1 KB 15ms
15ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:45 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 5072 2 KB
1 KB 21ms
21ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:45 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 15EC
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEDI_PUIbBJFYCv6VwoC0hI4&google_cver=1&google_push=ATf1kGPVzealvB9Bv9K6XB_PIrRhVrCf3XL8wGwck2dZRyCI6nDcxt7mYXapqSfU8SGQWA_RqK6iQEgmO3S1JNH6yVy7...
https://a.sportradarserving.com/sync?ssp=bidswitch&bidswitch_ssp_id=google
https://x.bidswitch.net/sync?dsp_id=409&expires=14&user_group=1&user_id=28518217-43a4-4d5a-bb0c-9322758a0795&ssp=google
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ATf1kGPVzealvB9Bv9K6XB_PIrRhVrCf3XL8wGwck2dZRyCI6nDcxt7mYXapqSfU8SGQWA_RqK6iQEgmO3S1JNH6yVy7mObeWyBGgA&google_hm=ihJimL7oRMm9lvBidffZYQ==

170 B
188 B

21ms
21ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ATf1kGPVzealvB9Bv9K6XB_PIrRhVrCf3XL8wGwck2dZRyCI6nDcxt7mYXapqSfU8SGQWA_RqK6iQEgmO3S1JNH6yVy7mObeWyBGgA&google_hm=ihJimL7oRMm9lvBidffZYQ==

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=ATf1kGPVzealvB9Bv9K6XB_PIrRhVrCf3XL8wGwck2dZRyCI6nDcxt7mYXapqSfU8SGQWA_RqK6iQEgmO3S1JNH6yVy7mObeWyBGgA&google_hm=ihJimL7oRMm9lvBidffZYQ==
date: Mon, 15 May 2023 20:42:45 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 15EC
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEIm9Oo89tHB5bw_cwhAUhVo&google_cver=1&google_push=ATf1kGNNQxvYE2pGw2EqLQmLf8atelbX2SPjU_AfUkA0v8qXKACTZd4GB1u9BOkEAzlZbtNs5WglnZ8AGuFkluAuiR3-46o...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=ATf1kGNNQxvYE2pGw2EqLQmLf8atelbX2SPjU_AfUkA0v8qXKACTZd4GB1u9BOkEAzlZbtNs5WglnZ8AGuFkluAuiR3-46orhFq-Ew&google_hm=eS1MTHR5TTRsRTJwRnZP...

170 B
188 B

18ms
18ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=ATf1kGNNQxvYE2pGw2EqLQmLf8atelbX2SPjU_AfUkA0v8qXKACTZd4GB1u9BOkEAzlZbtNs5WglnZ8AGuFkluAuiR3-46orhFq-Ew&google_hm=eS1MTHR5TTRsRTJwRnZPVkVMdXRRa3h5bjNRNmViTkRBSX5B

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 15 May 2023 20:42:45 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=ATf1kGNNQxvYE2pGw2EqLQmLf8atelbX2SPjU_AfUkA0v8qXKACTZd4GB1u9BOkEAzlZbtNs5WglnZ8AGuFkluAuiR3-46orhFq-Ew&google_hm=eS1MTHR5TTRsRTJwRnZPVkVMdXRRa3h5bjNRNmViTkRBSX5B
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 15EC
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESENxAkvn7GgkL1X_U9e5U7cs&google_cver=1&google_push=ATf1kGODtoPQCeq6RySDxCNm9-ZAgcOlR_ab43X1K8x4Vrk0SZRwyBEOaqtx966NmIw8lpIxJOc793H50hNvTd6zZ_vs346...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESENxAkvn7GgkL1X_U9e5U7cs&google_cver=1&google_push=ATf1kGODtoPQCeq6RySDxCNm9-ZAgcOlR_ab43X1K8x4Vrk0SZRwyBEOaqtx966NmIw8lpIxJOc793H50hNvTd6zZ_vs3...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ATf1kGODtoPQCeq6RySDxCNm9-ZAgcOlR_ab43X1K8x4Vrk0SZRwyBEOaqtx966NmIw8lpIxJOc793H50hNvTd6zZ_vs3464FDBMcw

170 B
188 B

20ms
19ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ATf1kGODtoPQCeq6RySDxCNm9-ZAgcOlR_ab43X1K8x4Vrk0SZRwyBEOaqtx966NmIw8lpIxJOc793H50hNvTd6zZ_vs3464FDBMcw

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ATf1kGODtoPQCeq6RySDxCNm9-ZAgcOlR_ab43X1K8x4Vrk0SZRwyBEOaqtx966NmIw8lpIxJOc793H50hNvTd6zZ_vs3464FDBMcw
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 15EC
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEG-r3gCok_CQ6HTKS-rezLU&google_cver=1&google_push=ATf1kGODwRjhfQUQ1pTq20UXi3iSPcqUaspdxORfJJsWgTrqNNyv7r2ORA8VaE8_A6aLZI_gwbI...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEhQQkFFWlgtMjQtNVBNNw==&google_push=ATf1kGODwRjhfQUQ1pTq20UXi3iSPcqUaspdxORfJJsWgTrqNNyv7r2ORA8VaE8_A6aLZI_gwbIPnt4vObatYMFYYV1ubmuTqjAfqQ

170 B
188 B

21ms
20ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEhQQkFFWlgtMjQtNVBNNw==&google_push=ATf1kGODwRjhfQUQ1pTq20UXi3iSPcqUaspdxORfJJsWgTrqNNyv7r2ORA8VaE8_A6aLZI_gwbIPnt4vObatYMFYYV1ubmuTqjAfqQ

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEhQQkFFWlgtMjQtNVBNNw==&google_push=ATf1kGODwRjhfQUQ1pTq20UXi3iSPcqUaspdxORfJJsWgTrqNNyv7r2ORA8VaE8_A6aLZI_gwbIPnt4vObatYMFYYV1ubmuTqjAfqQ
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 5b959e9b7aef6dd90a6fa539ca64ac62
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 15EC
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEJ...
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=ATf1kGO9DFcFfkjPElg4U58l7mN7_8__gzyqZcICF30UxYVGuOgXtiL7jl8nw03Zj1QJWuWEt0ezJj4F4UBttqYCF7-i0wneUTYCoA&redir=https%3A%2F%2Fcm.g.dou...
https://sync.targeting.unrulymedia.com/csync/RX-6a1819c8-ec9d-4825-8cf8-3c9b0068a6c3-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DATf1kGO9DFcFfkjPElg4U58l7...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=ATf1kGO9DFcFfkjPElg4U58l7mN7_8__gzyqZcICF30UxYVGuOgXtiL7jl8nw03Zj1QJWuWEt0ezJj4F4UBttqYCF7-i0wneUTYCoA&google_hm=A2oYGcjsnUgljPg8mwBopsM

170 B
188 B

20ms
17ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=ATf1kGO9DFcFfkjPElg4U58l7mN7_8__gzyqZcICF30UxYVGuOgXtiL7jl8nw03Zj1QJWuWEt0ezJj4F4UBttqYCF7-i0wneUTYCoA&google_hm=A2oYGcjsnUgljPg8mwBopsM

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=ATf1kGO9DFcFfkjPElg4U58l7mN7_8__gzyqZcICF30UxYVGuOgXtiL7jl8nw03Zj1QJWuWEt0ezJj4F4UBttqYCF7-i0wneUTYCoA&google_hm=A2oYGcjsnUgljPg8mwBopsM
date: Mon, 15 May 2023 20:42:45 GMT
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RX6a1819c8ec9d48258cf83c9b0068a6c3003
content-type: text/html

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 15EC
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESELghKnXhXdIiJ2YGroFYnAU&google_cver=1&google_push=ATf1kGNGMFzZl7XF2oU8mmKgtC2-12KmSvoWZjN5s4-VNQvjy3KqGBTDdLV6pNMOMqJoZT0jAe3crhZqSEIznO7owEEpVzWr_tK7
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDY0NTM4NjM3NTk5NDc4ODc5ODQz&google_push=ATf1kGNGMFzZl7XF2oU8mmKgtC2-12KmSvoWZjN5s4-VNQvjy3KqGBTDdLV6pNMO...

170 B
188 B

18ms
18ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDY0NTM4NjM3NTk5NDc4ODc5ODQz&google_push=ATf1kGNGMFzZl7XF2oU8mmKgtC2-12KmSvoWZjN5s4-VNQvjy3KqGBTDdLV6pNMOMqJoZT0jAe3crhZqSEIznO7owEEpVzWr_tK7

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDY0NTM4NjM3NTk5NDc4ODc5ODQz&google_push=ATf1kGNGMFzZl7XF2oU8mmKgtC2-12KmSvoWZjN5s4-VNQvjy3KqGBTDdLV6pNMOMqJoZT0jAe3crhZqSEIznO7owEEpVzWr_tK7
date: Mon, 15 May 2023 20:42:45 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2

200

report
sync.teads.tv/um/ Frame 15EC
Redirect Chain

https://sync.teads.tv/um?eid=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESEJpYJqFNU3G0XdlUbcZGPqc&...
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=ATf1kGP2i1KZYWsnLH51c-e7CwQU5of7JCW08RwEYvo6jICAWIcgslO2bj9MeIYUt0K9imZpLKo9FCdr_6ysgT_aCafY27gpgOVz6Wk
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

23 B
172 B

263ms
263ms

Image
image/gif

104.111.217.42
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 104.111.217.42 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-217-42.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

expires: Mon, 15 May 2023 20:42:46 GMT
pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 15EC 0
12 B 16ms
15ms Image
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13L2FLYglf8ric11P4-m8NrZg8_X6SfvCCMXYCDGhii682xId3RgsFsauG5obMYz9ZLjwq3hGw

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H/1.1 200
OK dvbs_src.js Show response
cdn.doubleverify.com/ Frame 9151 2 KB
1 KB 6ms
6ms Script
application/javascript 2a02:26f0:3500:d::1732:83d6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvbs_src.js?ctx=11655933&cmp=1699623&plc=63096195&sid=1366186&dvregion=0&unit=728x90&aufilter1=165376&autt=1&aubndl=&audeal=&auevent=0&prr=1&ppid=111&auadv=165376&aucmp=1699623&auorder=1495266&aucrtv=58044479&auadid=1366186&c6=1447160&c8=&auplc=10546188&turl=&c1=VF-DE+Deutschland&c2=DE_23_AO_P_C_G_M_cic-215-cre----per-apl-dive-Tracking-PER&c3=RT_PD_C-215-mul-stc-ret&c4=i14pro_pre_20p_230404_1456x180&c5=Doubleclick+DBM&c7=Doubleclick+DBM+(Media)&c9=&c10=Adform_AO_AL_None_BNR_CM_mul-stc-Pre-Tracking
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:d::1732:83d6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: e189eb8fb761166a6d657a8dbea2c5d73e224e565716f36406ec7f7b68cd78c7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 20:42:45 GMT
Content-Encoding: gzip
Last-Modified: Tue, 10 Jan 2023 10:59:51 GMT
Server: Microsoft-IIS/10.0
ETag: "2d4a10aae224d91:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 1170

GET
H/1.1 200
OK request.php Show response
hal900030.redintelligence.net/ Frame 83DE 3 KB
2 KB 115ms
81ms Script
application/x-javascript 136.243.149.243
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900030.redintelligence.net/request.php?zone=yrsa821xsiee&nw=20&renderingType=javascript&namespace=5de006cdfc&subid=&uid=b42ec0ac686be19f&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DOcLKBqXs4PUzRjyOPV5oug%26exch_seat%3D20035004448%26mt_aid%3D8729487099446118158%26mt_id%3D6622327%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D41296462-9945-4901-80b6-19bce004af2d%26mt_cid%3D41296462-9945-4901-80b6-19bce004af2d%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCzlTgRJliZMTKGpfAbY_rleABz4eOm1zAhtmCxgLAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCeACAKgDAaoE-QFP0EwrU6v5G0YDZTOnOJeV9arg-id_R9ibzq-fT7AFxHhE9lLyQBlFoOWhPyEuoi2z42nyw8t4QNgQpP01SfySDvcQa5BbtIAAcO3fUXdbbVXwt6vtyali-Y2HF9GSEWjTSCu50fPNKbnnSfWlMrSHqptwZh7N_f-BgZlntjQ8AnbOBI-wZS7dC8Ct72Wk6R9YvS_MxAipJBmMdVwvjxfQn1E3foZqjsv0X9owJZgOOyFQ5vWQGF8HY6ilAvG0-shlfT2DrDL2MO8JThar-7BSNGUhgjvbW7uQa3Sg2neJLNiVbO8RdmdP3GJtaDTflTQqmGwc0FKv43bgBAGABrPp9fjfzMC4uQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_2X2YfjPd3eWDpqGLQzBh2UYx4riw%2526client%253Dca-pub-7554793497192362%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fa8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&ancestorOrigins=null&random=8692253513304&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Requested by: Host: hal9000.redintelligence.net
URL: https://hal9000.redintelligence.net/zone/yrsa821xsiee?subid=&gdpr=1&gdpr_consent=li&rnd=8729487099446118158&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:adx&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DOcLKBqXs4PUzRjyOPV5oug%26exch_seat%3D20035004448%26mt_aid%3D8729487099446118158%26mt_id%3D6622327%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D41296462-9945-4901-80b6-19bce004af2d%26mt_cid%3D41296462-9945-4901-80b6-19bce004af2d%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCzlTgRJliZMTKGpfAbY_rleABz4eOm1zAhtmCxgLAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCeACAKgDAaoE-QFP0EwrU6v5G0YDZTOnOJeV9arg-id_R9ibzq-fT7AFxHhE9lLyQBlFoOWhPyEuoi2z42nyw8t4QNgQpP01SfySDvcQa5BbtIAAcO3fUXdbbVXwt6vtyali-Y2HF9GSEWjTSCu50fPNKbnnSfWlMrSHqptwZh7N_f-BgZlntjQ8AnbOBI-wZS7dC8Ct72Wk6R9YvS_MxAipJBmMdVwvjxfQn1E3foZqjsv0X9owJZgOOyFQ5vWQGF8HY6ilAvG0-shlfT2DrDL2MO8JThar-7BSNGUhgjvbW7uQa3Sg2neJLNiVbO8RdmdP3GJtaDTflTQqmGwc0FKv43bgBAGABrPp9fjfzMC4uQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_2X2YfjPd3eWDpqGLQzBh2UYx4riw%2526client%253Dca-pub-7554793497192362%2526adurl%253D%26redirect%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.149.243 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.243.149.243.136.clients.your-server.de
Software: Apache /
Resource Hash: 0445e6a9403b7230fb3b80ec6e4a846ec870caddf316ef53001a0bed7e1db253

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:45 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 52485300187141600951401012325030
Connection: close
Content-Length: 1115
Expires: Mon, 15 May 2023 21:42:45 +0200

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame E194 2 KB
1 KB 15ms
15ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZGKZRAANUzQKhZ5XAAKhjiIm_-e-d2EdGMq2Aw&u=%7ClPoQj%2FclhXecBmEy438X%2FHJS4GUup4DQuYpNN8Lz2qw%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNy44cDHK1QYNdJ71gdyCWvw29y1GxtacI6iVoVnLQ5srUOwC-sDBJIjvRCy3Ss-BiCTuGilNUvwWl_sxa8C-mAkgNESHrW4cfocwwU0fFERcUXaVimzaNmtft-zqwjxz0fwhBcJkJMCJsPs7bVDAxrImZCVXp5OA57i9nbKaJTl7PbWklNS0ZWsv2agltlLAo2krUHlmUWZd10RWT15UuMLRKhE0BZwaBs9qkwsQU0H7Zqi5AReM4D90xZ8M4uGbv_3f2XPLUXymXSmGpeE3p9ve9c-hWBsFWTecjevyfJSXRXXdDm1-j1lbDxJhgHtT44Ul-ziNcvBUeoM_KhXtqbTmYuKz9PLh-LSBjXuZId9jl5GnxjaL0MA1-NnyRUvRsbXdjl7jKdaPqgK0DjuH2BgvNhTYY-VQYm2o_jbKZUqVE9sWil28kgK7Y5_CHBV66VDch6Q5uiwOUb8_PWsGGmdu63VMNfq_6dtmcMo9Tpg-xsIQfJ0fdqjER8YejiQzc2S-CQ3VrKCXuH2lRcWGwmhoNSxzA0mrj7frwPbIy9wCEKemx5QulFZ8aoTldGzAeQRDaDkM-mhhFevAY_FyWoX-wQvy2qDtp&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC4GdCRJliZLSmNde8lgSOw4rYCsme0rFc1Z2R93DAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCakCuEm_tTNnsj7gAgCoAwGqBPgBT9BLRlARnZYEN_mWNpKXeyY22lGGufW_QmuyqSgZZXg-m-N0Ac6EMIQdImiI-raS5wvvCmo1C_rrOYJKVUrxR4U_WHYUKzs2mNSQ6sH5vIY42KeY-P7ccNeGZhz0Hh0-IRcu3tQ3j3xFeehRTWbMt3RQ6NHjfvOFE_BjwRcwYvgMJx7Vo1Q7GrM1VsU3rdvybJWVfJOt0fmVNGUvQcYGembC0tEWYCSvY02U8QTDYWVrIv_MZLUyUDyhPCu6ENajGbD1iTOdghOqa_y2naxqADBpBeQrNnEOS3MV0VYN_x_HseA9C-rDbiRXIH2m4zvfGg9n2yD5vpfgBAGABpHNpJqwz_r1nQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3fgiOUsz2t9mXAi5WAxr8FIo_7BQ%26client%3Dca-pub-7554793497192362%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:45 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame E194 2 KB
1 KB 13ms
13ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:45 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame E194 308 B
636 B 17ms
16ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Thu, 09 May 2024 20:42:45 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame E194 293 B
621 B 17ms
16ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Thu, 09 May 2024 20:42:45 GMT

GET
H2 200 lg.php
cat.fr3.eu.criteo.com/delivery/ Frame E194 43 B
347 B 19ms
18ms Image
image/gif 178.250.7.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.fr3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=MNyuYpTf_M2yoDUfVFEMIP-ZYpZg8xKHGoeUv03_HcBLZZrDOiGEYBcxnU-4Mb4i1L7O92IUbAbGPmZwdmW2G5WM4LiiGqkqZmIHCcTUHal9-tSpbsHVhd60eZ9Be6Y9wXPMNZWxVBqopqu2Cg0ZMYp1lYiLkLKVP3pzafB57A7Es0oIfMmh8vXlIYNnqYTMZtlqYK2K4Yy4CQ31__K8tELifcuXOJXFnTn2W1Ov-c19Iak7qOidsKS2ukfJjuGZU7sE4IiOOUpk--JUwCA2rY1BL39tayJtdjb9N8FZc_JjWt3ZkzUx1liEjnDMdYHiTENUMQZav6qFJhMFcRTmFiJzfXgqCTbcQoqLSuvKeTZQfvTF1w4Iaw7sk9KmqM4-O42tV0Pre1VOZLIqEMxEIlygClMYtZKVkxG6c50WQdzWtTUH

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1718044
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3

200

B29933196.366647091;dc_pre=CLuC_PmX-P4CFWyJgwcd2ncEKA;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=6462994537896d9b3ee4c54f1c6e68a8;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tf...
ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/ Frame E194
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/B29933196.366647091;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=6462994537896d9b3ee4c54f1c6e68a8;dc_lat=;dc_rdid=;tag_for_...
https://ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/B29933196.366647091;dc_pre=CLuC_PmX-P4CFWyJgwcd2ncEKA;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=6462994537896d9b3ee4c54f...

42 B
63 B

26ms
25ms

Image
image/gif

142.250.186.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/B29933196.366647091;dc_pre=CLuC_PmX-P4CFWyJgwcd2ncEKA;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=6462994537896d9b3ee4c54f1c6e68a8;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=1;;ltd=;dc_tdv=1?

Requested by

Protocol

Server

142.250.186.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/B29933196.366647091;dc_pre=CLuC_PmX-P4CFWyJgwcd2ncEKA;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=6462994537896d9b3ee4c54f1c6e68a8;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=1;;ltd=;dc_tdv=1?
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 4debdac53ee04751bc04e558cff50a52_image_ad_728x90.png
static.criteo.net/design/dt/102052/230505/ Frame E194 121 KB
122 KB 14ms
13ms Image
image/png 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/design/dt/102052/230505/4debdac53ee04751bc04e558cff50a52_image_ad_728x90.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

e9f4804016ce37219673d8ff2f1720cf85d410d80f25c30c95d2c63af87b356c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 05 May 2023 09:28:27 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "6454cc3b-1e5b2"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 124338
expires: Thu, 09 May 2024 20:42:45 GMT

GET
H3 200 container.html Show response
a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 2F25 6 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:43 GMT
expires: Tue, 14 May 2024 20:42:43 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame A168 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 24afc3775f4665be2c61aec64e7d71965aa9cc7ebf912da6d53de91afde19a23

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 24A2 0
0 53ms
52ms Fetch
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CWA1jRJliZMGgNIGOlgTd55jwBcme0rFc1Z2R93DAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCakCuEm_tTNnsj7gAgCoAwGqBPUBT9BzyjdolNELFZa-XZom9l4H5kfOhENus1nFdSjl10qOYpK86x9hdMUT1JcYEDIrZcJ3EClmflJvHgp13jpHijTgeuQcCMPommrilOKvB2BwShnf8xszjHrLV9jW_BEj5VIx7AapiFBGoNpkFToNiMK4l8mc6vZLGBYQosfS9XoC0AQUt3xjxNKgGAYN62x1x9bLcTwGWDnhnF5cNy5g-9NCEDe4XPkkXD54lJWzUvsbYSXi5HoBj3Gs3qtasRdCX8CPCeAUTjTeSxabPLd29j_14jYg1mqOjcl_AR_qjDKTTA2TmSuWFL0Ku6UcM98_I_93MCjgBAGABpHNpJqwz_r1nQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBAgAoD-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTc1NTQ3OTM0OTcxOTIzNjIY_KBy&sigh=aMMrsyVUfwA&uach_m=[UACH]&cid=CAQSPABygQiDEzCqZ0y3t7TxfkNrdEeiF2lEj_6ItVyJK4ZfuzwYEpUPEm_CtqFe3byXq6OfPeBcdtSP94ZpVxgB
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

GET
H2 200 notify
rtb.fr3.eu.criteo.com/google/auction/ Frame 24A2 0
0 18ms
17ms Fetch 2a02:2638:d::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://rtb.fr3.eu.criteo.com/google/auction/notify?profile=14&payload=kP7cFsg12AVanYNiAgIAAAAcjTZAv_FZDhBEmWJkGNSdOpxBc1EqkQAAEgAACgpBUVVCRHdFQkR3&wp=ZGKZRAANEEEKhYcBAAYz3Q9_vX-1fvPENDNopQ

Requested by

Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:44 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 152895
server: Kestrel
content-length: 0

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame C218 53 KB
20 KB 24ms
21ms Document
text/html 2a02:2638:d::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZGKZRAANEEEKhYcBAAYz3Q9_vX-1fvPENDNopQ&u=%7ClPoQj%2FclhXdvqlwWQbO8Y%2FuqEZjLqy8FZY11Fduq%2Fs0%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNy44cDHK1QYNdJ71gdyCWvw29y1GxtacI6iVoVnLQ5srUOwC-sDBJIjvRCy3Ss-BiCTuGilNUvwWk5lKhuw8D1F0vOWT_GsbReDzboeNqNymdHAYROFUloaor91iUASEiShYsdbW4BisHsvzeNuZrPekOUTv0yf4Gp9328cojWQq9DLpJzvZZEoVSCnvQ3tut4lvrHFJvEBIEF6URi-LhG-il4nPUa1PbBYi1dhuAD3l-lX2A0VPwDJFwSlpJXy6awUuo1auRrzIXvsVt-DomHbejWvK1EVMo9RAWEb9qxVqSTcaBNvo2jSjvII1n8FhTHAfQpWS-e45evfwdZQMErP2vpWabAGwiuawsda5B_NCXfOfPnp-1Wqhmkh2oq1zrG7zWMmQY9b4GAJ4iI1GMtQmEGbkeOGNTA3VC75nWMuaWVjvGsEd63Sh8HpsQpgs-sVYPs3B-gVsNrjyV2KzWdJGI4kTuWCOoxzAcOc6Q3EHVcKm8UkKIsJnA-9Xrz03FndszCGR0DLjLInOHSSj7jjOVGhiSrYbal8-yxhc8-WizljQMdJpZ8afjK02bQ1gQwErJCBTS15xEAqRzI_u89zCZwGLY_EPJ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC4kN-RJliZMGgNIGOlgTd55jwBcme0rFc1Z2R93DAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCakCuEm_tTNnsj7gAgCoAwGqBPgBT9BzyjdolNELFZa-XZom9l4H5kfOhENus1nFdSjl10qOYpK86x9hdMUT1JcYEDIrZcJ3EClmflJvHgp13jpHijTgeuQcCMPommrilOKvB2BwShnf8xszjHrLV9jW_BEj5VIx7AapiFBGoNpkFToNiMK4l8mc6vZLGBYQosfS9XoC0AQUt3xjxNKgGAYN62x1x9bLcTwGWDnhnF5cNy5g-9NCEDe4XPkkXD54lJWzUvsbYSXi5HoBj3Gs3qtasRdCX8CPCeAUTjTeSxabPLd2tD3UcLGvSnkxEd3c0SJMdDuHRruZtzMUoHU3HVejLfMnplXzI5cTry3gBAGABpHNpJqwz_r1nQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3YoFG9rxa9FX3lZtObEGPDint-bQ%26client%3Dca-pub-7554793497192362%26adurl%3D

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

1ce8bf8e34655a01a9f3f70fac7fc0f21339b305de94022fe8ff555cda443190

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:45 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=ulqlw1w-_Msrj2KhV7kRWTmL5LmeYpJoiCbUg6fEtcVzHcJO4JqXx6e1VlFN66rVwnl2TrRXMzgYWdifUH1Kv2GrBboARm4AD9sZM5JuUhCLkCYr-gTzJIpcX6I7KUvDm2PdyIvXlscOr7WDdM2_KvtWauUfh-lewGBrjGZOuXIGB_BhVCAf81dn3Gq5f35NU8CFNKp9SOhvs0AgYiBd5ceLrkiQixMKLoOq8a9RUrPZ8AWUT2c7rpUz6fw"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 2974266
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/ Frame 24A2 3 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/window_focus_fy2021.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 18:31:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7894
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 May 2023 18:31:11 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame E1B2 1 KB
643 B 11ms
9ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34712
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 11:04:13 GMT
etag: 48472445140208031
expires: Tue, 16 May 2023 11:04:13 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/ Frame 24A2 19 KB
8 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

01dcaf85f2ae23a30115cf4a663e90b4a507dc688c4c17f9ebddc3cf19fee780

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 12:20:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30107
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7937
x-xss-protection: 0
server: cafe
etag: 2499949999788435271
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 May 2023 12:20:58 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 24A2 0
0 16ms
14ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaShKZB2fNM75Jr59tM4CjL4MqepDkZ6ime39YooDGCuF3xB3vFemCB_a7KI-TK6NgCnTvTi_WTlazqZlTtB2HE8cXLH1Q
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 24A2 24 KB
6 KB 11ms
9ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Fri, 12 May 2023 14:52:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 280230
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 11 May 2024 14:52:15 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 24A2 169 KB
52 KB 69ms
67ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fdc79b8c47c6d5c20def82fa5f6a91e3cbe3057bff3f8b14b5c2c71dc9b57ec4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53545
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1683718549123860"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 15 May 2023 20:42:45 GMT

GET
H/1.1 200
OK u072l68m42xn Show response
hal9000.redintelligence.net/zone/ Frame AAD3 10 KB
3 KB 41ms
17ms Script
text/html 136.243.149.243
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/u072l68m42xn?subid=&gdpr=0&gdpr_consent=&rnd=4117801079945004504&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:ruc&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3D4b1421ee442483292434692d465025a1b20ac66a%26mt_aid%3D4117801079945004504%26mt_id%3D11644866%26mt_adid%3D215543%26mt_sid%3D13527086%26mt_exid%3D9%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D42296462-9945-4b01-b126-3a5e83bcf37d%26mt_cid%3D42296462-9945-4b01-b126-3a5e83bcf37d%26mt_3pck%3Dhttps%253A%2F%2Fbeacon-nf.rubiconproject.com%2Fbeacon%2Fv3%2Ft%2Fams3%2F0%2F8c2834a0-3760-4975-bad7-65f9bd1ce8fd%2F%26redirect%3D
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.149.243 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.243.149.243.136.clients.your-server.de
Software: Apache /
Resource Hash: 54489629ab63051ecaa392b0ae99224fd2019e284fc23cd1a58b755b7d183ab3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 20:42:45 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 2966
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK img
pixel.mathtag.com/event/ Frame AAD3 43 B
416 B 34ms
33ms Image
image/gif 2.18.233.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.mathtag.com/event/img?mt_id=1368875&mt_adid=216764&v1=9&v2=4117801079945004504&v3=1343640&v4=13527086&v5=11644866&mt_nsync=1&no_attr=1
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=ruc&s_exch=ruc&id=5aW95q2jLzIzLyAvWkRJM05ETmxaREF0Wm1VME15MHdZbUptTFRBd01EQXRNREF3TURBd01EQXdNREF3LzQxMTc4MDEwNzk5NDUwMDQ1MDQvMTE2NDQ4NjYvMTM1MjcwODYvOS9jSGRFdmg2M3BIVnJqNXRsQzhUanMzT0VvM0JtUVc3R0RUcThVLWg3NmZBLzEvOS8wLzAvMjEzNDIwMS8wLzIxNTU0My8xMzQzNjQwLzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvNDExNzgwMTA3OTk0NTAwNDUwNC96cmgvMC8xMDAxMy83MS85OTkvMi8yYTAyOjZlYTA6YzcxYjo6LzAuMDAwLzE2ODQxODMzNjMvMTY4NDE5NTk2My85LzE3MDQ2Lw/wVfGoPEVGDuGcm62fcgBAXF67pc&nodeid=3772&group=zrh&auctionid=4117801079945004504&pbs_auctionid=4117801079945004504&shardkey=4117801079945004504&sid=13527086&cid=11644866&bp=a_bjiibd&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.133.220&3pck=https%3A%2F%2Fbeacon-nf.rubiconproject.com%2Fbeacon%2Fv3%2Ft%2Fams3%2F0%2F8c2834a0-3760-4975-bad7-65f9bd1ce8fd%2F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-201.deploy.static.akamaitechnologies.com
Software: MT3 851 9bd98ae master cdg-pixel-x29 config_version:"unknown" /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 20:42:45 GMT
Server: MT3 851 9bd98ae master cdg-pixel-x29 config_version:"unknown"
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Content-Type: image/gif
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 43
Expires: Mon, 15 May 2023 20:42:44 GMT

GET
H/1.1 200
OK img
tags.mathtag.com/event/ Frame AAD3 49 B
330 B 26ms
24ms Image
image/gif 185.29.134.245
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tags.mathtag.com/event/img?type=mmImpTrack&exch=ruc&bid=4117801079945004504&st=13527086&time=1684183365&nodeid=3772
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=ruc&s_exch=ruc&id=5aW95q2jLzIzLyAvWkRJM05ETmxaREF0Wm1VME15MHdZbUptTFRBd01EQXRNREF3TURBd01EQXdNREF3LzQxMTc4MDEwNzk5NDUwMDQ1MDQvMTE2NDQ4NjYvMTM1MjcwODYvOS9jSGRFdmg2M3BIVnJqNXRsQzhUanMzT0VvM0JtUVc3R0RUcThVLWg3NmZBLzEvOS8wLzAvMjEzNDIwMS8wLzIxNTU0My8xMzQzNjQwLzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvNDExNzgwMTA3OTk0NTAwNDUwNC96cmgvMC8xMDAxMy83MS85OTkvMi8yYTAyOjZlYTA6YzcxYjo6LzAuMDAwLzE2ODQxODMzNjMvMTY4NDE5NTk2My85LzE3MDQ2Lw/wVfGoPEVGDuGcm62fcgBAXF67pc&nodeid=3772&group=zrh&auctionid=4117801079945004504&pbs_auctionid=4117801079945004504&shardkey=4117801079945004504&sid=13527086&cid=11644866&bp=a_bjiibd&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.133.220&3pck=https%3A%2F%2Fbeacon-nf.rubiconproject.com%2Fbeacon%2Fv3%2Ft%2Fams3%2F0%2F8c2834a0-3760-4975-bad7-65f9bd1ce8fd%2F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.29.134.245 , United Kingdom, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MMBD/3.387.2 /
Resource Hash: 1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 20:42:45 GMT
Server: MMBD/3.387.2
Content-Type: image/gif
Cache-Control: no-cache
x-mm-host: cdg-router-x39, zrh-bidder-x158
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 49
Expires: Mon, 15 May 2023 20:42:44 GMT

GET
H/1.1 200
OK js Show response
sync.mathtag.com/sync/ Frame AAD3 1 KB
1 KB 499ms
163ms Script
text/javascript 74.121.143.245
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.mathtag.com/sync/js?sync=auto&source=bidder&mt_lim=2&type=1,2
Requested by: Host: tags.mathtag.com
URL: https://tags.mathtag.com/notify/js?exch=ruc&s_exch=ruc&id=5aW95q2jLzIzLyAvWkRJM05ETmxaREF0Wm1VME15MHdZbUptTFRBd01EQXRNREF3TURBd01EQXdNREF3LzQxMTc4MDEwNzk5NDUwMDQ1MDQvMTE2NDQ4NjYvMTM1MjcwODYvOS9jSGRFdmg2M3BIVnJqNXRsQzhUanMzT0VvM0JtUVc3R0RUcThVLWg3NmZBLzEvOS8wLzAvMjEzNDIwMS8wLzIxNTU0My8xMzQzNjQwLzEvMC8wL01EQXdNREF3TURBdE1EQXdNQzB3TURBd0xUQXdNREF0TURBd01EQXdNREF3TURBdy8wLzAvMC8wLzAvNDExNzgwMTA3OTk0NTAwNDUwNC96cmgvMC8xMDAxMy83MS85OTkvMi8yYTAyOjZlYTA6YzcxYjo6LzAuMDAwLzE2ODQxODMzNjMvMTY4NDE5NTk2My85LzE3MDQ2Lw/wVfGoPEVGDuGcm62fcgBAXF67pc&nodeid=3772&group=zrh&auctionid=4117801079945004504&pbs_auctionid=4117801079945004504&shardkey=4117801079945004504&sid=13527086&cid=11644866&bp=a_bjiibd&nfy_act=LD5weg&type=adm&client=c2s&bfip=185.29.133.220&3pck=https%3A%2F%2Fbeacon-nf.rubiconproject.com%2Fbeacon%2Fv3%2Ft%2Fams3%2F0%2F8c2834a0-3760-4975-bad7-65f9bd1ce8fd%2F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.121.143.245 , United States, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MT3 851 9bd98ae master pao-pixel-x18 config_version:"unknown" /
Resource Hash: 340e11080b288b524fc976fdc70da0c4aa6b0ab5d65bb514aa0211dce326b045

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 20:42:45 GMT
Content-Encoding: gzip
Server: MT3 851 9bd98ae master pao-pixel-x18 config_version:"unknown"
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Content-Type: text/javascript
Cache-Control: no-cache
Connection: close
Expires: Mon, 15 May 2023 20:42:44 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 0717 24 KB
6 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Fri, 12 May 2023 14:52:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 280230
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 11 May 2024 14:52:15 GMT

GET
H2 200 creative.js Show response
cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/ Frame 0717 26 KB
9 KB 216ms
215ms Script
application/javascript 2a04:4e42:400::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e0bfcf41c566f571ea252620518b4bee4496dba2b1df9a1aa3e436f81592e1b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 15 May 2023 20:42:45 GMT
x-content-type-options: nosniff
content-encoding: br
age: 27668
x-jsd-version: 1.15.0
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 9276
x-served-by: cache-fra-eddf8230064-FRA, cache-gig2250047-GIG
x-jsd-version-type: version
etag: W/"6658-uUC6DsKFQz3nsj0JP3lp528lwJQ"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0717 169 KB
52 KB 142ms
141ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fdc79b8c47c6d5c20def82fa5f6a91e3cbe3057bff3f8b14b5c2c71dc9b57ec4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53545
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1683718549123860"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 15 May 2023 20:42:45 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 906A
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEPYbpoVJNDFNoQ42PDag9UQ&google_cver=1&google_push=ATf1kGMyxFdSMJh1qFz_FvJO9IfDuKWoi2p28PKvD0lzUNVJMj-HtOEudq...
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=ATf1kGMyxFdSMJh1qFz_FvJO9IfDuKWoi2p28PKvD0lzUNVJMj-HtOEudqoeGTDSMSC-MqPQrlBKh7gSDJ50XnddhMC7EO9r04gmqVaU-Kf43TiGDNW4JvJ5U5d...

170 B
188 B

19ms
17ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=ATf1kGMyxFdSMJh1qFz_FvJO9IfDuKWoi2p28PKvD0lzUNVJMj-HtOEudqoeGTDSMSC-MqPQrlBKh7gSDJ50XnddhMC7EO9r04gmqVaU-Kf43TiGDNW4JvJ5U5dx6X5Ne7TmB8-f4sKvNUY&google_hm=skAkrLmaK9CZOexuwIUP_A

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=ATf1kGMyxFdSMJh1qFz_FvJO9IfDuKWoi2p28PKvD0lzUNVJMj-HtOEudqoeGTDSMSC-MqPQrlBKh7gSDJ50XnddhMC7EO9r04gmqVaU-Kf43TiGDNW4JvJ5U5dx6X5Ne7TmB8-f4sKvNUY&google_hm=skAkrLmaK9CZOexuwIUP_A
pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
strict-transport-security: max-age=86400
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3 200 i.match
a.tribalfusion.com/ Frame 906A 43 B
620 B 168ms
164ms Image
image/gif 2606:4700::6812:18ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.tribalfusion.com/i.match?p=b6&u=CAESEHMKmf6dvbxCkAgG8Nlv0T0&google_cver=1&google_push=ATf1kGNfX7TZZxS8UMAe-ZufPDsTO6NhejnMvvkokMgu3CY_HoPZexh97M8OH5kh1xRXFo6w3EWLCaEPwPVD-G-JmUujaQjdeQ2k2kLu10QHGjlR5mwtGIYBMJF40QOpQEhfJFRkog4x_uI&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DATf1kGNfX7TZZxS8UMAe-ZufPDsTO6NhejnMvvkokMgu3CY_HoPZexh97M8OH5kh1xRXFo6w3EWLCaEPwPVD-G-JmUujaQjdeQ2k2kLu10QHGjlR5mwtGIYBMJF40QOpQEhfJFRkog4x_uI%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:18ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7c7e3592ebae2c7a-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame 906A 43 B
362 B 19ms
12ms Image
image/gif 178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DPUSH_DATA&google_gid=CAESEKW5RyA_gKOz3FlQvmotDhE&google_cver=1&google_push=ATf1kGMlJrQjsFvYXNyIXjhZItATS_SI7MpHa5qniR6STDaM43G48a8wvoOUErLhLtl1arp6fXz_zCBWqc1LJw7AZ540XmlDdCpYb8sUHOpBHMfRgBfbydb1AgBvMIN9YsDqlUUJ1X_s1Q

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 231274
expires: Mon, 15 May 2023 00:00:00 GMT

GET
H2 200 dds
rtb.openx.net/sync/ Frame 906A 43 B
103 B 20ms
14ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEJktBEQvC-6pnzoSTsKdE-Y&google_cver=1&google_push=ATf1kGOojwyCV0eVgacW-awDs9cZlEHGGQO5jsg7yWXVlIaO0MDAZy_M31bSlGCUyXJ2t-EJ7CpCBDTYVsIxWX4XM2d9hVuvQOmiY8PKI5QfySQRYFAo_AVlAY3TmcCk4inyPgYWnSN9czA
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 906A
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=7NrSbx-HSgqPHPuMp82fqw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

22ms
22ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=7NrSbx-HSgqPHPuMp82fqw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGPjX0gt6RSU7i__lWsRmS1nh1TwqJi5asmNr-1oYlEeD7UyhJSYUbxsonF-nCQIUQ57_c5Nv499Ko-rrk9ngO3IDfFsRaqflrbwLQvAWo2NEraPfNvw5lNKyCZgvdvzf4oZ5ufmayg

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=7NrSbx-HSgqPHPuMp82fqw%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGPjX0gt6RSU7i__lWsRmS1nh1TwqJi5asmNr-1oYlEeD7UyhJSYUbxsonF-nCQIUQ57_c5Nv499Ko-rrk9ngO3IDfFsRaqflrbwLQvAWo2NEraPfNvw5lNKyCZgvdvzf4oZ5ufmayg
date: Mon, 15 May 2023 20:42:45 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 906A
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEHcTNlvqESKPS0amoxugak4&google_cver=1&google_push=ATf1kGNwb7DQJoOza8fN2zTj3nOEdFFlvXHO1EcXWhS0YLDoxS8dr12PpD8BUJF2wHJwZYa4SJcbkv5VxOwQPRhhr...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGNwb7DQJoOza8fN2zTj3nOEdFFlvXHO1EcXWhS0YLDoxS8dr12PpD8BUJF2wHJwZYa4SJcbkv5VxOwQPRhhryEjbAa54QFnyh2gg3XTXnXDRjqA72E5KaSgEp68LnLsf...

170 B
188 B

18ms
18ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGNwb7DQJoOza8fN2zTj3nOEdFFlvXHO1EcXWhS0YLDoxS8dr12PpD8BUJF2wHJwZYa4SJcbkv5VxOwQPRhhryEjbAa54QFnyh2gg3XTXnXDRjqA72E5KaSgEp68LnLsfXVWjJCDUco&google_hm=GpsatGZHaeNOCZpHRJuw4U2V

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Mon, 15 May 2023 20:42:45 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGNwb7DQJoOza8fN2zTj3nOEdFFlvXHO1EcXWhS0YLDoxS8dr12PpD8BUJF2wHJwZYa4SJcbkv5VxOwQPRhhryEjbAa54QFnyh2gg3XTXnXDRjqA72E5KaSgEp68LnLsfXVWjJCDUco&google_hm=GpsatGZHaeNOCZpHRJuw4U2V
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap5ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 906A
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESELghKnXhXdIiJ2YGroFYnAU&google_cver=1&google_push=ATf1kGN3H7FokkhFbw8fe2mChZLCWtzICgDTC-u2a9NQJQv1QCn-rlzaImTSdwe_zv1wA3nNYJXVR2qJEJVHojUWVgI3PoMk75...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDY0NTM4NjM3NTk5NDc4ODc5ODQz&google_push=ATf1kGN3H7FokkhFbw8fe2mChZLCWtzICgDTC-u2a9NQJQv1QCn-rlzaImTSdwe_...

170 B
188 B

18ms
17ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDY0NTM4NjM3NTk5NDc4ODc5ODQz&google_push=ATf1kGN3H7FokkhFbw8fe2mChZLCWtzICgDTC-u2a9NQJQv1QCn-rlzaImTSdwe_zv1wA3nNYJXVR2qJEJVHojUWVgI3PoMk75EBPGNa14NeCVPlECiUh6R4TzV5BpTr0Lf0_5O_eQhZN6k

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDY0NTM4NjM3NTk5NDc4ODc5ODQz&google_push=ATf1kGN3H7FokkhFbw8fe2mChZLCWtzICgDTC-u2a9NQJQv1QCn-rlzaImTSdwe_zv1wA3nNYJXVR2qJEJVHojUWVgI3PoMk75EBPGNa14NeCVPlECiUh6R4TzV5BpTr0Lf0_5O_eQhZN6k
date: Mon, 15 May 2023 20:42:45 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 906A 0
12 B 22ms
17ms Image
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Jmht41tnXvWvucU0g8FTtbzN8ZD9INkylNVPZdY1iYIBRgVx1tg0RMQa2cYEOrgWB3_HT6

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

POST
H2 200 all
csm.eu.criteo.net/ Frame 766E 0
127 B 14ms
14ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=8ZTNlFw-_Msrj2KhfBkoA5boH5c8H56aqwry_z9zUVO5mQJMMrqp7GHczeYT-LY0BXuU0a0ZljL9H2Ic-c7m_vBJUw0WWPeiZUOl5t1MtAUjipPOApDISKOQexReVEb0vpAnKtmO6mXo4EVX7RWUjCE7HNuooiFZhG3XtQgodI-1VVUi6CtZhn7DsdcElm3JIYNl9MCymy7hINe0NCFf3x3iA76h6T_oCZCyUL-XJ74QPOk1BGlBNtF-v3kfzIV2hS8rzw&sds=2&rev=86118.2&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 15 May 2023 20:42:45 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 766E 2 KB
1 KB 14ms
14ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:45 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 766E 2 KB
1 KB 16ms
16ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:45 GMT

GET
H/1.1 200
OK request.php Show response
hal900029.redintelligence.net/ Frame 8C30 3 KB
2 KB 115ms
73ms Script
application/x-javascript 88.99.219.174
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900029.redintelligence.net/request.php?zone=yrsa821xsiee&nw=20&renderingType=javascript&namespace=42aed066a5&subid=&uid=d0636f983a8a3b7b&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3Dskd03Xwid3db0cPMclxdrw%26exch_seat%3D20035004448%26mt_aid%3D1811958071805038589%26mt_id%3D6622327%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D42296462-9945-4b01-b126-3a5e83bcf37d%26mt_cid%3D42296462-9945-4b01-b126-3a5e83bcf37d%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCsn9URJliZL-eJ_KS9fgPscejmATPh46bXMCG2YLGAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJ4AIAqAMBqgT5AU_Qor0h8qRafqfT5-vcktRwYA3cMl-diWvkxiKPi6BpXPT0CWTLu_DsHJbpsYUG36GtzShgv8gNv7X2IAdfaZ4e5TfZmMkUCeXLvxyKOeGn_1Kn6k1JoVuG25Vp7OoIziU9mSCMNWGz76x5vDX8YLiSo_LmMFP_1Da9GVPd5fokKTdIu_BeRgffzpXvhBXvh98O8dtUTRJRCxR0K-Y8pdJp8P6k_b42jYhPpd3wxa4VOxmNN3HgpBAYB3H6YMrh0U6mPZAOLYQA7GXCcyTXr7VrILXlKXoDsQzG56bivxaDGHWal_-5wdyGJklEePFvDJefsp_3tT9y0-AEAYAGs-n1-N_MwLi5AaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_2A3ttfVGF0WmwyLTaQbjC9xyH8rQ%2526client%253Dca-pub-7554793497192362%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fa8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&ancestorOrigins=null&random=5928069756083&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Requested by: Host: hal9000.redintelligence.net
URL: https://hal9000.redintelligence.net/zone/yrsa821xsiee?subid=&gdpr=1&gdpr_consent=li&rnd=1811958071805038589&extVar[]=DOUBLEBORDER:1&extVar[]=MMA_SSP:adx&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3Dskd03Xwid3db0cPMclxdrw%26exch_seat%3D20035004448%26mt_aid%3D1811958071805038589%26mt_id%3D6622327%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D42296462-9945-4b01-b126-3a5e83bcf37d%26mt_cid%3D42296462-9945-4b01-b126-3a5e83bcf37d%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCsn9URJliZL-eJ_KS9fgPscejmATPh46bXMCG2YLGAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJ4AIAqAMBqgT5AU_Qor0h8qRafqfT5-vcktRwYA3cMl-diWvkxiKPi6BpXPT0CWTLu_DsHJbpsYUG36GtzShgv8gNv7X2IAdfaZ4e5TfZmMkUCeXLvxyKOeGn_1Kn6k1JoVuG25Vp7OoIziU9mSCMNWGz76x5vDX8YLiSo_LmMFP_1Da9GVPd5fokKTdIu_BeRgffzpXvhBXvh98O8dtUTRJRCxR0K-Y8pdJp8P6k_b42jYhPpd3wxa4VOxmNN3HgpBAYB3H6YMrh0U6mPZAOLYQA7GXCcyTXr7VrILXlKXoDsQzG56bivxaDGHWal_-5wdyGJklEePFvDJefsp_3tT9y0-AEAYAGs-n1-N_MwLi5AaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_2A3ttfVGF0WmwyLTaQbjC9xyH8rQ%2526client%253Dca-pub-7554793497192362%2526adurl%253D%26redirect%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.219.174 Falkenstein, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.174.219.99.88.clients.your-server.de
Software: Apache /
Resource Hash: d357fce995c15b49f1cda94524b2e28d0f0bab27b7e7800c37e64b7074f75709

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:45 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 38176200164363000951401012325029
Connection: close
Content-Length: 1117
Expires: Mon, 15 May 2023 21:42:45 +0200

GET
DATA 200
OK truncated
/ Frame 56DE 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 995787da18d7959d1540540c965d25fb16da757bd873e9cd14dd322bf9a162a1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 container.html Show response
a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 06E4 6 KB
3 KB 8ms
7ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:43 GMT
expires: Tue, 14 May 2024 20:42:43 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 217B 6 KB
3 KB 8ms
8ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:43 GMT
expires: Tue, 14 May 2024 20:42:43 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1166 42 B
64 B 44ms
43ms Fetch
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss3Qz_7ONTJI1eW8jkKxCnmvTf6TTjF6Jj0dOmBHJ0vEVNwtyOr2OgRa81Otay8OBtMG-HP-rKhFOYEaa4R8S-ObtI&sig=Cg0ArKJSzMG3HxATUM2VEAE&id=lidar2&mcvt=1129&p=759,436,849,1164&mtos=1129,1129,1129,1129,1129&tos=1129,0,0,0,0&v=20230510&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3783589184&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1684183364277&rpt=221&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 765D 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 05090f3db4732f8facdbfcd98ac4b748bdb92950095ca7c4bc482564d007595a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 08cn5b8EVMSc5l6e1YWDk0jg24yFrQ2cZ845B_qPECM.js Show response
pagead2.googlesyndication.com/bg/ Frame DFE1 37 KB
14 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/08cn5b8EVMSc5l6e1YWDk0jg24yFrQ2cZ845B_qPECM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d3c727e5bf0454c49ce65e9ed585839348e0db8c85ad0d9c67ce3907fa8f1023

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:38:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 247
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14732
x-xss-protection: 0
last-modified: Mon, 08 May 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 14 May 2024 20:38:38 GMT

GET
H2 200 adchoices_default.png
static-de.ad4mat.net/ads/img/ad_markers_folder/ Frame 0DF0 3 KB
4 KB 57ms
19ms Image
image/png 2606:4700:20::681a:71b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-de.ad4mat.net/ads/img/ad_markers_folder/adchoices_default.png
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/style/0.1.40/one-ad/default.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:71b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 805
x-guploader-uploadid: ADPycduTog6A2JPifmWwDYui9vUCCU5W1ZNEVFDzlBRMT9l9xNdgptaa0KpBuLLbjaWfVX7sXot7cGI-Oc2HEQNQ3r-JUA
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3262
last-modified: Tue, 21 Jun 2022 12:31:17 GMT
server: cloudflare
etag: "794c84d30e213ec6a144d64215f07551"
vary: Accept-Encoding
x-goog-generation: 1655814677405990
content-type: image/png
content-language: en
x-goog-hash: crc32c=v7nNsg==, md5=eUyE0w4hPsahRNZCFfB1UQ==
cache-control: public, max-age=7200
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qI8nYwVMmwmPP05%2FL16EnloPV9z2xUnsx%2FUZwaueLiTE9TkhdadHUh9Tmo9%2FZpKZyQlhFtQWdLZc6KuMKgR3Ybi6DoYHGZZd23J%2BbAd0vgImU8IRr1m42%2B1Zih4k7YpDGYzN2g6zUszp5Z9twj%2BZ34OG"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 3262
accept-ranges: bytes
cf-ray: 7c7e3593f8cc9ba4-FRA
expires: Mon, 15 May 2023 20:52:53 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame C218 2 KB
1 KB 14ms
13ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZGKZRAANEEEKhYcBAAYz3Q9_vX-1fvPENDNopQ&u=%7ClPoQj%2FclhXdvqlwWQbO8Y%2FuqEZjLqy8FZY11Fduq%2Fs0%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNy44cDHK1QYNdJ71gdyCWvw29y1GxtacI6iVoVnLQ5srUOwC-sDBJIjvRCy3Ss-BiCTuGilNUvwWk5lKhuw8D1F0vOWT_GsbReDzboeNqNymdHAYROFUloaor91iUASEiShYsdbW4BisHsvzeNuZrPekOUTv0yf4Gp9328cojWQq9DLpJzvZZEoVSCnvQ3tut4lvrHFJvEBIEF6URi-LhG-il4nPUa1PbBYi1dhuAD3l-lX2A0VPwDJFwSlpJXy6awUuo1auRrzIXvsVt-DomHbejWvK1EVMo9RAWEb9qxVqSTcaBNvo2jSjvII1n8FhTHAfQpWS-e45evfwdZQMErP2vpWabAGwiuawsda5B_NCXfOfPnp-1Wqhmkh2oq1zrG7zWMmQY9b4GAJ4iI1GMtQmEGbkeOGNTA3VC75nWMuaWVjvGsEd63Sh8HpsQpgs-sVYPs3B-gVsNrjyV2KzWdJGI4kTuWCOoxzAcOc6Q3EHVcKm8UkKIsJnA-9Xrz03FndszCGR0DLjLInOHSSj7jjOVGhiSrYbal8-yxhc8-WizljQMdJpZ8afjK02bQ1gQwErJCBTS15xEAqRzI_u89zCZwGLY_EPJ&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC4kN-RJliZMGgNIGOlgTd55jwBcme0rFc1Z2R93DAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCakCuEm_tTNnsj7gAgCoAwGqBPgBT9BzyjdolNELFZa-XZom9l4H5kfOhENus1nFdSjl10qOYpK86x9hdMUT1JcYEDIrZcJ3EClmflJvHgp13jpHijTgeuQcCMPommrilOKvB2BwShnf8xszjHrLV9jW_BEj5VIx7AapiFBGoNpkFToNiMK4l8mc6vZLGBYQosfS9XoC0AQUt3xjxNKgGAYN62x1x9bLcTwGWDnhnF5cNy5g-9NCEDe4XPkkXD54lJWzUvsbYSXi5HoBj3Gs3qtasRdCX8CPCeAUTjTeSxabPLd2tD3UcLGvSnkxEd3c0SJMdDuHRruZtzMUoHU3HVejLfMnplXzI5cTry3gBAGABpHNpJqwz_r1nQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3YoFG9rxa9FX3lZtObEGPDint-bQ%26client%3Dca-pub-7554793497192362%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:45 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame C218 2 KB
1 KB 15ms
15ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:45 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame C218 308 B
636 B 13ms
12ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Thu, 09 May 2024 20:42:45 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame C218 293 B
621 B 16ms
15ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Thu, 09 May 2024 20:42:45 GMT

GET
H2 200 lg.php
cat.fr3.eu.criteo.com/delivery/ Frame C218 43 B
347 B 21ms
20ms Image
image/gif 178.250.7.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.fr3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=DqLDgJTf_M2yoDUfVFEMIP-ZYpaljwHn-U4Sj1Y0A3xFb22whHQ0n_r5ueGbwD0sgElXhhLJxNvqp5WiJmlHDr3ZaVyd-SPhsOZ1vu2kuX3qH1SMhA7ONXOdrcxtTLOV9qSA4Bo-R6UhyK7e-nYrUN-wGC8jOEQD2zqrBaBXt3AsKZJEA9cBQSvLBqdIEZonHZTGu9Ouw6cLBw0rwUXqsNOIyiE2MeaYMSYzNBUzWAu3vNP9Vrz1U4KiiCXIg0v3HfwfvTuHOHsRVP2dq2iUYW6amdlmjmewLy_VWEw_Wvki6BS3e2fVUPFNIlj4J0Dsj1qQ-j7XZRDzEtvAX2HLFhPxrlY3X9oOpdJE2PQL4V_VsQfEplMo7rDIQgocrrL6gZhT4VxmTefzEdNG061gasnM6kDLznJ5YhweqFEUwLZOFbyZ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1670773
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3

200

B29933196.366647091;dc_pre=CIrah_qX-P4CFW_juwgdQsoDog;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=6462994484582f0782c48be2e8396d05;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tf...
ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/ Frame C218
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/B29933196.366647091;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=6462994484582f0782c48be2e8396d05;dc_lat=;dc_rdid=;tag_for_...
https://ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/B29933196.366647091;dc_pre=CIrah_qX-P4CFW_juwgdQsoDog;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=6462994484582f0782c48be2...

42 B
63 B

25ms
25ms

Image
image/gif

142.250.186.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/B29933196.366647091;dc_pre=CIrah_qX-P4CFW_juwgdQsoDog;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=6462994484582f0782c48be2e8396d05;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=1;;ltd=;dc_tdv=1?

Requested by

Protocol

Server

142.250.186.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/B29933196.366647091;dc_pre=CIrah_qX-P4CFW_juwgdQsoDog;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=6462994484582f0782c48be2e8396d05;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=1;;ltd=;dc_tdv=1?
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 4debdac53ee04751bc04e558cff50a52_image_ad_728x90.png
static.criteo.net/design/dt/102052/230505/ Frame C218 121 KB
122 KB 14ms
13ms Image
image/png 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/design/dt/102052/230505/4debdac53ee04751bc04e558cff50a52_image_ad_728x90.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

e9f4804016ce37219673d8ff2f1720cf85d410d80f25c30c95d2c63af87b356c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 05 May 2023 09:28:27 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "6454cc3b-1e5b2"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 124338
expires: Thu, 09 May 2024 20:42:45 GMT

GET
H/1.1 200
OK dvbs_src_internal117.js Show response
cdn.doubleverify.com/ Frame 34A1 57 KB
19 KB 7ms
6ms Script
application/javascript 2a02:26f0:3500:d::1732:83d6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvbs_src_internal117.js
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src.js?ctx=11655933&cmp=2661572&plc=64253744&sid=1523392&dvregion=0&unit=728x90&aufilter1=165376&autt=1&aubndl=&audeal=&auevent=0&prr=1&ppid=111&auadv=165376&aucmp=2661572&auorder=84037586&aucrtv=58775236&auadid=1523392&c6=1617446&c8=&auplc=9041754&turl=&c1=VF-DE+Deutschland&c2=DE_23_AO_P_W_G_M_emm-215-cre----per-nta--Tracking-SIMONLY&c3=PD_BC-215-nta-all-PRE-Tracking&c4=simonly_pre_doubledata_230427_728x90&c5=DV360-donotuse1&c7=DV360+(Media)&c9=&c10=DV360_PO_AL_NONE_SBN_CM_nta-all-tracking
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:d::1732:83d6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: c74d4c8be63fda641c0e0255ad3c7416862f17e31442a1a0ddd7645bc2d69d3c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 20:42:45 GMT
Content-Encoding: gzip
Last-Modified: Tue, 10 Jan 2023 11:00:18 GMT
Server: Microsoft-IIS/10.0
ETag: "0cda5b9e224d91:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=946080000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 18840

GET
DATA 200
OK truncated
/ Frame 8768 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a740bc0c9e44265f8f5c6507170078fa4ab4c692a8e5284aae172f9370a08226

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 container.html Show response
a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame EEBF 6 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202305090101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:43 GMT
expires: Tue, 14 May 2024 20:42:43 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 all
csm.eu.criteo.net/ Frame A2FE 0
127 B 13ms
13ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 15 May 2023 20:42:45 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H/1.1 200
OK dvbs_src_internal117.js Show response
cdn.doubleverify.com/ Frame 9151 57 KB
19 KB 7ms
7ms Script
application/javascript 2a02:26f0:3500:d::1732:83d6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvbs_src_internal117.js
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src.js?ctx=11655933&cmp=1699623&plc=63096195&sid=1366186&dvregion=0&unit=728x90&aufilter1=165376&autt=1&aubndl=&audeal=&auevent=0&prr=1&ppid=111&auadv=165376&aucmp=1699623&auorder=1495266&aucrtv=58044479&auadid=1366186&c6=1447160&c8=&auplc=10546188&turl=&c1=VF-DE+Deutschland&c2=DE_23_AO_P_C_G_M_cic-215-cre----per-apl-dive-Tracking-PER&c3=RT_PD_C-215-mul-stc-ret&c4=i14pro_pre_20p_230404_1456x180&c5=Doubleclick+DBM&c7=Doubleclick+DBM+(Media)&c9=&c10=Adform_AO_AL_None_BNR_CM_mul-stc-Pre-Tracking
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:d::1732:83d6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: c74d4c8be63fda641c0e0255ad3c7416862f17e31442a1a0ddd7645bc2d69d3c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 20:42:45 GMT
Content-Encoding: gzip
Last-Modified: Tue, 10 Jan 2023 11:00:18 GMT
Server: Microsoft-IIS/10.0
ETag: "0cda5b9e224d91:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=946080000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 18840

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame B769 43 B
362 B 16ms
14ms Image
image/gif 178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DPUSH_DATA&google_gid=CAESEKW5RyA_gKOz3FlQvmotDhE&google_cver=1&google_push=ATf1kGOqcjBz-6prmBBXA45SDMGsx5Z-Z_lKLEmbVOah_Yn6fBq_Hzh8eL3crDd3QtSy5P9a0Zbknd1n16C7rUvXTzzsA8m3eJ09

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:44 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 303268
expires: Mon, 15 May 2023 00:00:00 GMT

GET
H3 200 dds
rtb.openx.net/sync/ Frame B769 43 B
58 B 17ms
16ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEJktBEQvC-6pnzoSTsKdE-Y&google_cver=1&google_push=ATf1kGOJgg-CKgaO9V0L0D7GW50pbLEgugBhUamiFsp8y_9t_W1ffvgBHDK_Pew57WvcD0GhYwwMFo7U5VPazopdlk3XhHJqF3qXOA
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B769
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=aJjOlCjATtuCC6jq3t8sIA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

23ms
23ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=aJjOlCjATtuCC6jq3t8sIA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGM11smIG-eybIEYVJ6xHdW-s8hVQZuTcPlI-l9FjTNGXPNo8Q42Ft2smGJoL_l7muIrbMjLovWd-R7MIVmike0eVvF0b0fHuQ

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=aJjOlCjATtuCC6jq3t8sIA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGM11smIG-eybIEYVJ6xHdW-s8hVQZuTcPlI-l9FjTNGXPNo8Q42Ft2smGJoL_l7muIrbMjLovWd-R7MIVmike0eVvF0b0fHuQ
date: Mon, 15 May 2023 20:42:45 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B769
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEHcTNlvqESKPS0amoxugak4&google_cver=1&google_push=ATf1kGOSVa7AktyszUQKGtE0MbTdKqmb5mSSy5fDi0c5FK_IElVWAFhB9-GbSCrv4P1EXmtNsCtfkdH9e99PGobg_...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGOSVa7AktyszUQKGtE0MbTdKqmb5mSSy5fDi0c5FK_IElVWAFhB9-GbSCrv4P1EXmtNsCtfkdH9e99PGobg_BEXoP0-J8PlAg&google_hm=GpsatGZHaeNOCZpHRJuw...

170 B
188 B

21ms
20ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGOSVa7AktyszUQKGtE0MbTdKqmb5mSSy5fDi0c5FK_IElVWAFhB9-GbSCrv4P1EXmtNsCtfkdH9e99PGobg_BEXoP0-J8PlAg&google_hm=GpsatGZHaeNOCZpHRJuw4U2V

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Mon, 15 May 2023 20:42:45 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGOSVa7AktyszUQKGtE0MbTdKqmb5mSSy5fDi0c5FK_IElVWAFhB9-GbSCrv4P1EXmtNsCtfkdH9e99PGobg_BEXoP0-J8PlAg&google_hm=GpsatGZHaeNOCZpHRJuw4U2V
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap5ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B769
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEHyVjsheMpGIXOOYl4QaQ-k&google_cver=1&google_push=ATf1kGPVnO7T72FzFhf6RB9tS7I8UTY3sFHZL59iqcau0m_MAVP1PstvkzPyG4NsWXgAyMfLeUs2FNxRdjArIAq4...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ATf1kGPVnO7T72FzFhf6RB9tS7I8UTY3sFHZL59iqcau0m_MAVP1PstvkzPyG4NsWXgAyMfLeUs2FNxRdjArIAq42YM3W2Vf9uDr

170 B
188 B

22ms
21ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ATf1kGPVnO7T72FzFhf6RB9tS7I8UTY3sFHZL59iqcau0m_MAVP1PstvkzPyG4NsWXgAyMfLeUs2FNxRdjArIAq42YM3W2Vf9uDr

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 15 May 2023 20:42:45 GMT
via: 1.1 747e99d9d8c5e29fdc713cf866bc3f82.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA56-C2
x-cache: FunctionGeneratedResponse from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ATf1kGPVnO7T72FzFhf6RB9tS7I8UTY3sFHZL59iqcau0m_MAVP1PstvkzPyG4NsWXgAyMfLeUs2FNxRdjArIAq42YM3W2Vf9uDr
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: Uk_Ug361ZUhf4AxOkvAJ8kmai_D_dMdbegxM-ziX9pOiZV-MEalEOg==

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B769
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESELghKnXhXdIiJ2YGroFYnAU&google_cver=1&google_push=ATf1kGOu0x8eV6lAN2nvPEGyu2JZdBgM6ZmRLM7yO4-8dVvJiKBQOBZm3C0hSgxgDmrB-PyqgQHaeoQcLwANTF5AT74sImKQ_F...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDY0NTM4NjM3NTk5NDc4ODc5ODQz&google_push=ATf1kGOu0x8eV6lAN2nvPEGyu2JZdBgM6ZmRLM7yO4-8dVvJiKBQOBZm3C0hSgxg...

170 B
188 B

22ms
22ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDY0NTM4NjM3NTk5NDc4ODc5ODQz&google_push=ATf1kGOu0x8eV6lAN2nvPEGyu2JZdBgM6ZmRLM7yO4-8dVvJiKBQOBZm3C0hSgxgDmrB-PyqgQHaeoQcLwANTF5AT74sImKQ_F1kog

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDY0NTM4NjM3NTk5NDc4ODc5ODQz&google_push=ATf1kGOu0x8eV6lAN2nvPEGyu2JZdBgM6ZmRLM7yO4-8dVvJiKBQOBZm3C0hSgxgDmrB-PyqgQHaeoQcLwANTF5AT74sImKQ_F1kog
date: Mon, 15 May 2023 20:42:45 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2

200

/
onetag-sys.com/match/ Frame B769
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESELQXSGJqEpsDJB_bsWeFOf0&google_cver=1&google_push=ATf1kGOWX6hJun31fNdWobGj7apY4qj7ChqSKVXj85EFxl7wVYI9kmywNfPQjXAnl5_-ay02LKZI_klnSvW...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGOWX6hJun31fNdWobGj7apY4qj7ChqSKVXj85EFxl7wVYI9kmywNfPQjXAnl5_-ay02LKZI_klnSvWjXgsFIuYn5Z_ER67gg00
https://onetag-sys.com/match/?int_id=19&google_error=5

0
151 B

7ms
7ms

Image
text/plain

51.38.120.206
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

51.38.120.206 Hessen, Germany, ASN16276 (OVH, FR),

Reverse DNS

ip206.ip-51-38-120.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame B769 0
12 B 16ms
15ms Image
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LlS8aCY_e9gPsBiOraztWq-Ky5SfEbGFYJY3wyQ7ath53ccEBOUuF2Tg5E3FXCrguN5TUDfg

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

POST
H2 200 all
csm.eu.criteo.net/ Frame E194 0
127 B 13ms
13ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=6czkQVw-_Msrj2KhP0c1zJO-FgWKoTz5t4qMcdJD1eYK8VBuVYBJUefFqzdyrw_VG_5zWhQ-pL6ilr6sDLx3kPLHaQw2k3hQX6GowilORoTzB8ug55nHsqbJamlZj1XwOyiko1a9c-6L8uyUIytCY_v2jW9B_0VKm5Sp8qp8OwkWH4eTvvI2plgrIxPMTHEtPpGv0Pe2Fp1HlflFQ87gr9cIa8E7k2jac41AxAgFwif5ENE3QOl6pHvuweLC0PJNotI_eA&sds=2&rev=86118.2&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 15 May 2023 20:42:45 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame E194 2 KB
1 KB 23ms
20ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:45 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame E194 2 KB
1 KB 17ms
15ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:45 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 2F25 0
0 50ms
49ms Fetch
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cs_OKRZliZKWkCoysbYzLt9AGkOGBhFy2qMKK8ALAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCakCuEm_tTNnsj7gAgCoAwGqBPUBT9D1hncuEGvr-5JJSltAD29RxLNPtO82ArmolBPnOycWps1XjPRURvA6sG1LN9_obUU_lRG9gkbNWpY-W1mub1ROlLbjBUFjlLBJ0NGlG-YoIbNzutp4zGS0TPG5GOS27kukMvs3H1dspf_UHa6pgu8jaBA1QwRPVgytVjkXqMmgAoupWp1emM4mIhsa_FcKMIniMyr9KkoRd8JZNWccCe1XxSHPWT83wse8-cW2-kxXGpvPONeo2V5XpH6ELmF5qOmcJHeQT0xFdZFhgYi4sf-afzQNqasfGCRJJYp05h6_DYGLmUEkfUe2HRD7SQMH-7vb-qfgBAGABsTRnvTIgM68pQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBAgAoD-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTc1NTQ3OTM0OTcxOTIzNjIY_KBy&sigh=Jj2QyWw5xAo&uach_m=[UACH]&cid=CAQSPABygQiDPFIfJ-P-vKXvdDNou8rLKsIofCA0NnGuRBYzgod9NJ73PpYKcfVrgdUz21mW2xdYDO5kaipA-RgB
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

GET
H3 204 winResponse
prod-rtb.ad4mat.net/ Frame 2F25 0
0 17ms
16ms Fetch
image/gif 2600:1901:0:76b9::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-rtb.ad4mat.net/winResponse?a=1kwre7fkz80f3z2k7r63ssankzphm4cjga9q4b69qda0d52pjnj96yxrdh2yq46b2ggvevhd633rxfnfspz1ybtwe9xnxcn99hga8a4fv2hm595yzd69a9jbg81en07kjh7a5yjdt3cvynsjref7hr1vhaq540wj5qtc88bnk6h72q3c83v3cgy5mt1c7tt4nhphhn7tmqa0rz6sff00ye7e958dem83ader98xh7kebfjmrfds5z7c1jmwz0kd4v31mtsynb6q0ty559jg4g6zkpwew24yvbdh4te2za4m2mvdz3dc24x4ctge66vpbmjbhmaqa48fh3kxkjq9j525hsrgtqpw3x8wh45k9asg75yb2ww8g6fjkn9d554hxrgg8f7wqgdvfj3tg&b=ZGKZRQACkiUKG1YMAA3ljNYzS_64aRqDl9-beQ
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2600:1901:0:76b9:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 15 May 2023 20:42:45 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: image/gif

GET
H3 200 dr Show response
as.ad4m.at/ad/ Frame 30DB 2 KB
2 KB 28ms
28ms Document
text/html 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/dr?ed=1k94hv8sfhdtd9mmsrmpnhjq3h75v76892bpvxz0nh2b4ejs5qhdj3gf68fhq4rnpc48ppxbjd0bsek4a3ghzw7adync1nmde2j9ytn0dggmh8ahp604y44g6vgy1ahjdy3yv614g14tjr38agehdrj9akdr4ryanxym46twprn5tdage49xfezw396s13gv5hhncrsnv8gyrpentevthg8g91jypbf8r3k1c0w2f1n7n7bftbc1q0ghn1rc1qd7cp9zwm38bf70jtve7x7s2hfrmd0fjnwwasdx4qy9tj9s6rn3t45mbxzwww4jna3jk920jt68fqnyzgea8716fpxh2vt1hbztga71vv1x4v2x6m2ssgtjayc0re4f3430a4x0yncz0vdvppgmne7xetdvx6j83krmd47rff3rj510s5gzvzh60q35expy86gtw29nq4zjg4&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC04wERZliZKWkCoysbYzLt9AGkOGBhFy2qMKK8ALAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCakCuEm_tTNnsj7gAgCoAwGqBPgBT9D1hncuEGvr-5JJSltAD29RxLNPtO82ArmolBPnOycWps1XjPRURvA6sG1LN9_obUU_lRG9gkbNWpY-W1mub1ROlLbjBUFjlLBJ0NGlG-YoIbNzutp4zGS0TPG5GOS27kukMvs3H1dspf_UHa6pgu8jaBA1QwRPVgytVjkXqMmgAoupWp1emM4mIhsa_FcKMIniMyr9KkoRd8JZNWccCe1XxSHPWT83wse8-cW2-kxXGpvPONeo2V5XpH6ELmF5qOmcJHeQT0xFdZFhgYi48_277eP0LuvXn2zf_8PmFCerByyBt1n5_YX_j-hvVy8fLmdEum9nVz3gBAGABsTRnvTIgM68pQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3FB1mNWba4Er0x6X7fV_QthhgJ9A%26client%3Dca-pub-7554793497192362%26adurl%3D

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8b977453576454f813e2b75ad6740c94f853ecd0760b5abec6a334d8623e2d13

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-src ;img-src data:;manifest-src 'none';media-src 'none';object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7c7e359459571c2c-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-src *;img-src * data:;manifest-src 'none';media-src 'none';object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:45 GMT
expires: 0
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/ Frame 2F25 3 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/window_focus_fy2021.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 18:31:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7894
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 May 2023 18:31:11 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 9091 1 KB
643 B 8ms
7ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34712
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 11:04:13 GMT
etag: 48472445140208031
expires: Tue, 16 May 2023 11:04:13 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/ Frame 2F25 19 KB
8 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

01dcaf85f2ae23a30115cf4a663e90b4a507dc688c4c17f9ebddc3cf19fee780

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 12:20:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30107
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7937
x-xss-protection: 0
server: cafe
etag: 2499949999788435271
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 May 2023 12:20:58 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 2F25 0
0 15ms
14ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQoq9mYBGmnxtAe43Dun9dBbX3OTzhB9-RAf10tfEC-UtDUGUdlOuhIhHk7YhnGtMOTBpfNiU8EYnn2fNx8LG8kS97XBw
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 2F25 24 KB
6 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Fri, 12 May 2023 14:52:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 280230
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 11 May 2024 14:52:15 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2F25 169 KB
52 KB 112ms
111ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fdc79b8c47c6d5c20def82fa5f6a91e3cbe3057bff3f8b14b5c2c71dc9b57ec4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53545
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1683718549123860"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 15 May 2023 20:42:45 GMT

GET
H2 200 adchoices_default.png
static-de.ad4mat.net/ads/img/ad_markers_folder/ Frame D299 3 KB
3 KB 18ms
16ms Image
image/png 2606:4700:20::681a:71b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-de.ad4mat.net/ads/img/ad_markers_folder/adchoices_default.png
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/style/0.1.40/one-ad/default.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:71b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 805
x-guploader-uploadid: ADPycduTog6A2JPifmWwDYui9vUCCU5W1ZNEVFDzlBRMT9l9xNdgptaa0KpBuLLbjaWfVX7sXot7cGI-Oc2HEQNQ3r-JUA
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3262
last-modified: Tue, 21 Jun 2022 12:31:17 GMT
server: cloudflare
etag: "794c84d30e213ec6a144d64215f07551"
vary: Accept-Encoding
x-goog-generation: 1655814677405990
content-type: image/png
content-language: en
x-goog-hash: crc32c=v7nNsg==, md5=eUyE0w4hPsahRNZCFfB1UQ==
cache-control: public, max-age=7200
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ka8kvSsC%2BDiRR5zZFWvasw2Y2ZayBXWvfW1t7wWtBDGP7YbzSAbO1LbOUkHsLctmZjeH7%2FAh8aa4JLewnU1%2F04%2FKnKriLqQ6LWViILFbTG8kx781nkfNMuaYfF1s28L80HvHL%2FEMVn%2FOGIqOYadM24XX"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 3262
accept-ranges: bytes
cf-ray: 7c7e3594594d9ba4-FRA
expires: Mon, 15 May 2023 20:52:53 GMT

GET
H3 200 frame.html Show response
ad4m.at/ Frame 742E 2 KB
1 KB 24ms
23ms Document
text/html 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5d485f783c7cc440cba21bb750ce67e191bce0783bfc6cff5f98e236e401b7ab

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1561504
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: public, max-age=3600
cf-cache-status: HIT
cf-ray: 7c7e359479821c2c-FRA
content-encoding: br
content-language: en
content-type: text/html; charset=utf-8
date: Mon, 15 May 2023 20:42:45 GMT
expires: Thu, 30 Mar 2023 21:56:13 GMT
last-modified: Thu, 25 Aug 2022 14:12:41 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rZ5YrK%2F73ZMNfhUd%2FwKQE7nlJgFN%2FZG4j%2BnfsxtHXMt3T9YUBb5iwqAZyDUTvR67C2JT4Q%2BHCfSjCNNmyFAKzimn2H2Bc3aiUzpnypewzbZPMpGFF%2F1PkvMhfqTP4KBEkzMUttA%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H/1.1

200
OK

request.php Show response
hal900023.redintelligence.net/ Frame AAD3
Redirect Chain

https://hal900023.redintelligence.net/request.php?zone=u072l68m42xn&nw=20&renderingType=javascript&namespace=b29f642da8&subid=&uid=ada32feb5337f8ed&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900023.redintelligence.net/request.php?zone=u072l68m42xn&nw=20&renderingType=javascript&namespace=b29f642da8&subid=&uid=ada32feb5337f8ed&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

611 B
937 B

93ms
70ms

Script
application/x-javascript

78.46.23.46
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900023.redintelligence.net/request.php?zone=u072l68m42xn&nw=20&renderingType=javascript&namespace=b29f642da8&subid=&uid=ada32feb5337f8ed&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aruc&envData=&gdpr=0&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3D4b1421ee442483292434692d465025a1b20ac66a%26mt_aid%3D4117801079945004504%26mt_id%3D11644866%26mt_adid%3D215543%26mt_sid%3D13527086%26mt_exid%3D9%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D42296462-9945-4b01-b126-3a5e83bcf37d%26mt_cid%3D42296462-9945-4b01-b126-3a5e83bcf37d%26mt_3pck%3Dhttps%253A%2F%2Fbeacon-nf.rubiconproject.com%2Fbeacon%2Fv3%2Ft%2Fams3%2F0%2F8c2834a0-3760-4975-bad7-65f9bd1ce8fd%2F%26redirect%3D&documentReferer=https%3A%2F%2Fa8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2Fa8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.newtimes.co.rw&random=4424404277346&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Server: 78.46.23.46 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.46.23.46.78.clients.your-server.de
Software: Apache /
Resource Hash: f634879d16aebaccf0bbe9b68d1155073fa1412141a66eb27e26efb0e2e9bbcb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:46 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 56230500198937108091756012325023
Connection: close
Content-Length: 331
Expires: Mon, 15 May 2023 21:42:46 +0200

Redirect headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:45 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=u072l68m42xn&nw=20&renderingType=javascript&namespace=b29f642da8&subid=&uid=ada32feb5337f8ed&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aruc&envData=&gdpr=0&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3D4b1421ee442483292434692d465025a1b20ac66a%26mt_aid%3D4117801079945004504%26mt_id%3D11644866%26mt_adid%3D215543%26mt_sid%3D13527086%26mt_exid%3D9%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D42296462-9945-4b01-b126-3a5e83bcf37d%26mt_cid%3D42296462-9945-4b01-b126-3a5e83bcf37d%26mt_3pck%3Dhttps%253A%2F%2Fbeacon-nf.rubiconproject.com%2Fbeacon%2Fv3%2Ft%2Fams3%2F0%2F8c2834a0-3760-4975-bad7-65f9bd1ce8fd%2F%26redirect%3D&documentReferer=https%3A%2F%2Fa8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2Fa8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.newtimes.co.rw&random=4424404277346&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Mon, 15 May 2023 21:42:45 +0200

GET
H2 200 / Show response
adv.office-partner.de/ Frame 4AD0 930 B
931 B 46ms
5ms Document
text/html 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900030.redintelligence.net
URL: https://hal900030.redintelligence.net/request.php?zone=yrsa821xsiee&nw=20&renderingType=javascript&namespace=5de006cdfc&subid=&uid=b42ec0ac686be19f&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DOcLKBqXs4PUzRjyOPV5oug%26exch_seat%3D20035004448%26mt_aid%3D8729487099446118158%26mt_id%3D6622327%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D41296462-9945-4901-80b6-19bce004af2d%26mt_cid%3D41296462-9945-4901-80b6-19bce004af2d%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCzlTgRJliZMTKGpfAbY_rleABz4eOm1zAhtmCxgLAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCeACAKgDAaoE-QFP0EwrU6v5G0YDZTOnOJeV9arg-id_R9ibzq-fT7AFxHhE9lLyQBlFoOWhPyEuoi2z42nyw8t4QNgQpP01SfySDvcQa5BbtIAAcO3fUXdbbVXwt6vtyali-Y2HF9GSEWjTSCu50fPNKbnnSfWlMrSHqptwZh7N_f-BgZlntjQ8AnbOBI-wZS7dC8Ct72Wk6R9YvS_MxAipJBmMdVwvjxfQn1E3foZqjsv0X9owJZgOOyFQ5vWQGF8HY6ilAvG0-shlfT2DrDL2MO8JThar-7BSNGUhgjvbW7uQa3Sg2neJLNiVbO8RdmdP3GJtaDTflTQqmGwc0FKv43bgBAGABrPp9fjfzMC4uQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_2X2YfjPd3eWDpqGLQzBh2UYx4riw%2526client%253Dca-pub-7554793497192362%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fa8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&ancestorOrigins=null&random=8692253513304&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Mon, 15 May 2023 20:42:45 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Mon, 22 May 2023 20:42:45 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn-engine
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H2

200

htlp Show response
futalis.de/ Frame DD75
Redirect Chain

https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=52485300187141600951401012325030&ra_cnt_active=1&ra_cnt=1
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2724564331

350 B
401 B

57ms
10ms

Document
text/html

167.233.14.134
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2724564331
Requested by: Host: hal900030.redintelligence.net
URL: https://hal900030.redintelligence.net/request.php?zone=yrsa821xsiee&nw=20&renderingType=javascript&namespace=5de006cdfc&subid=&uid=b42ec0ac686be19f&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DOcLKBqXs4PUzRjyOPV5oug%26exch_seat%3D20035004448%26mt_aid%3D8729487099446118158%26mt_id%3D6622327%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D41296462-9945-4901-80b6-19bce004af2d%26mt_cid%3D41296462-9945-4901-80b6-19bce004af2d%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCzlTgRJliZMTKGpfAbY_rleABz4eOm1zAhtmCxgLAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCeACAKgDAaoE-QFP0EwrU6v5G0YDZTOnOJeV9arg-id_R9ibzq-fT7AFxHhE9lLyQBlFoOWhPyEuoi2z42nyw8t4QNgQpP01SfySDvcQa5BbtIAAcO3fUXdbbVXwt6vtyali-Y2HF9GSEWjTSCu50fPNKbnnSfWlMrSHqptwZh7N_f-BgZlntjQ8AnbOBI-wZS7dC8Ct72Wk6R9YvS_MxAipJBmMdVwvjxfQn1E3foZqjsv0X9owJZgOOyFQ5vWQGF8HY6ilAvG0-shlfT2DrDL2MO8JThar-7BSNGUhgjvbW7uQa3Sg2neJLNiVbO8RdmdP3GJtaDTflTQqmGwc0FKv43bgBAGABrPp9fjfzMC4uQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_2X2YfjPd3eWDpqGLQzBh2UYx4riw%2526client%253Dca-pub-7554793497192362%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fa8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&ancestorOrigins=null&random=8692253513304&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 167.233.14.134 Hallbergmoos, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: lb-2.futalis.de
Software: /
Resource Hash: 582e283baa4cce4006055beb2eb8fe257c1ec5ef573a40f173b880636089e8cd

Request headers

Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 350
content-type: text/html; charset=utf-8

Redirect headers

content-length: 0
content-type: text/html; charset=utf-8
date: Mon, 15 May 2023 20:42:45 GMT
location: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2724564331
p3p: policyref="https://www.retailads.net/w3c/p3p.xml",CP="NOI CUR OUR STP"
server: Apache
xphp81: true

GET
H2 200 link.html Show response
track.webgains.com/ Frame 83DE 2 KB
2 KB 142ms
77ms Script
text/html 18.133.36.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=52485300187141600951401012325030&nw=1
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.133.36.104 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-133-36-104.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: c2dc4e0d867778bccfb8c6f5da5f09a83e9d2b1b3f8275b44e9668bc1c283934

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
last-modified: Mon, 15 May 2023 20:42:45 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Mon, 15 May 2023 20:43:45 GMT

GET
H/1.1 200
OK request_content.php Show response
hal900030.redintelligence.net/ Frame 6E9E 7 KB
2 KB 41ms
11ms Document
text/html 136.243.149.243
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900030.redintelligence.net/request_content.php?s=52485300187141600951401012325030&a=50fbfd5e
Requested by: Host: hal900030.redintelligence.net
URL: https://hal900030.redintelligence.net/request.php?zone=yrsa821xsiee&nw=20&renderingType=javascript&namespace=5de006cdfc&subid=&uid=b42ec0ac686be19f&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3DOcLKBqXs4PUzRjyOPV5oug%26exch_seat%3D20035004448%26mt_aid%3D8729487099446118158%26mt_id%3D6622327%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D41296462-9945-4901-80b6-19bce004af2d%26mt_cid%3D41296462-9945-4901-80b6-19bce004af2d%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCzlTgRJliZMTKGpfAbY_rleABz4eOm1zAhtmCxgLAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCeACAKgDAaoE-QFP0EwrU6v5G0YDZTOnOJeV9arg-id_R9ibzq-fT7AFxHhE9lLyQBlFoOWhPyEuoi2z42nyw8t4QNgQpP01SfySDvcQa5BbtIAAcO3fUXdbbVXwt6vtyali-Y2HF9GSEWjTSCu50fPNKbnnSfWlMrSHqptwZh7N_f-BgZlntjQ8AnbOBI-wZS7dC8Ct72Wk6R9YvS_MxAipJBmMdVwvjxfQn1E3foZqjsv0X9owJZgOOyFQ5vWQGF8HY6ilAvG0-shlfT2DrDL2MO8JThar-7BSNGUhgjvbW7uQa3Sg2neJLNiVbO8RdmdP3GJtaDTflTQqmGwc0FKv43bgBAGABrPp9fjfzMC4uQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_2X2YfjPd3eWDpqGLQzBh2UYx4riw%2526client%253Dca-pub-7554793497192362%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fa8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&ancestorOrigins=null&random=8692253513304&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.149.243 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.243.149.243.136.clients.your-server.de
Software: Apache /
Resource Hash: 0c92f9053f62acd470bd30f32e4954cb7dd4f1f5dee578ebddec4884a7757a63

Request headers

Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2028
Content-Type: text/html; charset=utf-8
Date: Mon, 15 May 2023 20:42:45 GMT
Expires: Mon, 15 May 2023 21:42:45 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1

200
OK

inv.gif
img.tradedoubler.com/images/ Frame 83DE
Redirect Chain

https://impfr.tradedoubler.com/imp?type(inv)g(24495172)a(1565155)epi(52485300187141600951401012325030)774186887
https://img.tradedoubler.com/images/inv.gif

43 B
644 B

58ms
7ms

Image
image/gif

13.224.189.110
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.tradedoubler.com/images/inv.gif

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

HTTP/1.1

Server

13.224.189.110 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-189-110.fra2.r.cloudfront.net

Software

Apache /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Date: Sat, 13 May 2023 03:02:28 GMT
Via: 1.1 69f13f852a135432abb1b7bfc5a8b420.cloudfront.net (CloudFront)
X-Content-Type-Options: nosniff
X-Amz-Cf-Pop: FRA2-C1
Age: 554139
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Fri, 19 Nov 2004 15:35:04 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: image/gif
Accept-Ranges: bytes
X-Amz-Cf-Id: IsXs07fKp_M0GXKnnQsfudTHn1FEalSHrhyo2cDeOTIdAKTrgrRRUw==

Redirect headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
via: 1.1 google
referrer-policy: origin
server: TXServerHttp
p3p: policyref="http://tracker.tradedoubler.com/w3c/p3p.xml",CP="NOI DSP COR NID CUR OUR NOR"
location: https://img.tradedoubler.com/images/inv.gif
access-control-allow-origin: *
content-type: text/html; charset=ISO-8859-1
cache-control: private, max-age=0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 248

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 06E4 24 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Fri, 12 May 2023 14:52:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 280230
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 11 May 2024 14:52:15 GMT

GET
H3 200 creative.js Show response
cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/ Frame 06E4 26 KB
9 KB 220ms
219ms Script
application/javascript 2a04:4e42:400::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_256_GCM

Server

2a04:4e42:400::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

e0bfcf41c566f571ea252620518b4bee4496dba2b1df9a1aa3e436f81592e1b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 15 May 2023 20:42:45 GMT
x-content-type-options: nosniff
content-encoding: br
age: 27668
x-jsd-version: 1.15.0
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 9276
x-served-by: cache-fra-eddf8230064-FRA, cache-gig2250030-GIG
x-jsd-version-type: version
etag: W/"6658-uUC6DsKFQz3nsj0JP3lp528lwJQ"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 06E4 169 KB
52 KB 87ms
87ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fdc79b8c47c6d5c20def82fa5f6a91e3cbe3057bff3f8b14b5c2c71dc9b57ec4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53545
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1683718549123860"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 15 May 2023 20:42:45 GMT

GET
H3 200 frame.html Show response
ad4m.at/ Frame CA2B 2 KB
1 KB 26ms
26ms Document
text/html 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5d485f783c7cc440cba21bb750ce67e191bce0783bfc6cff5f98e236e401b7ab

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1561504
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: public, max-age=3600
cf-cache-status: HIT
cf-ray: 7c7e3594c9de1c2c-FRA
content-encoding: br
content-language: en
content-type: text/html; charset=utf-8
date: Mon, 15 May 2023 20:42:45 GMT
expires: Thu, 30 Mar 2023 21:56:13 GMT
last-modified: Thu, 25 Aug 2022 14:12:41 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1GPnOW5JGTLX09%2FdelFfKTTWFG9OlZZ28fJZLgPu5nFa%2Bms6SEoX4xhidBIhvRMqz21lgxPrazAEkh%2Buh7dWvk3FkBjKBDzT7rYhFdrYVI29cUsmLc9Hz7LVj2kK8jy5wXf6%2B20%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame 9523 54 KB
21 KB 35ms
19ms Document
text/html 2a02:2638:d::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=ZGKZRQAB8KIKGwwPAAkv7WpDA1XoHvfw0cfnFQ&u=%7CCjy03sQgDewdxswuMjwDBMv%2BN6rdIt5F8yK3MmqJ4ro%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNy44cDHK1QYNdJ71gdyCWvw29y1GxtacI6iVoVnLQ5srUOwC-sDBJIjvRCy3Ss-BiCTuGilNUvwWXY4YDk7Zbj5VHzU2BFzbcIGmzIARkWam377qyCiMcTVOCTmk5Q6ZaAGKxmBU6hH6fNjlv4L8mgHmepDq-HGad-02atCu_ICvP0RU-JQv0LOQo1shj4QzUKX2wKQ7G8GUrAtnG-p3A2JmP6aHZaccG6wGitVsQKtZ-0kvmggLeQ74rzxT1WqBdCrQAAO2cznXcTp2U0bTKhvOZSjqHQAH1YiYEGmN5j41OZ0UyZgTGDLPnyQYje2FfWO8-CwSMW_FebYS0iw4M4XWuBiXkg4G0s4jPscLXx4HX7ngmALovxIfLDWeNdOACtoyLQ1LCTF_-j-AAOwHj0cpToJBmQZNiaU2xsH5M9yrsR1WTqmuUQB_wPQ2lVASB6osCCMw1Gb5xZ8kctXE0rzpwrP76CvjVmyg_CZpVP-b7EIwlx1LdjyxFhgoAK3_fM9AA_9C_e2Ae_Ba9-iuXY9ic0Z9rbRUY3ymTKWrFiDNcMR8t_cn0Xb82ylHyzTtfUyztG-O97-VWDQ6-ps-B869-bAzDuCUe&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-jzDRZliZKLhB4-YbO3fpNgFyZ7SsVzVnZH3cMCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE-AFP0G_T-xvPRLJOkgWtEkBsjKeRoX2-iNGEN9yrsdtgEeq193HOyzxKXPMD6ClUzeaZJamXk1ruva6fpqcg6QBfADLfpWbOavvHvnTD9N-vp-TPqw_A3f6Tg4WSplZ-4qgU9mLrnnw9uaobeCCX_Ole3WrdJA3W9q14_Wxb50LTToXEr6fJmyYPqQ2BfklBq18QTiRfKqAAFJwVBiR3_oRL8IPc_7jsLt6wlv3srZbmLERp1NlqIw1f7IM_8jwd2V98ANCjBjYxsANREiH6ZgZSH2XbLjePPaMwZ1SnXCMjDwHMaG3coPOZ8iH3PK2HBGOLod9uNcFCz-AEAYAGkc2kmrDP-vWdAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1UwaM-Dodi4-aXDk0JpnfB9FWvpw%26client%3Dca-pub-7554793497192362%26adurl%3D

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

6f0081b3e2cc9c0dc0ccf0864c85b37b80b55754339a711ee1c595defc833fdf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:45 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=TwGNO1w-_Msrj2KhdtPJsCUJiB2I1c9tf6eC5ZJ5UG2schAQKVXgCsIyYHQqWwXkJLh7rxcNmBdQ66LFc2w4rza2ASTZZy0lnAT8u0lOmyCUUeDes-B-3ghXMklHPUKRw185IEqOUzR5ymtZlC-Bi7y6eBm4r0u0cFkGwKoQ3QfUGxpOpDxxfFR_AvBPT0s0vxPUucas8nwlTa0Xjqh4zaiqQSTD9B5aKweZPTDXkq-vbvtaya2S0gRWec-RDPdtGga_bg"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 3158487
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/ Frame 217B 3 KB
1 KB 17ms
10ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/window_focus_fy2021.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 18:31:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7894
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 May 2023 18:31:11 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame D69B 1 KB
643 B 25ms
15ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34712
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 11:04:13 GMT
etag: 48472445140208031
expires: Tue, 16 May 2023 11:04:13 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/ Frame 217B 19 KB
8 KB 26ms
18ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

01dcaf85f2ae23a30115cf4a663e90b4a507dc688c4c17f9ebddc3cf19fee780

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 12:20:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30107
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7937
x-xss-protection: 0
server: cafe
etag: 2499949999788435271
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 May 2023 12:20:58 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 217B 0
0 32ms
23ms Image
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaR41Mjwmx4o_5h9gyHljht_CiwVdD__6OEtYXmSsBnPCq3NOGYRNFLXKlxNgHtYC6g0YW9urrh_p3U9HZkU4hQ12HXfJQ
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 217B 24 KB
6 KB 27ms
17ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Fri, 12 May 2023 14:52:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 280230
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 11 May 2024 14:52:15 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 217B 169 KB
52 KB 70ms
61ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fdc79b8c47c6d5c20def82fa5f6a91e3cbe3057bff3f8b14b5c2c71dc9b57ec4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53545
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1683718549123860"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 15 May 2023 20:42:45 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E1B2
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEJ2ueJKrMhCAQwaqZIJQxQI&google_cver=1&google_push=ATf1kGMXiW83ZdoNkx7w_6AwxgyYRtA95FvPBR8YfwgbWYlBtX2vwX_7puhgkVAWrZnyPf550jj5IsRIY6O2PO5Pu03ETvSrY00
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=A22ABC9E77424ED6B170286A8A1A3AAE&google_push=ATf1kGMXiW83ZdoNkx7w_6AwxgyYRtA95FvPBR8YfwgbWYlBtX2vwX_7puhgkVAWrZnyPf550jj5IsRIY6O2PO5...

170 B
188 B

17ms
17ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=A22ABC9E77424ED6B170286A8A1A3AAE&google_push=ATf1kGMXiW83ZdoNkx7w_6AwxgyYRtA95FvPBR8YfwgbWYlBtX2vwX_7puhgkVAWrZnyPf550jj5IsRIY6O2PO5Pu03ETvSrY00

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 15 May 2023 20:42:46 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=A22ABC9E77424ED6B170286A8A1A3AAE&google_push=ATf1kGMXiW83ZdoNkx7w_6AwxgyYRtA95FvPBR8YfwgbWYlBtX2vwX_7puhgkVAWrZnyPf550jj5IsRIY6O2PO5Pu03ETvSrY00
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Sun, 14 May 2023 20:42:46 GMT

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame E1B2 43 B
362 B 23ms
12ms Image
image/gif 178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DPUSH_DATA&google_gid=CAESEKW5RyA_gKOz3FlQvmotDhE&google_cver=1&google_push=ATf1kGOgGTYuXxouzROb-MWAq0qASl_fUlFcRJ2PXfKho5CAWmA6JLumk-EsqUz_339bn7Ebzn6axPq_97ToNoCIK8K4Bm1xJA4

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 249269
expires: Mon, 15 May 2023 00:00:00 GMT

GET
H3 200 dds
rtb.openx.net/sync/ Frame E1B2 43 B
58 B 25ms
18ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEJktBEQvC-6pnzoSTsKdE-Y&google_cver=1&google_push=ATf1kGMHZM8ANHRagAbn7bkjg8lc85XsO7kdkcCppWpSCChWOGXWfn4Kec8LOiCgFFgxkisYAFgo-6Nkg1yaTru0tr1ENeYnzZV3
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E1B2
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEG-r3gCok_CQ6HTKS-rezLU&google_cver=1&google_push=ATf1kGMMUn76Tt-Au5sG2TLsHtyZc1_dYxSUQZ0pL2diNRgdfu8V0bNxEjGwNUQjusqOs0FJBw9...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEhQQkFFWlgtMjQtNVBNNw==&google_push=ATf1kGMMUn76Tt-Au5sG2TLsHtyZc1_dYxSUQZ0pL2diNRgdfu8V0bNxEjGwNUQjusqOs0FJBw9DxaLaraEACJqht-h5Gi_30aYD

170 B
188 B

18ms
18ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEhQQkFFWlgtMjQtNVBNNw==&google_push=ATf1kGMMUn76Tt-Au5sG2TLsHtyZc1_dYxSUQZ0pL2diNRgdfu8V0bNxEjGwNUQjusqOs0FJBw9DxaLaraEACJqht-h5Gi_30aYD

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEhQQkFFWlgtMjQtNVBNNw==&google_push=ATf1kGMMUn76Tt-Au5sG2TLsHtyZc1_dYxSUQZ0pL2diNRgdfu8V0bNxEjGwNUQjusqOs0FJBw9DxaLaraEACJqht-h5Gi_30aYD
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 5b959e9b7aef6dd90a6fa539ca64ac62
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame E1B2
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEHcTNlvqESKPS0amoxugak4&google_cver=1&google_push=ATf1kGOrhRq129bz9JcUPt2syrpFZgnPHgmU3NtjkfEdAuHziDFF6H_PvJoM2dUA2tRceAEvBj_h780pBF3vjODUi...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGOrhRq129bz9JcUPt2syrpFZgnPHgmU3NtjkfEdAuHziDFF6H_PvJoM2dUA2tRceAEvBj_h780pBF3vjODUi-BHtVrZA5lE&google_hm=GpsatGZHaeNOCZpHRJuw4U2V

170 B
188 B

19ms
19ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGOrhRq129bz9JcUPt2syrpFZgnPHgmU3NtjkfEdAuHziDFF6H_PvJoM2dUA2tRceAEvBj_h780pBF3vjODUi-BHtVrZA5lE&google_hm=GpsatGZHaeNOCZpHRJuw4U2V

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Mon, 15 May 2023 20:42:45 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGOrhRq129bz9JcUPt2syrpFZgnPHgmU3NtjkfEdAuHziDFF6H_PvJoM2dUA2tRceAEvBj_h780pBF3vjODUi-BHtVrZA5lE&google_hm=GpsatGZHaeNOCZpHRJuw4U2V
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap5ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H2 200 sync
ssbsync.smartadserver.com/api/ Frame E1B2 0
44 B 31ms
20ms Image
text/plain 185.86.139.93
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEFE3Aw1rOlM-_BW7nTU-7Pg&google_cver=1&google_push=ATf1kGP6dyDn3_4hq1d_0ZAdrt3kgQ0A5vC9S65BjLMLSVp4IFOQKfypQSi2_sOtuSHTX5AB5h1RbSxH0o5quyg6h7Laa81aeTe_
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.93 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-length: 0

GET
H2

200

/
onetag-sys.com/match/ Frame E1B2
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESELQXSGJqEpsDJB_bsWeFOf0&google_cver=1&google_push=ATf1kGOi3qCK6s_QBdztYCUc8l300FGj-TDvAP1sT22smbEDmJy3hxTaL-8uAZX_a_HVgkxEnvHeQieHI5Z...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGOi3qCK6s_QBdztYCUc8l300FGj-TDvAP1sT22smbEDmJy3hxTaL-8uAZX_a_HVgkxEnvHeQieHI5Zaz7y0ZTkhzrVHq6HmWQ
https://onetag-sys.com/match/?int_id=19&google_error=5

0
151 B

7ms
7ms

Image
text/plain

51.38.120.206
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

51.38.120.206 Hessen, Germany, ASN16276 (OVH, FR),

Reverse DNS

ip206.ip-51-38-120.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame E1B2 0
12 B 26ms
18ms Image
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KlVbEKKZRFn0CzZyHwePfYDA9vv9QR-98VlRyzv2kO3BFbvXseleGD8ltaCbk-AgCBWgmYVw

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 / Show response
adv.office-partner.de/ Frame F961 930 B
930 B 13ms
5ms Document
text/html 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900029.redintelligence.net
URL: https://hal900029.redintelligence.net/request.php?zone=yrsa821xsiee&nw=20&renderingType=javascript&namespace=42aed066a5&subid=&uid=d0636f983a8a3b7b&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3Dskd03Xwid3db0cPMclxdrw%26exch_seat%3D20035004448%26mt_aid%3D1811958071805038589%26mt_id%3D6622327%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D42296462-9945-4b01-b126-3a5e83bcf37d%26mt_cid%3D42296462-9945-4b01-b126-3a5e83bcf37d%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCsn9URJliZL-eJ_KS9fgPscejmATPh46bXMCG2YLGAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJ4AIAqAMBqgT5AU_Qor0h8qRafqfT5-vcktRwYA3cMl-diWvkxiKPi6BpXPT0CWTLu_DsHJbpsYUG36GtzShgv8gNv7X2IAdfaZ4e5TfZmMkUCeXLvxyKOeGn_1Kn6k1JoVuG25Vp7OoIziU9mSCMNWGz76x5vDX8YLiSo_LmMFP_1Da9GVPd5fokKTdIu_BeRgffzpXvhBXvh98O8dtUTRJRCxR0K-Y8pdJp8P6k_b42jYhPpd3wxa4VOxmNN3HgpBAYB3H6YMrh0U6mPZAOLYQA7GXCcyTXr7VrILXlKXoDsQzG56bivxaDGHWal_-5wdyGJklEePFvDJefsp_3tT9y0-AEAYAGs-n1-N_MwLi5AaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_2A3ttfVGF0WmwyLTaQbjC9xyH8rQ%2526client%253Dca-pub-7554793497192362%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fa8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&ancestorOrigins=null&random=5928069756083&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Mon, 15 May 2023 20:42:45 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Mon, 22 May 2023 20:42:45 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn-engine
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: defr

GET
H2

200

htlp Show response
futalis.de/ Frame 9D47
Redirect Chain

https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=38176200164363000951401012325029&ra_cnt_active=1&ra_cnt=1
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2724564333

350 B
400 B

60ms
15ms

Document
text/html

167.233.14.134
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2724564333
Requested by: Host: hal900029.redintelligence.net
URL: https://hal900029.redintelligence.net/request.php?zone=yrsa821xsiee&nw=20&renderingType=javascript&namespace=42aed066a5&subid=&uid=d0636f983a8a3b7b&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3Dskd03Xwid3db0cPMclxdrw%26exch_seat%3D20035004448%26mt_aid%3D1811958071805038589%26mt_id%3D6622327%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D42296462-9945-4b01-b126-3a5e83bcf37d%26mt_cid%3D42296462-9945-4b01-b126-3a5e83bcf37d%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCsn9URJliZL-eJ_KS9fgPscejmATPh46bXMCG2YLGAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJ4AIAqAMBqgT5AU_Qor0h8qRafqfT5-vcktRwYA3cMl-diWvkxiKPi6BpXPT0CWTLu_DsHJbpsYUG36GtzShgv8gNv7X2IAdfaZ4e5TfZmMkUCeXLvxyKOeGn_1Kn6k1JoVuG25Vp7OoIziU9mSCMNWGz76x5vDX8YLiSo_LmMFP_1Da9GVPd5fokKTdIu_BeRgffzpXvhBXvh98O8dtUTRJRCxR0K-Y8pdJp8P6k_b42jYhPpd3wxa4VOxmNN3HgpBAYB3H6YMrh0U6mPZAOLYQA7GXCcyTXr7VrILXlKXoDsQzG56bivxaDGHWal_-5wdyGJklEePFvDJefsp_3tT9y0-AEAYAGs-n1-N_MwLi5AaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_2A3ttfVGF0WmwyLTaQbjC9xyH8rQ%2526client%253Dca-pub-7554793497192362%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fa8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&ancestorOrigins=null&random=5928069756083&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 167.233.14.134 Hallbergmoos, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: lb-2.futalis.de
Software: /
Resource Hash: 582e283baa4cce4006055beb2eb8fe257c1ec5ef573a40f173b880636089e8cd

Request headers

Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 350
content-type: text/html; charset=utf-8

Redirect headers

content-length: 0
content-type: text/html; charset=utf-8
date: Mon, 15 May 2023 20:42:45 GMT
location: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2724564333
p3p: policyref="https://www.retailads.net/w3c/p3p.xml",CP="NOI CUR OUR STP"
server: Apache
xphp81: true

GET
H2 200 link.html Show response
track.webgains.com/ Frame 8C30 2 KB
2 KB 94ms
64ms Script
text/html 18.133.36.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=38176200164363000951401012325029&nw=1
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.133.36.104 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-133-36-104.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: 6b9d7cae8b70d4cd6beeb93cc0fbfd8778f94473c5e87299491f513bf3d7c9b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
last-modified: Mon, 15 May 2023 20:42:45 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Mon, 15 May 2023 20:43:45 GMT

GET
H/1.1 200
OK request_content.php Show response
hal900029.redintelligence.net/ Frame 64BB 7 KB
2 KB 38ms
11ms Document
text/html 88.99.219.174
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900029.redintelligence.net/request_content.php?s=38176200164363000951401012325029&a=a2ef41b5
Requested by: Host: hal900029.redintelligence.net
URL: https://hal900029.redintelligence.net/request.php?zone=yrsa821xsiee&nw=20&renderingType=javascript&namespace=42aed066a5&subid=&uid=d0636f983a8a3b7b&screenSize=0x0&screenSizeAvail=0x0&clientSize=0x0&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aadx&envData=&gdpr=1&gdpr_consent=li&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3Dskd03Xwid3db0cPMclxdrw%26exch_seat%3D20035004448%26mt_aid%3D1811958071805038589%26mt_id%3D6622327%26mt_adid%3D216536%26mt_sid%3D4562306%26mt_exid%3D4%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D42296462-9945-4b01-b126-3a5e83bcf37d%26mt_cid%3D42296462-9945-4b01-b126-3a5e83bcf37d%26mt_3pck%3Dhttps%253A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DCsn9URJliZL-eJ_KS9fgPscejmATPh46bXMCG2YLGAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJ4AIAqAMBqgT5AU_Qor0h8qRafqfT5-vcktRwYA3cMl-diWvkxiKPi6BpXPT0CWTLu_DsHJbpsYUG36GtzShgv8gNv7X2IAdfaZ4e5TfZmMkUCeXLvxyKOeGn_1Kn6k1JoVuG25Vp7OoIziU9mSCMNWGz76x5vDX8YLiSo_LmMFP_1Da9GVPd5fokKTdIu_BeRgffzpXvhBXvh98O8dtUTRJRCxR0K-Y8pdJp8P6k_b42jYhPpd3wxa4VOxmNN3HgpBAYB3H6YMrh0U6mPZAOLYQA7GXCcyTXr7VrILXlKXoDsQzG56bivxaDGHWal_-5wdyGJklEePFvDJefsp_3tT9y0-AEAYAGs-n1-N_MwLi5AaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_2A3ttfVGF0WmwyLTaQbjC9xyH8rQ%2526client%253Dca-pub-7554793497192362%2526adurl%253D%26redirect%3D&documentReferer=https%3A%2F%2Fa8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&ancestorOrigins=null&random=5928069756083&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.219.174 Falkenstein, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.174.219.99.88.clients.your-server.de
Software: Apache /
Resource Hash: 7dce1af26b89987a2c3d66673230823eccbc6e2dadc2ca608dbfea12b1c59f77

Request headers

Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2035
Content-Type: text/html; charset=utf-8
Date: Mon, 15 May 2023 20:42:45 GMT
Expires: Mon, 15 May 2023 21:42:45 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1

200
OK

inv.gif
img.tradedoubler.com/images/ Frame 8C30
Redirect Chain

https://impfr.tradedoubler.com/imp?type(inv)g(24495172)a(1565155)epi(38176200164363000951401012325029)912349334
https://img.tradedoubler.com/images/inv.gif

43 B
644 B

58ms
7ms

Image
image/gif

13.224.189.110
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.tradedoubler.com/images/inv.gif

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

HTTP/1.1

Server

13.224.189.110 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-189-110.fra2.r.cloudfront.net

Software

Apache /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
Date: Sat, 13 May 2023 03:02:28 GMT
Via: 1.1 3b02f73dccc5077f1ad544a27a475ed6.cloudfront.net (CloudFront)
X-Content-Type-Options: nosniff
X-Amz-Cf-Pop: FRA2-C1
Age: 554139
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Fri, 19 Nov 2004 15:35:04 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: image/gif
Accept-Ranges: bytes
X-Amz-Cf-Id: xl0x1DIOuFxRaE3HsSdTaY7FXj6CRLWkIfzDrl8UMuJsV8W_b5JgNw==

Redirect headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
via: 1.1 google
referrer-policy: origin
server: TXServerHttp
p3p: policyref="http://tracker.tradedoubler.com/w3c/p3p.xml",CP="NOI DSP COR NID CUR OUR NOR"
location: https://img.tradedoubler.com/images/inv.gif
access-control-allow-origin: *
content-type: text/html; charset=ISO-8859-1
cache-control: private, max-age=0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 248

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 0717 0
0 47ms
45ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssn5Y44asw7DX0EQHn7oLLD6Qap5z9PoJj3fFAfmr_MvSp6puRGA2GxK-9j-clHDH3nVYK8F2ybF2ZxH1J0okFGzVBmLk7LoX8vNoOzj8BhjFW125HO-1tK8uqouOxpAn-E6itsFfEo63V4oW-ocox88-4GNYq5KTwMavhv9k3JA8I9MaLMnVTUyuN_31QFFoRpNjtxT4Uo3upQ_VfO02pAcyEGw8FswOFRKnMhZmtu7-CYeLGLHBJWKcyhtECP0xMpeD4dbG_ih7Uy5jDteBA0POFVUSpdkgbaUTQsNbrALA9D62D1JHNHCaD6BKetq4IcG81kgIy24A&sai=AMfl-YQEnRWdN4wpynGvU1Feg5gYLpruErstDR6OnT-IgUI3nO3jO5u26taUC_WI4Mjfi5c7sP9dsDcdMCi_DEDssgpXnJdFsGkh4oO1jq1XhdP_QMIl-1yBwm7jXR3CRZc&sig=Cg0ArKJSzB5Xd8GP32WIEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 08cn5b8EVMSc5l6e1YWDk0jg24yFrQ2cZ845B_qPECM.js Show response
pagead2.googlesyndication.com/bg/ Frame 9504 37 KB
14 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/08cn5b8EVMSc5l6e1YWDk0jg24yFrQ2cZ845B_qPECM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d3c727e5bf0454c49ce65e9ed585839348e0db8c85ad0d9c67ce3907fa8f1023

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:38:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 247
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14732
x-xss-protection: 0
last-modified: Mon, 08 May 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 14 May 2024 20:38:38 GMT

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.40/one-ad/ Frame 30DB 103 KB
13 KB 20ms
20ms Stylesheet
text/css 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://as.ad4m.at/ad/style/0.1.40/one-ad/default.css
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1k94hv8sfhdtd9mmsrmpnhjq3h75v76892bpvxz0nh2b4ejs5qhdj3gf68fhq4rnpc48ppxbjd0bsek4a3ghzw7adync1nmde2j9ytn0dggmh8ahp604y44g6vgy1ahjdy3yv614g14tjr38agehdrj9akdr4ryanxym46twprn5tdage49xfezw396s13gv5hhncrsnv8gyrpentevthg8g91jypbf8r3k1c0w2f1n7n7bftbc1q0ghn1rc1qd7cp9zwm38bf70jtve7x7s2hfrmd0fjnwwasdx4qy9tj9s6rn3t45mbxzwww4jna3jk920jt68fqnyzgea8716fpxh2vt1hbztga71vv1x4v2x6m2ssgtjayc0re4f3430a4x0yncz0vdvppgmne7xetdvx6j83krmd47rff3rj510s5gzvzh60q35expy86gtw29nq4zjg4&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC04wERZliZKWkCoysbYzLt9AGkOGBhFy2qMKK8ALAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCakCuEm_tTNnsj7gAgCoAwGqBPgBT9D1hncuEGvr-5JJSltAD29RxLNPtO82ArmolBPnOycWps1XjPRURvA6sG1LN9_obUU_lRG9gkbNWpY-W1mub1ROlLbjBUFjlLBJ0NGlG-YoIbNzutp4zGS0TPG5GOS27kukMvs3H1dspf_UHa6pgu8jaBA1QwRPVgytVjkXqMmgAoupWp1emM4mIhsa_FcKMIniMyr9KkoRd8JZNWccCe1XxSHPWT83wse8-cW2-kxXGpvPONeo2V5XpH6ELmF5qOmcJHeQT0xFdZFhgYi48_277eP0LuvXn2zf_8PmFCerByyBt1n5_YX_j-hvVy8fLmdEum9nVz3gBAGABsTRnvTIgM68pQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3FB1mNWba4Er0x6X7fV_QthhgJ9A%26client%3Dca-pub-7554793497192362%26adurl%3D
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d77b5f2ca03eb8dab2acc515548b7b1ce7eeb4ca2189268552649e0391ee8c21

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/dr?ed=1k94hv8sfhdtd9mmsrmpnhjq3h75v76892bpvxz0nh2b4ejs5qhdj3gf68fhq4rnpc48ppxbjd0bsek4a3ghzw7adync1nmde2j9ytn0dggmh8ahp604y44g6vgy1ahjdy3yv614g14tjr38agehdrj9akdr4ryanxym46twprn5tdage49xfezw396s13gv5hhncrsnv8gyrpentevthg8g91jypbf8r3k1c0w2f1n7n7bftbc1q0ghn1rc1qd7cp9zwm38bf70jtve7x7s2hfrmd0fjnwwasdx4qy9tj9s6rn3t45mbxzwww4jna3jk920jt68fqnyzgea8716fpxh2vt1hbztga71vv1x4v2x6m2ssgtjayc0re4f3430a4x0yncz0vdvppgmne7xetdvx6j83krmd47rff3rj510s5gzvzh60q35expy86gtw29nq4zjg4&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC04wERZliZKWkCoysbYzLt9AGkOGBhFy2qMKK8ALAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCakCuEm_tTNnsj7gAgCoAwGqBPgBT9D1hncuEGvr-5JJSltAD29RxLNPtO82ArmolBPnOycWps1XjPRURvA6sG1LN9_obUU_lRG9gkbNWpY-W1mub1ROlLbjBUFjlLBJ0NGlG-YoIbNzutp4zGS0TPG5GOS27kukMvs3H1dspf_UHa6pgu8jaBA1QwRPVgytVjkXqMmgAoupWp1emM4mIhsa_FcKMIniMyr9KkoRd8JZNWccCe1XxSHPWT83wse8-cW2-kxXGpvPONeo2V5XpH6ELmF5qOmcJHeQT0xFdZFhgYi48_277eP0LuvXn2zf_8PmFCerByyBt1n5_YX_j-hvVy8fLmdEum9nVz3gBAGABsTRnvTIgM68pQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3FB1mNWba4Er0x6X7fV_QthhgJ9A%26client%3Dca-pub-7554793497192362%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-meta-goog-reserved-file-mtime: 1683559916
age: 623008
cf-polished: origSize=105839
x-guploader-uploadid: ADPycdv9IJsM9Nda_T-YCF8tGjLSR9_5GyrPWBCiXo7o_2KPFa29jeIDurPOQJdzBat54FnfGmUqvpjJPo5BCE2ydDX2ig
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Mon, 08 May 2023 15:32:28 GMT
server: cloudflare
etag: W/"44fa96b813e145cb8b915ae1fb6a3b7a"
vary: Accept-Encoding
x-goog-generation: 1683559948253618
content-type: text/css
x-goog-hash: crc32c=FELYSw==, md5=RPqWuBPhRcuLkVrh+2o7eg==
cache-control: public, max-age=3600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dLk5Hv%2FTiTrI9iNVTD7CRWXDL9oWCBNl3AetBRslldB67jKo%2Fmh2z4nCHzUumpJjNN9R10aPcV%2Bit%2F0lyczi2tVQtN0Q7ueqlPPVM6A765Na9LvVV8hbpAumu0cuhbKJ4Ike8O4lKZk%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 105839
cf-ray: 7c7e3594fa021c2c-FRA
expires: Mon, 15 May 2023 21:42:45 GMT

GET
H3 200 r62eglto.js Show response
ad4m.at/ Frame 30DB 25 KB
10 KB 23ms
17ms Script
application/javascript 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/r62eglto.js
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1k94hv8sfhdtd9mmsrmpnhjq3h75v76892bpvxz0nh2b4ejs5qhdj3gf68fhq4rnpc48ppxbjd0bsek4a3ghzw7adync1nmde2j9ytn0dggmh8ahp604y44g6vgy1ahjdy3yv614g14tjr38agehdrj9akdr4ryanxym46twprn5tdage49xfezw396s13gv5hhncrsnv8gyrpentevthg8g91jypbf8r3k1c0w2f1n7n7bftbc1q0ghn1rc1qd7cp9zwm38bf70jtve7x7s2hfrmd0fjnwwasdx4qy9tj9s6rn3t45mbxzwww4jna3jk920jt68fqnyzgea8716fpxh2vt1hbztga71vv1x4v2x6m2ssgtjayc0re4f3430a4x0yncz0vdvppgmne7xetdvx6j83krmd47rff3rj510s5gzvzh60q35expy86gtw29nq4zjg4&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC04wERZliZKWkCoysbYzLt9AGkOGBhFy2qMKK8ALAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCakCuEm_tTNnsj7gAgCoAwGqBPgBT9D1hncuEGvr-5JJSltAD29RxLNPtO82ArmolBPnOycWps1XjPRURvA6sG1LN9_obUU_lRG9gkbNWpY-W1mub1ROlLbjBUFjlLBJ0NGlG-YoIbNzutp4zGS0TPG5GOS27kukMvs3H1dspf_UHa6pgu8jaBA1QwRPVgytVjkXqMmgAoupWp1emM4mIhsa_FcKMIniMyr9KkoRd8JZNWccCe1XxSHPWT83wse8-cW2-kxXGpvPONeo2V5XpH6ELmF5qOmcJHeQT0xFdZFhgYi48_277eP0LuvXn2zf_8PmFCerByyBt1n5_YX_j-hvVy8fLmdEum9nVz3gBAGABsTRnvTIgM68pQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3FB1mNWba4Er0x6X7fV_QthhgJ9A%26client%3Dca-pub-7554793497192362%26adurl%3D
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2d5e67a38c9a11424cac19ce192c9fd124a6d74e64d3791a01561dbd3e39c0b4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 14 Mar 2023 13:45:21 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 351407
etag: W/"fcb2a26b07bd76d9a925cae661d6d94d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QHtMvSLSKEtZbuMu8KCghHB33ZxmpQ%2FKI5uVMDR41wG8dVd%2BsuaMCUyyL3q5wzgu6Dtvbvqqhe1qo%2B898OVugYEWbOfguRtb%2FZlbf9jXAW0Y2bc3fuj03Tcpv2rdgRQNngoJXXk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
cf-ray: 7c7e3594fa101c2c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Tue, 09 May 2023 13:46:06 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame C218 0
127 B 26ms
9ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=ulqlw1w-_Msrj2KhV7kRWTmL5LmeYpJoiCbUg6fEtcVzHcJO4JqXx6e1VlFN66rVwnl2TrRXMzgYWdifUH1Kv2GrBboARm4AD9sZM5JuUhCLkCYr-gTzJIpcX6I7KUvDm2PdyIvXlscOr7WDdM2_KvtWauUfh-lewGBrjGZOuXIGB_BhVCAf81dn3Gq5f35NU8CFNKp9SOhvs0AgYiBd5ceLrkiQixMKLoOq8a9RUrPZ8AWUT2c7rpUz6fw&sds=2&rev=86118.2&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 15 May 2023 20:42:45 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame C218 2 KB
1 KB 31ms
12ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:45 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame C218 2 KB
1 KB 29ms
11ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:45 GMT

GET
DATA 200
OK truncated
/ Frame 3738 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a720496c2abaf03ae96da1c52a4ff0277a88fba49778e5958c0fdd37efbbfba4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK verify.js Show response
rtb0.doubleverify.com/ Frame 34A1 1 KB
923 B 139ms
26ms Script
text/javascript 130.211.44.5
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb0.doubleverify.com/verify.js?flvr=0&jsCallback=__verify_callback_533020628324&jsTagObjCallback=__tagObject_callback_533020628324&num=6&ctx=11655933&cmp=2661572&plc=64253744&sid=1523392&advid=&adsrv=&unit=728x90&isdvvid=&uid=533020628324&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&nav_pltfrm=Win32&dvp_strhd=0.20&dvpx_strhd=0.20&brid=3&brver=113&bridua=3&dup=null&ppid=111&auevent=0&auadv=165376&aucmp=2661572&aucrtv=58775236&auorder=84037586&auplc=9041754&auadid=1523392&aufilter1=165376&autt=1&c1=VF-DE+Deutschland&c2=DE_23_AO_P_W_G_M_emm-215-cre----per-nta--Tracking-SIMONLY&c3=PD_BC-215-nta-all-PRE-Tracking&c4=simonly_pre_doubledata_230427_728x90&c5=DV360-donotuse1&c6=1617446&c7=DV360+(Media)&c10=DV360_PO_AL_NONE_SBN_CM_nta-all-tracking&srcurlD=0&ssl=1&refD=1&htmlmsging=1&tstype=128&prr=1&m1=13&noc=4&fcifrms=22&brh=3&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=165&eparams=DC4FC%3Dl9EEADTbpTauTauHHH%5D%3F6HE%3A%3E6D%5D4%40%5DCHTauU2%3F4r92%3A%3Fl9EEADTbpTauTauHHH%5D%3F6HE%3A%3E6D%5D4%40%5DCHTar9EEADTbpTauTau2ge_b552_2gffadc7_b5ac27%605bb%6046g%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3E&dvp_exetime=5.00&aubndl=&audeal=&c8=&turl=&c9=&callbackName=__verify_callback_533020628324
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal117.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.44.5 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 5.44.211.130.bc.googleusercontent.com
Software: /
Resource Hash: 9e3918ffc62d5c1eee4056fc38483ff1f44fc93688fe1c69f7f2dacc8df26ef3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:46 GMT
Content-Encoding: br
X-DV-Response: 1
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=0
Connection: keep-alive
Timing-Allow-Origin: *
Expires: 05/14/2023 20:42:46

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame EEBF 0
0 51ms
50ms Fetch
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=COVuzRZliZPngGfGB9fgPyLu5uAqQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE7wFP0MBKN3Ow-R0wtaCGbLMJeaZeL-SwA_Q3zDdbTa0gn6Im6nt4GWlZHyD77-yJvlD8OhGsRba0y5JcYvDzKQo7hmgqhMSQswxkR-RSBz5RUZtm542kZOpyiss0GFnIjcjBihR0kvgu34LNy7nEDf8ueR3D4s8joPtRz8uncpkzITZ_V4kzP1RwxJdFIZuRXFbNivpjMMskpPrmjBhbfc6aqNSjqP0CEcBsJE6oHoNe8P62aJ4M6c8rTSBEySTh4fOBSIBOMNC09tlsq7C1uDnISflC_z3-UxzPKUfzM_dvn0JD2U_7TCoRctmip_CWHeAEAYAGzui6xZWzjYKnAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgECACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItNzU1NDc5MzQ5NzE5MjM2Mhj8oHI&sigh=hMbrxCXn2ro&uach_m=[UACH]&cid=CAQSPABygQiDHwQvsLaWo3nUvWXrUoT4QZYqpXbcxJwh1npc0nqTPGGLDO_Y15dlIUQSiVIgMKiay447qOS4fBgB
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

GET
H3 204 winResponse
prod-rtb.ad4mat.net/ Frame EEBF 0
0 22ms
18ms Fetch
image/gif 2600:1901:0:76b9::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-rtb.ad4mat.net/winResponse?a=1hkk3py7vsp8xg6apn3pwjwvk9xsm1p0q456qfx5ab6t9bjhmz1319r9q8r411t15agtzncjfpt9zqzq3hr6jqtyecsckmxzejz6bfdb6evv8pbktd18defp9dx8yxqcv0bswrttc90yvzh0fjn7w45bbwfvhe5g3sqczavqt7ed4fr87sdmqng9f52t8vn2jstgs4a9c09frfxfksjszabxrah3776pzmf1gmcveqea80nqbv1h2ht9703jx34a1z5w0be96ehmhmhcs1241ay9gaxhadaftcpaxq0vb0q6zdp76j2qa9bk7epead3wqag79yvs7ya07anbw6h2bksj50n4xmb03d3s3c45nd9r02j7ymhjn0300zzdpym05sv8pn4xfv8k2z90&b=ZGKZRQAGcHkJHUDxAA5dyISIvd7Eatt6UwPc-A
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2600:1901:0:76b9:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 15 May 2023 20:42:45 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: image/gif

GET
H3 200 dr Show response
as.ad4m.at/ad/ Frame DC05 2 KB
2 KB 33ms
28ms Document
text/html 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/dr?ed=1k1qk00rm203jhvf8577vvf6fexgqpa8mpzz6a2k0sv6z6yq2amh6a1qjqtb0ahw2bg02cpd2c1dy7kh95k9m8b8gw5bxpdxcy05em5g8g69ek4pwm3vv6qapd0z9evgkn99c02gvfhp4jwn4t7q61nndn9aa0atv0kgqcmdbcpacatebd2yq7fnhtng3207tarb92sthdt5e8bbkmer07vedw30brszyx0bvqh63w74gzsfzzt9eyet7fmcxsbdshskntf82dbg1dm5hry9y24bn5s3pwkypabahc4v9fmgazbtknav78v01r6z55w163v0ams2jdnksdtn9gp6t92mt1dnyhrxnhbqbwspdn7d3rtt8g672239vvv28awy6hgjy4rft7cffzcvapqbx0tb2q49y9w8005nvy0pk2hz9tf2kkrhhgdeaamnyrq3ddvapb01fm&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCLBwtRZliZPngGfGB9fgPyLu5uAqQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE8gFP0MBKN3Ow-R0wtaCGbLMJeaZeL-SwA_Q3zDdbTa0gn6Im6nt4GWlZHyD77-yJvlD8OhGsRba0y5JcYvDzKQo7hmgqhMSQswxkR-RSBz5RUZtm542kZOpyiss0GFnIjcjBihR0kvgu34LNy7nEDf8ueR3D4s8joPtRz8uncpkzITZ_V4kzP1RwxJdFIZuRXFbNivpjMMskpPrmjBhbfc6aqNSjqP0CEcBsJE6oHoNe8P62aJ4M6c8rTSBEySTh4fOBSIBOMNC09tkuqZEnb8BPCTHFt6skGo49EFP5nv1Bh5_DGwZptL4PXsF3e2_W1ZvHZOAEAYAGzui6xZWzjYKnAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1UwXbSGyKJWUMZzdC1BdIH98xNkA%26client%3Dca-pub-7554793497192362%26adurl%3D

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1359dd3d9b9ec1eb8874305a5bf2393a0059e57d7de12cb20e1927c17bd4c0db

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-src ;img-src data:;manifest-src 'none';media-src 'none';object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7c7e35954a661c2c-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-src *;img-src * data:;manifest-src 'none';media-src 'none';object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:45 GMT
expires: 0
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/ Frame EEBF 3 KB
1 KB 12ms
8ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/window_focus_fy2021.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 18:31:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7894
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 May 2023 18:31:11 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame AAEF 1 KB
643 B 12ms
8ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34712
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 11:04:13 GMT
etag: 48472445140208031
expires: Tue, 16 May 2023 11:04:13 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/ Frame EEBF 19 KB
8 KB 12ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230510/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

01dcaf85f2ae23a30115cf4a663e90b4a507dc688c4c17f9ebddc3cf19fee780

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 12:20:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 30107
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7937
x-xss-protection: 0
server: cafe
etag: 2499949999788435271
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 May 2023 12:20:58 GMT

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame EEBF 24 KB
6 KB 13ms
9ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Fri, 12 May 2023 14:52:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 280230
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 11 May 2024 14:52:15 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame EEBF 169 KB
52 KB 82ms
78ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fdc79b8c47c6d5c20def82fa5f6a91e3cbe3057bff3f8b14b5c2c71dc9b57ec4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53545
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1683718549123860"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 15 May 2023 20:42:46 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 62E9 1 KB
643 B 10ms
8ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34712
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 11:04:13 GMT
etag: 48472445140208031
expires: Tue, 16 May 2023 11:04:13 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK verify.js Show response
rtb0.doubleverify.com/ Frame 9151 1 KB
924 B 94ms
26ms Script
text/javascript 130.211.44.5
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb0.doubleverify.com/verify.js?flvr=0&jsCallback=__verify_callback_194562501199&jsTagObjCallback=__tagObject_callback_194562501199&num=6&ctx=11655933&cmp=1699623&plc=63096195&sid=1366186&advid=&adsrv=&unit=728x90&isdvvid=&uid=194562501199&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&nav_pltfrm=Win32&dvp_strhd=0.10&dvpx_strhd=0.10&brid=3&brver=113&bridua=3&dup=null&ppid=111&auevent=0&auadv=165376&aucmp=1699623&aucrtv=58044479&auorder=1495266&auplc=10546188&auadid=1366186&aufilter1=165376&autt=1&c1=VF-DE+Deutschland&c2=DE_23_AO_P_C_G_M_cic-215-cre----per-apl-dive-Tracking-PER&c3=RT_PD_C-215-mul-stc-ret&c4=i14pro_pre_20p_230404_1456x180&c5=Doubleclick+DBM&c6=1447160&c7=Doubleclick+DBM+(Media)&c10=Adform_AO_AL_None_BNR_CM_mul-stc-Pre-Tracking&srcurlD=0&ssl=1&refD=1&htmlmsging=1&tstype=128&prr=1&m1=13&noc=4&fcifrms=22&brh=3&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=165&eparams=DC4FC%3Dl9EEADTbpTauTauHHH%5D%3F6HE%3A%3E6D%5D4%40%5DCHTauU2%3F4r92%3A%3Fl9EEADTbpTauTauHHH%5D%3F6HE%3A%3E6D%5D4%40%5DCHTar9EEADTbpTauTau2ge_b552_2gffadc7_b5ac27%605bb%6046g%5DD2767C2%3E6%5D8%40%408%3D6DJ%3F5%3A42E%3A%40%3F%5D4%40%3E&dvp_exetime=2.30&aubndl=&audeal=&c8=&turl=&c9=&callbackName=__verify_callback_194562501199
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal117.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.44.5 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 5.44.211.130.bc.googleusercontent.com
Software: /
Resource Hash: 6830cab957b385629f34f0e1cd176c249375be5ba307ce6ec1e85b192098b4f0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:46 GMT
Content-Encoding: br
X-DV-Response: 1
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=0
Connection: keep-alive
Timing-Allow-Origin: *
Expires: 05/14/2023 20:42:46

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 8615 1 KB
643 B 7ms
6ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34713
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 11:04:13 GMT
etag: 48472445140208031
expires: Tue, 16 May 2023 11:04:13 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 css
fonts.googleapis.com/ Frame 6E9E 5 KB
682 B 18ms
17ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Requested by

Host: hal900030.redintelligence.net
URL: https://hal900030.redintelligence.net/request_content.php?s=52485300187141600951401012325030&a=50fbfd5e

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

30ece5ac4e330eb0d7d2f0ff3096f914def5a156abfd9f6f0352d03bcf40311b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900030.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 15 May 2023 20:42:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 15 May 2023 18:56:46 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 15 May 2023 20:42:46 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 6E9E 90 KB
90 KB 36ms
14ms Image
image/png 136.243.149.243
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=300&height=200&url=https://cdn.contentspread.net/24i/advertiser/23333/creativesup/1200x627_Matthias.jpg
Requested by: Host: hal900030.redintelligence.net
URL: https://hal900030.redintelligence.net/request_content.php?s=52485300187141600951401012325030&a=50fbfd5e
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.149.243 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.243.149.243.136.clients.your-server.de
Software: Apache /
Resource Hash: 1c8e3fef0c262beff7660dce66d6e4329ffdc293c2fb9b0bbc614eec3db17c01

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900030.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 20:42:46 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 6E9E 81 KB
81 KB 36ms
12ms Image
image/png 136.243.149.243
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=300&height=200&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal900030.redintelligence.net
URL: https://hal900030.redintelligence.net/request_content.php?s=52485300187141600951401012325030&a=50fbfd5e
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.149.243 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.243.149.243.136.clients.your-server.de
Software: Apache /
Resource Hash: 0f7e62ad12c151131fc348d23cb4cb0f66bdda6c4710ac44de3090e7f2e8ef5b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900030.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 20:42:46 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 6E9E 69 KB
69 KB 36ms
13ms Image
image/png 136.243.149.243
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=300&height=200&url=https://cdn.contentspread.net/24i/advertiser/55487/creativesup/1200x627.jpg
Requested by: Host: hal900030.redintelligence.net
URL: https://hal900030.redintelligence.net/request_content.php?s=52485300187141600951401012325030&a=50fbfd5e
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.149.243 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.243.149.243.136.clients.your-server.de
Software: Apache /
Resource Hash: de8cf49bb686972e8b8cf4e7c2156bbb340da75e1d4c3ddabe1578e2d5195a24

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900030.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 20:42:46 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 83DE 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 72924098ac79c3e04b1178fa39f2149ec5b726057cffca2cfe0e67a2e297a33c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 8C30 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b38cf97403913a9bb6db37db631333a033152ceaf711f75eaf6c961eeab882cf

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 9523 2 KB
1 KB 13ms
12ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=ZGKZRQAB8KIKGwwPAAkv7WpDA1XoHvfw0cfnFQ&u=%7CCjy03sQgDewdxswuMjwDBMv%2BN6rdIt5F8yK3MmqJ4ro%3D%7C&c1=d4_i42wbpE2NRhSHxThdXdeadzG9gosNy44cDHK1QYNdJ71gdyCWvw29y1GxtacI6iVoVnLQ5srUOwC-sDBJIjvRCy3Ss-BiCTuGilNUvwWXY4YDk7Zbj5VHzU2BFzbcIGmzIARkWam377qyCiMcTVOCTmk5Q6ZaAGKxmBU6hH6fNjlv4L8mgHmepDq-HGad-02atCu_ICvP0RU-JQv0LOQo1shj4QzUKX2wKQ7G8GUrAtnG-p3A2JmP6aHZaccG6wGitVsQKtZ-0kvmggLeQ74rzxT1WqBdCrQAAO2cznXcTp2U0bTKhvOZSjqHQAH1YiYEGmN5j41OZ0UyZgTGDLPnyQYje2FfWO8-CwSMW_FebYS0iw4M4XWuBiXkg4G0s4jPscLXx4HX7ngmALovxIfLDWeNdOACtoyLQ1LCTF_-j-AAOwHj0cpToJBmQZNiaU2xsH5M9yrsR1WTqmuUQB_wPQ2lVASB6osCCMw1Gb5xZ8kctXE0rzpwrP76CvjVmyg_CZpVP-b7EIwlx1LdjyxFhgoAK3_fM9AA_9C_e2Ae_Ba9-iuXY9ic0Z9rbRUY3ymTKWrFiDNcMR8t_cn0Xb82ylHyzTtfUyztG-O97-VWDQ6-ps-B869-bAzDuCUe&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-jzDRZliZKLhB4-YbO3fpNgFyZ7SsVzVnZH3cMCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE-AFP0G_T-xvPRLJOkgWtEkBsjKeRoX2-iNGEN9yrsdtgEeq193HOyzxKXPMD6ClUzeaZJamXk1ruva6fpqcg6QBfADLfpWbOavvHvnTD9N-vp-TPqw_A3f6Tg4WSplZ-4qgU9mLrnnw9uaobeCCX_Ole3WrdJA3W9q14_Wxb50LTToXEr6fJmyYPqQ2BfklBq18QTiRfKqAAFJwVBiR3_oRL8IPc_7jsLt6wlv3srZbmLERp1NlqIw1f7IM_8jwd2V98ANCjBjYxsANREiH6ZgZSH2XbLjePPaMwZ1SnXCMjDwHMaG3coPOZ8iH3PK2HBGOLod9uNcFCz-AEAYAGkc2kmrDP-vWdAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1UwaM-Dodi4-aXDk0JpnfB9FWvpw%26client%3Dca-pub-7554793497192362%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:46 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:46 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame 9523 2 KB
1 KB 14ms
14ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:46 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:46 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 9523 308 B
636 B 15ms
13ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:46 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Thu, 09 May 2024 20:42:46 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 9523 293 B
621 B 22ms
20ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:46 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Thu, 09 May 2024 20:42:46 GMT

GET
H2 200 lg.php
cat.fr3.eu.criteo.com/delivery/ Frame 9523 43 B
347 B 20ms
18ms Image
image/gif 178.250.7.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.fr3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=2VJEXJTf_M2yoDUfVFEMIP-ZYpbWwu4ESbyFD_4md9PYRIpuhJkLZyfvDTE8ihWjEZ0CNMZv1MJbYIfAidwI2DkD0knnNT6gKcPUob6zIAHPSozuN095ChPbJ0VUh6jdQVLibyrK-p2JZwNdlPrmR6cRPcj-oAqYsdtXlIiQWB3v7IyAKp3grCTsUMP685i3GOOPwctg0TlV4I9rrYpMX1UQ1DEFJyprabfhjCgBtP_lIAev2bcrBTA_kW64fPneoYEuvxJAmYLClwEjKaSfyc09IDRsmlEOGedlzGOVnJK4Yliz13H5IuE9EsAWT4UTr3Raq-gQ9rpDH71h9kFMVRmP7ik76bchmOztjaOY-Z6M0sJb9BYeRjEn7ntu8vxWUPvNEIwH-ZjbKS6CJoFH3GPHbP_S_efoeuQ0ws9p5zXLHsTG

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1672912
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3

200

B29933196.366647091;dc_pre=CIybnvqX-P4CFY_0EQgd9HILYg;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=64629945fe176bbb5197db1fa2d924f5;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tf...
ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/ Frame 9523
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/B29933196.366647091;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=64629945fe176bbb5197db1fa2d924f5;dc_lat=;dc_rdid=;tag_for_...
https://ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/B29933196.366647091;dc_pre=CIybnvqX-P4CFY_0EQgd9HILYg;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=64629945fe176bbb5197db1f...

42 B
63 B

24ms
24ms

Image
image/gif

142.250.186.38
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/B29933196.366647091;dc_pre=CIybnvqX-P4CFY_0EQgd9HILYg;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=64629945fe176bbb5197db1fa2d924f5;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=1;;ltd=;dc_tdv=1?

Requested by

Protocol

Server

142.250.186.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad.doubleclick.net/ddm/trackimp/N346010.154378CRITEO1/B29933196.366647091;dc_pre=CIybnvqX-P4CFY_0EQgd9HILYg;dc_trk_aid=557212508;dc_trk_cid=191446037;dcopt=anid;ord=64629945fe176bbb5197db1fa2d924f5;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=1;;ltd=;dc_tdv=1?
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 4debdac53ee04751bc04e558cff50a52_image_ad_728x90.png
static.criteo.net/design/dt/102052/230505/ Frame 9523 121 KB
122 KB 21ms
19ms Image
image/png 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/design/dt/102052/230505/4debdac53ee04751bc04e558cff50a52_image_ad_728x90.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

e9f4804016ce37219673d8ff2f1720cf85d410d80f25c30c95d2c63af87b356c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:46 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 05 May 2023 09:28:27 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "6454cc3b-1e5b2"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 124338
expires: Thu, 09 May 2024 20:42:46 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 64BB 5 KB
682 B 18ms
16ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Requested by

Host: hal900029.redintelligence.net
URL: https://hal900029.redintelligence.net/request_content.php?s=38176200164363000951401012325029&a=a2ef41b5

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

30ece5ac4e330eb0d7d2f0ff3096f914def5a156abfd9f6f0352d03bcf40311b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900029.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 15 May 2023 20:42:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 15 May 2023 19:28:25 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 15 May 2023 20:42:46 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 64BB 83 KB
83 KB 147ms
123ms Image
image/png 136.243.149.243
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=300&height=200&url=https://cdn.contentspread.net/24i/advertiser/23333/creativesup/WW-Native-1200x627.jpeg
Requested by: Host: hal900029.redintelligence.net
URL: https://hal900029.redintelligence.net/request_content.php?s=38176200164363000951401012325029&a=a2ef41b5
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.149.243 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.243.149.243.136.clients.your-server.de
Software: Apache /
Resource Hash: 7415786522c29f25daf05496a7df8f6a594d951b4a4db25845a0cca22b244380

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900029.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 20:42:46 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 64BB 81 KB
81 KB 34ms
12ms Image
image/png 136.243.149.243
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=300&height=200&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal900029.redintelligence.net
URL: https://hal900029.redintelligence.net/request_content.php?s=38176200164363000951401012325029&a=a2ef41b5
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.149.243 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.243.149.243.136.clients.your-server.de
Software: Apache /
Resource Hash: 0f7e62ad12c151131fc348d23cb4cb0f66bdda6c4710ac44de3090e7f2e8ef5b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900029.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 20:42:46 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 64BB 69 KB
69 KB 35ms
13ms Image
image/png 136.243.149.243
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=300&height=200&url=https://cdn.contentspread.net/24i/advertiser/55487/creativesup/1200x627.jpg
Requested by: Host: hal900029.redintelligence.net
URL: https://hal900029.redintelligence.net/request_content.php?s=38176200164363000951401012325029&a=a2ef41b5
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.149.243 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.243.149.243.136.clients.your-server.de
Software: Apache /
Resource Hash: de8cf49bb686972e8b8cf4e7c2156bbb340da75e1d4c3ddabe1578e2d5195a24

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900029.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 20:42:46 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: image/png

GET
H2 200 ts.js Show response
cdn.retailads.net/ Frame DD75 5 KB
5 KB 10ms
9ms Script
application/javascript 2a01:4f8:d0a:2321::2
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.retailads.net/ts.js
Requested by: Host: futalis.de
URL: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2724564331
Protocol: H2
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 2a01:4f8:d0a:2321::2 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: Apache /
Resource Hash: 525e7c89461afb3f73ea7030fbceba4f9e9383570159926acee637b4f86b8148

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://futalis.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:46 GMT
last-modified: Wed, 05 Apr 2023 20:14:46 GMT
server: Apache
etag: "1416-5f89c717cdc2f"
content-type: application/javascript
xphp81: true
accept-ranges: bytes
content-length: 5142

GET
H2 200 ts.js Show response
cdn.retailads.net/ Frame 9D47 5 KB
5 KB 10ms
9ms Script
application/javascript 2a01:4f8:d0a:2321::2
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.retailads.net/ts.js
Requested by: Host: futalis.de
URL: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2724564333
Protocol: H2
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 2a01:4f8:d0a:2321::2 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: Apache /
Resource Hash: 525e7c89461afb3f73ea7030fbceba4f9e9383570159926acee637b4f86b8148

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://futalis.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:46 GMT
last-modified: Wed, 05 Apr 2023 20:14:46 GMT
server: Apache
etag: "1416-5f89c717cdc2f"
content-type: application/javascript
xphp81: true
accept-ranges: bytes
content-length: 5142

GET
DATA 200
OK truncated
/ Frame 24A2 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e2b4a9403148c10a8dc4f4a7740a235d1c8baf4bf87cc1c0cd23de4b03f27d51

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.40/one-ad/ Frame DC05 103 KB
13 KB 22ms
22ms Stylesheet
text/css 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://as.ad4m.at/ad/style/0.1.40/one-ad/default.css
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1k1qk00rm203jhvf8577vvf6fexgqpa8mpzz6a2k0sv6z6yq2amh6a1qjqtb0ahw2bg02cpd2c1dy7kh95k9m8b8gw5bxpdxcy05em5g8g69ek4pwm3vv6qapd0z9evgkn99c02gvfhp4jwn4t7q61nndn9aa0atv0kgqcmdbcpacatebd2yq7fnhtng3207tarb92sthdt5e8bbkmer07vedw30brszyx0bvqh63w74gzsfzzt9eyet7fmcxsbdshskntf82dbg1dm5hry9y24bn5s3pwkypabahc4v9fmgazbtknav78v01r6z55w163v0ams2jdnksdtn9gp6t92mt1dnyhrxnhbqbwspdn7d3rtt8g672239vvv28awy6hgjy4rft7cffzcvapqbx0tb2q49y9w8005nvy0pk2hz9tf2kkrhhgdeaamnyrq3ddvapb01fm&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCLBwtRZliZPngGfGB9fgPyLu5uAqQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE8gFP0MBKN3Ow-R0wtaCGbLMJeaZeL-SwA_Q3zDdbTa0gn6Im6nt4GWlZHyD77-yJvlD8OhGsRba0y5JcYvDzKQo7hmgqhMSQswxkR-RSBz5RUZtm542kZOpyiss0GFnIjcjBihR0kvgu34LNy7nEDf8ueR3D4s8joPtRz8uncpkzITZ_V4kzP1RwxJdFIZuRXFbNivpjMMskpPrmjBhbfc6aqNSjqP0CEcBsJE6oHoNe8P62aJ4M6c8rTSBEySTh4fOBSIBOMNC09tkuqZEnb8BPCTHFt6skGo49EFP5nv1Bh5_DGwZptL4PXsF3e2_W1ZvHZOAEAYAGzui6xZWzjYKnAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1UwXbSGyKJWUMZzdC1BdIH98xNkA%26client%3Dca-pub-7554793497192362%26adurl%3D
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d77b5f2ca03eb8dab2acc515548b7b1ce7eeb4ca2189268552649e0391ee8c21

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/dr?ed=1k1qk00rm203jhvf8577vvf6fexgqpa8mpzz6a2k0sv6z6yq2amh6a1qjqtb0ahw2bg02cpd2c1dy7kh95k9m8b8gw5bxpdxcy05em5g8g69ek4pwm3vv6qapd0z9evgkn99c02gvfhp4jwn4t7q61nndn9aa0atv0kgqcmdbcpacatebd2yq7fnhtng3207tarb92sthdt5e8bbkmer07vedw30brszyx0bvqh63w74gzsfzzt9eyet7fmcxsbdshskntf82dbg1dm5hry9y24bn5s3pwkypabahc4v9fmgazbtknav78v01r6z55w163v0ams2jdnksdtn9gp6t92mt1dnyhrxnhbqbwspdn7d3rtt8g672239vvv28awy6hgjy4rft7cffzcvapqbx0tb2q49y9w8005nvy0pk2hz9tf2kkrhhgdeaamnyrq3ddvapb01fm&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCLBwtRZliZPngGfGB9fgPyLu5uAqQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE8gFP0MBKN3Ow-R0wtaCGbLMJeaZeL-SwA_Q3zDdbTa0gn6Im6nt4GWlZHyD77-yJvlD8OhGsRba0y5JcYvDzKQo7hmgqhMSQswxkR-RSBz5RUZtm542kZOpyiss0GFnIjcjBihR0kvgu34LNy7nEDf8ueR3D4s8joPtRz8uncpkzITZ_V4kzP1RwxJdFIZuRXFbNivpjMMskpPrmjBhbfc6aqNSjqP0CEcBsJE6oHoNe8P62aJ4M6c8rTSBEySTh4fOBSIBOMNC09tkuqZEnb8BPCTHFt6skGo49EFP5nv1Bh5_DGwZptL4PXsF3e2_W1ZvHZOAEAYAGzui6xZWzjYKnAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1UwXbSGyKJWUMZzdC1BdIH98xNkA%26client%3Dca-pub-7554793497192362%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:46 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-meta-goog-reserved-file-mtime: 1683559916
age: 623009
cf-polished: origSize=105839
x-guploader-uploadid: ADPycdv9IJsM9Nda_T-YCF8tGjLSR9_5GyrPWBCiXo7o_2KPFa29jeIDurPOQJdzBat54FnfGmUqvpjJPo5BCE2ydDX2ig
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Mon, 08 May 2023 15:32:28 GMT
server: cloudflare
etag: W/"44fa96b813e145cb8b915ae1fb6a3b7a"
vary: Accept-Encoding
x-goog-generation: 1683559948253618
content-type: text/css
x-goog-hash: crc32c=FELYSw==, md5=RPqWuBPhRcuLkVrh+2o7eg==
cache-control: public, max-age=3600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J38gPuyAcnJpZPaRgZH4pdb%2BQMCG6t7fa5zlKoz9gJlOhmcwXKYPjjTKohRUVePqA3BG2GbAh8DVPjx5XEtfkAhQ4IuyBDhGk9BDnNkuY8TjoPALAi2dyfm%2F%2BHrPpp%2Frld7Iwv%2BuOI0%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 105839
cf-ray: 7c7e35966be41c2c-FRA
expires: Mon, 15 May 2023 21:42:46 GMT

GET
H3 200 r62eglto.js Show response
ad4m.at/ Frame DC05 25 KB
10 KB 21ms
20ms Script
application/javascript 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/r62eglto.js
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1k1qk00rm203jhvf8577vvf6fexgqpa8mpzz6a2k0sv6z6yq2amh6a1qjqtb0ahw2bg02cpd2c1dy7kh95k9m8b8gw5bxpdxcy05em5g8g69ek4pwm3vv6qapd0z9evgkn99c02gvfhp4jwn4t7q61nndn9aa0atv0kgqcmdbcpacatebd2yq7fnhtng3207tarb92sthdt5e8bbkmer07vedw30brszyx0bvqh63w74gzsfzzt9eyet7fmcxsbdshskntf82dbg1dm5hry9y24bn5s3pwkypabahc4v9fmgazbtknav78v01r6z55w163v0ams2jdnksdtn9gp6t92mt1dnyhrxnhbqbwspdn7d3rtt8g672239vvv28awy6hgjy4rft7cffzcvapqbx0tb2q49y9w8005nvy0pk2hz9tf2kkrhhgdeaamnyrq3ddvapb01fm&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCLBwtRZliZPngGfGB9fgPyLu5uAqQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE8gFP0MBKN3Ow-R0wtaCGbLMJeaZeL-SwA_Q3zDdbTa0gn6Im6nt4GWlZHyD77-yJvlD8OhGsRba0y5JcYvDzKQo7hmgqhMSQswxkR-RSBz5RUZtm542kZOpyiss0GFnIjcjBihR0kvgu34LNy7nEDf8ueR3D4s8joPtRz8uncpkzITZ_V4kzP1RwxJdFIZuRXFbNivpjMMskpPrmjBhbfc6aqNSjqP0CEcBsJE6oHoNe8P62aJ4M6c8rTSBEySTh4fOBSIBOMNC09tkuqZEnb8BPCTHFt6skGo49EFP5nv1Bh5_DGwZptL4PXsF3e2_W1ZvHZOAEAYAGzui6xZWzjYKnAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1UwXbSGyKJWUMZzdC1BdIH98xNkA%26client%3Dca-pub-7554793497192362%26adurl%3D
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2d5e67a38c9a11424cac19ce192c9fd124a6d74e64d3791a01561dbd3e39c0b4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:46 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 14 Mar 2023 13:45:21 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 351408
etag: W/"fcb2a26b07bd76d9a925cae661d6d94d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YksOSvdumDV6C74sJwubX2OdJ1ZhLc2mSLxJBvcprxRrLAglRsJOnWJrfcQeTB6GxfOOhN%2F82r9q%2Bsp7S%2B2htyXE1FKu6DOO1k%2B2m9lBK2sxR0uUaHUSm%2B48gGBZRn46KKdGN5s%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
cf-ray: 7c7e35966be51c2c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Tue, 09 May 2023 13:46:06 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9091
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEPYbpoVJNDFNoQ42PDag9UQ&google_cver=1&google_push=ATf1kGNXD--ZjP6EBrekgxrQiHvniJjMGDKj9dPCUgclJ9wtVZJamYxvPz...
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=ATf1kGNXD--ZjP6EBrekgxrQiHvniJjMGDKj9dPCUgclJ9wtVZJamYxvPzDB7Fle2S4ShNirpH1Wh2fomZMkmT5Pd6miiAaymG35EoPHBSYzO0ndtQsrFm9TYng...

170 B
188 B

19ms
18ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=ATf1kGNXD--ZjP6EBrekgxrQiHvniJjMGDKj9dPCUgclJ9wtVZJamYxvPzDB7Fle2S4ShNirpH1Wh2fomZMkmT5Pd6miiAaymG35EoPHBSYzO0ndtQsrFm9TYng0V0uOi0qmJWHTs099qefN&google_hm=skAkrLmaK9CZOexuwIUP_A

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=ATf1kGNXD--ZjP6EBrekgxrQiHvniJjMGDKj9dPCUgclJ9wtVZJamYxvPzDB7Fle2S4ShNirpH1Wh2fomZMkmT5Pd6miiAaymG35EoPHBSYzO0ndtQsrFm9TYng0V0uOi0qmJWHTs099qefN&google_hm=skAkrLmaK9CZOexuwIUP_A
pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
strict-transport-security: max-age=86400
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame 9091 43 B
362 B 15ms
13ms Image
image/gif 178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DPUSH_DATA&google_gid=CAESEKW5RyA_gKOz3FlQvmotDhE&google_cver=1&google_push=ATf1kGPV0qUOeZkEByeMxhVyTwRq0t4T267OAZHAq5IWF79z_g2Lqnqru9ADIdsrTpVUklBVE9CgrY57brRQpcaUhgWNW47EFG3B9B6D-jY2r-w4_U0bv2owJ7donjA7lGo7fobhf-yNgHgj

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 222596
expires: Mon, 15 May 2023 00:00:00 GMT

GET
H3 200 dds
rtb.openx.net/sync/ Frame 9091 43 B
58 B 16ms
15ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEJktBEQvC-6pnzoSTsKdE-Y&google_cver=1&google_push=ATf1kGNeUm8WnxsjM-GJS61jdCi2nm7xJlaxeFUBirtC1bWJ5_4pA5SyP9SwMjggsEJpxO9trYNkAAq7xKM0Ng7DxTyizrmNOPr8Yi-zed8rJF_bNToRS4j60mmPgTSGf-o3cUo7q_uNOMnk
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9091
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=aJjOlCjATtuCC6jq3t8sIA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

20ms
18ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=aJjOlCjATtuCC6jq3t8sIA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGNjCLGj1dKQF1PDj7-ljFxg5eS1FcI5FzJ6dtt90mMSKJLm6kGTa5IabKHDNnmGuVLaXKg0iUeVAYSFyn4MjaGOlcqZ7mJeo2HreLp7dS8jN06M_BzjsKhqaZ7NcAMEJkRYFSWwt2Ml

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=aJjOlCjATtuCC6jq3t8sIA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGNjCLGj1dKQF1PDj7-ljFxg5eS1FcI5FzJ6dtt90mMSKJLm6kGTa5IabKHDNnmGuVLaXKg0iUeVAYSFyn4MjaGOlcqZ7mJeo2HreLp7dS8jN06M_BzjsKhqaZ7NcAMEJkRYFSWwt2Ml
date: Mon, 15 May 2023 20:42:45 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9091
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEG-r3gCok_CQ6HTKS-rezLU&google_cver=1&google_push=ATf1kGPSGdAuurXdwK8XZOe1qwG08jmIQpvvENKJOxQp3e_gXAT39mMAPzucuhjHWkMHZn5OgxM...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEhQQkFFWlgtMjQtNVBNNw==&google_push=ATf1kGPSGdAuurXdwK8XZOe1qwG08jmIQpvvENKJOxQp3e_gXAT39mMAPzucuhjHWkMHZn5OgxMGVLbOnX1xeSiWeo2APJYbzF9PN...

170 B
188 B

19ms
18ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEhQQkFFWlgtMjQtNVBNNw==&google_push=ATf1kGPSGdAuurXdwK8XZOe1qwG08jmIQpvvENKJOxQp3e_gXAT39mMAPzucuhjHWkMHZn5OgxMGVLbOnX1xeSiWeo2APJYbzF9PNLlPUwN21l1xcwcPY4xEwF_6WDrIqR_ppf-Kg66sIt8

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEhQQkFFWlgtMjQtNVBNNw==&google_push=ATf1kGPSGdAuurXdwK8XZOe1qwG08jmIQpvvENKJOxQp3e_gXAT39mMAPzucuhjHWkMHZn5OgxMGVLbOnX1xeSiWeo2APJYbzF9PNLlPUwN21l1xcwcPY4xEwF_6WDrIqR_ppf-Kg66sIt8
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 5b959e9b7aef6dd90a6fa539ca64ac62
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9091
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESELghKnXhXdIiJ2YGroFYnAU&google_cver=1&google_push=ATf1kGPin8lMp7e346YcaTnekHAZVfP22n5W3ZZI39GuTOfXjCju_HZ-1EqgNHFukmI4nKbJAc5phrgEur7r4XPsXb8PqnMz1q...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDY0NTM4NjM3NTk5NDc4ODc5ODQz&google_push=ATf1kGPin8lMp7e346YcaTnekHAZVfP22n5W3ZZI39GuTOfXjCju_HZ-1EqgNHFu...

170 B
188 B

18ms
17ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDY0NTM4NjM3NTk5NDc4ODc5ODQz&google_push=ATf1kGPin8lMp7e346YcaTnekHAZVfP22n5W3ZZI39GuTOfXjCju_HZ-1EqgNHFukmI4nKbJAc5phrgEur7r4XPsXb8PqnMz1qQDZiuyJWVVJ9kdYtixrA7LHracw3TEbMjWziDUdglkXFU

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDY0NTM4NjM3NTk5NDc4ODc5ODQz&google_push=ATf1kGPin8lMp7e346YcaTnekHAZVfP22n5W3ZZI39GuTOfXjCju_HZ-1EqgNHFukmI4nKbJAc5phrgEur7r4XPsXb8PqnMz1qQDZiuyJWVVJ9kdYtixrA7LHracw3TEbMjWziDUdglkXFU
date: Mon, 15 May 2023 20:42:46 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 sync
ssbsync.smartadserver.com/api/ Frame 9091 0
44 B 18ms
17ms Image
text/plain 185.86.139.93
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEFE3Aw1rOlM-_BW7nTU-7Pg&google_cver=1&google_push=ATf1kGNy9tRG6v-XhdAAZVuuvY3uXe5zUyDa4P2epq8RYWL3FcnJxf9ZVdPU85P1TEVGR0dLy1GR6Nj-X5Y1OdrU8e5iv-qPPMe0uWiA9J17P0dNxrpHnfwF_bE8M_WcJNRg_jc_SJqwimGO
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.93 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 9091 0
12 B 15ms
14ms Image
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Lbn_ESu1m6XZN_9Xed8yneXxUyVY8wJ_fL1fsyy_Ewc8V1GsaNkPCm17YOjKvSWLKs4Om_

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:46 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ Frame 4AD0 109 KB
42 KB 16ms
16ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7ef5d3b920fd544781be8b46e4d6a161a1b4d48132f3baf5353de113a1a4d001

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:46 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42739
x-xss-protection: 0
last-modified: Mon, 15 May 2023 18:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 15 May 2023 20:42:46 GMT

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ Frame F961 109 KB
42 KB 17ms
16ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

233d78f023d1fc60dd75c66081b51c2554146c58c84b72db46c48f41088b7cd5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:46 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42740
x-xss-protection: 0
last-modified: Mon, 15 May 2023 18:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 15 May 2023 20:42:46 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 06E4 0
0 45ms
45ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstQpgeQ6A0JnOL4DW959uC-KVKaCCDI8RcgJP6dEFenjAEJUN3k5n6UD7S21jfBFsDWABtcM_F4okPI3zV9pp_6bMJmQh5COyrB5JlIzxVZxDeLe7pgN2e6ydnNz2qctRsXiZWoTzsDMJYvzm-XHG4GyIolYa8X53oxcteAIm1h4l0m7r-zBHtrw-0dMMq4USQ7ILSujFIHaaIRPsktYlGjGI2kq89T9DGufRmfljLMZ8YVCSDMLH3vwgCxeVriq_LDVSTYOczIj0QHY0DFPtr_-ESRcj_NOGizIIWYd28dBOHf3TtYiJ3OnwMgQyIgo3zwaTQQo7-Cdw&sai=AMfl-YRUatTjATZHKxMsiaS_P7ZF6ERq0oLS671dSVnMmMqhLVyxxfwlO8URVtLlokx_917wW7aFvd6gRc8-7V6rSvHCUjk7EOxiWqassZAg38qKQ_Qzty-gC9q-gzV7XCI&sig=Cg0ArKJSzGuqZbTJHcipEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:46 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 0717 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 08eb0b76b3ff067c15793863861b784f9b92b017402e156cf86c2d7410be6b85

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 c.js Show response
assets.a-mo.net/js/ Frame 50DA 48 KB
19 KB 66ms
21ms Script
text/javascript 2606:4700::6813:9e13
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.a-mo.net/js/c.js?rj=rtbx
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6813:9e13 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 49b2428c2d1e0b1b8a92e5189f0306451a73a881a74a8abc0789420530f68252

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:46 GMT
via: 1.1 ebfea1c8ef298b6d415684e80825a276.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
x-amz-cf-pop: EWR52-C1
age: 416
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Tue, 02 May 2023 02:28:36 GMT
server: cloudflare
etag: W/"8dab73a8a72c266203f0cb7b26d1a853"
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
cf-ray: 7c7e35976d3e3a85-FRA
x-amz-cf-id: l3r65Si6JiGoaeQIXrtCWnRJ15pJ45Aby4qnJFHq7KwleZU9qV4EYw==
expires: Mon, 15 May 2023 21:42:46 GMT

GET
H/1.1 200
OK trk.js Show response
cdn.adnxs.com/v/s/232/ Frame 50DA 80 KB
28 KB 657ms
214ms Script
application/x-javascript 151.101.65.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adnxs.com/v/s/232/trk.js
Requested by: Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: c93c88a9b0ecf4b158610988b79ffdc52501b1e995f14eb4dfc09c7eb9c3f6de

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Expires: Thu, 25 Apr 2024 08:42:19 GMT
Date: Mon, 15 May 2023 20:42:46 GMT
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Age: 1684828
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 27631
X-Served-By: cache-lga21975-LGA, cache-gig2250020-GIG
Last-Modified: Wed, 26 Apr 2023 08:42:13 GMT
Server: AkamaiNetStorage
X-Timer: S1684183367.819503,VS0,VE0
ETag: "c342094e8bdad308ac07817d751fb315:1682498533.672161"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000
Accept-Ranges: bytes
X-Cache-Hits: 81, 810679

GET
H/1.1 200
OK it
fra1-ib.adnxs.com/ Frame 50DA 0
934 B 61ms
30ms Image
text/html 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fra1-ib.adnxs.com/it?an_audit=0&referrer=http%253A%252F%252Fwww.newtimes.co.rw%252F&e=wqT_3QKeBPBMHgIAAAMA1gAFAQjEsoqjBhDUvIP7p7WgmUsY4Nzyj6uy6tsQKjYJhjP4NBt3wz8R8jBScvN9wj8ZAAAAwPUoCkAh8jBScvN9wj8phjMJJMAxAAAA4FG4vj8w5OWUCjjYDECuYUi7A1AAWKaYlAFgAGjn1Ap4AIABAYoBA1VTRJIBAQb0PgGYAawCoAHYBKgBAbABALgBAcABBcgBAtABANgBAOABAPABANgCxwTgApu0B-oCGmh0dHA6Ly93d3cubmV3dGltZXMuY28ucncvgAMAiAMBkAMAmAMXoAMBqgMkGhM1NDE4NTM1ODcwOTYxNjA2MjI4KgNhbXg6CDY0MzA2MTc2wAOsAsgDANgDj8dT4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDjEzOC4xOTkuMzguMTM0qAQAsgQQCAAQARisAiDYBCgAMAA4ArgEAMAEAMgEANoEAggB4AQB8AQAiAUBmAUAoAX6oYnNrJDk-hHABQDJBQAAAAAAAPA_0gUJCQAAAAAAAAAA2AUA4AUB8AUA-gUECAAQAJAGAJgGALgGAMEGAAAAAAAA8D_aBhYKEAAAAAAAAAAABRSAAAAAEAAYAOAGAfIGAggAgAcBiAcAmAcBoAcByAcA0gcNFV8BJwzaBwYIBQlo4AcA6gcCCADwB4fjAooIAhAAlQgAAIA_mAgB&s=4d5080586434de43bec950d164d45984931c51b1

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/prebid-universal-creative@latest/dist/creative.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:46 GMT
AN-X-Request-Uuid: 829877e0-c555-460e-a2ee-ac5337bcbfad
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK viewability Show response
hal900030.redintelligence.net/ Frame 6E9E 0
150 B 38ms
14ms Script
text/html 136.243.149.243
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900030.redintelligence.net/viewability?s=52485300187141600951401012325030&a=7d6b5eb0&vb=m
Requested by: Host: hal900030.redintelligence.net
URL: https://hal900030.redintelligence.net/request_content.php?s=52485300187141600951401012325030&a=50fbfd5e
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.149.243 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.243.149.243.136.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900030.redintelligence.net/request_content.php?s=52485300187141600951401012325030&a=50fbfd5e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 20:42:46 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D69B
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEIQ7tlHHMVpLNTV_oMKvZss&google_cver=1&google_push=ATf1kGOHs-By671b2umu4heVM53D6xhvuG8xLzz5FQx9Ekhi8gxKlb7yifUUyPcBB9BE1wbVsiVt6B54JtM-dPuJ...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=QilkYplFSwGxJjpeg7zzfQ&google_push=ATf1kGOHs-By671b2umu4heVM53D6xhvuG8xLzz5FQx9Ekhi8gxKlb7yifUUyPcBB9BE1wbVsiVt6B54JtM-dPuJhWWt4cjA...

170 B
188 B

18ms
18ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=QilkYplFSwGxJjpeg7zzfQ&google_push=ATf1kGOHs-By671b2umu4heVM53D6xhvuG8xLzz5FQx9Ekhi8gxKlb7yifUUyPcBB9BE1wbVsiVt6B54JtM-dPuJhWWt4cjA70bS

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Mon, 15 May 2023 20:42:46 GMT
Server: MT3 851 9bd98ae master pao-pixel-x19 config_version:"unknown"
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=QilkYplFSwGxJjpeg7zzfQ&google_push=ATf1kGOHs-By671b2umu4heVM53D6xhvuG8xLzz5FQx9Ekhi8gxKlb7yifUUyPcBB9BE1wbVsiVt6B54JtM-dPuJhWWt4cjA70bS
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Mon, 15 May 2023 20:42:45 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D69B
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEJ2ueJKrMhCAQwaqZIJQxQI&google_cver=1&google_push=ATf1kGO3hYZgBCJs7qhHNHSS2XHR6iPrk15Ozaxa2RRWsj4t2vursp1T4bn_HV50Xaj-LWX4KNnQ-qdbgDynoB3YIzPVcJfm5_0
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=A22ABC9E77424ED6B170286A8A1A3AAE&google_push=ATf1kGO3hYZgBCJs7qhHNHSS2XHR6iPrk15Ozaxa2RRWsj4t2vursp1T4bn_HV50Xaj-LWX4KNnQ-qdbgDynoB3...

170 B
188 B

18ms
18ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=A22ABC9E77424ED6B170286A8A1A3AAE&google_push=ATf1kGO3hYZgBCJs7qhHNHSS2XHR6iPrk15Ozaxa2RRWsj4t2vursp1T4bn_HV50Xaj-LWX4KNnQ-qdbgDynoB3YIzPVcJfm5_0

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 15 May 2023 20:42:46 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=A22ABC9E77424ED6B170286A8A1A3AAE&google_push=ATf1kGO3hYZgBCJs7qhHNHSS2XHR6iPrk15Ozaxa2RRWsj4t2vursp1T4bn_HV50Xaj-LWX4KNnQ-qdbgDynoB3YIzPVcJfm5_0
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Sun, 14 May 2023 20:42:46 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D69B
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESENxAkvn7GgkL1X_U9e5U7cs&google_cver=1&google_push=ATf1kGOSFbbTOd0AvAjAqBeV2fA3lptnsAzZRN_Xhf4MeI2B20fexRXKNYpMrpPoo_IAttLs8-Amg2gZ8buYeq116s3X_66...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ATf1kGOSFbbTOd0AvAjAqBeV2fA3lptnsAzZRN_Xhf4MeI2B20fexRXKNYpMrpPoo_IAttLs8-Amg2gZ8buYeq116s3X_66REzJx

170 B
188 B

17ms
17ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ATf1kGOSFbbTOd0AvAjAqBeV2fA3lptnsAzZRN_Xhf4MeI2B20fexRXKNYpMrpPoo_IAttLs8-Amg2gZ8buYeq116s3X_66REzJx

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=ATf1kGOSFbbTOd0AvAjAqBeV2fA3lptnsAzZRN_Xhf4MeI2B20fexRXKNYpMrpPoo_IAttLs8-Amg2gZ8buYeq116s3X_66REzJx
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D69B
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEG-r3gCok_CQ6HTKS-rezLU&google_cver=1&google_push=ATf1kGMIV3Sn2_wNmVlJUyIekJAcJzMnw4p8DTXbQjCZtiqjce0hyyK3cpadbNvSRfJUGU3krgw...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEhQQkFFWlgtMjQtNVBNNw==&google_push=ATf1kGMIV3Sn2_wNmVlJUyIekJAcJzMnw4p8DTXbQjCZtiqjce0hyyK3cpadbNvSRfJUGU3krgwq8KuexjG-87Zoe_EKO66qGt1x

170 B
188 B

18ms
18ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEhQQkFFWlgtMjQtNVBNNw==&google_push=ATf1kGMIV3Sn2_wNmVlJUyIekJAcJzMnw4p8DTXbQjCZtiqjce0hyyK3cpadbNvSRfJUGU3krgwq8KuexjG-87Zoe_EKO66qGt1x

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEhQQkFFWlgtMjQtNVBNNw==&google_push=ATf1kGMIV3Sn2_wNmVlJUyIekJAcJzMnw4p8DTXbQjCZtiqjce0hyyK3cpadbNvSRfJUGU3krgwq8KuexjG-87Zoe_EKO66qGt1x
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 5b959e9b7aef6dd90a6fa539ca64ac62
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D69B
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEHyVjsheMpGIXOOYl4QaQ-k&google_cver=1&google_push=ATf1kGMTB4Ck3qAySsD9PXh7gVBNQdAUq-DcpwjY4tReLy-XkLegcVIR7NOreT-3NZtjnZL1Q-n-36mP8jHmkPig...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ATf1kGMTB4Ck3qAySsD9PXh7gVBNQdAUq-DcpwjY4tReLy-XkLegcVIR7NOreT-3NZtjnZL1Q-n-36mP8jHmkPigs44D1q9IjeRc

170 B
188 B

17ms
16ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ATf1kGMTB4Ck3qAySsD9PXh7gVBNQdAUq-DcpwjY4tReLy-XkLegcVIR7NOreT-3NZtjnZL1Q-n-36mP8jHmkPigs44D1q9IjeRc

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 15 May 2023 20:42:46 GMT
via: 1.1 747e99d9d8c5e29fdc713cf866bc3f82.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA56-C2
x-cache: FunctionGeneratedResponse from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ATf1kGMTB4Ck3qAySsD9PXh7gVBNQdAUq-DcpwjY4tReLy-XkLegcVIR7NOreT-3NZtjnZL1Q-n-36mP8jHmkPigs44D1q9IjeRc
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: J5jRLAZlloVJtS7k9AqonQN7Bb87fpoXGAUCwaoTlfgs2A9cLYR7qA==

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D69B
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESELQXSGJqEpsDJB_bsWeFOf0&google_cver=1&google_push=ATf1kGNyE55ilPF7mGPaO9NM3ajvY0rWClZUdnhj_0DbAbL-met9CCJMRpOGx9wkDQOBSeo9OQZOVjxzW3-X...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGNyE55ilPF7mGPaO9NM3ajvY0rWClZUdnhj_0DbAbL-met9CCJMRpOGx9wkDQOBSeo9OQZOVjxzW3-X5OjlneD5SD3LtBTW

170 B
188 B

18ms
18ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGNyE55ilPF7mGPaO9NM3ajvY0rWClZUdnhj_0DbAbL-met9CCJMRpOGx9wkDQOBSeo9OQZOVjxzW3-X5OjlneD5SD3LtBTW

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGNyE55ilPF7mGPaO9NM3ajvY0rWClZUdnhj_0DbAbL-met9CCJMRpOGx9wkDQOBSeo9OQZOVjxzW3-X5OjlneD5SD3LtBTW
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D69B
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESELghKnXhXdIiJ2YGroFYnAU&google_cver=1&google_push=ATf1kGO152Iat7sizeGikSH1yNOibZNz0sh5YY13_y6mXy22BAqi7J-bhsVNDKA3ElmmZVOmN9-1Q5vEOHBmh0Ci_g65UA9wWTQ
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDY0NTM4NjM3NTk5NDc4ODc5ODQz&google_push=ATf1kGO152Iat7sizeGikSH1yNOibZNz0sh5YY13_y6mXy22BAqi7J-bhsVNDKA3...

170 B
188 B

19ms
19ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDY0NTM4NjM3NTk5NDc4ODc5ODQz&google_push=ATf1kGO152Iat7sizeGikSH1yNOibZNz0sh5YY13_y6mXy22BAqi7J-bhsVNDKA3ElmmZVOmN9-1Q5vEOHBmh0Ci_g65UA9wWTQ

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDY0NTM4NjM3NTk5NDc4ODc5ODQz&google_push=ATf1kGO152Iat7sizeGikSH1yNOibZNz0sh5YY13_y6mXy22BAqi7J-bhsVNDKA3ElmmZVOmN9-1Q5vEOHBmh0Ci_g65UA9wWTQ
date: Mon, 15 May 2023 20:42:46 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame D69B 0
12 B 21ms
20ms Image
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KsawcqH46OQZsWNMU3E9w8oOe1U4qQ9nTX6n0jZ3B-KzPACm1bMjqonUsIzPzZIWObyvHX

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:46 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

POST
H2 200 all
csm.eu.criteo.net/ Frame 9523 0
127 B 20ms
13ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=TwGNO1w-_Msrj2KhdtPJsCUJiB2I1c9tf6eC5ZJ5UG2schAQKVXgCsIyYHQqWwXkJLh7rxcNmBdQ66LFc2w4rza2ASTZZy0lnAT8u0lOmyCUUeDes-B-3ghXMklHPUKRw185IEqOUzR5ymtZlC-Bi7y6eBm4r0u0cFkGwKoQ3QfUGxpOpDxxfFR_AvBPT0s0vxPUucas8nwlTa0Xjqh4zaiqQSTD9B5aKweZPTDXkq-vbvtaya2S0gRWec-RDPdtGga_bg&sds=2&rev=86437&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 15 May 2023 20:42:45 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 9523 2 KB
1 KB 20ms
13ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:46 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:46 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 9523 2 KB
1 KB 21ms
13ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:46 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:46 GMT

POST
H/1.1 204
No Content bsevent.gif
rtbc-ew1.doubleverify.com/ Frame 34A1 0
234 B 46ms
20ms Ping
text/plain 130.211.44.5
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://rtbc-ew1.doubleverify.com/bsevent.gif?flvr=0&impid=26ed9e323f984300a54496e2d3756979&vfdur=140&cbust=1684183366300169
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal117.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.44.5 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 5.44.211.130.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Pragma: no-cache
Date: Mon, 15 May 2023 20:42:46 GMT
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true
Connection: keep-alive
Expires: 05/14/2023 20:42:46

GET
H3 200 dcmads.js Show response
www.googletagservices.com/dcm/ Frame 34A1 16 KB
7 KB 11ms
7ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal117.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7bc0c4519150a490750c0f9f77857d5af952bca0bad56e3db6d24bd79f18b4e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:00:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2554
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6883
x-xss-protection: 0
last-modified: Wed, 15 Feb 2023 19:52:36 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Mon, 15 May 2023 21:00:12 GMT

POST
H/1.1 204
No Content bsevent.gif
rtbc-ew1.doubleverify.com/ Frame 9151 0
234 B 56ms
15ms Ping
text/plain 130.211.44.5
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://rtbc-ew1.doubleverify.com/bsevent.gif?flvr=0&impid=c8a4c73c01244e8a828029d6fc7c1a2b&vfdur=95&cbust=1684183366307336
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal117.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.44.5 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 5.44.211.130.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Pragma: no-cache
Date: Mon, 15 May 2023 20:42:46 GMT
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true
Connection: keep-alive
Expires: 05/14/2023 20:42:46

GET
H3 200 dcmads.js Show response
www.googletagservices.com/dcm/ Frame 9151 16 KB
7 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal117.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7bc0c4519150a490750c0f9f77857d5af952bca0bad56e3db6d24bd79f18b4e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:00:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2554
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6883
x-xss-protection: 0
last-modified: Wed, 15 Feb 2023 19:52:36 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Mon, 15 May 2023 21:00:12 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame AAEF
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEJ2ueJKrMhCAQwaqZIJQxQI&google_cver=1&google_push=ATf1kGNPjwwfIOdW3BrfixrInfmHfe1lQl5ajzv7oALuGy9CoB18hBwudRonRDj6D_aSDKTe-UpVfo0GGiQiNxRGI4U8uvVDxYXBrQ
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=A22ABC9E77424ED6B170286A8A1A3AAE&google_push=ATf1kGNPjwwfIOdW3BrfixrInfmHfe1lQl5ajzv7oALuGy9CoB18hBwudRonRDj6D_aSDKTe-UpVfo0GGiQiNxR...

170 B
188 B

20ms
20ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=A22ABC9E77424ED6B170286A8A1A3AAE&google_push=ATf1kGNPjwwfIOdW3BrfixrInfmHfe1lQl5ajzv7oALuGy9CoB18hBwudRonRDj6D_aSDKTe-UpVfo0GGiQiNxRGI4U8uvVDxYXBrQ

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 15 May 2023 20:42:46 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=A22ABC9E77424ED6B170286A8A1A3AAE&google_push=ATf1kGNPjwwfIOdW3BrfixrInfmHfe1lQl5ajzv7oALuGy9CoB18hBwudRonRDj6D_aSDKTe-UpVfo0GGiQiNxRGI4U8uvVDxYXBrQ
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Sun, 14 May 2023 20:42:46 GMT

GET
H3 200 dds
rtb.openx.net/sync/ Frame AAEF 43 B
58 B 23ms
16ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEJktBEQvC-6pnzoSTsKdE-Y&google_cver=1&google_push=ATf1kGPS5Vgt-evVayB6oQMzUCrxQHiIMqz3R2foaFd6v7a4MMIAUP4aC02Wuhep0I_Jv6qlDI-aXLBeI_MD_IooKTJvhw19vAR4Kw
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame AAEF
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=aJjOlCjATtuCC6jq3t8sIA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

20ms
19ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=aJjOlCjATtuCC6jq3t8sIA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGNHO_La9FRhrzuXi4nYJ0q7abiz2yno6fMsqBmp0SYjkWjK810keb1rtQ0lxYjTCojU3toaMoqBh52fe6q5iFcNoaGEESWEtA

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=aJjOlCjATtuCC6jq3t8sIA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGNHO_La9FRhrzuXi4nYJ0q7abiz2yno6fMsqBmp0SYjkWjK810keb1rtQ0lxYjTCojU3toaMoqBh52fe6q5iFcNoaGEESWEtA
date: Mon, 15 May 2023 20:42:46 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame AAEF
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEG-r3gCok_CQ6HTKS-rezLU&google_cver=1&google_push=ATf1kGPpz0fjnZDaKwgWlBfpcQE4Bu6E6diHXSOs0FIYWrsqqTOUUQxII8-43aq2VgDG6rK38I-...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEhQQkFFWlgtMjQtNVBNNw==&google_push=ATf1kGPpz0fjnZDaKwgWlBfpcQE4Bu6E6diHXSOs0FIYWrsqqTOUUQxII8-43aq2VgDG6rK38I-73z3T3a2lCcOkDWB04xQtwEYeMA

170 B
188 B

18ms
17ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEhQQkFFWlgtMjQtNVBNNw==&google_push=ATf1kGPpz0fjnZDaKwgWlBfpcQE4Bu6E6diHXSOs0FIYWrsqqTOUUQxII8-43aq2VgDG6rK38I-73z3T3a2lCcOkDWB04xQtwEYeMA

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEhQQkFFWlgtMjQtNVBNNw==&google_push=ATf1kGPpz0fjnZDaKwgWlBfpcQE4Bu6E6diHXSOs0FIYWrsqqTOUUQxII8-43aq2VgDG6rK38I-73z3T3a2lCcOkDWB04xQtwEYeMA
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 5b959e9b7aef6dd90a6fa539ca64ac62
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame AAEF
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEHyVjsheMpGIXOOYl4QaQ-k&google_cver=1&google_push=ATf1kGPqzvPVqr8Uy5ppbiLhNvpGkyjbf7l1B9OuzHK88VRC95G7Pr8fUrM4t8-arhZ0BMHgEhGijdnKIBYC0Mmb...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ATf1kGPqzvPVqr8Uy5ppbiLhNvpGkyjbf7l1B9OuzHK88VRC95G7Pr8fUrM4t8-arhZ0BMHgEhGijdnKIBYC0MmbjpgfloDc01t1Vw

170 B
188 B

16ms
16ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ATf1kGPqzvPVqr8Uy5ppbiLhNvpGkyjbf7l1B9OuzHK88VRC95G7Pr8fUrM4t8-arhZ0BMHgEhGijdnKIBYC0MmbjpgfloDc01t1Vw

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 15 May 2023 20:42:46 GMT
via: 1.1 747e99d9d8c5e29fdc713cf866bc3f82.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA56-C2
x-cache: FunctionGeneratedResponse from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ATf1kGPqzvPVqr8Uy5ppbiLhNvpGkyjbf7l1B9OuzHK88VRC95G7Pr8fUrM4t8-arhZ0BMHgEhGijdnKIBYC0MmbjpgfloDc01t1Vw
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: SEm9P8vQZ9plhOr8YbS2xfnB07H1ZmselimVsaVzX--cutHnR9pRRg==

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame AAEF
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESELghKnXhXdIiJ2YGroFYnAU&google_cver=1&google_push=ATf1kGNvrJXCK6Bcvah7dML7Zuy2djdbydWGoNSEAs5cJ4DhpXctcHEwCTFFSRH9lEQ5v48qO6dShkFGN0211CXCVDkVg_moDA...
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDY0NTM4NjM3NTk5NDc4ODc5ODQz&google_push=ATf1kGNvrJXCK6Bcvah7dML7Zuy2djdbydWGoNSEAs5cJ4DhpXctcHEwCTFFSRH9...

170 B
188 B

17ms
17ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDY0NTM4NjM3NTk5NDc4ODc5ODQz&google_push=ATf1kGNvrJXCK6Bcvah7dML7Zuy2djdbydWGoNSEAs5cJ4DhpXctcHEwCTFFSRH9lEQ5v48qO6dShkFGN0211CXCVDkVg_moDAaYQg

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDY0NTM4NjM3NTk5NDc4ODc5ODQz&google_push=ATf1kGNvrJXCK6Bcvah7dML7Zuy2djdbydWGoNSEAs5cJ4DhpXctcHEwCTFFSRH9lEQ5v48qO6dShkFGN0211CXCVDkVg_moDAaYQg
date: Mon, 15 May 2023 20:42:46 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 sync
ssbsync.smartadserver.com/api/ Frame AAEF 0
44 B 23ms
16ms Image
text/plain 185.86.139.93
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEFE3Aw1rOlM-_BW7nTU-7Pg&google_cver=1&google_push=ATf1kGN66e-uRrpwD77ZUne03SH_jqJ8WNvI-YmVSXR2JXvFyP8gMJ4E4J2sX9O56NsDza9_DnOwfjcoh-NNgTfDt2d9IKoR02eoug
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.93 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame AAEF 0
12 B 20ms
15ms Image
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KBe5JI9p7zj7HYi41RI2Ba3bcguzd6tsdce-MW1u2BvByyXcVdTN1FFAbPgot8DpEC8Oq2

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:46 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H/1.1 200
OK viewability Show response
hal900029.redintelligence.net/ Frame 64BB 0
150 B 36ms
12ms Script
text/html 88.99.219.174
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900029.redintelligence.net/viewability?s=38176200164363000951401012325029&a=01c9f7c8&vb=m
Requested by: Host: hal900029.redintelligence.net
URL: https://hal900029.redintelligence.net/request_content.php?s=38176200164363000951401012325029&a=a2ef41b5
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.219.174 Falkenstein, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.174.219.99.88.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900029.redintelligence.net/request_content.php?s=38176200164363000951401012325029&a=a2ef41b5
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 20:42:46 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 62E9
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEPYbpoVJNDFNoQ42PDag9UQ&google_cver=1&google_push=ATf1kGP4AkFJ5ozvh6zXQ_V2uMqZro27j1snwr5pOcIqIItAb_SP7FZPLg...
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=ATf1kGP4AkFJ5ozvh6zXQ_V2uMqZro27j1snwr5pOcIqIItAb_SP7FZPLgUw-2bbZy2_c2IJEic2AHS0w0j1G2uFlNnPJrmS4fK2&google_hm=skAkrLmaK9CZ...

170 B
188 B

19ms
18ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=ATf1kGP4AkFJ5ozvh6zXQ_V2uMqZro27j1snwr5pOcIqIItAb_SP7FZPLgUw-2bbZy2_c2IJEic2AHS0w0j1G2uFlNnPJrmS4fK2&google_hm=skAkrLmaK9CZOexuwIUP_A

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=ATf1kGP4AkFJ5ozvh6zXQ_V2uMqZro27j1snwr5pOcIqIItAb_SP7FZPLgUw-2bbZy2_c2IJEic2AHS0w0j1G2uFlNnPJrmS4fK2&google_hm=skAkrLmaK9CZOexuwIUP_A
pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
strict-transport-security: max-age=86400
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 62E9
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=aJjOlCjATtuCC6jq3t8sIA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

21ms
21ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=aJjOlCjATtuCC6jq3t8sIA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGM2Xkqgv1TIFmxIBiMakrdNH9mqAxlxtZfpSzZISIb6_myIfpL6dDlxXLrqM2cFRPcaUVbhMG4o-CA6ASodAU_GEmeq16sL

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=aJjOlCjATtuCC6jq3t8sIA%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=ATf1kGM2Xkqgv1TIFmxIBiMakrdNH9mqAxlxtZfpSzZISIb6_myIfpL6dDlxXLrqM2cFRPcaUVbhMG4o-CA6ASodAU_GEmeq16sL
date: Mon, 15 May 2023 20:42:46 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 62E9
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEG-r3gCok_CQ6HTKS-rezLU&google_cver=1&google_push=ATf1kGO7nFyA8fwYf5LzYXJhZ7BjQ-RljKPkCs99qbHyqZRvlkbT9PVdJ5Usw3CNMTUoYvlmy57...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEhQQkFFWlgtMjQtNVBNNw==&google_push=ATf1kGO7nFyA8fwYf5LzYXJhZ7BjQ-RljKPkCs99qbHyqZRvlkbT9PVdJ5Usw3CNMTUoYvlmy573o-R2Qh_nibgE2XpMNLU0cXwf

170 B
188 B

18ms
17ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEhQQkFFWlgtMjQtNVBNNw==&google_push=ATf1kGO7nFyA8fwYf5LzYXJhZ7BjQ-RljKPkCs99qbHyqZRvlkbT9PVdJ5Usw3CNMTUoYvlmy573o-R2Qh_nibgE2XpMNLU0cXwf

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEhQQkFFWlgtMjQtNVBNNw==&google_push=ATf1kGO7nFyA8fwYf5LzYXJhZ7BjQ-RljKPkCs99qbHyqZRvlkbT9PVdJ5Usw3CNMTUoYvlmy573o-R2Qh_nibgE2XpMNLU0cXwf
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 5b959e9b7aef6dd90a6fa539ca64ac62
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 62E9
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEHcTNlvqESKPS0amoxugak4&google_cver=1&google_push=ATf1kGM9CS6W7wUXprAf1jmQEyQKEWgma19X-Ky-jHeoNX9iQu6kkCjGf32WvA35wYtzNy-d9FCV2RBru2a_wehnd...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGM9CS6W7wUXprAf1jmQEyQKEWgma19X-Ky-jHeoNX9iQu6kkCjGf32WvA35wYtzNy-d9FCV2RBru2a_wehndmLOQNOA03sZ&google_hm=GpsatGZHaeNOCZpHRJuw4U2V

170 B
188 B

19ms
19ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGM9CS6W7wUXprAf1jmQEyQKEWgma19X-Ky-jHeoNX9iQu6kkCjGf32WvA35wYtzNy-d9FCV2RBru2a_wehndmLOQNOA03sZ&google_hm=GpsatGZHaeNOCZpHRJuw4U2V

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Mon, 15 May 2023 20:42:46 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGM9CS6W7wUXprAf1jmQEyQKEWgma19X-Ky-jHeoNX9iQu6kkCjGf32WvA35wYtzNy-d9FCV2RBru2a_wehndmLOQNOA03sZ&google_hm=GpsatGZHaeNOCZpHRJuw4U2V
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap5ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 62E9
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEHyVjsheMpGIXOOYl4QaQ-k&google_cver=1&google_push=ATf1kGM1lmjtWJ_QMpJXb_mMkABadGz41HLH1WKw09clthYpym0SwZnn3y_OKGx0idFcSMnNr3J_qJb8ZntfpSLo...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ATf1kGM1lmjtWJ_QMpJXb_mMkABadGz41HLH1WKw09clthYpym0SwZnn3y_OKGx0idFcSMnNr3J_qJb8ZntfpSLookLh5nbKVPRy

170 B
188 B

21ms
21ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ATf1kGM1lmjtWJ_QMpJXb_mMkABadGz41HLH1WKw09clthYpym0SwZnn3y_OKGx0idFcSMnNr3J_qJb8ZntfpSLookLh5nbKVPRy

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 15 May 2023 20:42:46 GMT
via: 1.1 747e99d9d8c5e29fdc713cf866bc3f82.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA56-C2
x-cache: FunctionGeneratedResponse from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ATf1kGM1lmjtWJ_QMpJXb_mMkABadGz41HLH1WKw09clthYpym0SwZnn3y_OKGx0idFcSMnNr3J_qJb8ZntfpSLookLh5nbKVPRy
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: RJfl--H3vQLZhiu6vTfow6IvPhAvtqN__4I-XIHTeT7TtTCn7UTXZw==

GET
H2 200 sync
ssbsync.smartadserver.com/api/ Frame 62E9 0
44 B 21ms
16ms Image
text/plain 185.86.139.93
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEFE3Aw1rOlM-_BW7nTU-7Pg&google_cver=1&google_push=ATf1kGN-Do1IfZyjr5Yy8jab6kp-pUk0hwKUkcUb9moDOA9K7G7Kd6TQ65ZX2SKj4eG-qRUhuoMfzpxzoY0BC40jXMETKiMe4HR8
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.93 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-length: 0

GET
H2

200

/
onetag-sys.com/match/ Frame 62E9
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESELQXSGJqEpsDJB_bsWeFOf0&google_cver=1&google_push=ATf1kGN97WSyYN9HrvapRCHEAkv94iHSEO0tow0lHI8KeYYC3f8JhTxQdT-4KRBMRi7c0CKS0lpwQwebDK9...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGN97WSyYN9HrvapRCHEAkv94iHSEO0tow0lHI8KeYYC3f8JhTxQdT-4KRBMRi7c0CKS0lpwQwebDK9iavFX4heIQzMNEPflZw
https://onetag-sys.com/match/?int_id=19&google_error=5

0
151 B

8ms
8ms

Image
text/plain

51.38.120.206
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

51.38.120.206 Hessen, Germany, ASN16276 (OVH, FR),

Reverse DNS

ip206.ip-51-38-120.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 62E9 0
12 B 19ms
15ms Image
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IUprf1-TZxe7HQ-CC9XY-8cxdf6aKZgqfCC9sSqA5EBRGlLgAZm34wniwsoW9JJ3Ic45BhNQ

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:46 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
DATA 200
OK truncated
/ Frame 2F25 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 838a956679899c86ae68617e7b25e7de046d9a52bddd55c7dc59b8eb81953565

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 8C30 85 KB
31 KB 54ms
7ms Script
text/javascript 18.66.147.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=38176200164363000951401012325029&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-98.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 00c5621a3f56c052959f8f0591b65e893f132b49b1447fde20767966cacbfbfe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 00:27:58 GMT
content-encoding: gzip
via: 1.1 12e62b05f63a1a2118cca20014b15012.cloudfront.net (CloudFront)
last-modified: Wed, 15 Mar 2023 17:26:29 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 75938
etag: W/"876c293e6c37046ecb0c11ce2e276942"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
x-amz-cf-id: DkK1DQsYbPlB7vF6NaQoFYl6jPzuVNpAAV76DQVQt2wIESp78Jwy-w==

GET
H2 200 1x1.gif
cdn.track.production.webgains.team/7121/ Frame 8C30 85 B
438 B 38ms
8ms Image
image/gif 99.86.4.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1.gif?Expires=1684183665&Signature=mAfKFT4Gyc~ed~oF61XPc-9PvIY8IDnK0M4RTrWbCFFWto5p3HLVPKfli8bKM1qZcA-S9Kij-3VUgOOjaEOd2Qzuh5bd06gYwpWzASdDsYaGcGvWT8IXIyeJrsu-D9MoOA~x0v1VyZ5a5-~aIIhOMMebo3iVPy6TkTXX8Y0ALja-HUyM6tSCm9EnM95IjVNvnOTiRz1YngO9t9Eiw2tQM8QSti1yz9u-fJiPwSvYEKnKlkqjyooGl-QV6M8qJ222DN8Kv2le9YkrCva1OI6f8h~SMaY3nxVLmHZuzJCPVF3UM4XcgNxcsRjdzmdB-fcig5Q7-GNnb~va3FAwYjRvww__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-52.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 08409d08d8d118c6c6d1c375e079bfce656ac367ff4d1dd9551fff110033c185

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

x-amz-version-id: null
date: Mon, 15 May 2023 03:06:36 GMT
via: 1.1 7fcb41b117930690c299be9cec4a977a.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 63371
etag: "70af33d70b6810475aae19743c8c435b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/gif
accept-ranges: bytes
content-length: 85
x-amz-cf-id: OSFLI5_EMmLa7ulqeTZnNcYNqoHKNTqcUUbGFmGTcZE00jpKfjGQWw==

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 83DE 85 KB
31 KB 58ms
15ms Script
text/javascript 18.66.147.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2513145&wgcampaignid=99582&js=1&viewref=52485300187141600951401012325030&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-98.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 00c5621a3f56c052959f8f0591b65e893f132b49b1447fde20767966cacbfbfe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 00:27:58 GMT
content-encoding: gzip
via: 1.1 12e62b05f63a1a2118cca20014b15012.cloudfront.net (CloudFront)
last-modified: Wed, 15 Mar 2023 17:26:29 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 75938
etag: W/"876c293e6c37046ecb0c11ce2e276942"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
x-amz-cf-id: ov2sNZV9MXiYoeFEbYentzdG7QmW8OAsvrvCt0UImkP3_gxvYFT5Kw==

GET
H2 200 1x1_0.png
cdn.track.production.webgains.team/7121/ Frame 83DE 3 KB
3 KB 35ms
9ms Image
image/png 99.86.4.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1_0.png?Expires=1684183665&Signature=A5Pg299B5z3O8h4v8Bu00gJpQ7NazHze2IuX1CzRRJ6BQcGl2QZs0lLwhuQru9ymXiz0-c26RSaRzhvRpICC60UwI3OrLhwWjUeArhvqZCKnjKfiWMepA2EcJXyt4vPz4n0FDJ2wlbJLW2Rm4PCDvImvuFeZURRJQChIZp0zcxQCnvYfek8EWC3Jt-4bZ-LELD5RirBBQnVrIrOnuVgcNf7b4Y8fYMWbsbGI5eO628QHUnreq8O5ULIqpx1t3kvV7AGpgaScGge3M6Q4UAHrQGm4AXOAJOa7DLftQ1CjaPy~DXa-V2p~P7k~qX1~UBxWWakzdwmV-aRySDPDlIi2rA__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-52.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

x-amz-version-id: null
date: Mon, 15 May 2023 01:54:25 GMT
via: 1.1 7fcb41b117930690c299be9cec4a977a.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 67708
etag: "4e57de0506fbdb487ffcd53b450caee1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 2808
x-amz-cf-id: hy02fJydx-wUlYsWOiUjo5DuZadvMiY8cOiqrsYuePPQ3UAHIMUkOQ==

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8615
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEPYbpoVJNDFNoQ42PDag9UQ&google_cver=1&google_push=ATf1kGOOI9notqWUoMHg-mgrM4DVnmrSuN1k8vOhPW-owOwfKk6B1VLDn7...
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=ATf1kGOOI9notqWUoMHg-mgrM4DVnmrSuN1k8vOhPW-owOwfKk6B1VLDn7nPelRoft_wQ7lVseQv_7lslZTtPu3sSYOABUbmPEbt&google_hm=skAkrLmaK9CZ...

170 B
188 B

25ms
25ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=ATf1kGOOI9notqWUoMHg-mgrM4DVnmrSuN1k8vOhPW-owOwfKk6B1VLDn7nPelRoft_wQ7lVseQv_7lslZTtPu3sSYOABUbmPEbt&google_hm=skAkrLmaK9CZOexuwIUP_A

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=ATf1kGOOI9notqWUoMHg-mgrM4DVnmrSuN1k8vOhPW-owOwfKk6B1VLDn7nPelRoft_wQ7lVseQv_7lslZTtPu3sSYOABUbmPEbt&google_hm=skAkrLmaK9CZOexuwIUP_A
pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
strict-transport-security: max-age=86400
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame 8615 43 B
362 B 18ms
14ms Image
image/gif 178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DPUSH_DATA&google_gid=CAESEKW5RyA_gKOz3FlQvmotDhE&google_cver=1&google_push=ATf1kGNHTr1RpamUkXACrWRY4VVa2LfyZ2wFp7Foooeh7fmJXDM0wmy26tKjBupAzzxMpWaqLnWyJA45idBaiJgWgVOLkcc8HTs

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 267020
expires: Mon, 15 May 2023 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8615
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEG-r3gCok_CQ6HTKS-rezLU&google_cver=1&google_push=ATf1kGMgSVV1GwCvuP6FR_qVTv7qL42kzNg61t5Fa9nQ-vyBUq51gHXMbdcQ5KXcS3CWgtYplMX...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEhQQkFFWlgtMjQtNVBNNw==&google_push=ATf1kGMgSVV1GwCvuP6FR_qVTv7qL42kzNg61t5Fa9nQ-vyBUq51gHXMbdcQ5KXcS3CWgtYplMX7XBzCqkRzVfdG5XAU4ZmZnMdH

170 B
188 B

23ms
23ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEhQQkFFWlgtMjQtNVBNNw==&google_push=ATf1kGMgSVV1GwCvuP6FR_qVTv7qL42kzNg61t5Fa9nQ-vyBUq51gHXMbdcQ5KXcS3CWgtYplMX7XBzCqkRzVfdG5XAU4ZmZnMdH

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEhQQkFFWlgtMjQtNVBNNw==&google_push=ATf1kGMgSVV1GwCvuP6FR_qVTv7qL42kzNg61t5Fa9nQ-vyBUq51gHXMbdcQ5KXcS3CWgtYplMX7XBzCqkRzVfdG5XAU4ZmZnMdH
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: c1913d0f161dfd12bb229b87994a2d1d
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8615
Redirect Chain

https://ap.lijit.com/dsp/google/pixelmatch?google_gid=CAESEHcTNlvqESKPS0amoxugak4&google_cver=1&google_push=ATf1kGMfBYlGHyKOH7ZAWknBoLecQ1m8XrGSk3_1wWYrzUKJWP8XeHD21auXE15mc0CS4XHERgThm5fZuyLwJfRrX...
https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGMfBYlGHyKOH7ZAWknBoLecQ1m8XrGSk3_1wWYrzUKJWP8XeHD21auXE15mc0CS4XHERgThm5fZuyLwJfRrXz9KETFWxBo&google_hm=GpsatGZHaeNOCZpHRJuw4U2V

170 B
188 B

23ms
23ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGMfBYlGHyKOH7ZAWknBoLecQ1m8XrGSk3_1wWYrzUKJWP8XeHD21auXE15mc0CS4XHERgThm5fZuyLwJfRrXz9KETFWxBo&google_hm=GpsatGZHaeNOCZpHRJuw4U2V

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Mon, 15 May 2023 20:42:46 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.g.doubleclick.net/pixel?google_nid=sovrn&google_push=ATf1kGMfBYlGHyKOH7ZAWknBoLecQ1m8XrGSk3_1wWYrzUKJWP8XeHD21auXE15mc0CS4XHERgThm5fZuyLwJfRrXz9KETFWxBo&google_hm=GpsatGZHaeNOCZpHRJuw4U2V
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap5ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8615
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESELghKnXhXdIiJ2YGroFYnAU&google_cver=1&google_push=ATf1kGPCHy-ey412RO_pfTHFmq2FViiIu3Nsn6etkOHEWXE5xSvW6bflpXKSM5bMFKvQ8FC86fwVizb3bw0S-6VvI4QIKdVgWoVw
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDY0NTM4NjM3NTk5NDc4ODc5ODQz&google_push=ATf1kGPCHy-ey412RO_pfTHFmq2FViiIu3Nsn6etkOHEWXE5xSvW6bflpXKSM5bM...

170 B
188 B

25ms
25ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDY0NTM4NjM3NTk5NDc4ODc5ODQz&google_push=ATf1kGPCHy-ey412RO_pfTHFmq2FViiIu3Nsn6etkOHEWXE5xSvW6bflpXKSM5bMFKvQ8FC86fwVizb3bw0S-6VvI4QIKdVgWoVw

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDY0NTM4NjM3NTk5NDc4ODc5ODQz&google_push=ATf1kGPCHy-ey412RO_pfTHFmq2FViiIu3Nsn6etkOHEWXE5xSvW6bflpXKSM5bMFKvQ8FC86fwVizb3bw0S-6VvI4QIKdVgWoVw
date: Mon, 15 May 2023 20:42:46 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 sync
ssbsync.smartadserver.com/api/ Frame 8615 0
44 B 19ms
16ms Image
text/plain 185.86.139.93
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEFE3Aw1rOlM-_BW7nTU-7Pg&google_cver=1&google_push=ATf1kGP71lx_IDV8hB5be5R0D-Om9-xaZmb762WpkBlvbip5JjEBgYs68G7DtTNqU_mPMHFkI9lFg_GdB_J3l4W_1C37Xg0mmww
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.93 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
content-length: 0

GET
H2

200

/
onetag-sys.com/match/ Frame 8615
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESELQXSGJqEpsDJB_bsWeFOf0&google_cver=1&google_push=ATf1kGO8mwq7pqDNKiFtccoMUDCQx-pY64Hbabre8hhCedNNWQjDbTTfRl7U1fineLPOoUkztFODYFM6q8t...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGO8mwq7pqDNKiFtccoMUDCQx-pY64Hbabre8hhCedNNWQjDbTTfRl7U1fineLPOoUkztFODYFM6q8tDhuX8_b53M23su8D1
https://onetag-sys.com/match/?int_id=19&google_error=5

0
151 B

7ms
7ms

Image
text/plain

51.38.120.206
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

51.38.120.206 Hessen, Germany, ASN16276 (OVH, FR),

Reverse DNS

ip206.ip-51-38-120.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 8615 0
12 B 18ms
16ms Image
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13INHnP7q9qkjHaU_nl-eQQTaL3PSFY5gsFjMIYbBUPkVgA5OxIIN38hBvlhAfZCfy0wbeTLWg

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:46 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H/1.1 200
OK request_content.php Show response
hal900023.redintelligence.net/ Frame F7CB 4 KB
2 KB 34ms
11ms Document
text/html 78.46.23.46
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900023.redintelligence.net/request_content.php?s=56230500198937108091756012325023&a=348a6790
Requested by: Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request.php?zone=u072l68m42xn&nw=20&renderingType=javascript&namespace=b29f642da8&subid=&uid=ada32feb5337f8ed&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&extVar[]=DOUBLEBORDER%3A1&extVar[]=MMA_SSP%3Aruc&envData=&gdpr=0&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fpixel.mathtag.com%2Fclick%2Fimg%3Fexch_aid%3D4b1421ee442483292434692d465025a1b20ac66a%26mt_aid%3D4117801079945004504%26mt_id%3D11644866%26mt_adid%3D215543%26mt_sid%3D13527086%26mt_exid%3D9%26mt_inapp%3D0%26mt_os%3DWindows%26mt_uuid%3D42296462-9945-4b01-b126-3a5e83bcf37d%26mt_cid%3D42296462-9945-4b01-b126-3a5e83bcf37d%26mt_3pck%3Dhttps%253A%2F%2Fbeacon-nf.rubiconproject.com%2Fbeacon%2Fv3%2Ft%2Fams3%2F0%2F8c2834a0-3760-4975-bad7-65f9bd1ce8fd%2F%26redirect%3D&documentReferer=https%3A%2F%2Fa8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&ancestorOrigins=https%3A%2F%2Fa8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com%2Chttps%3A%2F%2Fwww.newtimes.co.rw&random=4424404277346&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.23.46 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.46.23.46.78.clients.your-server.de
Software: Apache /
Resource Hash: 71f45eb66e033a7ed8c080e0633386f934749f6f0583a20d84d43f788845fd4a

Request headers

Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 1506
Content-Type: text/html; charset=utf-8
Date: Mon, 15 May 2023 20:42:46 GMT
Expires: Mon, 15 May 2023 21:42:46 +0200
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1 200
OK iframe Show response
sync.mathtag.com/sync/ Frame A1A1 675 B
793 B 347ms
163ms Document
text/html 74.121.143.245
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.mathtag.com/sync/iframe?mt_uuid=42296462-9945-4b01-b126-3a5e83bcf37d&no_iframe=1&mt_lim=2&type=1,2&source=bidder
Requested by: Host: sync.mathtag.com
URL: https://sync.mathtag.com/sync/js?sync=auto&source=bidder&mt_lim=2&type=1,2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.121.143.245 , United States, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MT3 874 41fc63c master pao-pixel-x13 config_version:"unknown" /
Resource Hash: 70c8863d1f8191f5eae09e3895ec780548d805598b5375b401d957c8b873b39e

Request headers

Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: close
Content-Encoding: gzip
Content-Type: text/html
Date: Mon, 15 May 2023 20:42:46 GMT
Expires: Mon, 15 May 2023 20:42:45 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: MT3 874 41fc63c master pao-pixel-x13 config_version:"unknown"

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame F1AE 281 B
554 B 53ms
6ms Document
text/html 23.56.202.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.56.202.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-56-202-187.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Mon, 15 May 2023 20:42:46 GMT
ETag: "40010-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H3 200 adchoices_default.png
static-de.ad4mat.net/ads/img/ad_markers_folder/ Frame 30DB 3 KB
4 KB 32ms
32ms Image
image/png 2606:4700:20::681a:71b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-de.ad4mat.net/ads/img/ad_markers_folder/adchoices_default.png
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/style/0.1.40/one-ad/default.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:71b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:46 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 524
x-guploader-uploadid: ADPycdvwP-NwgXqNEbyI2qkcz3h5-Ehsvrbo1BzPr2w5R7YEx4A4494G82MbZGb67-CgTESrTtVZjLf5PX4N9CeItuw
x-goog-storage-class: STANDARD
x-goog-custom-time: 1970-01-01T00:00:00Z
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3262
x-goog-meta-
last-modified: Wed, 09 Jun 2021 12:35:14 GMT
server: cloudflare
etag: "794c84d30e213ec6a144d64215f07551"
vary: Accept-Encoding
x-goog-generation: 1623242114099744
content-type: image/png
x-goog-hash: crc32c=v7nNsg==, md5=eUyE0w4hPsahRNZCFfB1UQ==
cache-control: public, max-age=31536000, immutable
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TDEYDbzbr3onSA4Ct8FxI5Fj9JOr9LnRzx%2B5Xb0gCuka73h2VoEQDZ%2BhX0JQZsDF1Tvr7pm1uFOqp5hPawohez82FFeuAXL6QINW2%2FLY5lhyWkomnqQHne3VUJlEUVPvN0N1VT3oStyZROQJJ5%2FBTSzF"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 3262
accept-ranges: bytes
cf-ray: 7c7e35984b211e62-FRA
expires: Mon, 15 May 2023 20:36:21 GMT

GET
DATA 200
OK truncated
/ Frame 217B 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cf0b11a32ec6207691e307ee8166ce170c99a340a98efece4b3c094b4b90f196

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v21/ Frame 6E9E 13 KB
13 KB 9ms
7ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900030.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Fri, 12 May 2023 03:23:58 GMT
x-content-type-options: nosniff
age: 321528
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13052
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:09:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 11 May 2024 03:23:58 GMT

GET
H2 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v21/ Frame 6E9E 13 KB
13 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900030.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Thu, 11 May 2023 17:12:56 GMT
x-content-type-options: nosniff
age: 358190
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13036
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:04:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 10 May 2024 17:12:56 GMT

GET
H/1.1 200
OK img
sync.mathtag.com/comp/ Frame AAD3 0
517 B 467ms
159ms Image
image/gif 74.121.143.245
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.mathtag.com/comp/img?mt_id=99&ns=xx&bcdv=0
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.121.143.245 , United States, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MT3 851 9bd98ae master pao-pixel-x22 config_version:"unknown" /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 20:42:46 GMT
Server: MT3 851 9bd98ae master pao-pixel-x22 config_version:"unknown"
Content-Type: image/gif
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Mon, 15 May 2023 20:42:45 GMT

GET
H2 200 / Show response
track.adform.net/adfscript/ Frame F7CB 727 B
963 B 23ms
23ms Script
text/javascript 37.157.3.20
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfscript/?bn=64147897;click=https://hal900023.redintelligence.net/c/p0ncj10cbvmufxb?tprd=

Requested by

Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request_content.php?s=56230500198937108091756012325023&a=348a6790

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.20 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

2a86736e52d37322c8215d376acd9329dea7048978232389591206771ad3ca6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 526
expires: -1

GET
H3 200 frame.html Show response
ad4m.at/ Frame 81AA 2 KB
1 KB 24ms
20ms Document
text/html 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5d485f783c7cc440cba21bb750ce67e191bce0783bfc6cff5f98e236e401b7ab

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1561505
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: public, max-age=3600
cf-cache-status: HIT
cf-ray: 7c7e3598eef41c2c-FRA
content-encoding: br
content-language: en
content-type: text/html; charset=utf-8
date: Mon, 15 May 2023 20:42:46 GMT
expires: Thu, 30 Mar 2023 21:56:13 GMT
last-modified: Thu, 25 Aug 2022 14:12:41 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2EWCn3eSUSRH8ZYC6ROrvs8G980Znp5hfWpOZeqZ0c7kUD18lWIaYki7hG2SAqSXrWjYOTs9H0FUEJ%2FNiSXazLSqwrqONgAevTIGHDD8EMXuejLws5esPfONM9nX60jnxYraZ7g%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
DATA 200
OK truncated
/ Frame EEBF 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eb537885dbfca64234e47ef9c1a0e8a8c076248554be0e6a52b7c299e4d13817

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 impl_v95.js Show response
www.googletagservices.com/dcm/ Frame 34A1 60 KB
23 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v95.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a818561b7f93e0f7664504ef5993250ab3f2e6420b5d73cf708fba0f5665e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Sat, 13 May 2023 23:36:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 162390
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23368
x-xss-protection: 0
last-modified: Mon, 13 Feb 2023 18:47:20 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 12 May 2024 23:36:16 GMT

GET
H3 200 impl_v95.js Show response
www.googletagservices.com/dcm/ Frame 9151 60 KB
23 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v95.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a818561b7f93e0f7664504ef5993250ab3f2e6420b5d73cf708fba0f5665e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Sat, 13 May 2023 23:36:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 162390
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23368
x-xss-protection: 0
last-modified: Mon, 13 Feb 2023 18:47:20 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 12 May 2024 23:36:16 GMT

GET
H3 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v21/ Frame 64BB 13 KB
13 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900029.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Fri, 12 May 2023 03:23:58 GMT
x-content-type-options: nosniff
age: 321528
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13052
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:09:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 11 May 2024 03:23:58 GMT

GET
H3 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v21/ Frame 64BB 13 KB
13 KB 9ms
9ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900029.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Thu, 11 May 2023 17:12:56 GMT
x-content-type-options: nosniff
age: 358190
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13036
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:04:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 10 May 2024 17:12:56 GMT

GET
H2 200 / Show response
track.adform.net/adfscript/ Frame 50DA 1 KB
2 KB 27ms
24ms Script
text/javascript 37.157.3.20
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfscript/?bn=64306176;rtbwp=0Oh8DTKJAs-kV77Oa5ZAAetjcxmFbeTX0;rtbdata=UCUx_7-Ze0AOdfhqJ-l4xbq8YLPYge2IjJOx3k4kY13b_cjvn_PgwmnTxmXV5nGytn-ZPbPZ9W_J8dS_OgoqPHUDv_rXWtdrwJPGnE7AV3gj_ZBf9-_5f-PuMcxWZEZhIfnu7iBCm-XQ9EomUH1KpRhmgq4QNQPf1rUsgA84cRl83fShU6OFs-EQ52dLX2DjkXg0cN_Oj8qrM22L0XKJTJlkrYrYvfiSO5GwXr4PRbTLRZlCwwS-DY0ffSY4ZIA2q_aIgHBKaLwqR7kE2n-il1PwikMT7YlX33NOerqzHNHHKL4MGs4-GF7P2HjoimDY8iS6uL22eGszy8z-Bbe8phMK5CKFAzhT9wEVextcauSiY3X5zpS9Sg2;csid=141268;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=0qddfS-rL6EqHMLsI0XOHWFCwsvtjpxtWWfrJa27o1EgfbtipCkY5ZT7WXJg35mTeJ85jxc6rtQDgNeykdScU4IItIRySGpn60EKh_oBMFY7rw1qKY-wGBbG5IZUfH3ttn-ZPbPZ9W_J8dS_OgoqPHUDv_rXWtdrBrVs9pi7TI5rgNH-t0z17GOgnFsabOmJIfnu7iBCm-VH-t3dKgLQ4IGiu2VCW4yvA7z_uuw_WOM1;pui=2ShljixBLrber1pltXZUmg2;

Requested by

Host: assets.a-mo.net
URL: https://assets.a-mo.net/js/c.js?rj=rtbx

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.20 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

4f37ac34a066f99ea3c0f34e28ce14deb812a8c12042fdd6f23f08fa1a4d768f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 1300
expires: -1

GET
H2 200 adx.js Show response
s1.adform.net/banners/scripts/ Frame 50DA 62 KB
26 KB 33ms
30ms Script
application/javascript 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/banners/scripts/adx.js
Requested by: Host: assets.a-mo.net
URL: https://assets.a-mo.net/js/c.js?rj=rtbx
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 8ed86e2b928c1b3c7035f47e16f70e3e71131b34c86b59e783a0559fcc8de4b6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:46 GMT
content-encoding: gzip
last-modified: Mon, 15 May 2023 06:47:18 GMT
server: nginx
x-amz-request-id: tx00000173ebccfd2c15d9e-006461d90b-3295a825-default
etag: W/"cd30185b4774b9eb12ea46ca45e76972"
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-rgw-object-type: Normal
cache-control: public, max-age=604800

GET
H2 204 himp
1x1.a-mo.net/hbx/ Frame 50DA 0
88 B 294ms
95ms Image
text/plain 54.157.91.210
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1x1.a-mo.net/hbx/himp?_e=CqICIgkwbTZwdHF3dWwxhjP4NBt3wz86BW1vbmV0QggyMTMxMjIyOEoObmV3dGltZXMuY28ucndSC2Fhcy1kOWJmYzczag5uZXd0aW1lcy5jby5yd3gBigEIYWJlYzQ4OTCgAdgEqAGsAsAByOELyAEA6AEA8gEPMjIyODEwODA4NTA4NjkzmALwC6kCAAAAAAAAAACyAghuaXZlYS5kZaIDEFlteDFkRzl1YVdNdVkyOXSoAwngA7qDAeoDEzEyOTQwOTkzNTkzNDE4OTE4MzSqBANEQ0iKBRM1NDE4NTM1ODcwOTYxNjA2MjI40gUJMTA1MTk5NDI42AUB4AUB6gUHZGVza3RvcPIFDFE2U0RRSTFSWlRPR_oFA2FtNqoHBHNpdGU&M=16&cn3=0&c4=native_dom&C=no_res&m=n%3A0&e=&sw=300&sh=604&rr=no_res&rw=300&rh=604&rer=&dr=0&lng=en-US&cv=c.js
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.157.91.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-157-91-210.compute-1.amazonaws.com
Software: MonetEngine /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:46 GMT
cache-control: max-age=0, private, must-revalidate
server: MonetEngine

GET
H2 204 himp
1x1.a-mo.net/hbx/ Frame 50DA 0
89 B 293ms
94ms Image
text/plain 54.157.91.210
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1x1.a-mo.net/hbx/himp?_e=CocDIgpfMG02cHRxd3VsMTaFJugTT-A_OgZhZGZvcm1CCDIxMzEyMjI4Sg5uZXd0aW1lcy5jby5yd1ILYWFzLWQ5YmZjNzNqDm5ld3RpbWVzLmNvLnJ3eAGKAQhhYmVjNDg5MJIBAjEwoAHYBKgBrALAAefbEcgBANAB____________AegBAPIBDzIyMjgxMDgwODUwODY5M5EChjP4NBt3wz-YAugnqQIAAAAAAAAAALICCG5pdmVhLmRlugIINjQzMDYxNzbxAgAAAAAAAAAAogMQWW14MWRHOXVhV011WTI5dKgDCcoDBDYwNDPgA7qDAeoDEzEyOTQwOTkzNTkzNDE4OTE4MzSqBANEQ0iCBSBiYjYxZjE3OWRiMWE0MGE2OGY0NGI4YmE1MmVmZjBjMYoFEzU0MTg1MzU4NzA5NjE2MDYyMjjCBQZhZGZvcm3SBQkxMDUxOTk0MjjYBQHgBQHqBQdkZXNrdG9w8gUMUTZTRFFJMVJaVE9H-gUDYW02qgcEc2l0ZQ&M=16&cn3=0&c4=native_dom&C=no_res&m=n%3A0&e=&sw=300&sh=604&rr=no_res&rw=300&rh=604&rer=&dr=0&lng=en-US&cv=c.js
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.157.91.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-157-91-210.compute-1.amazonaws.com
Software: MonetEngine /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:46 GMT
cache-control: max-age=0, private, must-revalidate
server: MonetEngine

GET
H2 204 g_rtbxi
1x1.a-mo.net/hbx/ Frame 50DA 0
88 B 293ms
94ms Image
text/plain 54.157.91.210
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1x1.a-mo.net/hbx/g_rtbxi?_e=CocDIgpfMG02cHRxd3VsMTaFJugTT-A_OgZhZGZvcm1CCDIxMzEyMjI4Sg5uZXd0aW1lcy5jby5yd1ILYWFzLWQ5YmZjNzNqDm5ld3RpbWVzLmNvLnJ3eAGKAQhhYmVjNDg5MJIBAjEwoAHYBKgBrALAAefbEcgBANAB____________AegBAPIBDzIyMjgxMDgwODUwODY5M5EChjP4NBt3wz-YAugnqQIAAAAAAAAAALICCG5pdmVhLmRlugIINjQzMDYxNzbxAgAAAAAAAAAAogMQWW14MWRHOXVhV011WTI5dKgDCcoDBDYwNDPgA7qDAeoDEzEyOTQwOTkzNTkzNDE4OTE4MzSqBANEQ0iCBSBiYjYxZjE3OWRiMWE0MGE2OGY0NGI4YmE1MmVmZjBjMYoFEzU0MTg1MzU4NzA5NjE2MDYyMjjCBQZhZGZvcm3SBQkxMDUxOTk0MjjYBQHgBQHqBQdkZXNrdG9w8gUMUTZTRFFJMVJaVE9H-gUDYW02qgcEc2l0ZQ&M=16&cn3=0&c4=native_dom&C=no_res&m=n%3A0&e=&sw=300&sh=604&rr=no_res&rw=300&rh=604&rer=&dr=0&lng=en-US&cv=c.js
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.157.91.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-157-91-210.compute-1.amazonaws.com
Software: MonetEngine /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:46 GMT
cache-control: max-age=0, private, must-revalidate
server: MonetEngine

GET
H2 204 inde
1x1.a-mo.net/hbx/ Frame 50DA 0
88 B 294ms
95ms Image
text/plain 54.157.91.210
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1x1.a-mo.net/hbx/inde?aid=Y28ucnc&b=www.newtimes.co.rw&M=16&v=pba0.0-aa2.14.0-0660ed9-1&cv=c.js&lng=en-US&rj=rtbx&_e=CocDIgpfMG02cHRxd3VsMTaFJugTT-A_OgZhZGZvcm1CCDIxMzEyMjI4Sg5uZXd0aW1lcy5jby5yd1ILYWFzLWQ5YmZjNzNqDm5ld3RpbWVzLmNvLnJ3eAGKAQhhYmVjNDg5MJIBAjEwoAHYBKgBrALAAefbEcgBANAB____________AegBAPIBDzIyMjgxMDgwODUwODY5M5EChjP4NBt3wz-YAugnqQIAAAAAAAAAALICCG5pdmVhLmRlugIINjQzMDYxNzbxAgAAAAAAAAAAogMQWW14MWRHOXVhV011WTI5dKgDCcoDBDYwNDPgA7qDAeoDEzEyOTQwOTkzNTkzNDE4OTE4MzSqBANEQ0iCBSBiYjYxZjE3OWRiMWE0MGE2OGY0NGI4YmE1MmVmZjBjMYoFEzU0MTg1MzU4NzA5NjE2MDYyMjjCBQZhZGZvcm3SBQkxMDUxOTk0MjjYBQHgBQHqBQdkZXNrdG9w8gUMUTZTRFFJMVJaVE9H-gUDYW02qgcEc2l0ZQ&r=1&C=no_res&m=n%3A0&e=&sw=300&sh=604&rr=no_res&rw=300&rh=604&rer=&dr=0&eid=2761hu2z7se279kvyx&ts=1684183366575
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.157.91.210 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-157-91-210.compute-1.amazonaws.com
Software: MonetEngine /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:46 GMT
cache-control: max-age=0, private, must-revalidate
server: MonetEngine

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame F1AE 34 KB
10 KB 8ms
8ms Script
text/html 23.56.202.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.56.202.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-56-202-187.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: ddf8be177e7b79aaeb98ffa04b2c4f8a1c05058cb59a55387ad22612c968ee32

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 20:42:46 GMT
Content-Encoding: gzip
Last-Modified: Mon, 15 May 2023 04:59:05 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=29786
Connection: keep-alive
Content-Length: 10021
Expires: Tue, 16 May 2023 04:59:12 GMT

GET
DATA 200
OK truncated
/ Frame 06E4 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2926a19e485994c6dd7fd221f8baa3e96e2831bbeb46fc75df445094975f39e7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 afr.php Show response
ads.eu.criteo.com/delivery/r/ Frame C2B3 73 KB
25 KB 27ms
27ms Document
text/html 2a02:2638:d::4
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.eu.criteo.com/delivery/r/afr.php?z=64E5DE761CA1B1A1&u=%7CCjy03sQgDey9i0ZFD4CVLgs06si%2FVINpd67gG9%2BjWLk%3D%7C&c1=JrbohDAzizBCiLKN5O6jHaciAGCxxZxheGkusSCGG-27CYHRxnbR0Ms5OLJPMPOSwIstLLJNYtoZTaSaoT6-rRNZi6qTYFG2CVlEpXee8GumT47NpJo6qDwbzc2LkVeHRYIOGzsXDLpmJ-R7d90IprcydAagu68fRqFlkw-db9hUedwOooG1VaCsUSYN-VcvT1CB6W7eEOPrBgiKroO0kXog-QHtPqYAQ4zlB05091-JznV2G7kzKN9C4GNLDAvgkA_pdVgvBU-V8hHYbVEHvVXaV1Fxypfc5WXC1LnSGRdQOaj10EUAMff8kVZX5EwBzU8ZyEmXzEMA_1ZDxcUPnPwDkLti9rIqDAnNa56vI_BexQuP3XV1hH4CskA_gRvFEsLr2jqLx4ecaMsUYAuNnTwhIIgTbE9G8D47O29SmHAfl5PecGqvphEqUFfcfzMVp--q89rfL1eWtTbgz6n9fWQubJ9s54BlAZcrIVnq8yyPIv0676WJR0FNsZb0DksngTVPOG31Ovg6QNg_FOuC3XERi7zO3yleuVKHbL7o0N3Ba-58oC9vTs3N-a6VX6dHhak-1yY5F-7dacBzF_3-hrByMYT3JkWxk-8hedb3cP9tgedrupkzlgvnTkR_wR28uLFPi6S8EUlEsCFsDu6QUpuZgk6x7gAP

Requested by

Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::4 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

cce2837b1120026f55d8065b6d1f4cdd7084c12a755d6674dbe7942cefa54d13

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:45 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.eu.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.eu.criteo.net/heavyad?cppv=3&cpp=jb6q01w-_Msrj2KhzhDWArOGzHBQw26UXUC8cK6FXdfot-lGx3Vc2gOXV5npaTNhyIsbELfhT8jD1AXB4OZY7ET2iTsokv8yUbqyhouajKSWL0tP9FsPMEyf40ToQaT89MSC2BKXHWb0IMGWCai6xaI2psNXespvZtBkFMV55Q_loBa4YR6jplVdJ_FsBZPAQ6fz_2cEMOI3Hskk1L9CExQPW9TFgL-KepNCaQXoBt1F32oJ6WIPta0_JVtOWhli7VxntKOZ7LnYfuQi"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 3962663
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 6826 281 B
554 B 11ms
11ms Document
text/html 23.56.202.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.56.202.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-56-202-187.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Mon, 15 May 2023 20:42:46 GMT
ETag: "40010-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H2 200 6b6647aa-3ad8-4994-9337-4d308fd7a428
beacon-ams3.rubiconproject.com/beacon/d/ Frame E651 43 B
98 B 13ms
13ms Image
image/avif 2602:803:c003:200::67
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://beacon-ams3.rubiconproject.com/beacon/d/6b6647aa-3ad8-4994-9337-4d308fd7a428?oo=0&accountId=17046&siteId=315192&zoneId=1608182&sizeId=57&e=6A1E40E384DA563BAC81927878AD45993BF87460C97DC29F6A723D58D70066131931762A2E562D0357E5611225C2278D5ABF4BC26238BE1860D5FBF84B4FFB389C47F639FA427556248233EB694013CBC869C314CC0D19ABB981CEBE6A0FADDBA04DD7A0CD7EF97C3408D8D9323F14935901F0202059A0C8FAD70FA138C8399B64983A16B412A10B5A0DABF8E624AB8886379F6914141F94EC3DA8A9611E303021CF572E617D14E6B1D3175EF46282655A5131565F8E446321B7C6667EBB0A8477516EACE43C89CC2F3F60389AE8CFDAFE4697F72680EA0A23DB198EC5B3F845E39CC90928F4E4B5BDF828BD491235885394077C0D4E90AA0A1D207998BB8CD8CF544BEE4326766C6185AE44383DBA9CFC0DC1E8DF065D52F415940EDDC8733318A551DC505BDAD5D6453553B6AC4DD71DF2FE98FCEBC58C606F27F5BEB973603B914DF9C21251E5360648B3ED343EB60A67DAB130557242A7C8100B241E3D948BC5792D9AAC70544DA22007499A8C63B322F16A49EAB04FB74655CB2FD87DC291ED46CBFE2A18A7BD09E6A62D4FCA76520FF4A715ED82037B8BDC49E209F5528355B887428F3762683AF23ABF994FAB0EE8E57DBE1D631DF7A4ACE129B1BE2AD4271BE2B19A72B2B776C3DF967C2F01A8AB76E228CCCA27168F4A2B919E85D2B2A8EC7174CA09FDB5667FAA7C83D76A21EBD200443DBFFAEF1FBA040DEB1122A7B1D6641DFC63BC06BFC1A05CE3E56D022F636867587A207A9B11FAE9692029A462D5F49B2C7DDB4CA67D82556AD1C98A17A17065B08F4BD72CA171358FB203CB81587BC7A199078D50F44E9660C5BBBD119F1DB071B0F8B31E33D937FD056F90983D505E27E86F93234BA4B397E17384B8BB59FEAF8366EBF90065F5A215BFE8F4865A3AEC0BECB1BC056C6FB610E5BC8F78D4D2F563B564867B3AF745849E866A57554917C20C98C65B76AD62AC883D9CBE113E335F2AC307E931631BBEC3E067B043D56CDC4E95BE004CC11C08CAE00C5A7274621FC00B6D16F5233235E54B1B9924556515E6A3998CC034C3D409EB87AF2B1E587085CFD9EA0E741ACA14F28319B41DF5CB0B050EA18CFA9D2E91F26B431021A0C5C857C97C4A822A0A60A4FE5B9816CDA13B69A8906358651F339ED828DF259E4F8496D671C55CF7DCEE2840B3F7797055875DCF8705992108DB4194786DE0B44940B2171FC33F199F6B

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2602:803:c003:200::67 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),

Reverse DNS

Software

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:45 GMT
x-content-type-options: nosniff
x-frame-options: DENY
content-type: image/avif
cache-control: private, max-age=0, no-cache
content-length: 43
x-xss-protection: 1; mode=block
expires: 01 Jan 1970 10:00:00 GMT

GET
H3 200 adchoices_default.png
static-de.ad4mat.net/ads/img/ad_markers_folder/ Frame DC05 3 KB
4 KB 22ms
22ms Image
image/png 2606:4700:20::681a:71b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-de.ad4mat.net/ads/img/ad_markers_folder/adchoices_default.png
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/style/0.1.40/one-ad/default.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:71b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:46 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 524
x-guploader-uploadid: ADPycdvwP-NwgXqNEbyI2qkcz3h5-Ehsvrbo1BzPr2w5R7YEx4A4494G82MbZGb67-CgTESrTtVZjLf5PX4N9CeItuw
x-goog-storage-class: STANDARD
x-goog-custom-time: 1970-01-01T00:00:00Z
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3262
x-goog-meta-
last-modified: Wed, 09 Jun 2021 12:35:14 GMT
server: cloudflare
etag: "794c84d30e213ec6a144d64215f07551"
vary: Accept-Encoding
x-goog-generation: 1623242114099744
content-type: image/png
x-goog-hash: crc32c=v7nNsg==, md5=eUyE0w4hPsahRNZCFfB1UQ==
cache-control: public, max-age=31536000, immutable
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sp28COlclZOwiNcmHIkCWqvAWjwxlDcqwPsaSqriPWzBb4H%2BGtNF1HISitzlMdJ6vqbMngvm2gFXRgYQBaAUL4YhQ998FLIaomy1K%2F3VIuLdB%2BLONGipogiYj5n8CrlLJs8QGTkYD9T0yO31juJPZ2fu"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 3262
accept-ranges: bytes
cf-ray: 7c7e35994c961e62-FRA
expires: Mon, 15 May 2023 20:36:21 GMT

GET
H/1.1 200
OK viewability Show response
hal900023.redintelligence.net/ Frame F7CB 0
150 B 40ms
18ms Script
text/html 78.46.23.46
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900023.redintelligence.net/viewability?s=56230500198937108091756012325023&a=e7992c36&vb=m
Requested by: Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request_content.php?s=56230500198937108091756012325023&a=348a6790
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.23.46 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.46.23.46.78.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/request_content.php?s=56230500198937108091756012325023&a=348a6790
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 20:42:46 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 217B 0
0 49ms
48ms Image
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CZDAbRZliZKLhB4-YbO3fpNgFyZ7SsVzVnZH3cMCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE9QFP0G_T-xvPRLJOkgWtEkBsjKeRoX2-iNGEN9yrsdtgEeq193HOyzxKXPMD6ClUzeaZJamXk1ruva6fpqcg6QBfADLfpWbOavvHvnTD9N-vp-TPqw_A3f6Tg4WSplZ-4qgU9mLrnnw9uaobeCCX_Ole3WrdJA3W9q14_Wxb50LTToXEr6fJmyYPqQ2BfklBq18QTiRfKqAAFJwVBiR3_oRL8IPc_7jsLt6wlv3srZbmLERp1NlqIw1f7IM_8jwd2V98ANCjBjYxsANREiH6ZgYQHURJqbgTLhysc_d3YYXbBhXG3mfyuHEtOhxRzhKZKHsOC1t9iuAEAYAGkc2kmrDP-vWdAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgECACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItNzU1NDc5MzQ5NzE5MjM2Mhj8oHI&sigh=KJK0thefkfM&uach_m=[UACH]&cid=CAQSPABygQiDKoeqRD9HBQ21ppCEyfXWeYQSOlrjJ33FCDuAg1R9sYihxqJe1oqQacX4JpXDwaTC_hhPMuURHBgB&cbvp=2&vis=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

GET
H2 200 notify
rtb.fr3.eu.criteo.com/google/auction/ Frame 217B 0
125 B 16ms
16ms Image
text/plain 2a02:2638:d::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rtb.fr3.eu.criteo.com/google/auction/notify?profile=14&payload=kP7cFsg12AVanYNiAgIAAAAcjTZAv_FZDhBEmWJkbe_fKfUpVYtiWwAAEgAACgpBUVVCRHdFQkR3&wp=ZGKZRQAB8KIKGwwPAAkv7WpDA1XoHvfw0cfnFQ&cbvp=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:d::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:45 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 192209
server: Kestrel
content-length: 0

GET
H3 200 frame.html Show response
ad4m.at/ Frame F89C 2 KB
1 KB 18ms
17ms Document
text/html 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5d485f783c7cc440cba21bb750ce67e191bce0783bfc6cff5f98e236e401b7ab

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1561505
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: public, max-age=3600
cf-cache-status: HIT
cf-ray: 7c7e3599afbe1c2c-FRA
content-encoding: br
content-language: en
content-type: text/html; charset=utf-8
date: Mon, 15 May 2023 20:42:46 GMT
expires: Thu, 30 Mar 2023 21:56:13 GMT
last-modified: Thu, 25 Aug 2022 14:12:41 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y%2FLPR1P7MYs6vvO9tpvZZq0O5SY6iKZAvBvOQfWU0Z2%2BXnAhMG5d%2BIwkW0Z2tQ3lcM39DZJaQ8Qt0tXLfElqVwaaK3E%2Bq8JU36Q1kJFJTLBq6Ed6IY%2Bp60uF4jLdZReZvPnFcok%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 6826 34 KB
10 KB 10ms
9ms Script
text/html 23.56.202.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.56.202.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-56-202-187.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: ddf8be177e7b79aaeb98ffa04b2c4f8a1c05058cb59a55387ad22612c968ee32

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?&geo=eu&co=de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 20:42:46 GMT
Content-Encoding: gzip
Last-Modified: Mon, 15 May 2023 04:59:05 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=29786
Connection: keep-alive
Content-Length: 10021
Expires: Tue, 16 May 2023 04:59:12 GMT

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame C2B3 2 KB
1 KB 14ms
13ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.eu.criteo.com
URL: https://ads.eu.criteo.com/delivery/r/afr.php?z=64E5DE761CA1B1A1&u=%7CCjy03sQgDey9i0ZFD4CVLgs06si%2FVINpd67gG9%2BjWLk%3D%7C&c1=JrbohDAzizBCiLKN5O6jHaciAGCxxZxheGkusSCGG-27CYHRxnbR0Ms5OLJPMPOSwIstLLJNYtoZTaSaoT6-rRNZi6qTYFG2CVlEpXee8GumT47NpJo6qDwbzc2LkVeHRYIOGzsXDLpmJ-R7d90IprcydAagu68fRqFlkw-db9hUedwOooG1VaCsUSYN-VcvT1CB6W7eEOPrBgiKroO0kXog-QHtPqYAQ4zlB05091-JznV2G7kzKN9C4GNLDAvgkA_pdVgvBU-V8hHYbVEHvVXaV1Fxypfc5WXC1LnSGRdQOaj10EUAMff8kVZX5EwBzU8ZyEmXzEMA_1ZDxcUPnPwDkLti9rIqDAnNa56vI_BexQuP3XV1hH4CskA_gRvFEsLr2jqLx4ecaMsUYAuNnTwhIIgTbE9G8D47O29SmHAfl5PecGqvphEqUFfcfzMVp--q89rfL1eWtTbgz6n9fWQubJ9s54BlAZcrIVnq8yyPIv0676WJR0FNsZb0DksngTVPOG31Ovg6QNg_FOuC3XERi7zO3yleuVKHbL7o0N3Ba-58oC9vTs3N-a6VX6dHhak-1yY5F-7dacBzF_3-hrByMYT3JkWxk-8hedb3cP9tgedrupkzlgvnTkR_wR28uLFPi6S8EUlEsCFsDu6QUpuZgk6x7gAP

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:46 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:46 GMT

GET
H2 200 adchoices_de.svg
static.criteo.net/flash/icon/ Frame C2B3 2 KB
1 KB 16ms
16ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_de.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:46 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-763"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:46 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame C2B3 308 B
636 B 28ms
25ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:46 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Thu, 09 May 2024 20:42:46 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame C2B3 293 B
621 B 24ms
21ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:46 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Thu, 09 May 2024 20:42:46 GMT

GET
H2 200 lg.php
cat.fr3.eu.criteo.com/delivery/ Frame C2B3 43 B
347 B 21ms
19ms Image
image/gif 178.250.7.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.fr3.eu.criteo.com/delivery/lg.php?cppv=3&cpp=bmw5Hg0Dsw6aiw27FAurNg8v5UZodhBg6yKw8KRPNhPIb_MGn1R69NJBlTyMuqDu6xs_ARbCBG3QOAZNfslZ1ADkcs9LamL8gjO6g_vPUJrCYLPHtqt3GeQlO_jWR6cVMa022csp5RE1z4Hmdr1nUUDUl8wETRvV5nY7mUHPWy7A8AhoHXxZ4W58Z_t19-tPsN0_nisAbIKwsua805hqpnO2MLoyskJCQCTEUaLJNrF2uHX82P9bglKQPP_0m7ddW1CcrjPdg5UZYgqNYBXNJLUueR7rCD9vUPRBHdh_uryE3ajyoYr_EjBHJnSL1CksUCzQ6bhsO5gM7CLe7nwIVjbB1lF9PsuxiRYFCXh1LsG6IvwFhcOs5s_v9XpKbsqn1GNygwc0EH7Mi2U0YtBwG4EodVRrfLCOHCYjFmNGs_ghnyS2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1629756
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 bdc7eb3899b64382b4aa5de451a89cde_77cec94c2d3912fb8a5c4b303faa44ea.jpg
static.criteo.net/design/dt/92118/230411/ Frame C2B3 119 KB
119 KB 20ms
18ms Image
image/jpeg 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/design/dt/92118/230411/bdc7eb3899b64382b4aa5de451a89cde_77cec94c2d3912fb8a5c4b303faa44ea.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

4860a85748d926c4bfc65348067b41e5262bc1289750fdd2928e20e19addc078

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:46 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Apr 2023 09:48:54 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "64352d06-1dbce"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 121806
expires: Thu, 09 May 2024 20:42:46 GMT

GET
H2 200 bddd5c1a7fed406eb4b431b7f6310ec8_f5b2390c6877be25ce8a2d16c0093d3e.jpg
static.criteo.net/design/dt/92118/230411/ Frame C2B3 88 KB
88 KB 22ms
20ms Image
image/jpeg 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/design/dt/92118/230411/bddd5c1a7fed406eb4b431b7f6310ec8_f5b2390c6877be25ce8a2d16c0093d3e.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

5b30e03baec01143cb26447b0497f9e0cf2a77e62070be0cea502c434eea7554

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:46 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Apr 2023 09:48:53 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "64352d05-15e88"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 89736
expires: Thu, 09 May 2024 20:42:46 GMT

GET
H2 200 3428a9627b384fabaec13b72b6bd5648_73d1943fd3d431ec9326c20bb9e8799f.jpg
static.criteo.net/design/dt/92118/230411/ Frame C2B3 118 KB
118 KB 24ms
22ms Image
image/jpeg 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/design/dt/92118/230411/3428a9627b384fabaec13b72b6bd5648_73d1943fd3d431ec9326c20bb9e8799f.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

f83b40bd271aacaae918717e09b4c81d3ba99b81b6d7e04bc9d221b4a44f0432

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:46 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Apr 2023 09:48:54 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "64352d06-1d604"
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 120324
expires: Thu, 09 May 2024 20:42:46 GMT

GET
H2 200 6ce16c8584d74c1a97bf72302be1e1c8_63e3a30d09b85b2ad773691dbb8082a9.png
static.criteo.net/design/dt/92118/230411/ Frame C2B3 8 KB
9 KB 28ms
26ms Image
image/png 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/design/dt/92118/230411/6ce16c8584d74c1a97bf72302be1e1c8_63e3a30d09b85b2ad773691dbb8082a9.png

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

7654e657caa0293b96b42be72a7c15f113c1d9770a68e346f689b7354249cdad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:46 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Apr 2023 09:48:51 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "64352d03-2131"
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 8497
expires: Thu, 09 May 2024 20:42:46 GMT

GET
H2 200 encodesans-400.css
static.criteo.net/design/googlefont/encodesans/ Frame C2B3 1 KB
725 B 18ms
16ms Stylesheet
text/css 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/encodesans/encodesans-400.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

20abd6cc97e400a1d98063ba6dcefe285f086cc2454bdd43b3784d9d7c3020aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:46 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 21 Dec 2022 14:48:27 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"63a31cbb-462"
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:46 GMT

GET
H2 200 encodesans-700.css
static.criteo.net/design/googlefont/encodesans/ Frame C2B3 1 KB
725 B 19ms
16ms Stylesheet
text/css 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/encodesans/encodesans-700.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

fc0a2bbdba77b4db6f9b5bf4481c171bee16adb106be302b58763f535f11b469

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:46 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 21 Dec 2022 14:48:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"63a31cbc-462"
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:46 GMT

GET
H2 200 encodesans-400italic.css
static.criteo.net/design/googlefont/encodesans/ Frame C2B3 28 B
388 B 20ms
17ms Stylesheet
text/css 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/encodesans/encodesans-400italic.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a5489bbe1d24e4564789598649fa2916bb1949c1c42d1bf818c65a9aefee7f9e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:46 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
last-modified: Wed, 21 Dec 2022 14:48:27 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"63a31cbb-1c"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:46 GMT

GET
H2 200 encodesans-700italic.css
static.criteo.net/design/googlefont/encodesans/ Frame C2B3 28 B
388 B 20ms
18ms Stylesheet
text/css 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/encodesans/encodesans-700italic.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a5489bbe1d24e4564789598649fa2916bb1949c1c42d1bf818c65a9aefee7f9e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:46 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
last-modified: Wed, 21 Dec 2022 14:48:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"63a31cbc-1c"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:46 GMT

GET
H2 200 zepto.1.2.1.min.js Show response
static.criteo.net/zepto/ Frame C2B3 27 KB
11 KB 23ms
20ms Script
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/zepto/zepto.1.2.1.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

d5afe6c33d091af7c18129d4a4e0b04e1e788bca54ab3444c83a7ed5c808f4fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:46 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 07 Mar 2023 14:03:16 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"64074424-6cc5"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:46 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 83DE 0
0 50ms
49ms Image
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cqa4ZRJliZMTKGpfAbY_rleABz4eOm1zAhtmCxgLAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCeACAKgDAaoE9gFP0EwrU6v5G0YDZTOnOJeV9arg-id_R9ibzq-fT7AFxHhE9lLyQBlFoOWhPyEuoi2z42nyw8t4QNgQpP01SfySDvcQa5BbtIAAcO3fUXdbbVXwt6vtyali-Y2HF9GSEWjTSCu50fPNKbnnSfWlMrSHqptwZh7N_f-BgZlntjQ8AnbOBI-wZS7dC8Ct72Wk6R9YvS_MxAipJBmMdVwvjxfQn1E3foZqjsv0X9owJZgOOyFQ5vWQGF8HY6ilAvG0-shlfT2DrDL2MO8JThar-7BSdmcAEJdn_7wdzzwLAjcm3MWBZlMbWH-uYaItx85-ixgyNvWg19_gBAGABrPp9fjfzMC4uQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBAgAoD-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTc1NTQ3OTM0OTcxOTIzNjIY_KBy&sigh=6gNoXLCE5iU&uach_m=[UACH]&cid=CAQSPABygQiDkzKJjQGfeWgL4mSkCWKQIQrTfG4CEmFmX-FSmrRudK3Yjiv4UISeKPUUI55QwBEoMAcpV905BhgB&tpd=AGWhJmvHQjYQDr9_MR04WZj_ENBZ2d8SV8uR3gQ-ACwd_PgozkcWUMFV_zs2aaMvSNzsICGgf7BPM7c_p6SQpSJuGJ8JaabDegckWTucSrqgZHmUViKaXMdcPQcvAAcl2NpO2np9BOiXt9HTGYDQRhjUYtOCg4zFjZk3v8Ibp2lMonYBAXyyRWzTjle4ZwqTxHz_Z5c1EZQ_I-53_VFrhbi6uUtBdrNPaz6_Vfve7BELwOeIvUP7hoDBt9T6tg1MvfuJYgysG0WmjFsqa0TC9Xu8kjA5GJh_5ptpc5F7so57hxy_YhUBHG9iRbJslF-OVBzEJKCwg_EP7kTQFuNTAUMU6DLvBde_dqkEMqhq44dAus8gYt46xvmguW_-AxE5Q3lTdlh1n2yo1AsmXFx1h6JnwZ8cXk5_RbjcBtPEBEy5xs6OEOpEwKk6932dXirejjivHWHbWGigdQW81GLQ29kqguL9J2HP1G3g5iDU6a03v6HPFn8Hed-Ok3YxA5ctXPeDyek1U7bn3Z8DgejlHdBQsaYCOKYqJDSCTa3pjrIElsMvseqoGTcPTPKEnzBNftVrUjcvHjR_Ggt9Qc4jqLjJcQBWmSs3sOP6BfvZ4uQdPhORh1ugCT6DHpTERL1P4AyJ8Is_Ded5KAnKEGdiSjL1CFjMyx3l2ng2eFjgki8mwmc5FeTKHiaIFMr_wNMCK_h8QTAmp1M0_dmqtrBXY-uFDoX0M-QJToLg-vn6yVrMY_Omj4RXTItdua_lL9Q8UltibL0axUt3x3wdmg2wqBjVYDAExA1BHPjdMWlLK8z9Oq1Z8KvCWhMNL8ljaeVCrLwwoC6JmCUw96lVhErNv6yTJ3rS-qCXxMgQ4V57YK5jv5SUJqOfZnyZg9M9K3FLU2gpQQ7YZoNwoK5TMA6jWrmV8veSfcTl32JRah-yfrGEx6CzG32stUGfZYBfWD6Ghp-F0SMhyc2AnQmo1nDyiR26xzKaUsSi5RauUZqrzthaHL5YlgKR5se4JMHUFTTLS8hpgWVOJUD1hqHYNayRrXYe7YZg5b3JsJUBV32kBnDGPNv30tLLBoSAy09eqLPlCV7hnp2SHl_QoNYCHuc8gFT2ejrTXj6hDekyo8xmTO6K9ZtFppy4fTekbw&cbvp=2&vis=1
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

GET
H2 200 bootstrap.js Show response
s1.adform.net/stoat/626/s1.adform.net/ Frame F7CB 34 KB
16 KB 34ms
33ms Script
text/javascript 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by: Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=64147897;click=https://hal900023.redintelligence.net/c/p0ncj10cbvmufxb?tprd=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: ae684e653cf5edc8bec110ff0669b6daa58f690d550735f98954697799f963da

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:46 GMT
content-encoding: gzip
last-modified: Tue, 18 Apr 2023 08:19:00 GMT
server: nginx
x-cache-status: STALE
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Wed, 19 Apr 2023 13:55:16 GMT

GET
H3 200 B9689862.280630144;dc_ver=95.280;sz=728x90;u_sd=1;dc_adk=4167744942;ord=e66kr5;uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd;dc_rfl=1,https%3A%2F%2Fwww.newtimes.co.rw%2F$0;xdt=1;crl... Show response
ad.doubleclick.net/ddm/adj/N1395.150740DOUBLEVERIFY/ Frame 34A1 57 KB
27 KB 46ms
46ms Script
text/javascript 142.250.186.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/N1395.150740DOUBLEVERIFY/B9689862.280630144;dc_ver=95.280;sz=728x90;u_sd=1;dc_adk=4167744942;ord=e66kr5;uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd;dc_rfl=1,https%3A%2F%2Fwww.newtimes.co.rw%2F$0;xdt=1;crlt=y)cs)srv1w;stc=1;chaa=1;sttr=161;prcl=s

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v95.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f6.1e100.net

Software

cafe /

Resource Hash

53126ffde60eb0b572aa8055e02f09a2714909595b97eba996b7eeb09d2caeb8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27378
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 B9689862.280630144;dc_ver=95.280;dc_eid=40004001;sz=728x90;u_sd=1;dc_adk=2658142083;ord=yvv8yz;uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd;dc_rfl=1,https%3A%2F%2Fwww.newtimes.co.r... Show response
ad.doubleclick.net/ddm/adj/N1395.150740DOUBLEVERIFY/ Frame 9151 57 KB
27 KB 47ms
47ms Script
text/javascript 142.250.186.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/N1395.150740DOUBLEVERIFY/B9689862.280630144;dc_ver=95.280;dc_eid=40004001;sz=728x90;u_sd=1;dc_adk=2658142083;ord=yvv8yz;uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd;dc_rfl=1,https%3A%2F%2Fwww.newtimes.co.rw%2F$0;xdt=1;crlt=y)cs)srv1w;stc=1;chaa=1;sttr=162;prcl=s

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v95.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f6.1e100.net

Software

cafe /

Resource Hash

2e56b19929f523df3cd45eafd7aafba54e0c00b460e7f129860a262f2b6d6cb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27332
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bootstrap.js Show response
s1.adform.net/stoat/626/s1.adform.net/ Frame 50DA 34 KB
16 KB 25ms
25ms Script
text/javascript 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Requested by: Host: track.adform.net
URL: https://track.adform.net/adfscript/?bn=64306176;rtbwp=0Oh8DTKJAs-kV77Oa5ZAAetjcxmFbeTX0;rtbdata=UCUx_7-Ze0AOdfhqJ-l4xbq8YLPYge2IjJOx3k4kY13b_cjvn_PgwmnTxmXV5nGytn-ZPbPZ9W_J8dS_OgoqPHUDv_rXWtdrwJPGnE7AV3gj_ZBf9-_5f-PuMcxWZEZhIfnu7iBCm-XQ9EomUH1KpRhmgq4QNQPf1rUsgA84cRl83fShU6OFs-EQ52dLX2DjkXg0cN_Oj8qrM22L0XKJTJlkrYrYvfiSO5GwXr4PRbTLRZlCwwS-DY0ffSY4ZIA2q_aIgHBKaLwqR7kE2n-il1PwikMT7YlX33NOerqzHNHHKL4MGs4-GF7P2HjoimDY8iS6uL22eGszy8z-Bbe8phMK5CKFAzhT9wEVextcauSiY3X5zpS9Sg2;csid=141268;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=0qddfS-rL6EqHMLsI0XOHWFCwsvtjpxtWWfrJa27o1EgfbtipCkY5ZT7WXJg35mTeJ85jxc6rtQDgNeykdScU4IItIRySGpn60EKh_oBMFY7rw1qKY-wGBbG5IZUfH3ttn-ZPbPZ9W_J8dS_OgoqPHUDv_rXWtdrBrVs9pi7TI5rgNH-t0z17GOgnFsabOmJIfnu7iBCm-VH-t3dKgLQ4IGiu2VCW4yvA7z_uuw_WOM1;pui=2ShljixBLrber1pltXZUmg2;
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: ae684e653cf5edc8bec110ff0669b6daa58f690d550735f98954697799f963da

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:46 GMT
content-encoding: gzip
last-modified: Tue, 18 Apr 2023 08:19:00 GMT
server: nginx
x-cache-status: STALE
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Wed, 19 Apr 2023 13:55:16 GMT

GET
H2 200 dis.aspx Show response
widget.fr3.eu.criteo.com/dis/ Frame 3D14 28 B
472 B 62ms
17ms Document
text/html 178.250.7.11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.fr3.eu.criteo.com/dis/dis.aspx?pu=7944&cb=646299467575f027ba983fd4304c588e&r=https%3a%2f%2fa8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com%2f&crossorigin=false

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

28246fc455ed80a6d38f2779e518e2fb49031680c01ae393a7cae3d04462daf0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache
content-encoding: gzip
content-type: text/html
date: Mon, 15 May 2023 20:42:46 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 1101577
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *
vary: Accept-Encoding

OPTIONS
H3 200 rs
ad4m.at/ Frame 0
0 38ms
27ms Preflight
text/plain 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://as.ad4m.at
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,PATCH,POST,OPTIONS,DELETE
access-control-allow-origin: https://as.ad4m.at
access-control-max-age: 1800
allow: HEAD,POST,GET,OPTIONS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7c7e359a88353a86-FRA
content-length: 24
content-type: text/plain
date: Mon, 15 May 2023 20:42:46 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dHVz0YNmDssfkupFAMGH1KuiLWBH34QagYKlosaZetFn7iH4krRlGtGjyfpDyHCPmg9O7iF1Jf0e7fzFX1Ulv1ql3SnHmw17oyvZbvWyZXEtp6kwvSaLbd9qsl9Wd2FR2IUcs%2Bg%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
via: 1.1 google
x-backend-server: aa-reachservice-group-europe-west1-0pxx

POST
H3 200 rs Show response
ad4m.at/ Frame 0DF0 2 KB
2 KB 36ms
36ms XHR
text/plain 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3709ebe60de1f8a845ff4b5cee02785bf6697deeb0cbb76d2495d82a2a2d081e

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 15 May 2023 20:42:46 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k4rOHoy79L5LEDbRI2C1PAfVI3AtdbGEkqd595Tsaug29u9ruvNO16YYEub%2F21XQskVJdFr1vYW%2BBiTfjQfu6%2Fj7ZtrdB%2BS2ng26iRCdDdV5fR3DB26eEiftajNt%2F9tHSO0WiJU%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://as.ad4m.at
access-control-allow-credentials: true
cf-ray: 7c7e359aa85b3a86-FRA
x-backend-server: aa-reachservice-group-europe-west1-0pxx
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame F7CB 4 KB
3 KB 23ms
23ms Script
text/javascript 37.157.3.20
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?bn=64147897;click=https://hal900023.redintelligence.net/c/p0ncj10cbvmufxb?tprd=;js=1;adfxid=1x;7200;set=en-US|en-US|1600X1200|0|750|100|24|8|3|7|1|;cmpgdpr=;cmpgdprconsent=;fd=0|0&CREFURL=https%3A%2F%2Fwww.newtimes.co.rw

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.20 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

5bdcb70ab6e8f1deaec232a3ec3f08c34f6c8195211107025424a1e2c6183b6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 1995
expires: -1

POST
H3 200 rs Show response
ad4m.at/ Frame D299 2 KB
2 KB 31ms
31ms XHR
text/plain 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e0b7c41d2d6fa7cd9e0212559a7ded8eb1b13ef6b7b4d26dd15789cfe0b125a5

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 15 May 2023 20:42:46 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f%2FJ37%2Fy8gBPN%2BW0oos0wrPCxcW5SUc6kFcBo09d5mjZaBxx8850jypUohWpoZZ6ZrhNaXZ2VT578ReP%2FcD0RhyRcs6KYMrvzBGk%2F7tvpPgu75XiMJCu9nhr0eMVjepPulEGSTA0%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://as.ad4m.at
access-control-allow-credentials: true
cf-ray: 7c7e359af8b93a86-FRA
x-backend-server: aa-reachservice-group-europe-west1-0pxx
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

OPTIONS
H3 200 rs
ad4m.at/ Frame 0
0 44ms
44ms Preflight
text/plain 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://as.ad4m.at
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,PATCH,POST,OPTIONS,DELETE
access-control-allow-origin: https://as.ad4m.at
access-control-max-age: 1800
allow: HEAD,POST,GET,OPTIONS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7c7e359aa8563a86-FRA
content-length: 24
content-type: text/plain
date: Mon, 15 May 2023 20:42:46 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b71b2G44mrdH0PlqkqUeTJYaLaPfjuMbjd9yo07pU3J68zGWjepw7aJ1FhO5l35A85wFKdavAJGaBhNivCJm5V8ZefojGIRM6KpiwGRwpe6DL02QmffMEEnlkqOSwMxiF%2BBOpyg%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
via: 1.1 google
x-backend-server: aa-reachservice-group-europe-west1-0pxx

GET
H2 200 / Show response
track.adform.net/adfserve/ Frame 50DA 6 KB
3 KB 28ms
28ms Script
text/javascript 37.157.3.20
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?bn=64306176;rtbwp=0Oh8DTKJAs-kV77Oa5ZAAetjcxmFbeTX0;rtbdata=UCUx_7-Ze0AOdfhqJ-l4xbq8YLPYge2IjJOx3k4kY13b_cjvn_PgwmnTxmXV5nGytn-ZPbPZ9W_J8dS_OgoqPHUDv_rXWtdrwJPGnE7AV3gj_ZBf9-_5f-PuMcxWZEZhIfnu7iBCm-XQ9EomUH1KpRhmgq4QNQPf1rUsgA84cRl83fShU6OFs-EQ52dLX2DjkXg0cN_Oj8qrM22L0XKJTJlkrYrYvfiSO5GwXr4PRbTLRZlCwwS-DY0ffSY4ZIA2q_aIgHBKaLwqR7kE2n-il1PwikMT7YlX33NOerqzHNHHKL4MGs4-GF7P2HjoimDY8iS6uL22eGszy8z-Bbe8phMK5CKFAzhT9wEVextcauSiY3X5zpS9Sg2;csid=141268;adxcmd=QTwuOIuaMWxxWXp_eBE_5w2;adxvars=0qddfS-rL6EqHMLsI0XOHWFCwsvtjpxtWWfrJa27o1EgfbtipCkY5ZT7WXJg35mTeJ85jxc6rtQDgNeykdScU4IItIRySGpn60EKh_oBMFY7rw1qKY-wGBbG5IZUfH3ttn-ZPbPZ9W_J8dS_OgoqPHUDv_rXWtdrBrVs9pi7TI5rgNH-t0z17GOgnFsabOmJIfnu7iBCm-VH-t3dKgLQ4IGiu2VCW4yvA7z_uuw_WOM1;pui=2ShljixBLrber1pltXZUmg2;;js=1;adfxid=3x;2257;set=en-US|en-US|1600X1200|0|300|600|24|8|3|7|1|;fd=0|0&CREFURL=https%3A%2F%2Fwww.newtimes.co.rw

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.20 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

b536132accecec4c02cbbbd9ac2b477869b6ba0cd72fab7cee97034ea2ecff7f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 2991
expires: -1

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230510/r20110914/elements/html/ Frame 34A1 11 KB
4 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230510/r20110914/elements/html/omrhp.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N1395.150740DOUBLEVERIFY/B9689862.280630144;dc_ver=95.280;sz=728x90;u_sd=1;dc_adk=4167744942;ord=e66kr5;uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd;dc_rfl=1,https%3A%2F%2Fwww.newtimes.co.rw%2F$0;xdt=1;crlt=y)cs)srv1w;stc=1;chaa=1;sttr=161;prcl=s

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a9b847c681a24b03ba8acc0b4dcd8aab9acf8c4d3131be784d488e2402d57427

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 11:04:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34713
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4122
x-xss-protection: 0
server: cafe
etag: 11429739870029468282
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 May 2023 11:04:13 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 34A1 0
0 87ms
44ms Fetch
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssQWAgdaQl0svI0JE6EGp8_bYRr_tmj4y6Bh7P9rEnioMN3xhdi8a_3Wuno2EOGNKQYSbea3Sn6BwrDXh8vdp4TgYfsy8zE0J6iFYASmMNsdcGo3iPGEXAFPAN5NMqGjrMsb7Q95-qxXUQVGYdt8hw0VcW0iqx5PmKVK_A&sai=AMfl-YR_tld1gCqZPEUe1wFQoFNRLoJJrhZbBe3irCLFdIYxcg2HTfFAu4yWn1JvYuP8xgssaYB4WKFuFRdtBfSXe0rayopCoxq32honcw&sig=Cg0ArKJSzMDIF8JdTdp9EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20230510.05851&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:46 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 15 May 2023 20:42:46 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 34A1 41 KB
15 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Wed, 10 May 2023 04:43:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 489529
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 09 May 2024 04:43:57 GMT

GET
H2 200 7410484386335067809
s0.2mdn.net/simgad/ Frame 34A1 123 KB
124 KB 47ms
8ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/7410484386335067809

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dcbd4882f0c4557f44d9d7340ab5a08c7b8cdf3dc5cba9996a18c95160acbd5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 13:25:49 GMT
x-content-type-options: nosniff
age: 26217
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 126353
x-xss-protection: 0
last-modified: Mon, 17 Apr 2023 16:06:36 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 14 May 2024 13:25:49 GMT

GET
H2 200 7410484386335067809
s0.2mdn.net/simgad/ Frame 9151 123 KB
124 KB 34ms
14ms Image
image/png 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/7410484386335067809

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N1395.150740DOUBLEVERIFY/B9689862.280630144;dc_ver=95.280;dc_eid=40004001;sz=728x90;u_sd=1;dc_adk=2658142083;ord=yvv8yz;uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd;dc_rfl=1,https%3A%2F%2Fwww.newtimes.co.rw%2F$0;xdt=1;crlt=y)cs)srv1w;stc=1;chaa=1;sttr=162;prcl=s

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dcbd4882f0c4557f44d9d7340ab5a08c7b8cdf3dc5cba9996a18c95160acbd5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 13:25:49 GMT
x-content-type-options: nosniff
age: 26217
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 126353
x-xss-protection: 0
last-modified: Mon, 17 Apr 2023 16:06:36 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 14 May 2024 13:25:49 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230510/r20110914/elements/html/ Frame 9151 11 KB
4 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230510/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a9b847c681a24b03ba8acc0b4dcd8aab9acf8c4d3131be784d488e2402d57427

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 11:04:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 34713
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4122
x-xss-protection: 0
server: cafe
etag: 11429739870029468282
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 29 May 2023 11:04:13 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9151 0
0 65ms
44ms Fetch
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuuAhV6yo3VH2e7kDO8MDDvLAoK_ZarJP-kyoXJOnq_s6h0YOofh5EBKv5_hlD_Q0TFgazjRQzHDl3bRnenx2DlnObYmYb6rocc-aQTGE0eYgev4obliAMgRR51ppz-nLy-KztIXwy3Ne4DAbiGE-iHZC6bwkvM_XtXK8w&sai=AMfl-YQJDix_o0xgrTvCpQ_uX-pLreqpHW8kEjPgG_Y0EhJUoGBNLYywY9oR3Q4f3SYoj3mltoDcHtvTe8xmKm5iEbpOq_rN5lAmPAxQ7g&sig=Cg0ArKJSzBemeTRLP6aVEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20230510.47117&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:46 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 15 May 2023 20:42:46 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 9151 41 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Wed, 10 May 2023 04:43:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 489529
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 09 May 2024 04:43:57 GMT

GET
H/1.1 200
OK img
sync.mathtag.com/comp/ Frame A1A1 0
517 B 160ms
160ms Image
image/gif 74.121.143.245
MEDIAMATH-INC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.mathtag.com/comp/img?mt_id=99&ns=xx&bcdv=0
Requested by: Host: sync.mathtag.com
URL: https://sync.mathtag.com/sync/iframe?mt_uuid=42296462-9945-4b01-b126-3a5e83bcf37d&no_iframe=1&mt_lim=2&type=1,2&source=bidder
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 74.121.143.245 , United States, ASN30419 (MEDIAMATH-INC, US),
Reverse DNS
Software: MT3 851 9bd98ae master pao-pixel-x20 config_version:"unknown" /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://sync.mathtag.com/sync/iframe?mt_uuid=42296462-9945-4b01-b126-3a5e83bcf37d&no_iframe=1&mt_lim=2&type=1,2&source=bidder
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 20:42:46 GMT
Server: MT3 851 9bd98ae master pao-pixel-x20 config_version:"unknown"
Content-Type: image/gif
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Mon, 15 May 2023 20:42:45 GMT

GET
H2

200

setuid
px.ads.linkedin.com/ Frame F1AE
Redirect Chain

https://token.rubiconproject.com/token?pid=36584
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LHPBAEZX-24-5PM7

0
654 B

227ms
191ms

Image
text/plain

2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LHPBAEZX-24-5PM7
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:47 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 576B284409DB444CBE25BF08E55A567C Ref B: DUS30EDGE0311 Ref C: 2023-05-15T20:42:47Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAX7wX9XNq2j/6k5wqKeyw==

Redirect headers

Location: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LHPBAEZX-24-5PM7
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame F1AE
Redirect Chain

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
https://pr-bh.ybp.yahoo.com/sync/rubicon/Z6WGhVU8vaG5B8UrzJD0CMn5EUdSAgOZEtemQ7w0kco?csrc=
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-8t.DdPBE2oKZK2Tpv3tJC9Kcn.jv5TRCI09zeQ--~A

0
239 B

10ms
10ms

Image
image/gif

69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-8t.DdPBE2oKZK2Tpv3tJC9Kcn.jv5TRCI09zeQ--~A
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 5b959e9b7aef6dd90a6fa539ca64ac62
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

date: Mon, 15 May 2023 20:42:47 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-8t.DdPBE2oKZK2Tpv3tJC9Kcn.jv5TRCI09zeQ--~A
content-length: 0

GET
H2 200 rubicon
match.adsrvr.org/track/cmf/ Frame F1AE 70 B
264 B 36ms
34ms Image
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/rubicon
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

ecm3
aax-eu.amazon-adsystem.com/s/ Frame F1AE
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=aGBc6N1OR3WxR9gh4SDgqQ&rk=usync-other
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=aGBc6N1OR3WxR9gh4SDgqQ

43 B
479 B

37ms
37ms

Image
image/gif

67.220.228.201
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=aGBc6N1OR3WxR9gh4SDgqQ

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

HTTP/1.1

Server

67.220.228.201 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:47 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: 5RHXYS9ENHD4TE4MNT8D
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=aGBc6N1OR3WxR9gh4SDgqQ
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: c1913d0f161dfd12bb229b87994a2d1d
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F1AE
Redirect Chain

https://token.rubiconproject.com/token?pid=25470
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_cm&google_hm=TEhQQkFFWlgtMjQtNVBNNw==
https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEG-r3gCok_CQ6HTKS-rezLU&google_cver=1
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEhQQkFFWlgtMjQtNVBNNw==&google_push=

170 B
188 B

17ms
17ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEhQQkFFWlgtMjQtNVBNNw==&google_push=

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEhQQkFFWlgtMjQtNVBNNw==&google_push=
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: c1913d0f161dfd12bb229b87994a2d1d
Expires: 0

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame F1AE
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEAbhocqxe6fqpbzJ7YShm5A&google_cver=1

0
239 B

8ms
8ms

Image
image/gif

69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEAbhocqxe6fqpbzJ7YShm5A&google_cver=1
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: c1913d0f161dfd12bb229b87994a2d1d
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEAbhocqxe6fqpbzJ7YShm5A&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame F1AE
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=pvyK-v8RQN2eSKSpzIvD6Q&rk=usync-na
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=pvyK-v8RQN2eSKSpzIvD6Q

43 B
479 B

101ms
100ms

Image
image/gif

52.46.128.147
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=pvyK-v8RQN2eSKSpzIvD6Q

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

HTTP/1.1

Server

52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:48 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: BRCWJ76PXXCVRWAQEFBA
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=pvyK-v8RQN2eSKSpzIvD6Q
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: c1913d0f161dfd12bb229b87994a2d1d
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame F1AE
Redirect Chain

https://token.rubiconproject.com/token?pid=2249&pt=n
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YWJjMzQyYzU5YWU4YTAwMGFkZDFiNTVlZDdkZjZhNmY3M2Y2NzM2OA

170 B
188 B

17ms
17ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YWJjMzQyYzU5YWU4YTAwMGFkZDFiNTVlZDdkZjZhNmY3M2Y2NzM2OA

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:47 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=YWJjMzQyYzU5YWU4YTAwMGFkZDFiNTVlZDdkZjZhNmY3M2Y2NzM2OA
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 5b959e9b7aef6dd90a6fa539ca64ac62
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 204 / Show response
track.adform.net/adfserve/ Frame 34A1 0
457 B 25ms
24ms Script
text/plain 37.157.3.20
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?bn=64253744;click=https://m.exactag.com/cl.aspx?extProvId=327&extPu=vf-dv360&extLi=17041625256&extPm=17041625256&extCr=487434436&url=https://googleads.g.doubleclick.net/dbm/clk?sa=L&ai=CrqQkRJliZL6lBsGllgTkwK6oA_KR0cZrz5aTwvYRmJL4h7MCEAEgsL2jkAFglfqXgqwHoAGR_tGiA8gBCakCuEm_tTNnsj6oAwGqBIkCT9CB-Sc0PIt7x3ohWXjC8X9spFNiH3x2kro_ABnwbTIy1B-9M2pznZA5MT9oFHLRI5faDFDPyOnwmmKVMENmu4txmplvb2kOr1aNF4EGqrpxudX4zpJR_lRsVANdXpbGphLhy4larPwyZ5_EWI3PuxCuGjaoa6jh8Mk9MlvfntFuW4t0qnAw3Lj-u-7oCM4ByQLkC4GySXRGbVmTXSiZgh1e3Eal609hT5uAlK6PtHMqZ2Kwohwc14RtRo1TA8HbVsjEF4e98flVKQXKVE7RcT7AmxrboP6eIeLc2Zhkdu9-a-Pr0W1npDrBb0pCh2yOyR3FeNmg-Z3Log9vAc2I6sV-NZQc5DmBSMAEhJybw_oD4AQDkAYBoAZNgAfXga5dqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIFgiA4YAQEAEYHTICqgI6AoBASL39wTqACgOYCwHICwGADAGwE6yFrRPQEwDYEwrYFAHQFQH4FgGAFwHoFwQ&ae=1&num=1&cid=CAQSPABygQiDp2tdQgqR_73fjJ94LVTaZCu4XQQapi-BI0Up1zY-Yj7ZuMP0wvZN-UuAS_zrr_zp52ZVbdfmdhgB&sig=AOD64_0GU8AMnAPWUKzfuzG6LLFZb6nztQ&client=ca-pub-7554793497192362&dbm_c=AKAmf-BmXboRN0G3u4RFCQGEO9W3LP1fEAEbAFO656GpylDTRcbD6Vr13Qkxclho9dQV474tAOq3j2qa8RdOi72kgUKqpbOkI-CXpFLsn5O6w2fStH44mIe-K2cW-SMC0R8gSVOO7PBHchUlmNOt0cKQp2KLIgC9WM1rBfM99z4bC9oTc0H2QVg&cry=1&dbm_d=AKAmf-BFNNfozZ8QbF1g8YN2OaJ6kcO9U0H1LKN1O3s38jf7MaK2TgBK01h_BwOjnY_bQ3QaYpsXnUBJTy6F5o-99YEyLHem8ccC2qVVhM4WOVmnDEV71p1V55HVghpaBs8_z3qSOMOaRRubRgt_EhwBo_Eyb26HLMscya1yBlPmDhz3-QoX9sgQz9rY_AipVaMSmw26fs56nLIoYzJs7JjmbxpA5KdcjmSrbEa6wc5RqTmXaZj2IL3E8hm0rqIRxYWPnw6_R9q1X91QSI4sb7X6Qfa4F1ldiIj922-xcY68H89_6IhF84TYp2p80YuuvH_XTtl2UKW572NkuCMXWAjiScFTL7c_3NO-Nj1X0SeJrkxs2dpso-OUoI2noT56nqoL9kRiW6nuDtE7b__1S8pwkEuDg--PWW_uK8OgA4eBzDiMawqHR9_50jUUydPiSHcGTxU2-VfoIsqxHH_ZGrn8HfxOZ8qTtiR0HIvBxXHakRja52JEbUJPWi9xfM22he5BnbPxL2V66C-zqltYxKBl6MLU_vg9oA&adurl=;js=1;adfxid=1x;647;set=en-US|en-US|1600X1200|0|750|100|24|8|3|7|1|;cmpgdpr=;cmpgdprconsent=;fd=0|0;bsdata=1&CREFURL=https%3A%2F%2Fwww.newtimes.co.rw

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.20 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
expires: -1

GET
H3 200 rar Show response
as.ad4m.at/ad/ Frame B2C6 11 KB
5 KB 32ms
31ms Document
text/html 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=728&d=90&e=&g=9c8ee0e066bce4dcdc944efdb1283e96%2F15048059093230874786&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183366846&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1hc4ca8sb0w79k9m5c2v743z02cem4ze99ns39kcz6rq282djs7msfpr73wbt26xppatvh4p8yzx95fcctzbw5tdm6ejg64r6j96d2w0egwwcn3dbyzs94b39s0q3pjavyef3vaz2r69k1xxbz88dy5cy1fmc6jwwnw97gy2rxzts216ym3tqdhvn4129zggqqcj3zrhk9r8b5ff3yvd60nan95gg42aecbamgykmvn96sxcb11nyxfy1v9971tm3fxkgpck1as6mg61rhcgqh24k8%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DClw_NRJliZKSdGpqB9fgP5K-K0AGQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE-AFP0CIO-mZyQiahzgS6hGfeY8A2pgFLowFFkpayfcFqpU3Ff7GvEDEYXDRfWCAaHY0lOZKoa-gqU8QeWcR0-d9P3CGEYQ15A0dUya_W-y7-W0tsT1S4bu1Av5u4RgmTChelHkyGxMu6CUO8Wvy7iPMlRjlt6oACVseK9dC8T_IVpbKoA6H_d9NTbkapOyqqNKBzc9D7btcPK1u_okA_BajnnAtBeuQutZaRaK3UKjvjAgP-mcC-2yzLP-GBOWCMeyZxVBRu9XSV-rNG2rTyq2NW_Pq9esN9b9MHU5YLljMPcknOZHiluoHM1eNAw-sT6jm1_AkOLgLWUuAEAYAGxNGe9MiAzrylAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0herB7Ds3i_gUflTiCJ2XNousZcw%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/r62eglto.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

85240f4ca4ce3926dfd9d68ffdc8c4e969b5428878920159a7a77927c60b8c9d

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-src ;img-src data:;manifest-src 'none';media-src 'none';object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://as.ad4m.at/ad/dr?ed=1kteyh50x7cpchem3eccg990peba0ty1dgqn5xgr7wvnma1pb39hqqkx2qez2k4td1ysa3wwvjaqk57y0e10pyt7se8btg2kft62grkmb0h3pj60tbmqv0jjjw3gxxe2j50agkez66846ww0d9harqgq7hetpqtjbp7qdj8d8w6j1qtq8txhe0xk3cjfrv2tym9ncevknmbc3gzrrw00ey9e4ng74enjae319pzrvph13a87rfjg1cymc61tzn7h4exqkvgqw9zwdbbw6156xwz092tfn6zccmme2ramkas23x5x05z7cg5znm9t1g4k5r2g96r4cbesapcf65g2j935jfzyy8sry0y8x31azqqtbwbxk0k6ckq6tsbey80jfdarpyr0mxy7ey4g9vrnrpqkt8v0bdkcda82d7ap8s2q033crep665gatsybpbek2c9zmny62c&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DClw_NRJliZKSdGpqB9fgP5K-K0AGQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE-AFP0CIO-mZyQiahzgS6hGfeY8A2pgFLowFFkpayfcFqpU3Ff7GvEDEYXDRfWCAaHY0lOZKoa-gqU8QeWcR0-d9P3CGEYQ15A0dUya_W-y7-W0tsT1S4bu1Av5u4RgmTChelHkyGxMu6CUO8Wvy7iPMlRjlt6oACVseK9dC8T_IVpbKoA6H_d9NTbkapOyqqNKBzc9D7btcPK1u_okA_BajnnAtBeuQutZaRaK3UKjvjAgP-mcC-2yzLP-GBOWCMeyZxVBRu9XSV-rNG2rTyq2NW_Pq9esN9b9MHU5YLljMPcknOZHiluoHM1eNAw-sT6jm1_AkOLgLWUuAEAYAGxNGe9MiAzrylAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0herB7Ds3i_gUflTiCJ2XNousZcw%26client%3Dca-pub-7554793497192362%26adurl%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7c7e359b6abf1c2c-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-src *;img-src * data:;manifest-src 'none';media-src 'none';object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:46 GMT
expires: 0
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

GET
H2 204 / Show response
track.adform.net/adfserve/ Frame 9151 0
457 B 24ms
23ms Script
text/plain 37.157.3.20
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/adfserve/?bn=63096195;click=https://m.exactag.com/cl.aspx?extProvId=327&extPu=vf-dv360&extLi=19904691783&extPm=19904691783&extCr=482156909&url=https://googleads.g.doubleclick.net/dbm/clk?sa=L&ai=CcTRaRJliZJ2JDI6elgSnxou4CLvD9uhvqeiMxPoQ8p7coNQBEAEgsL2jkAFglfqXgqwHoAH2vq2YKMgBCakCuEm_tTNnsj6oAwGqBIYCT9CIvKejrV9t6dS9up0yEYAk2Gcb3E5B95DR_aaW7W-DabiPvOM_T423zcDKSbhcUnNo7Zzr72V7uxLJWr4ckh4AZehKR3eJ1OBIn0z1hmUczqJUfQjvXt4JxO8WUEesN8_c21_Z5VZF-SYKIGnTGkpU4dwYBf8jo6m6EvX_tEDhxzUeXPeqQiSPxU2teMrniXB9HuEy_X8qTeRUJE8aU_cGUxKyAfMyPP7yw4V4-QYIfjvrfXoP5Tu_eAXFJthRRbfOOGavMbYX0rhuUN9wP-ZM8BucgnILLy3pSOz4PokCjt-Xq0XTcEw72BPiuBSMDBuAdKp8DXuvy0kov-8t3KKZjAqhdsAEtffWsqUE4AQDkAYBoAZNgAf29v33AqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBYIgOGAEBABGB0yAqoCOgKAQEi9_cE6gAoDmAsByAsBgAwBsBP2hJUT0BMA2BMN2BQB0BUB-BYBgBcB&ae=1&num=1&cid=CAQSPABygQiDU_BaR7EWUPMD1rq-ha8Woieb3mwLymwmAIz2mBqPLdkaxn7uaVqszBjJ6JLpNcn5uOfSJVz4jhgB&sig=AOD64_0qps1bzJijZzdqqYZuHjntYJRPPg&client=ca-pub-7554793497192362&dbm_c=AKAmf-DaSWTmfKBwq7xrKajGmUC3nWXY73Um7pGlCiVOSFG82N_guictalNl1ut0rSSRyk9vKhCB8kv8Juev7mELxYkIYzSEaT3V7MJN4lF18oKYgIj7nDNOPXPiNGMuqFZ0pgIoAopITmgcfI2MnNpQu-A7p0pMbl4vCV5X1KOOFQH6RyW_lGY&cry=1&dbm_d=AKAmf-B6B3Zi6RRs38jyLM4ZGIoD3hblQ4WIbJHIjwtz1WoqIoxXMxlK6DthtRIgdnN72pRoFLKsSis90BUowRlF3vjbJr5VB61tkMtmW07_CrV8Pop8wGpXfoHE5_Xxtgee4L7Jq45l_S5T5b8gvwHaHZhyONdEt8RsdZR_EkGyiV9rzeNMugAgTgkCr4LW68upfaJxvnHGjgshmPVd-2o6mWDDhOLtfalyo-MYnA3sUikbVDCOeE-W5NusED8Osc8tuecSDjKeA_vP2B23IGsTSFmKpxtul67Q2hBZC225Dugut3MVQ9rqPqmf09fdruevPz_FvYqPznG9lrOVIpWyj7yWy3qK8h_CL6cSMzIBjuQxdqW-9_5gv0xHPAkLK4phndL0KnrO9ilRZYFbqmQS_nQWI7MTfFhK6xBUMlOp1TYGpxz6tjRolNbRUPM0FKH4ujAcpSKeYEyqhotPmoEvT8rX9p1ET_0J26SDnxBcVP2y4nrDNA-UkKmk5LkbKauW9sqAnoQY9Mp60g-nJAywB84dc59BF1ixVckCl5RDsZU3GnCht6s&adurl=;js=1;adfxid=2x;8281;set=en-US|en-US|1600X1200|0|750|100|24|8|3|7|1|;cmpgdpr=;cmpgdprconsent=;fd=0|0;bsdata=1&CREFURL=https%3A%2F%2Fwww.newtimes.co.rw

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.20 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:46 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
expires: -1

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame B4A0 52 KB
17 KB 650ms
212ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://www.newtimes.co.rw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 51628
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Mon, 15 May 2023 20:42:47 GMT
ETag: W/"623de86a-cf34"
Expires: Wed, 03 May 2023 06:21:12 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 2725, 236582
X-Served-By: cache-lga13626-LGA, cache-gig2250064-GIG
X-Timer: S1684183368.519180,VS0,VE0

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame 5784 23 KB
8 KB 72ms
33ms Document
text/html 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CUN4B97C&prvid=2034%2C2030%2C273%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C238%2C97%2C55%2C99%2C3012%2C3011%2C3010%2C244%2C201%2C2039%2C3007%2C246%2C4%2C203%2C446%2C9%2C2011%2C2055%2C3022%2C3020%2C173%2C294%2C251%2C175%2C450%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C3014%2C337%2C338%2C459%2C70%2C77%2C38%2C2022%2C182%2C261%2C141%2C262%2C461%2C222%2C301%2C225%2C10000%2C80%2C108%2C229&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1

Requested by

Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

9b4c058fb79090fd6d15dbf4305ce4c94b794da0edc9cdf3ca16c266fd018504

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.newtimes.co.rw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=172800
content-encoding: gzip
content-length: 8437
content-type: text/html; charset=UTF-8
date: Mon, 15 May 2023 20:42:47 GMT
expires: Wed, 17 May 2023 20:42:47 GMT
server: Apache
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-mnet-hl2: E

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame ACA2 52 KB
17 KB 656ms
215ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://www.newtimes.co.rw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 51629
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Mon, 15 May 2023 20:42:47 GMT
ETag: W/"623de86a-cf34"
Expires: Wed, 03 May 2023 06:21:12 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 2725, 228597
X-Served-By: cache-lga13626-LGA, cache-gig2250077-GIG
X-Timer: S1684183368.529348,VS0,VE0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 910A 16 KB
6 KB 7ms
7ms Document
text/html 23.35.236.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158370
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-201.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer: https://www.newtimes.co.rw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=98523
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Mon, 15 May 2023 20:42:46 GMT
expires: Wed, 17 May 2023 00:04:49 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 20AA 52 KB
17 KB 658ms
219ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://www.newtimes.co.rw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 51628
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Mon, 15 May 2023 20:42:47 GMT
ETag: W/"623de86a-cf34"
Expires: Wed, 03 May 2023 06:21:12 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 2725, 229585
X-Served-By: cache-lga13626-LGA, cache-gig2250032-GIG
X-Timer: S1684183368.531259,VS0,VE0

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 405C 52 KB
17 KB 654ms
215ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://www.newtimes.co.rw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 51629
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Mon, 15 May 2023 20:42:47 GMT
ETag: W/"623de86a-cf34"
Expires: Wed, 03 May 2023 06:21:12 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 2725, 228598
X-Served-By: cache-lga13626-LGA, cache-gig2250077-GIG
X-Timer: S1684183368.530818,VS0,VE0

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame BAA9 52 KB
17 KB 651ms
212ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://www.newtimes.co.rw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 51628
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Mon, 15 May 2023 20:42:47 GMT
ETag: W/"623de86a-cf34"
Expires: Wed, 03 May 2023 06:21:12 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 2725, 229116
X-Served-By: cache-lga13626-LGA, cache-gig2250061-GIG
X-Timer: S1684183368.528932,VS0,VE0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 7AD9 16 KB
6 KB 8ms
7ms Document
text/html 23.35.236.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158370
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-201.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer: https://www.newtimes.co.rw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=98523
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Mon, 15 May 2023 20:42:46 GMT
expires: Wed, 17 May 2023 00:04:49 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame 64AC 23 KB
8 KB 72ms
42ms Document
text/html 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

9b4c058fb79090fd6d15dbf4305ce4c94b794da0edc9cdf3ca16c266fd018504

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.newtimes.co.rw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=172800
content-encoding: gzip
content-length: 8437
content-type: text/html; charset=UTF-8
date: Mon, 15 May 2023 20:42:47 GMT
expires: Wed, 17 May 2023 20:42:47 GMT
server: Apache
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-mnet-hl2: E

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 6480 16 KB
6 KB 7ms
7ms Document
text/html 23.35.236.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158370
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-201.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer: https://www.newtimes.co.rw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=98523
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Mon, 15 May 2023 20:42:46 GMT
expires: Wed, 17 May 2023 00:04:49 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame 9C73 23 KB
8 KB 69ms
41ms Document
text/html 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

9b4c058fb79090fd6d15dbf4305ce4c94b794da0edc9cdf3ca16c266fd018504

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.newtimes.co.rw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=172800
content-encoding: gzip
content-length: 8437
content-type: text/html; charset=UTF-8
date: Mon, 15 May 2023 20:42:47 GMT
expires: Wed, 17 May 2023 20:42:47 GMT
server: Apache
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-mnet-hl2: E

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame 772B 23 KB
8 KB 62ms
34ms Document
text/html 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

9b4c058fb79090fd6d15dbf4305ce4c94b794da0edc9cdf3ca16c266fd018504

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.newtimes.co.rw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=172800
content-encoding: gzip
content-length: 8437
content-type: text/html; charset=UTF-8
date: Mon, 15 May 2023 20:42:47 GMT
expires: Wed, 17 May 2023 20:42:47 GMT
server: Apache
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-mnet-hl2: E

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame CC15 16 KB
6 KB 6ms
6ms Document
text/html 23.35.236.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158370
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-201.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer: https://www.newtimes.co.rw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=98523
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Mon, 15 May 2023 20:42:46 GMT
expires: Wed, 17 May 2023 00:04:49 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 43D9 281 B
554 B 6ms
6ms Document
text/html 23.56.202.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.56.202.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-56-202-187.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://www.newtimes.co.rw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Mon, 15 May 2023 20:42:46 GMT
ETag: "40010-119-5ec73a0a33d00"
Last-Modified: Wed, 02 Nov 2022 02:30:44 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame 5377 23 KB
8 KB 65ms
41ms Document
text/html 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

9b4c058fb79090fd6d15dbf4305ce4c94b794da0edc9cdf3ca16c266fd018504

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.newtimes.co.rw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=172800
content-encoding: gzip
content-length: 8437
content-type: text/html; charset=UTF-8
date: Mon, 15 May 2023 20:42:47 GMT
expires: Wed, 17 May 2023 20:42:47 GMT
server: Apache
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-mnet-hl2: E

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame CB76 16 KB
6 KB 8ms
6ms Document
text/html 23.35.236.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158370
Requested by: Host: cdn.yourbow.com
URL: https://cdn.yourbow.com/newtimesrwanda/gpt.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-201.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48

Request headers

Referer: https://www.newtimes.co.rw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=98523
content-encoding: gzip
content-length: 5554
content-type: text/html
date: Mon, 15 May 2023 20:42:46 GMT
expires: Wed, 17 May 2023 00:04:49 GMT
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2 200 encodesans-400-latin.woff2
static.criteo.net/design/googlefont/encodesans/ Frame C2B3 14 KB
14 KB 24ms
23ms Font
application/octet-stream 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/encodesans/encodesans-400-latin.woff2

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/design/googlefont/encodesans/encodesans-400.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a74d9ef4aed69029444e8433d85a7e6df17f90c21afe3331b4a8929720e4e396

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://static.criteo.net/design/googlefont/encodesans/encodesans-400.css
Origin: https://ads.eu.criteo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:46 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 21 Dec 2022 14:48:27 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"63a31cbb-3778"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:46 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame DFE1 0
20 B 44ms
44ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B7TNLRJliZJWsLJSL7gP61ZzQCwAAAAA4AeAEAg&bg=!ZmWlZTHNAAYldGN0BXQ7ADkAdvg8Wq1Q5g33j_GwK38oZwCIxCG8SfW7zAf76WBynJ0DP6Bl8ipFtE8SljzPxR76sX_JMtMQ9rUCAAAC6lIAAAADaAEHCgBMERs4Jr8cbgh3CubjdyMDfphj4WHOVHWZBWLkOePJtBCBaW-vl3OqUt2vhCkyCxDBH3FGivbuSTaeJrpDA4nM8alHJPpQusE_mojEbpkC8EAu-d5_ZJZ9tyHGO2suXOj8ByjMPWqYL8HxKQxCJReusHJgXGjodXToR0Vui8lV3LJEhHaN2T5FFZxR6d7wEVAisBer1Ow06WMEiONhNziiv2pXzrUHAFa6nS1oXd3W7YXIzb7-YUuSYWRLKSfdfLny7yfFFOYsnewJbYpRcRiBqZzhZSMbX5kbNBxOUrh7FWi3_tyYxLXZ38rMU4Qw4HEZdETOUEYHAKQueRDq1vn1l-JtrjpoARvkvYFPx9IWrOdIJ69o9k81tdRzPeri2KV9bM6D3ifPiAZLgHAbwfQHjp7aGVRfELWrssIqfOlhRqzEpikxZDgqSj498ns_TdiVEzIpeDj5iJArrivQt8-CV1UNqfGG97RSH8CDNmH2YGHAjPauXJCHDf0qOuf2I_f46QR8Z2XMfJR2EcdDGPmafhUfHjEVdriTU7h6MtgpMcllpCV7GywhmTSSivVXf1Dd0tWKLOAFqxGrL0SO2mDl97boT5htUQWrOKDgQivW_eQJQbJqTmcAep2rT4dHBidM0lGOw4rdKinKLRBj_q7yLglYzhuIQ088n4IuL9cGJf_rp-a5Vwld-3aepHeVBt_rUx5nDVZROhMVOI3u25LT2BIaMVhjw8ODeUnPWOTo_nBLBWSnE2y9NYMXTbx0w7HDOWCZK9UZ1DqqktrthkBo7yLqKDvFJNDFAltumR4uNOIpEgHxHv6sLhA6GSLn9HYXssqknF8g6ffY4f-y4ILfXppE-9BUJvT8SjYJ5U7dwquZTZqbXgadRE5m04v2xKrtbtvarL1f-IprUiCGijO6qWWCpudUP2kOPhDRF0rFJQLeJ2wRAGbTkQpUdiN0LMxmzC1qB-QxclSC6TsN2-z6u_wg3NQj6GYFx6Q7n85ZZtUinrxnk7uaalkCLgPkTH5S6xpqb7x4GtusvL0HNdem1Z8Hbj92xouRlIxHFQ61TR7NHEcx0F6MYI6I-xijZQQJz8MvX3WOcmyQVXEKcEST

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:47 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame C2B3 0
127 B 14ms
14ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.eu.criteo.net/all?cppv=3&cpp=jb6q01w-_Msrj2KhzhDWArOGzHBQw26UXUC8cK6FXdfot-lGx3Vc2gOXV5npaTNhyIsbELfhT8jD1AXB4OZY7ET2iTsokv8yUbqyhouajKSWL0tP9FsPMEyf40ToQaT89MSC2BKXHWb0IMGWCai6xaI2psNXespvZtBkFMV55Q_loBa4YR6jplVdJ_FsBZPAQ6fz_2cEMOI3Hskk1L9CExQPW9TFgL-KepNCaQXoBt1F32oJ6WIPta0_JVtOWhli7VxntKOZ7LnYfuQi&sds=2&rev=86118.2&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 15 May 2023 20:42:46 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame C2B3 2 KB
1 KB 13ms
13ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:47 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame C2B3 2 KB
1 KB 15ms
15ms Image
image/svg+xml 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.eu.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:47 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Thu, 09 May 2024 20:42:47 GMT

GET
H3 200 rar Show response
as.ad4m.at/ad/ Frame AB30 11 KB
5 KB 33ms
32ms Document
text/html 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=728&d=90&e=&g=0330d0c39cf699edc9dd789692fc5611%2F12912256110232126051&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183366889&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1hwhzn75vb5ps0pdyqrj5fwnnkd7h32xzkxhwyswysbzt2b2cwnr7qx1np0bzd5ne6qmtc7zpmmvvem0dc3ce8jagbj5bn44x1nn9y8qdsf7xnsa0hknkmxdb6n03ck4y3pmfc5ta6decpa5pt1s4xxhk70sgkkbp83k1xeaxea2rrtkzmbt82gg11wacdgwsjjph1n13mkv9wwtgbm789ymbxg15psph2j37bghnnc88a28ts1ab9yswfbqgd4wrqfsqeh60gf3taav1vmqpth744%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC-MODRJliZOnTI4SglgS7grL4BZDhgYRctqjCivACwI23ARABIABglfqXgqwHggEXY2EtcHViLTc1NTQ3OTM0OTcxOTIzNjLIAQmpArhJv7UzZ7I-4AIAqAMBqgT4AU_Qm2cwHRJq8x2mkUf0GK3tCeGzXDNnyO2GqSGGzaZhJQo5FykRax4-HhAGSgNK2QSc7uPGSq3qUbao3Eqc_Kd_rJGclJbpBwfT_l8mX6-Z3qQDDfjFkGMlNzeVc6RcbBufW9cAjgUyzA7KYFvwF-uxMu9kz8Hqhypz2D3nlaIDXgRtI1ahHpFE8cM9CBYPn-ZYh7wuUDf-yYlA_1_YekoTOVyW8OAlW7tT27cksi7tgg7tGCYPYyVeopjLiRAvRUZvKNtD2_dlMJ1ozeyE43u426RRDiAUjXjWUDtkF4g42PhhtCrEhXieKxOpKKmhEfDKLEynXXMx4AQBgAbE0Z70yIDOvKUBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_1fWoXb9j5p6leW3a656AtniIfMZQ%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/r62eglto.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

104a0eba3d8060883c603631ea50b129cf41743d619b37bd208153ce35e4c4f1

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-src ;img-src data:;manifest-src 'none';media-src 'none';object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://as.ad4m.at/ad/dr?ed=1j0sd5kc2dh37e315h4ysrq35wtrfrgkxfbqgg6tjg2gg98449fszn6vdg5gr6n5v77rkktnz5v1afjgwvessm5nadkk075913fd5kf01vt0tj61715xe5d3jx33nj218kvw592e2djnfr7r7szmf9xav8sfcss6srpjhyhj9ec6a05z6eegah2s3zpwhbj8npn33bcxnbc11d9zqa01a2wk81gfypccfp72gczn2wy5bw9087kzwz46bt0nkyk2tn0jy6e2sa9v3qqam4kh4mh0ek3ms3mdt17er94tzbh7hw20ht0yehjgtck933e24m2fjxa5pyvv4zwyrbspedqvxq795wppjb8r0e6g2xfb312tm9femqg9np49y33h7z4zpet0mfpmvzsxjg5460tygn9rgac42f4k9he98qs4kq6x3frjxszzd7rz9tb69f8a2b60vc&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-MODRJliZOnTI4SglgS7grL4BZDhgYRctqjCivACwI23ARABIABglfqXgqwHggEXY2EtcHViLTc1NTQ3OTM0OTcxOTIzNjLIAQmpArhJv7UzZ7I-4AIAqAMBqgT4AU_Qm2cwHRJq8x2mkUf0GK3tCeGzXDNnyO2GqSGGzaZhJQo5FykRax4-HhAGSgNK2QSc7uPGSq3qUbao3Eqc_Kd_rJGclJbpBwfT_l8mX6-Z3qQDDfjFkGMlNzeVc6RcbBufW9cAjgUyzA7KYFvwF-uxMu9kz8Hqhypz2D3nlaIDXgRtI1ahHpFE8cM9CBYPn-ZYh7wuUDf-yYlA_1_YekoTOVyW8OAlW7tT27cksi7tgg7tGCYPYyVeopjLiRAvRUZvKNtD2_dlMJ1ozeyE43u426RRDiAUjXjWUDtkF4g42PhhtCrEhXieKxOpKKmhEfDKLEynXXMx4AQBgAbE0Z70yIDOvKUBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1fWoXb9j5p6leW3a656AtniIfMZQ%26client%3Dca-pub-7554793497192362%26adurl%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7c7e359bdb3e1c2c-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-src *;img-src * data:;manifest-src 'none';media-src 'none';object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:47 GMT
expires: 0
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

GET
H2 200 Standard Show response
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.228/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/ Frame F7CB 90 KB
39 KB 28ms
28ms Script
text/javascript 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.228/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 8e16ad2005bc4c19f8560189ef6e7b7475f2b3def2c60a57f9041fac5b4f94cf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:47 GMT
content-encoding: gzip
last-modified: Tue, 18 Apr 2023 08:19:00 GMT
server: nginx
x-cache-status: STALE
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Wed, 19 Apr 2023 13:55:16 GMT

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 5985 52 KB
17 KB 648ms
216ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=1624&pub_id=1968063
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 51629
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Mon, 15 May 2023 20:42:47 GMT
ETag: W/"623de86a-cf34"
Expires: Wed, 03 May 2023 06:21:12 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 2725, 228739
X-Served-By: cache-lga13626-LGA, cache-gig2250054-GIG
X-Timer: S1684183368.655203,VS0,VE0

GET
H/1.1 200
OK rd_log Show response
fra1-ib.adnxs.com/ Frame 50DA 0
934 B 6ms
6ms Script
text/html 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/rd_log?an_audit=0&referrer=http%3A%2F%2Fwww.newtimes.co.rw%2F&e=wqT_3QLaBPBMWgIAAAMA1gAFAQjEsoqjBhDUvIP7p7WgmUsY4Nzyj6uy6tsQKjYJhjP4NBt3wz8R8jBScvN9wj8ZAAAAwPUoCkAh8jBScvN9wj8phjMJJMAxAAAA4FG4vj8w5OWUCjjYDECuYUi7A1AAWKaYlAFgAGjn1Ap4AIABAYoBA1VTRJIBAQbw5ZgBrAKgAdgEqAEBsAEAuAEAwAEFyAEC0AEA2AEA4AEA8AEA2ALHBOACm7QH6gIaaHR0cDovL3d3dy5uZXd0aW1lcy5jby5ydy-AAwCIAwGQAwCYAxegAwGqAwDAA6wCyAMA2AOPx1PgAwDoAwD4AwGABACSBA0vdXQvdjMvcHJlYmlkmAQAogQOMTM4LjE5OS4zOC4xMzSoBACyBBAIABABGKwCINgEKAAwADgCuAQAwAQAyAQA2gQCCAHgBADwBACIBQGYBQCgBfqhic2skOT6EcAFAMkFAAAAAAAA8D_SBQkJAAAABQ5o2AUA4AUB6gUHCgN0bnQSAOoFCgoGcndhbmRhAQ0YCAoEbmV3cwELCA4KCgkYEREUDAoIbmV3Be8NICBlYXN0YWZyaWMFPHwKCgZraWdhbGkSAPAFAPoFBAgAEACQBgCYBgC4BgDBBgWAHADwP9oGFgoQCQ0ZAXgQABgA4AYB8gYCCACABwGIBwCYBwGgBwHIBwDSBw0JESkBJwjaBwYBWnAYAOAHAOoHAggA8AeH4wKKCAIQAJUIAACAP5gIAQ..&s=795458fd5dc0e3f2af70cd186da7ed398d847695&bdref=https%3A%2F%2Fwww.newtimes.co.rw%2F&bdtop=true&bdifs=2&bstk=https%3A%2F%2Fwww.newtimes.co.rw%2F,https%3A%2F%2Fa8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html,https%3A%2F%2Fa8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:47 GMT
AN-X-Request-Uuid: ae859e5f-8156-4db9-98a6-c5ca5293055c
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.40/one-ad/ Frame B2C6 103 KB
13 KB 46ms
46ms Stylesheet
text/css 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://as.ad4m.at/ad/style/0.1.40/one-ad/default.css
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=728&d=90&e=&g=9c8ee0e066bce4dcdc944efdb1283e96%2F15048059093230874786&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183366846&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1hc4ca8sb0w79k9m5c2v743z02cem4ze99ns39kcz6rq282djs7msfpr73wbt26xppatvh4p8yzx95fcctzbw5tdm6ejg64r6j96d2w0egwwcn3dbyzs94b39s0q3pjavyef3vaz2r69k1xxbz88dy5cy1fmc6jwwnw97gy2rxzts216ym3tqdhvn4129zggqqcj3zrhk9r8b5ff3yvd60nan95gg42aecbamgykmvn96sxcb11nyxfy1v9971tm3fxkgpck1as6mg61rhcgqh24k8%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DClw_NRJliZKSdGpqB9fgP5K-K0AGQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE-AFP0CIO-mZyQiahzgS6hGfeY8A2pgFLowFFkpayfcFqpU3Ff7GvEDEYXDRfWCAaHY0lOZKoa-gqU8QeWcR0-d9P3CGEYQ15A0dUya_W-y7-W0tsT1S4bu1Av5u4RgmTChelHkyGxMu6CUO8Wvy7iPMlRjlt6oACVseK9dC8T_IVpbKoA6H_d9NTbkapOyqqNKBzc9D7btcPK1u_okA_BajnnAtBeuQutZaRaK3UKjvjAgP-mcC-2yzLP-GBOWCMeyZxVBRu9XSV-rNG2rTyq2NW_Pq9esN9b9MHU5YLljMPcknOZHiluoHM1eNAw-sT6jm1_AkOLgLWUuAEAYAGxNGe9MiAzrylAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0herB7Ds3i_gUflTiCJ2XNousZcw%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d77b5f2ca03eb8dab2acc515548b7b1ce7eeb4ca2189268552649e0391ee8c21

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=728&d=90&e=&g=9c8ee0e066bce4dcdc944efdb1283e96%2F15048059093230874786&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183366846&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1hc4ca8sb0w79k9m5c2v743z02cem4ze99ns39kcz6rq282djs7msfpr73wbt26xppatvh4p8yzx95fcctzbw5tdm6ejg64r6j96d2w0egwwcn3dbyzs94b39s0q3pjavyef3vaz2r69k1xxbz88dy5cy1fmc6jwwnw97gy2rxzts216ym3tqdhvn4129zggqqcj3zrhk9r8b5ff3yvd60nan95gg42aecbamgykmvn96sxcb11nyxfy1v9971tm3fxkgpck1as6mg61rhcgqh24k8%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DClw_NRJliZKSdGpqB9fgP5K-K0AGQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE-AFP0CIO-mZyQiahzgS6hGfeY8A2pgFLowFFkpayfcFqpU3Ff7GvEDEYXDRfWCAaHY0lOZKoa-gqU8QeWcR0-d9P3CGEYQ15A0dUya_W-y7-W0tsT1S4bu1Av5u4RgmTChelHkyGxMu6CUO8Wvy7iPMlRjlt6oACVseK9dC8T_IVpbKoA6H_d9NTbkapOyqqNKBzc9D7btcPK1u_okA_BajnnAtBeuQutZaRaK3UKjvjAgP-mcC-2yzLP-GBOWCMeyZxVBRu9XSV-rNG2rTyq2NW_Pq9esN9b9MHU5YLljMPcknOZHiluoHM1eNAw-sT6jm1_AkOLgLWUuAEAYAGxNGe9MiAzrylAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0herB7Ds3i_gUflTiCJ2XNousZcw%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:47 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-meta-goog-reserved-file-mtime: 1683559916
age: 623010
cf-polished: origSize=105839
x-guploader-uploadid: ADPycdv9IJsM9Nda_T-YCF8tGjLSR9_5GyrPWBCiXo7o_2KPFa29jeIDurPOQJdzBat54FnfGmUqvpjJPo5BCE2ydDX2ig
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Mon, 08 May 2023 15:32:28 GMT
server: cloudflare
etag: W/"44fa96b813e145cb8b915ae1fb6a3b7a"
vary: Accept-Encoding
x-goog-generation: 1683559948253618
content-type: text/css
x-goog-hash: crc32c=FELYSw==, md5=RPqWuBPhRcuLkVrh+2o7eg==
cache-control: public, max-age=3600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bC4RKwPNizn5JOuxu4Oe5Q4nstNKY0PJjStSUDftengOeToa9QL31vFXoGsPIB7hwZoKQ%2BY1RfDHPag3UUBFL2clS75PQIwPt66BQzamUUnnf6IcsbWFIzTprsyUJrTymydmrLPnmAU%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 105839
cf-ray: 7c7e359c7c271c2c-FRA
expires: Mon, 15 May 2023 21:42:47 GMT

GET
H2 200 C3FCB3AB04505A8F1D79D1D5953F5207FE6F49EF4C517E920A79B423A52F9E2DCCD658FDD21E3D8209A640CEE47D02AAD52D272924710EAE6BAB80FD9B483022
assets.ad4m.at/logo/ Frame B2C6 5 KB
5 KB 28ms
18ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/C3FCB3AB04505A8F1D79D1D5953F5207FE6F49EF4C517E920A79B423A52F9E2DCCD658FDD21E3D8209A640CEE47D02AAD52D272924710EAE6BAB80FD9B483022
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=728&d=90&e=&g=9c8ee0e066bce4dcdc944efdb1283e96%2F15048059093230874786&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183366846&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1hc4ca8sb0w79k9m5c2v743z02cem4ze99ns39kcz6rq282djs7msfpr73wbt26xppatvh4p8yzx95fcctzbw5tdm6ejg64r6j96d2w0egwwcn3dbyzs94b39s0q3pjavyef3vaz2r69k1xxbz88dy5cy1fmc6jwwnw97gy2rxzts216ym3tqdhvn4129zggqqcj3zrhk9r8b5ff3yvd60nan95gg42aecbamgykmvn96sxcb11nyxfy1v9971tm3fxkgpck1as6mg61rhcgqh24k8%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DClw_NRJliZKSdGpqB9fgP5K-K0AGQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE-AFP0CIO-mZyQiahzgS6hGfeY8A2pgFLowFFkpayfcFqpU3Ff7GvEDEYXDRfWCAaHY0lOZKoa-gqU8QeWcR0-d9P3CGEYQ15A0dUya_W-y7-W0tsT1S4bu1Av5u4RgmTChelHkyGxMu6CUO8Wvy7iPMlRjlt6oACVseK9dC8T_IVpbKoA6H_d9NTbkapOyqqNKBzc9D7btcPK1u_okA_BajnnAtBeuQutZaRaK3UKjvjAgP-mcC-2yzLP-GBOWCMeyZxVBRu9XSV-rNG2rTyq2NW_Pq9esN9b9MHU5YLljMPcknOZHiluoHM1eNAw-sT6jm1_AkOLgLWUuAEAYAGxNGe9MiAzrylAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0herB7Ds3i_gUflTiCJ2XNousZcw%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9c63890b7f3f2e513fa085cd7b198f9ab91721a9e8aa7180806ff4aa7b4089a4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:47 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1691057
cf-polished: origFmt=png, origSize=10283
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4736
cf-bgj: imgq:85,h2pri
last-modified: Thu, 06 Apr 2023 12:21:02 GMT
server: cloudflare
etag: "b90d04a587c2a1ab6749e51d8bb195d1"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FLYQieYvxoTMsiwS1PBuLgXP%2F3s7IG3UPngU3CMN7rsiSz4mSLEAEHbX3iGzY3%2FDM71YU5GFDxfhLv9wrFLgN4HXTCLJd44xG%2FLEZxcMGTKT%2FSYoH45cUUY3KUrt3kuyOn6hejjR1tllV7Si"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7c7e359c8c761913-FRA
expires: Tue, 16 May 2023 20:42:47 GMT

GET
H3 200 A36DAD0D440985CF6ABFA23492945CE5BC6D94350A66B19418CB771AFE823AD9B48ADE8E2F007546F0A50A710172EEFC2CAC1468E38852CE2028C22592AAFB75
assets.ad4m.at/product_image/ Frame B2C6 54 KB
55 KB 19ms
18ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/A36DAD0D440985CF6ABFA23492945CE5BC6D94350A66B19418CB771AFE823AD9B48ADE8E2F007546F0A50A710172EEFC2CAC1468E38852CE2028C22592AAFB75
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=728&d=90&e=&g=9c8ee0e066bce4dcdc944efdb1283e96%2F15048059093230874786&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183366846&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1hc4ca8sb0w79k9m5c2v743z02cem4ze99ns39kcz6rq282djs7msfpr73wbt26xppatvh4p8yzx95fcctzbw5tdm6ejg64r6j96d2w0egwwcn3dbyzs94b39s0q3pjavyef3vaz2r69k1xxbz88dy5cy1fmc6jwwnw97gy2rxzts216ym3tqdhvn4129zggqqcj3zrhk9r8b5ff3yvd60nan95gg42aecbamgykmvn96sxcb11nyxfy1v9971tm3fxkgpck1as6mg61rhcgqh24k8%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DClw_NRJliZKSdGpqB9fgP5K-K0AGQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE-AFP0CIO-mZyQiahzgS6hGfeY8A2pgFLowFFkpayfcFqpU3Ff7GvEDEYXDRfWCAaHY0lOZKoa-gqU8QeWcR0-d9P3CGEYQ15A0dUya_W-y7-W0tsT1S4bu1Av5u4RgmTChelHkyGxMu6CUO8Wvy7iPMlRjlt6oACVseK9dC8T_IVpbKoA6H_d9NTbkapOyqqNKBzc9D7btcPK1u_okA_BajnnAtBeuQutZaRaK3UKjvjAgP-mcC-2yzLP-GBOWCMeyZxVBRu9XSV-rNG2rTyq2NW_Pq9esN9b9MHU5YLljMPcknOZHiluoHM1eNAw-sT6jm1_AkOLgLWUuAEAYAGxNGe9MiAzrylAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0herB7Ds3i_gUflTiCJ2XNousZcw%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 861e4cd27539274eedfdd65212a140a4c7ccea88e004d23f5234e4db48bc73ae

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:47 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2300161
cf-polished: origFmt=png, origSize=105738
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 55786
cf-bgj: imgq:85,h2pri
last-modified: Mon, 04 Jul 2022 08:55:40 GMT
server: cloudflare
etag: "147be38db57f89c69c9e65b05983ff0e"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YIy1pysCDFjDrKrWRxv4u7gAA8wKK8c1bSNAqcdWxpc6Uw7KL0mtXgURWOx3TdYUzsy2w%2Bpv3SiqNm56IktwgtRX5jHdJCoQSBOrLykJgPvJjgcPDtBa0CiAUkxCfU8N4MSmRLUf6SsDDyfn"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7c7e359d4dc21c2c-FRA
expires: Tue, 16 May 2023 20:42:47 GMT

GET
H3 200 A0843E9156C9D7335C02FDBAB8781B4AFFEEE9E59ABD085E1EDF62037D970710A817E95DBBFD727CE4E28B26524C9A8F4A33EB1E826BD3A7B2541F094E39D266
assets.ad4m.at/logo/ Frame B2C6 2 KB
3 KB 27ms
26ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/A0843E9156C9D7335C02FDBAB8781B4AFFEEE9E59ABD085E1EDF62037D970710A817E95DBBFD727CE4E28B26524C9A8F4A33EB1E826BD3A7B2541F094E39D266
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=728&d=90&e=&g=9c8ee0e066bce4dcdc944efdb1283e96%2F15048059093230874786&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183366846&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1hc4ca8sb0w79k9m5c2v743z02cem4ze99ns39kcz6rq282djs7msfpr73wbt26xppatvh4p8yzx95fcctzbw5tdm6ejg64r6j96d2w0egwwcn3dbyzs94b39s0q3pjavyef3vaz2r69k1xxbz88dy5cy1fmc6jwwnw97gy2rxzts216ym3tqdhvn4129zggqqcj3zrhk9r8b5ff3yvd60nan95gg42aecbamgykmvn96sxcb11nyxfy1v9971tm3fxkgpck1as6mg61rhcgqh24k8%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DClw_NRJliZKSdGpqB9fgP5K-K0AGQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE-AFP0CIO-mZyQiahzgS6hGfeY8A2pgFLowFFkpayfcFqpU3Ff7GvEDEYXDRfWCAaHY0lOZKoa-gqU8QeWcR0-d9P3CGEYQ15A0dUya_W-y7-W0tsT1S4bu1Av5u4RgmTChelHkyGxMu6CUO8Wvy7iPMlRjlt6oACVseK9dC8T_IVpbKoA6H_d9NTbkapOyqqNKBzc9D7btcPK1u_okA_BajnnAtBeuQutZaRaK3UKjvjAgP-mcC-2yzLP-GBOWCMeyZxVBRu9XSV-rNG2rTyq2NW_Pq9esN9b9MHU5YLljMPcknOZHiluoHM1eNAw-sT6jm1_AkOLgLWUuAEAYAGxNGe9MiAzrylAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0herB7Ds3i_gUflTiCJ2XNousZcw%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: af7a66542220ecfb2b8fa0286b60ffa95c1c8047df094654a90e1ff75f848ef5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:47 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 608411
cf-polished: origFmt=png, origSize=9357
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2330
cf-bgj: imgq:85,h2pri
last-modified: Thu, 08 Apr 2021 14:26:03 GMT
server: cloudflare
etag: "8cc161b392f5744da5319a4da549b763"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=he55ikzqcAMQ8UC4Cs1FCp%2BHn%2Fbmj2tft5zMf01Tt6TB%2BABPn24z1G%2Fs4C2p799%2BRDk4obt1gRL5hS%2FoGbqYQ9MgMbKGFbOcKLogo4%2BlwWw%2Blxoncmoom03gUNqugQjIVI%2FVLAwcsE0TU0V5"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7c7e359d4dc31c2c-FRA
expires: Tue, 16 May 2023 20:42:47 GMT

GET
H3 200 B0EFBB0208E9EF8D30A7C89B72C086F1DD36F5D7A5F0A9551729DDFC67E85BCDECDB196EB4EAB3FEC6BC55A4A1442682559F8312D8959CED1C6B0F52B22CF45C
assets.ad4m.at/product_image/ Frame B2C6 496 KB
497 KB 33ms
31ms Image
image/png 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/B0EFBB0208E9EF8D30A7C89B72C086F1DD36F5D7A5F0A9551729DDFC67E85BCDECDB196EB4EAB3FEC6BC55A4A1442682559F8312D8959CED1C6B0F52B22CF45C
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=728&d=90&e=&g=9c8ee0e066bce4dcdc944efdb1283e96%2F15048059093230874786&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183366846&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1hc4ca8sb0w79k9m5c2v743z02cem4ze99ns39kcz6rq282djs7msfpr73wbt26xppatvh4p8yzx95fcctzbw5tdm6ejg64r6j96d2w0egwwcn3dbyzs94b39s0q3pjavyef3vaz2r69k1xxbz88dy5cy1fmc6jwwnw97gy2rxzts216ym3tqdhvn4129zggqqcj3zrhk9r8b5ff3yvd60nan95gg42aecbamgykmvn96sxcb11nyxfy1v9971tm3fxkgpck1as6mg61rhcgqh24k8%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DClw_NRJliZKSdGpqB9fgP5K-K0AGQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE-AFP0CIO-mZyQiahzgS6hGfeY8A2pgFLowFFkpayfcFqpU3Ff7GvEDEYXDRfWCAaHY0lOZKoa-gqU8QeWcR0-d9P3CGEYQ15A0dUya_W-y7-W0tsT1S4bu1Av5u4RgmTChelHkyGxMu6CUO8Wvy7iPMlRjlt6oACVseK9dC8T_IVpbKoA6H_d9NTbkapOyqqNKBzc9D7btcPK1u_okA_BajnnAtBeuQutZaRaK3UKjvjAgP-mcC-2yzLP-GBOWCMeyZxVBRu9XSV-rNG2rTyq2NW_Pq9esN9b9MHU5YLljMPcknOZHiluoHM1eNAw-sT6jm1_AkOLgLWUuAEAYAGxNGe9MiAzrylAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0herB7Ds3i_gUflTiCJ2XNousZcw%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4e61c4c6f2c0c52c9b5dadb303f0db1128715c2e8819a50b1d24c6d7089fbebb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:47 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1470095
cf-polished: origSize=563367, status=vary_header_present
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 508355
cf-bgj: imgq:85,h2pri
last-modified: Fri, 09 Apr 2021 07:22:09 GMT
server: cloudflare
etag: "ff5ac113643d20bec15acfffe32cb75e"
vary: X-Goog-Allowed-Resources, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P4BNWyB9Zn5EkFVYccLOrvs25pjdIjeupzxHVXBZG1s5uWbFIZDOuMq%2FaBdh5rG7LW49B3a%2Bxlfy5n4qlrK5H%2FFXQwuQQWikHFeKmI5fptaqBSjLyw74PvDEoBEocuNT9YISJKODjw9pRMaL"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7c7e359d4dc51c2c-FRA
expires: Tue, 16 May 2023 20:42:47 GMT

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame B2C6 43 B
705 B 129ms
62ms Image
image/gif 23.197.149.186
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2904924&v=20044&q=415363&r=412871&pv=1&pref3=oneidk7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6oneid__suite_Netmix_Reach128_WEBGAINSMOSTLY&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=728&d=90&e=&g=9c8ee0e066bce4dcdc944efdb1283e96%2F15048059093230874786&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183366846&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1hc4ca8sb0w79k9m5c2v743z02cem4ze99ns39kcz6rq282djs7msfpr73wbt26xppatvh4p8yzx95fcctzbw5tdm6ejg64r6j96d2w0egwwcn3dbyzs94b39s0q3pjavyef3vaz2r69k1xxbz88dy5cy1fmc6jwwnw97gy2rxzts216ym3tqdhvn4129zggqqcj3zrhk9r8b5ff3yvd60nan95gg42aecbamgykmvn96sxcb11nyxfy1v9971tm3fxkgpck1as6mg61rhcgqh24k8%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DClw_NRJliZKSdGpqB9fgP5K-K0AGQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE-AFP0CIO-mZyQiahzgS6hGfeY8A2pgFLowFFkpayfcFqpU3Ff7GvEDEYXDRfWCAaHY0lOZKoa-gqU8QeWcR0-d9P3CGEYQ15A0dUya_W-y7-W0tsT1S4bu1Av5u4RgmTChelHkyGxMu6CUO8Wvy7iPMlRjlt6oACVseK9dC8T_IVpbKoA6H_d9NTbkapOyqqNKBzc9D7btcPK1u_okA_BajnnAtBeuQutZaRaK3UKjvjAgP-mcC-2yzLP-GBOWCMeyZxVBRu9XSV-rNG2rTyq2NW_Pq9esN9b9MHU5YLljMPcknOZHiluoHM1eNAw-sT6jm1_AkOLgLWUuAEAYAGxNGe9MiAzrylAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0herB7Ds3i_gUflTiCJ2XNousZcw%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.197.149.186 Schiphol, Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-197-149-186.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:47 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H3 200 90E11D2E4CFB32857DB7C2E1317DD53401EA4F6F6F9CD68E6E871CA9D0C876402E8B3C561F20D09E5FFCF6D6F6634B28F60F47276020F60158747BE09B58F826
assets.ad4m.at/logo/ Frame B2C6 36 KB
36 KB 27ms
26ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/90E11D2E4CFB32857DB7C2E1317DD53401EA4F6F6F9CD68E6E871CA9D0C876402E8B3C561F20D09E5FFCF6D6F6634B28F60F47276020F60158747BE09B58F826
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=728&d=90&e=&g=9c8ee0e066bce4dcdc944efdb1283e96%2F15048059093230874786&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183366846&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1hc4ca8sb0w79k9m5c2v743z02cem4ze99ns39kcz6rq282djs7msfpr73wbt26xppatvh4p8yzx95fcctzbw5tdm6ejg64r6j96d2w0egwwcn3dbyzs94b39s0q3pjavyef3vaz2r69k1xxbz88dy5cy1fmc6jwwnw97gy2rxzts216ym3tqdhvn4129zggqqcj3zrhk9r8b5ff3yvd60nan95gg42aecbamgykmvn96sxcb11nyxfy1v9971tm3fxkgpck1as6mg61rhcgqh24k8%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DClw_NRJliZKSdGpqB9fgP5K-K0AGQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE-AFP0CIO-mZyQiahzgS6hGfeY8A2pgFLowFFkpayfcFqpU3Ff7GvEDEYXDRfWCAaHY0lOZKoa-gqU8QeWcR0-d9P3CGEYQ15A0dUya_W-y7-W0tsT1S4bu1Av5u4RgmTChelHkyGxMu6CUO8Wvy7iPMlRjlt6oACVseK9dC8T_IVpbKoA6H_d9NTbkapOyqqNKBzc9D7btcPK1u_okA_BajnnAtBeuQutZaRaK3UKjvjAgP-mcC-2yzLP-GBOWCMeyZxVBRu9XSV-rNG2rTyq2NW_Pq9esN9b9MHU5YLljMPcknOZHiluoHM1eNAw-sT6jm1_AkOLgLWUuAEAYAGxNGe9MiAzrylAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0herB7Ds3i_gUflTiCJ2XNousZcw%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a2b9eefee68fa18c6be3c3bbe11d769b5affc01b84ea94c7ec68ae4ffacd858a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:47 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1523638
cf-polished: origFmt=png, origSize=62828
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 36446
cf-bgj: imgq:85,h2pri
last-modified: Tue, 18 Oct 2022 15:02:47 GMT
server: cloudflare
etag: "e12c1a9f1887c09d377658838eaaa06d"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JJtVysranfD90ocPjeMn12bNedGfEmvDcMktkZRtJYou%2BEMA%2BVCAz372%2Fa13%2FI113VFIM7hWFePOGPdSohuyJQgpY1lPSeNLxTxdDMx1%2Fj018j0d%2Fy%2BDGdb%2FTUT5WO1SXH0WOoL6A2DHRK7%2B"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7c7e359d4dc81c2c-FRA
expires: Tue, 16 May 2023 20:42:47 GMT

GET
H3 200 287435BEDBEF5210566F91ED2E6D57494D1CBA241E887A111712FB8ADF6747B3B44CBC7EE390AD74BB6985CDD69339A9B2EDEE7334ACD70F503D0812F8C7EBF1
assets.ad4m.at/ Frame B2C6 28 KB
29 KB 29ms
27ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/287435BEDBEF5210566F91ED2E6D57494D1CBA241E887A111712FB8ADF6747B3B44CBC7EE390AD74BB6985CDD69339A9B2EDEE7334ACD70F503D0812F8C7EBF1
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=728&d=90&e=&g=9c8ee0e066bce4dcdc944efdb1283e96%2F15048059093230874786&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183366846&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1hc4ca8sb0w79k9m5c2v743z02cem4ze99ns39kcz6rq282djs7msfpr73wbt26xppatvh4p8yzx95fcctzbw5tdm6ejg64r6j96d2w0egwwcn3dbyzs94b39s0q3pjavyef3vaz2r69k1xxbz88dy5cy1fmc6jwwnw97gy2rxzts216ym3tqdhvn4129zggqqcj3zrhk9r8b5ff3yvd60nan95gg42aecbamgykmvn96sxcb11nyxfy1v9971tm3fxkgpck1as6mg61rhcgqh24k8%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DClw_NRJliZKSdGpqB9fgP5K-K0AGQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE-AFP0CIO-mZyQiahzgS6hGfeY8A2pgFLowFFkpayfcFqpU3Ff7GvEDEYXDRfWCAaHY0lOZKoa-gqU8QeWcR0-d9P3CGEYQ15A0dUya_W-y7-W0tsT1S4bu1Av5u4RgmTChelHkyGxMu6CUO8Wvy7iPMlRjlt6oACVseK9dC8T_IVpbKoA6H_d9NTbkapOyqqNKBzc9D7btcPK1u_okA_BajnnAtBeuQutZaRaK3UKjvjAgP-mcC-2yzLP-GBOWCMeyZxVBRu9XSV-rNG2rTyq2NW_Pq9esN9b9MHU5YLljMPcknOZHiluoHM1eNAw-sT6jm1_AkOLgLWUuAEAYAGxNGe9MiAzrylAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0herB7Ds3i_gUflTiCJ2XNousZcw%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e944aa2add7d89134400d6d51b9b0954ad0e988edd934eccff8907ab90e1c853

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:47 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 428776
cf-polished: qual=85, origFmt=jpeg, origSize=133780
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 28740
cf-bgj: imgq:85,h2pri
last-modified: Tue, 18 Feb 2020 10:22:01 GMT
server: cloudflare
etag: "d061ca155f758f490340e147604dc3ee"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FlvETdkaFJfIgrZo%2Bfh0aJA5slRPLvLmXEYf2Vl2PqazQyaLxODZFzsaLfUl5C8fv9xHVKzW3HXc2RW%2B64z1cOV23Lvux1rIKe2TYGZ6CRAzWvJwSOVRUB%2BO%2BTv1fkSx9%2BWepB%2ByrNutPKcz"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7c7e359d4dca1c2c-FRA
expires: Tue, 16 May 2023 20:42:47 GMT

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame B2C6 43 B
705 B 132ms
61ms Image
image/gif 23.197.149.186
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2531885&v=14702&q=365825&r=412871&pv=1&pref3=oneidppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkroneid__suite_Netmix_Reach128_WEBGAINSMOSTLY&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.197.149.186 Schiphol, Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-197-149-186.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:47 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 43D9 34 KB
10 KB 10ms
9ms Script
text/html 23.56.202.187
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.56.202.187 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-56-202-187.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: ddf8be177e7b79aaeb98ffa04b2c4f8a1c05058cb59a55387ad22612c968ee32

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 20:42:47 GMT
Content-Encoding: gzip
Last-Modified: Mon, 15 May 2023 04:59:05 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=29785
Connection: keep-alive
Content-Length: 10021
Expires: Tue, 16 May 2023 04:59:12 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 34A1 0
0 45ms
45ms Fetch
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssQWAgdaQl0svI0JE6EGp8_bYRr_tmj4y6Bh7P9rEnioMN3xhdi8a_3Wuno2EOGNKQYSbea3Sn6BwrDXh8vdp4TgYfsy8zE0J6iFYASmMNsdcGo3iPGEXAFPAN5NMqGjrMsb7Q95-qxXUQVGYdt8hw0VcW0iqx5PmKVK_A&sai=AMfl-YR_tld1gCqZPEUe1wFQoFNRLoJJrhZbBe3irCLFdIYxcg2HTfFAu4yWn1JvYuP8xgssaYB4WKFuFRdtBfSXe0rayopCoxq32honcw&sig=Cg0ArKJSzMDIF8JdTdp9EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=324&vt=11&dtpt=323&dett=2&cstd=0&cisv=r20230510.05851&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:47 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 15 May 2023 20:42:47 GMT

GET
DATA 200
OK truncated
/ Frame F7CB 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK addDoubleBorder.js Show response
cdn.contentspread.net/24i/tools/js/ Frame F7CB 851 B
1 KB 77ms
13ms Script
application/javascript 85.114.131.235
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.contentspread.net/24i/tools/js/addDoubleBorder.js
Requested by: Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request_content.php?s=56230500198937108091756012325023&a=348a6790
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.114.131.235 Bad Durrheim, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: srv21039.dus4.fastwebserver.de
Software: nginx /
Resource Hash: abaa484421865309a7781e540844f1b5260ed131080f8dd9f083d8f18beea107

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 20:42:47 GMT
Last-Modified: Tue, 03 May 2016 20:54:50 GMT
Server: nginx
ETag: "5729101a-353"
Content-Type: application/javascript
Connection: close
Accept-Ranges: bytes
Content-Length: 851

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 9151 0
0 44ms
43ms Fetch
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuuAhV6yo3VH2e7kDO8MDDvLAoK_ZarJP-kyoXJOnq_s6h0YOofh5EBKv5_hlD_Q0TFgazjRQzHDl3bRnenx2DlnObYmYb6rocc-aQTGE0eYgev4obliAMgRR51ppz-nLy-KztIXwy3Ne4DAbiGE-iHZC6bwkvM_XtXK8w&sai=AMfl-YQJDix_o0xgrTvCpQ_uX-pLreqpHW8kEjPgG_Y0EhJUoGBNLYywY9oR3Q4f3SYoj3mltoDcHtvTe8xmKm5iEbpOq_rN5lAmPAxQ7g&sig=Cg0ArKJSzBemeTRLP6aVEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=311&vt=11&dtpt=310&dett=2&cstd=0&cisv=r20230510.47117&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:47 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 15 May 2023 20:42:47 GMT

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.40/one-ad/ Frame AB30 103 KB
13 KB 21ms
20ms Stylesheet
text/css 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://as.ad4m.at/ad/style/0.1.40/one-ad/default.css
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=728&d=90&e=&g=0330d0c39cf699edc9dd789692fc5611%2F12912256110232126051&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183366889&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1hwhzn75vb5ps0pdyqrj5fwnnkd7h32xzkxhwyswysbzt2b2cwnr7qx1np0bzd5ne6qmtc7zpmmvvem0dc3ce8jagbj5bn44x1nn9y8qdsf7xnsa0hknkmxdb6n03ck4y3pmfc5ta6decpa5pt1s4xxhk70sgkkbp83k1xeaxea2rrtkzmbt82gg11wacdgwsjjph1n13mkv9wwtgbm789ymbxg15psph2j37bghnnc88a28ts1ab9yswfbqgd4wrqfsqeh60gf3taav1vmqpth744%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC-MODRJliZOnTI4SglgS7grL4BZDhgYRctqjCivACwI23ARABIABglfqXgqwHggEXY2EtcHViLTc1NTQ3OTM0OTcxOTIzNjLIAQmpArhJv7UzZ7I-4AIAqAMBqgT4AU_Qm2cwHRJq8x2mkUf0GK3tCeGzXDNnyO2GqSGGzaZhJQo5FykRax4-HhAGSgNK2QSc7uPGSq3qUbao3Eqc_Kd_rJGclJbpBwfT_l8mX6-Z3qQDDfjFkGMlNzeVc6RcbBufW9cAjgUyzA7KYFvwF-uxMu9kz8Hqhypz2D3nlaIDXgRtI1ahHpFE8cM9CBYPn-ZYh7wuUDf-yYlA_1_YekoTOVyW8OAlW7tT27cksi7tgg7tGCYPYyVeopjLiRAvRUZvKNtD2_dlMJ1ozeyE43u426RRDiAUjXjWUDtkF4g42PhhtCrEhXieKxOpKKmhEfDKLEynXXMx4AQBgAbE0Z70yIDOvKUBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_1fWoXb9j5p6leW3a656AtniIfMZQ%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d77b5f2ca03eb8dab2acc515548b7b1ce7eeb4ca2189268552649e0391ee8c21

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=728&d=90&e=&g=0330d0c39cf699edc9dd789692fc5611%2F12912256110232126051&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183366889&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1hwhzn75vb5ps0pdyqrj5fwnnkd7h32xzkxhwyswysbzt2b2cwnr7qx1np0bzd5ne6qmtc7zpmmvvem0dc3ce8jagbj5bn44x1nn9y8qdsf7xnsa0hknkmxdb6n03ck4y3pmfc5ta6decpa5pt1s4xxhk70sgkkbp83k1xeaxea2rrtkzmbt82gg11wacdgwsjjph1n13mkv9wwtgbm789ymbxg15psph2j37bghnnc88a28ts1ab9yswfbqgd4wrqfsqeh60gf3taav1vmqpth744%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC-MODRJliZOnTI4SglgS7grL4BZDhgYRctqjCivACwI23ARABIABglfqXgqwHggEXY2EtcHViLTc1NTQ3OTM0OTcxOTIzNjLIAQmpArhJv7UzZ7I-4AIAqAMBqgT4AU_Qm2cwHRJq8x2mkUf0GK3tCeGzXDNnyO2GqSGGzaZhJQo5FykRax4-HhAGSgNK2QSc7uPGSq3qUbao3Eqc_Kd_rJGclJbpBwfT_l8mX6-Z3qQDDfjFkGMlNzeVc6RcbBufW9cAjgUyzA7KYFvwF-uxMu9kz8Hqhypz2D3nlaIDXgRtI1ahHpFE8cM9CBYPn-ZYh7wuUDf-yYlA_1_YekoTOVyW8OAlW7tT27cksi7tgg7tGCYPYyVeopjLiRAvRUZvKNtD2_dlMJ1ozeyE43u426RRDiAUjXjWUDtkF4g42PhhtCrEhXieKxOpKKmhEfDKLEynXXMx4AQBgAbE0Z70yIDOvKUBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_1fWoXb9j5p6leW3a656AtniIfMZQ%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:47 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-meta-goog-reserved-file-mtime: 1683559916
age: 623010
cf-polished: origSize=105839
x-guploader-uploadid: ADPycdv9IJsM9Nda_T-YCF8tGjLSR9_5GyrPWBCiXo7o_2KPFa29jeIDurPOQJdzBat54FnfGmUqvpjJPo5BCE2ydDX2ig
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Mon, 08 May 2023 15:32:28 GMT
server: cloudflare
etag: W/"44fa96b813e145cb8b915ae1fb6a3b7a"
vary: Accept-Encoding
x-goog-generation: 1683559948253618
content-type: text/css
x-goog-hash: crc32c=FELYSw==, md5=RPqWuBPhRcuLkVrh+2o7eg==
cache-control: public, max-age=3600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OfucWxIssSLj8w5CecJkBpoVEuUBZjDwSiNyqGAy3ZiMArXW055%2B9t4zv7%2BfwDU4L3j9WbJiFR31Cu3gWAyirAfGoV1V25EYe3D8WOhy71OmvYwnjBKfPimhPqMpN0y%2BZPbpewxOq%2BU%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 105839
cf-ray: 7c7e359cfd6e1c2c-FRA
expires: Mon, 15 May 2023 21:42:47 GMT

GET
H3 200 C3FCB3AB04505A8F1D79D1D5953F5207FE6F49EF4C517E920A79B423A52F9E2DCCD658FDD21E3D8209A640CEE47D02AAD52D272924710EAE6BAB80FD9B483022
assets.ad4m.at/logo/ Frame AB30 5 KB
5 KB 18ms
17ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/C3FCB3AB04505A8F1D79D1D5953F5207FE6F49EF4C517E920A79B423A52F9E2DCCD658FDD21E3D8209A640CEE47D02AAD52D272924710EAE6BAB80FD9B483022
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=728&d=90&e=&g=0330d0c39cf699edc9dd789692fc5611%2F12912256110232126051&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183366889&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1hwhzn75vb5ps0pdyqrj5fwnnkd7h32xzkxhwyswysbzt2b2cwnr7qx1np0bzd5ne6qmtc7zpmmvvem0dc3ce8jagbj5bn44x1nn9y8qdsf7xnsa0hknkmxdb6n03ck4y3pmfc5ta6decpa5pt1s4xxhk70sgkkbp83k1xeaxea2rrtkzmbt82gg11wacdgwsjjph1n13mkv9wwtgbm789ymbxg15psph2j37bghnnc88a28ts1ab9yswfbqgd4wrqfsqeh60gf3taav1vmqpth744%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC-MODRJliZOnTI4SglgS7grL4BZDhgYRctqjCivACwI23ARABIABglfqXgqwHggEXY2EtcHViLTc1NTQ3OTM0OTcxOTIzNjLIAQmpArhJv7UzZ7I-4AIAqAMBqgT4AU_Qm2cwHRJq8x2mkUf0GK3tCeGzXDNnyO2GqSGGzaZhJQo5FykRax4-HhAGSgNK2QSc7uPGSq3qUbao3Eqc_Kd_rJGclJbpBwfT_l8mX6-Z3qQDDfjFkGMlNzeVc6RcbBufW9cAjgUyzA7KYFvwF-uxMu9kz8Hqhypz2D3nlaIDXgRtI1ahHpFE8cM9CBYPn-ZYh7wuUDf-yYlA_1_YekoTOVyW8OAlW7tT27cksi7tgg7tGCYPYyVeopjLiRAvRUZvKNtD2_dlMJ1ozeyE43u426RRDiAUjXjWUDtkF4g42PhhtCrEhXieKxOpKKmhEfDKLEynXXMx4AQBgAbE0Z70yIDOvKUBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_1fWoXb9j5p6leW3a656AtniIfMZQ%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9c63890b7f3f2e513fa085cd7b198f9ab91721a9e8aa7180806ff4aa7b4089a4

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:47 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 177983
cf-polished: origFmt=png, origSize=10283
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4736
cf-bgj: imgq:85,h2pri
last-modified: Thu, 06 Apr 2023 12:21:02 GMT
server: cloudflare
etag: "b90d04a587c2a1ab6749e51d8bb195d1"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rc8BK6zfJCo2%2FqMPQtF5hDPXgtX5%2BagK7uHMoPlK0sfxI7CBtAnvA78vRaLan0NwP9UHDHF%2FfDtAdFU1If5%2B17ssJ4FL90f5HzMBLVgIcqXxxr355zpvVyqlKjXRKF8OWmAwbNnzd%2BH8ZKnI"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7c7e359cfd731c2c-FRA
expires: Tue, 16 May 2023 20:42:47 GMT

GET
H3 200 A36DAD0D440985CF6ABFA23492945CE5BC6D94350A66B19418CB771AFE823AD9B48ADE8E2F007546F0A50A710172EEFC2CAC1468E38852CE2028C22592AAFB75
assets.ad4m.at/product_image/ Frame AB30 54 KB
55 KB 18ms
17ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/A36DAD0D440985CF6ABFA23492945CE5BC6D94350A66B19418CB771AFE823AD9B48ADE8E2F007546F0A50A710172EEFC2CAC1468E38852CE2028C22592AAFB75
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=728&d=90&e=&g=0330d0c39cf699edc9dd789692fc5611%2F12912256110232126051&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183366889&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1hwhzn75vb5ps0pdyqrj5fwnnkd7h32xzkxhwyswysbzt2b2cwnr7qx1np0bzd5ne6qmtc7zpmmvvem0dc3ce8jagbj5bn44x1nn9y8qdsf7xnsa0hknkmxdb6n03ck4y3pmfc5ta6decpa5pt1s4xxhk70sgkkbp83k1xeaxea2rrtkzmbt82gg11wacdgwsjjph1n13mkv9wwtgbm789ymbxg15psph2j37bghnnc88a28ts1ab9yswfbqgd4wrqfsqeh60gf3taav1vmqpth744%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC-MODRJliZOnTI4SglgS7grL4BZDhgYRctqjCivACwI23ARABIABglfqXgqwHggEXY2EtcHViLTc1NTQ3OTM0OTcxOTIzNjLIAQmpArhJv7UzZ7I-4AIAqAMBqgT4AU_Qm2cwHRJq8x2mkUf0GK3tCeGzXDNnyO2GqSGGzaZhJQo5FykRax4-HhAGSgNK2QSc7uPGSq3qUbao3Eqc_Kd_rJGclJbpBwfT_l8mX6-Z3qQDDfjFkGMlNzeVc6RcbBufW9cAjgUyzA7KYFvwF-uxMu9kz8Hqhypz2D3nlaIDXgRtI1ahHpFE8cM9CBYPn-ZYh7wuUDf-yYlA_1_YekoTOVyW8OAlW7tT27cksi7tgg7tGCYPYyVeopjLiRAvRUZvKNtD2_dlMJ1ozeyE43u426RRDiAUjXjWUDtkF4g42PhhtCrEhXieKxOpKKmhEfDKLEynXXMx4AQBgAbE0Z70yIDOvKUBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_1fWoXb9j5p6leW3a656AtniIfMZQ%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 861e4cd27539274eedfdd65212a140a4c7ccea88e004d23f5234e4db48bc73ae

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:47 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2300161
cf-polished: origFmt=png, origSize=105738
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 55786
cf-bgj: imgq:85,h2pri
last-modified: Mon, 04 Jul 2022 08:55:40 GMT
server: cloudflare
etag: "147be38db57f89c69c9e65b05983ff0e"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4za0PURy%2BudstRafxzz8MW3dOZTv0zDb8NxVk5Dn2mwmEtm16ENMr5iA%2BM8mgUEAFQO4OiOBD5SkO7pKSwxMvfly3zlmsAhjbVCPZKpT3DoBXP3jc7G60mKgBfsS64%2BVOtPcvbZ7YoENLYL%2B"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7c7e359eef901c2c-FRA
expires: Tue, 16 May 2023 20:42:47 GMT

GET
H3 200 A0843E9156C9D7335C02FDBAB8781B4AFFEEE9E59ABD085E1EDF62037D970710A817E95DBBFD727CE4E28B26524C9A8F4A33EB1E826BD3A7B2541F094E39D266
assets.ad4m.at/logo/ Frame AB30 2 KB
3 KB 19ms
18ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/A0843E9156C9D7335C02FDBAB8781B4AFFEEE9E59ABD085E1EDF62037D970710A817E95DBBFD727CE4E28B26524C9A8F4A33EB1E826BD3A7B2541F094E39D266
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=728&d=90&e=&g=0330d0c39cf699edc9dd789692fc5611%2F12912256110232126051&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183366889&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1hwhzn75vb5ps0pdyqrj5fwnnkd7h32xzkxhwyswysbzt2b2cwnr7qx1np0bzd5ne6qmtc7zpmmvvem0dc3ce8jagbj5bn44x1nn9y8qdsf7xnsa0hknkmxdb6n03ck4y3pmfc5ta6decpa5pt1s4xxhk70sgkkbp83k1xeaxea2rrtkzmbt82gg11wacdgwsjjph1n13mkv9wwtgbm789ymbxg15psph2j37bghnnc88a28ts1ab9yswfbqgd4wrqfsqeh60gf3taav1vmqpth744%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC-MODRJliZOnTI4SglgS7grL4BZDhgYRctqjCivACwI23ARABIABglfqXgqwHggEXY2EtcHViLTc1NTQ3OTM0OTcxOTIzNjLIAQmpArhJv7UzZ7I-4AIAqAMBqgT4AU_Qm2cwHRJq8x2mkUf0GK3tCeGzXDNnyO2GqSGGzaZhJQo5FykRax4-HhAGSgNK2QSc7uPGSq3qUbao3Eqc_Kd_rJGclJbpBwfT_l8mX6-Z3qQDDfjFkGMlNzeVc6RcbBufW9cAjgUyzA7KYFvwF-uxMu9kz8Hqhypz2D3nlaIDXgRtI1ahHpFE8cM9CBYPn-ZYh7wuUDf-yYlA_1_YekoTOVyW8OAlW7tT27cksi7tgg7tGCYPYyVeopjLiRAvRUZvKNtD2_dlMJ1ozeyE43u426RRDiAUjXjWUDtkF4g42PhhtCrEhXieKxOpKKmhEfDKLEynXXMx4AQBgAbE0Z70yIDOvKUBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_1fWoXb9j5p6leW3a656AtniIfMZQ%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: af7a66542220ecfb2b8fa0286b60ffa95c1c8047df094654a90e1ff75f848ef5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:47 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 608411
cf-polished: origFmt=png, origSize=9357
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 2330
cf-bgj: imgq:85,h2pri
last-modified: Thu, 08 Apr 2021 14:26:03 GMT
server: cloudflare
etag: "8cc161b392f5744da5319a4da549b763"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5WmdyaeIO7Mr%2FFWhGS4btu3Cyc47c%2FVzuTXJWk%2BiYnhnzc8MCr9lsGDDudbIm9PIKj7kUiNgPFQmle6y6cj87rv8KgtBI8X%2BxCHrwLEDhpNRrxJyudJehVYnngQZA1yl4oKWymaANlP9dNYX"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7c7e359eef921c2c-FRA
expires: Tue, 16 May 2023 20:42:47 GMT

GET
H3 200 B0EFBB0208E9EF8D30A7C89B72C086F1DD36F5D7A5F0A9551729DDFC67E85BCDECDB196EB4EAB3FEC6BC55A4A1442682559F8312D8959CED1C6B0F52B22CF45C
assets.ad4m.at/product_image/ Frame AB30 496 KB
497 KB 24ms
22ms Image
image/png 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/B0EFBB0208E9EF8D30A7C89B72C086F1DD36F5D7A5F0A9551729DDFC67E85BCDECDB196EB4EAB3FEC6BC55A4A1442682559F8312D8959CED1C6B0F52B22CF45C
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=728&d=90&e=&g=0330d0c39cf699edc9dd789692fc5611%2F12912256110232126051&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183366889&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1hwhzn75vb5ps0pdyqrj5fwnnkd7h32xzkxhwyswysbzt2b2cwnr7qx1np0bzd5ne6qmtc7zpmmvvem0dc3ce8jagbj5bn44x1nn9y8qdsf7xnsa0hknkmxdb6n03ck4y3pmfc5ta6decpa5pt1s4xxhk70sgkkbp83k1xeaxea2rrtkzmbt82gg11wacdgwsjjph1n13mkv9wwtgbm789ymbxg15psph2j37bghnnc88a28ts1ab9yswfbqgd4wrqfsqeh60gf3taav1vmqpth744%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC-MODRJliZOnTI4SglgS7grL4BZDhgYRctqjCivACwI23ARABIABglfqXgqwHggEXY2EtcHViLTc1NTQ3OTM0OTcxOTIzNjLIAQmpArhJv7UzZ7I-4AIAqAMBqgT4AU_Qm2cwHRJq8x2mkUf0GK3tCeGzXDNnyO2GqSGGzaZhJQo5FykRax4-HhAGSgNK2QSc7uPGSq3qUbao3Eqc_Kd_rJGclJbpBwfT_l8mX6-Z3qQDDfjFkGMlNzeVc6RcbBufW9cAjgUyzA7KYFvwF-uxMu9kz8Hqhypz2D3nlaIDXgRtI1ahHpFE8cM9CBYPn-ZYh7wuUDf-yYlA_1_YekoTOVyW8OAlW7tT27cksi7tgg7tGCYPYyVeopjLiRAvRUZvKNtD2_dlMJ1ozeyE43u426RRDiAUjXjWUDtkF4g42PhhtCrEhXieKxOpKKmhEfDKLEynXXMx4AQBgAbE0Z70yIDOvKUBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_1fWoXb9j5p6leW3a656AtniIfMZQ%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4e61c4c6f2c0c52c9b5dadb303f0db1128715c2e8819a50b1d24c6d7089fbebb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:47 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1470095
cf-polished: origSize=563367, status=vary_header_present
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 508355
cf-bgj: imgq:85,h2pri
last-modified: Fri, 09 Apr 2021 07:22:09 GMT
server: cloudflare
etag: "ff5ac113643d20bec15acfffe32cb75e"
vary: X-Goog-Allowed-Resources, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iOStBl8pbzVn9VYIBGkAH7y4fSmauvuce%2B%2B3NqKiptqMTfpN8z8BsWwpPo4LNeHHsBn%2FOlrfybu3UQqYCNBRcQS7fxm4FpK4B2y3ipAmaaZNC8WkzhWXlj5yyGG3k6btkAe0P%2Fj6R6jz45q2"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7c7e359eef931c2c-FRA
expires: Tue, 16 May 2023 20:42:47 GMT

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame AB30 43 B
705 B 62ms
61ms Image
image/gif 23.197.149.186
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2904924&v=20044&q=415363&r=412871&pv=1&pref3=oneidk7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6oneid__suite_Netmix_Reach128_WEBGAINSMOSTLY&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=728&d=90&e=&g=0330d0c39cf699edc9dd789692fc5611%2F12912256110232126051&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183366889&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1hwhzn75vb5ps0pdyqrj5fwnnkd7h32xzkxhwyswysbzt2b2cwnr7qx1np0bzd5ne6qmtc7zpmmvvem0dc3ce8jagbj5bn44x1nn9y8qdsf7xnsa0hknkmxdb6n03ck4y3pmfc5ta6decpa5pt1s4xxhk70sgkkbp83k1xeaxea2rrtkzmbt82gg11wacdgwsjjph1n13mkv9wwtgbm789ymbxg15psph2j37bghnnc88a28ts1ab9yswfbqgd4wrqfsqeh60gf3taav1vmqpth744%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC-MODRJliZOnTI4SglgS7grL4BZDhgYRctqjCivACwI23ARABIABglfqXgqwHggEXY2EtcHViLTc1NTQ3OTM0OTcxOTIzNjLIAQmpArhJv7UzZ7I-4AIAqAMBqgT4AU_Qm2cwHRJq8x2mkUf0GK3tCeGzXDNnyO2GqSGGzaZhJQo5FykRax4-HhAGSgNK2QSc7uPGSq3qUbao3Eqc_Kd_rJGclJbpBwfT_l8mX6-Z3qQDDfjFkGMlNzeVc6RcbBufW9cAjgUyzA7KYFvwF-uxMu9kz8Hqhypz2D3nlaIDXgRtI1ahHpFE8cM9CBYPn-ZYh7wuUDf-yYlA_1_YekoTOVyW8OAlW7tT27cksi7tgg7tGCYPYyVeopjLiRAvRUZvKNtD2_dlMJ1ozeyE43u426RRDiAUjXjWUDtkF4g42PhhtCrEhXieKxOpKKmhEfDKLEynXXMx4AQBgAbE0Z70yIDOvKUBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_1fWoXb9j5p6leW3a656AtniIfMZQ%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.197.149.186 Schiphol, Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-197-149-186.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:47 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H3 200 90E11D2E4CFB32857DB7C2E1317DD53401EA4F6F6F9CD68E6E871CA9D0C876402E8B3C561F20D09E5FFCF6D6F6634B28F60F47276020F60158747BE09B58F826
assets.ad4m.at/logo/ Frame AB30 36 KB
36 KB 32ms
31ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/90E11D2E4CFB32857DB7C2E1317DD53401EA4F6F6F9CD68E6E871CA9D0C876402E8B3C561F20D09E5FFCF6D6F6634B28F60F47276020F60158747BE09B58F826
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=728&d=90&e=&g=0330d0c39cf699edc9dd789692fc5611%2F12912256110232126051&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183366889&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1hwhzn75vb5ps0pdyqrj5fwnnkd7h32xzkxhwyswysbzt2b2cwnr7qx1np0bzd5ne6qmtc7zpmmvvem0dc3ce8jagbj5bn44x1nn9y8qdsf7xnsa0hknkmxdb6n03ck4y3pmfc5ta6decpa5pt1s4xxhk70sgkkbp83k1xeaxea2rrtkzmbt82gg11wacdgwsjjph1n13mkv9wwtgbm789ymbxg15psph2j37bghnnc88a28ts1ab9yswfbqgd4wrqfsqeh60gf3taav1vmqpth744%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC-MODRJliZOnTI4SglgS7grL4BZDhgYRctqjCivACwI23ARABIABglfqXgqwHggEXY2EtcHViLTc1NTQ3OTM0OTcxOTIzNjLIAQmpArhJv7UzZ7I-4AIAqAMBqgT4AU_Qm2cwHRJq8x2mkUf0GK3tCeGzXDNnyO2GqSGGzaZhJQo5FykRax4-HhAGSgNK2QSc7uPGSq3qUbao3Eqc_Kd_rJGclJbpBwfT_l8mX6-Z3qQDDfjFkGMlNzeVc6RcbBufW9cAjgUyzA7KYFvwF-uxMu9kz8Hqhypz2D3nlaIDXgRtI1ahHpFE8cM9CBYPn-ZYh7wuUDf-yYlA_1_YekoTOVyW8OAlW7tT27cksi7tgg7tGCYPYyVeopjLiRAvRUZvKNtD2_dlMJ1ozeyE43u426RRDiAUjXjWUDtkF4g42PhhtCrEhXieKxOpKKmhEfDKLEynXXMx4AQBgAbE0Z70yIDOvKUBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_1fWoXb9j5p6leW3a656AtniIfMZQ%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a2b9eefee68fa18c6be3c3bbe11d769b5affc01b84ea94c7ec68ae4ffacd858a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:47 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1523638
cf-polished: origFmt=png, origSize=62828
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 36446
cf-bgj: imgq:85,h2pri
last-modified: Tue, 18 Oct 2022 15:02:47 GMT
server: cloudflare
etag: "e12c1a9f1887c09d377658838eaaa06d"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f9AN3pwME8d2z5fln9MTaoCeoIVIVFno342ex08geXPEj2Qw4S5MYp%2FAIsw4PVdomIVmbiUrIjD5tHYZzBLngkyKcjeB3XNxaPav9jGBt54tHJDkPESlL6if66Xe3nJZfcquaMILKIF8ZyWN"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7c7e359eef941c2c-FRA
expires: Tue, 16 May 2023 20:42:47 GMT

GET
H3 200 287435BEDBEF5210566F91ED2E6D57494D1CBA241E887A111712FB8ADF6747B3B44CBC7EE390AD74BB6985CDD69339A9B2EDEE7334ACD70F503D0812F8C7EBF1
assets.ad4m.at/ Frame AB30 28 KB
29 KB 21ms
20ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/287435BEDBEF5210566F91ED2E6D57494D1CBA241E887A111712FB8ADF6747B3B44CBC7EE390AD74BB6985CDD69339A9B2EDEE7334ACD70F503D0812F8C7EBF1
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=728&d=90&e=&g=0330d0c39cf699edc9dd789692fc5611%2F12912256110232126051&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183366889&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1hwhzn75vb5ps0pdyqrj5fwnnkd7h32xzkxhwyswysbzt2b2cwnr7qx1np0bzd5ne6qmtc7zpmmvvem0dc3ce8jagbj5bn44x1nn9y8qdsf7xnsa0hknkmxdb6n03ck4y3pmfc5ta6decpa5pt1s4xxhk70sgkkbp83k1xeaxea2rrtkzmbt82gg11wacdgwsjjph1n13mkv9wwtgbm789ymbxg15psph2j37bghnnc88a28ts1ab9yswfbqgd4wrqfsqeh60gf3taav1vmqpth744%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC-MODRJliZOnTI4SglgS7grL4BZDhgYRctqjCivACwI23ARABIABglfqXgqwHggEXY2EtcHViLTc1NTQ3OTM0OTcxOTIzNjLIAQmpArhJv7UzZ7I-4AIAqAMBqgT4AU_Qm2cwHRJq8x2mkUf0GK3tCeGzXDNnyO2GqSGGzaZhJQo5FykRax4-HhAGSgNK2QSc7uPGSq3qUbao3Eqc_Kd_rJGclJbpBwfT_l8mX6-Z3qQDDfjFkGMlNzeVc6RcbBufW9cAjgUyzA7KYFvwF-uxMu9kz8Hqhypz2D3nlaIDXgRtI1ahHpFE8cM9CBYPn-ZYh7wuUDf-yYlA_1_YekoTOVyW8OAlW7tT27cksi7tgg7tGCYPYyVeopjLiRAvRUZvKNtD2_dlMJ1ozeyE43u426RRDiAUjXjWUDtkF4g42PhhtCrEhXieKxOpKKmhEfDKLEynXXMx4AQBgAbE0Z70yIDOvKUBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_1fWoXb9j5p6leW3a656AtniIfMZQ%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e944aa2add7d89134400d6d51b9b0954ad0e988edd934eccff8907ab90e1c853

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:47 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 428776
cf-polished: qual=85, origFmt=jpeg, origSize=133780
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 28740
cf-bgj: imgq:85,h2pri
last-modified: Tue, 18 Feb 2020 10:22:01 GMT
server: cloudflare
etag: "d061ca155f758f490340e147604dc3ee"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9Y243cvfttAMs5cL5AnCFACb54No%2FKxFhRYV46HOhR8GaqNnasJgOTaXEHdTuW8Gb%2BnNuwRIMDu3rFk9ymUXE2mJy8f28zlOZJoetQ9gSo94JU2gDOKAqlW6JkZiwCEuK4uQYbpAJXw6OqM9"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7c7e359eef951c2c-FRA
expires: Tue, 16 May 2023 20:42:47 GMT

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame AB30 43 B
705 B 57ms
56ms Image
image/gif 23.197.149.186
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2531885&v=14702&q=365825&r=412871&pv=1&pref3=oneidppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkroneid__suite_Netmix_Reach128_WEBGAINSMOSTLY&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=728&d=90&e=&g=0330d0c39cf699edc9dd789692fc5611%2F12912256110232126051&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183366889&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1hwhzn75vb5ps0pdyqrj5fwnnkd7h32xzkxhwyswysbzt2b2cwnr7qx1np0bzd5ne6qmtc7zpmmvvem0dc3ce8jagbj5bn44x1nn9y8qdsf7xnsa0hknkmxdb6n03ck4y3pmfc5ta6decpa5pt1s4xxhk70sgkkbp83k1xeaxea2rrtkzmbt82gg11wacdgwsjjph1n13mkv9wwtgbm789ymbxg15psph2j37bghnnc88a28ts1ab9yswfbqgd4wrqfsqeh60gf3taav1vmqpth744%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC-MODRJliZOnTI4SglgS7grL4BZDhgYRctqjCivACwI23ARABIABglfqXgqwHggEXY2EtcHViLTc1NTQ3OTM0OTcxOTIzNjLIAQmpArhJv7UzZ7I-4AIAqAMBqgT4AU_Qm2cwHRJq8x2mkUf0GK3tCeGzXDNnyO2GqSGGzaZhJQo5FykRax4-HhAGSgNK2QSc7uPGSq3qUbao3Eqc_Kd_rJGclJbpBwfT_l8mX6-Z3qQDDfjFkGMlNzeVc6RcbBufW9cAjgUyzA7KYFvwF-uxMu9kz8Hqhypz2D3nlaIDXgRtI1ahHpFE8cM9CBYPn-ZYh7wuUDf-yYlA_1_YekoTOVyW8OAlW7tT27cksi7tgg7tGCYPYyVeopjLiRAvRUZvKNtD2_dlMJ1ozeyE43u426RRDiAUjXjWUDtkF4g42PhhtCrEhXieKxOpKKmhEfDKLEynXXMx4AQBgAbE0Z70yIDOvKUBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_1fWoXb9j5p6leW3a656AtniIfMZQ%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.197.149.186 Schiphol, Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-197-149-186.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:47 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
Content-Type: image/gif
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 43
Expires: 0

GET
H2 200 Standard Show response
s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.228/e/2gSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/ImageTag:types/ Frame 50DA 85 KB
36 KB 28ms
27ms Script
text/javascript 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.228/e/2gSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/ImageTag:types/Standard
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 3e23d9feebcd3c59dcc4d426b6df049bf4f8765bbfec90b2f185d0c8c9841c2f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:47 GMT
content-encoding: gzip
last-modified: Tue, 18 Apr 2023 08:19:00 GMT
server: nginx
x-cache-status: STALE
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=100000
expires: Wed, 19 Apr 2023 13:55:17 GMT

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 910A 2 KB
2 KB 13ms
13ms Script
text/html 185.64.189.115
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=20932055&p=158370&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158370
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.115 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 9115c14e8e621dd1fbf6a9c87ee7c834de1d51420bd2e0edad5174cac3e1371b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Mon, 15 May 2023 20:42:45 GMT
content-length: 1708
content-type: text/html; charset=UTF-8

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9504 0
20 B 45ms
44ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B-e0IRJliZJGgM8jf3wOjzYwoAAAAADgB4AQC&bg=!eXqlei7NAAYldGN0BXQ7ADkAdvg8WlY_4DBUOijuJF4m00yNKv_g6ZZc53m0ddEGS5tkrl4kfl-ocTPFLZFz2ZXnklRyZN-9IbQCAAACzVIAAAADaAEHCgBHG3sLzhE3YZGc0AVAKZVCiW2xBVbBFXj2jNJRblCnqcKRa8VoimKJv6fLzaiXU_ZOkK1i4LZJR2byknLteNQJIGTluzgFGAKZAwczY7M9Vgc0mHWkS6W4JgZXkeV8rAiKlMsAbzEsSCILsowTXahXOE9mB8psjtvzGi9XROe2I4kV4L9PcEhVyTsTYMMKIoYrkPKxZcVFVvF6KWXLfUMIS_ScCUOipbWK78QglfNaIFSGjbXRYkPJAWhtOlsYDBT5caTMqkOCQMfnZmQ47Z5BgGmMefoL5ejOIzzip7yjdRnGhi5Z9sfNqwqNDpsFVUR3A-HdL3Cx4PetUyHmus8CkVBNvhIXwbFcfPMrxiINomr_jMIf8nw00KR_b0LtuoZdPM6SarSNX66BGvx62zWxMH7q8oGgMALFSltdjn9q4xbfYwSgncZcNdCY8_s69aWHJPKNij1PZu6kRMcumUju4V0nwQGE3RXXmB9s6L1xYNcuENcrX-n7LOgjaI0eSrFm7SKaXJVwZaR1sAq-bnsleX1vi8r5u63ssRcTnjx0o8iVXPc459fzq3FSIe2Ki_MGIT9OmwzqCga9MuxtbA44CkEt9xyR0iFhGTfpNXuA22cHVL5UfTUKuB4XVPw38zKv80U5_J9KfqRmD30gM6Uc5e6qqtkqJEZ8ZktvIqWqeiWjSf3UsBDglFhMNaCestYRmiM-JNtgXeg5CMuWauwGS9xS2q5gWLvd6rOpkDGx3DCeTipewC_xi_JdNktgJxeYbeLCPcF3ssELLfFDCRvb2092Ey9aV72xxwB6UjPWV0lIguPAmTZExWDBI9q-2XZSde7uh7TAcpfO8fpMxsgWZ7A_RRzwgiFOsqNdMAUf7U09X9pHfIS4RuMUJQqEPpPQt2rDoWp4SDLw10gE93T2qmD852xhwzpJaxUIwiovmgr6aZSC3WGbZFBFyJUIJKjjUyo4v5A31kSRcwcjovUx-E1Vg3NsuTqCpc_SHdEmQepi_ckSuFS8pD544sFpqJ532umzBcHe9dKw7csDwWzHiEoeoz-FjepzwnGAKuSJ-7CjsEn-HHOmaLIToqXVWpMPu6q51uzrp6fn9lMUA2d-k27V6ERTOCrXPDVrrLfVBwzD

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:47 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 06E4 0
0 46ms
46ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssZgBh94Z5Fy0Kfg05TwXuZ6eRQz60sGLqa7dJ40rQtSvepHtBmflRo__yOooAsAFZ04ZwIDvg819Ew986wmqkH9Lqf3Vkza3HnPhflvtpDlGoUW6XKAs3qnL5v8tgLh5oPVFQ6XUSXb2tdomi-8SeuD4btVeInazOGMm0xGGAMqcQchbB1EZgwSHgX63BG3DLIgiSTUPyRzI5RfLaf6ABqRaDjcoMNoz9bUz-nGtlvlK25N6LDz1xCYW_H7WGUTsAKN_ku_YHYvJwUbDUjiZU_yknOl-FKS48t7ga2rwCKyg5GtBWtMSpicvLkUmtCumRuWd6dhjsTMAo0&sai=AMfl-YT_fvmgr7M_-5VqEZaqpmBHi1cbclvVumIzYeOeeh5ZWOjpXNdRY16dYMMZFkhCAavpJG7b9ypc31kSg5ntfIf8acK1Nmk5yc0Q9MG8HACsowt07YTB43RiyAXrjPI&sig=Cg0ArKJSzENiuayYBkkYEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:47 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 15 May 2023 20:42:47 GMT

GET
H2 200 link.html Show response
track.webgains.com/ Frame B2C6 2 KB
2 KB 73ms
72ms Script
text/html 18.133.36.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=3641431&wgcampaignid=1384975&js=1&nw=1&wgtarget=https%3A%2F%2Fas.ad4m.at%2Fad%2Frct%3Fed%3D1k3mhavr8t25k4qhwx038mmp5886ejw6f10h9r2vvdnrsrzwszjtq9a4teyjxychxcs55csrnnpr44hg7y0wm7zwehxj7qbpf67xgdep2c8nqcfby4w9ht5xn35tjxyd25d88sgswaj024sv7pycrczexn6p46e5ysxk4313rcy0twn9ej0v6mqv9fa68zp6rwatkznzcxcm9fmnn0qxyfbqvqx2t6njjyjz2ezkett0m0e03hzz6yr3yxx157x0r38p4%26a%3Dhttps%253A%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1hc4ca8sb0w79k9m5c2v743z02cem4ze99ns39kcz6rq282djs7msfpr73wbt26xppatvh4p8yzx95fcctzbw5tdm6ejg64r6j96d2w0egwwcn3dbyzs94b39s0q3pjavyef3vaz2r69k1xxbz88dy5cy1fmc6jwwnw97gy2rxzts216ym3tqdhvn4129zggqqcj3zrhk9r8b5ff3yvd60nan95gg42aecbamgykmvn96sxcb11nyxfy1v9971tm3fxkgpck1as6mg61rhcgqh24k8%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DClw_NRJliZKSdGpqB9fgP5K-K0AGQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE-AFP0CIO-mZyQiahzgS6hGfeY8A2pgFLowFFkpayfcFqpU3Ff7GvEDEYXDRfWCAaHY0lOZKoa-gqU8QeWcR0-d9P3CGEYQ15A0dUya_W-y7-W0tsT1S4bu1Av5u4RgmTChelHkyGxMu6CUO8Wvy7iPMlRjlt6oACVseK9dC8T_IVpbKoA6H_d9NTbkapOyqqNKBzc9D7btcPK1u_okA_BajnnAtBeuQutZaRaK3UKjvjAgP-mcC-2yzLP-GBOWCMeyZxVBRu9XSV-rNG2rTyq2NW_Pq9esN9b9MHU5YLljMPcknOZHiluoHM1eNAw-sT6jm1_AkOLgLWUuAEAYAGxNGe9MiAzrylAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%252526num%25253D1%252526sig%25253DAOD64_0herB7Ds3i_gUflTiCJ2XNousZcw%252526client%25253Dca-pub-7554793497192362%252526adurl%25253D&clickref=oneidDXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjWoneid__suite_Netmix_Reach128_WEBGAINSMOSTLY&viewref=oneideYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpboneid__suite_Netmix_Reach128_WEBGAINSMOSTLY
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=728&d=90&e=&g=9c8ee0e066bce4dcdc944efdb1283e96%2F15048059093230874786&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183366846&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1hc4ca8sb0w79k9m5c2v743z02cem4ze99ns39kcz6rq282djs7msfpr73wbt26xppatvh4p8yzx95fcctzbw5tdm6ejg64r6j96d2w0egwwcn3dbyzs94b39s0q3pjavyef3vaz2r69k1xxbz88dy5cy1fmc6jwwnw97gy2rxzts216ym3tqdhvn4129zggqqcj3zrhk9r8b5ff3yvd60nan95gg42aecbamgykmvn96sxcb11nyxfy1v9971tm3fxkgpck1as6mg61rhcgqh24k8%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DClw_NRJliZKSdGpqB9fgP5K-K0AGQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE-AFP0CIO-mZyQiahzgS6hGfeY8A2pgFLowFFkpayfcFqpU3Ff7GvEDEYXDRfWCAaHY0lOZKoa-gqU8QeWcR0-d9P3CGEYQ15A0dUya_W-y7-W0tsT1S4bu1Av5u4RgmTChelHkyGxMu6CUO8Wvy7iPMlRjlt6oACVseK9dC8T_IVpbKoA6H_d9NTbkapOyqqNKBzc9D7btcPK1u_okA_BajnnAtBeuQutZaRaK3UKjvjAgP-mcC-2yzLP-GBOWCMeyZxVBRu9XSV-rNG2rTyq2NW_Pq9esN9b9MHU5YLljMPcknOZHiluoHM1eNAw-sT6jm1_AkOLgLWUuAEAYAGxNGe9MiAzrylAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0herB7Ds3i_gUflTiCJ2XNousZcw%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.133.36.104 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-133-36-104.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: 4a286c727562b9842b342007b705ddf3c3586983a4f09352a21d886f87ee48d2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:47 GMT
last-modified: Mon, 15 May 2023 20:42:47 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Mon, 15 May 2023 20:43:47 GMT

POST
H3 200 rs Show response
ad4m.at/ Frame 30DB 2 KB
2 KB 34ms
34ms XHR
text/plain 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: beadeaf7af5139b66f167aabf4494ece88a874fb63a8abc901fb420a3c98d518

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 15 May 2023 20:42:47 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uVHN3LUmvuauA57exTBTxaNtTNqYoxu642wadrQhUGjN8i4iyQzOhwYHRq2HdZa%2FJqcxSZTeLCLJbe6AiWVGJ5ZtnBA9e2v1q9%2B5SZhRXOIbxEZFZ0REEEy%2B%2F%2Bj0Khnbwcrd%2FMY%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://as.ad4m.at
access-control-allow-credentials: true
cf-ray: 7c7e35a0180f3a86-FRA
x-backend-server: aa-reachservice-group-europe-west1-0pxx
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 4012 22 KB
8 KB 16ms
7ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 489530
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 10 May 2023 04:43:57 GMT
expires: Thu, 09 May 2024 04:43:57 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 /
track.adform.net/csimpr/ Frame F7CB 35 B
601 B 24ms
24ms Ping
image/gif 37.157.3.20
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=64147897&csi=Re8bu-mtFcc8joa4YqMhRE_hYHqac5Eujog3_1R-LawJDwKV3Zer3OoXtP5VwTb9HYtxT-fSWeIurFcw_N0ZA96vWmW1dlSa0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.20 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://hal900023.redintelligence.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://hal900023.redintelligence.net
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 link.html Show response
track.webgains.com/ Frame AB30 2 KB
2 KB 69ms
69ms Script
text/html 18.133.36.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=3641431&wgcampaignid=1384975&js=1&nw=1&wgtarget=https%3A%2F%2Fas.ad4m.at%2Fad%2Frct%3Fed%3D1g2fmjgsmnvs5hbjkxwpd9bskpbjj37r51g615b4rjzd0k6ky9vsg6a02agdbnvmbh105095350svycr2cejrwvfa5n7wnaqfcy9sd7ngxez6x0tzk28as59zwnekgcre5hn50zv5ppv20sq23ywsa822c7bqb8244ht22z9cbrh7tsmhgahsp271zmqpk4pwkatwrh094sqbam44vnj98wap95y4r4tjvbyzy7b2jccgkzyvqeyjtafazmr66rvm7wh2%26a%3Dhttps%253A%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1hwhzn75vb5ps0pdyqrj5fwnnkd7h32xzkxhwyswysbzt2b2cwnr7qx1np0bzd5ne6qmtc7zpmmvvem0dc3ce8jagbj5bn44x1nn9y8qdsf7xnsa0hknkmxdb6n03ck4y3pmfc5ta6decpa5pt1s4xxhk70sgkkbp83k1xeaxea2rrtkzmbt82gg11wacdgwsjjph1n13mkv9wwtgbm789ymbxg15psph2j37bghnnc88a28ts1ab9yswfbqgd4wrqfsqeh60gf3taav1vmqpth744%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DC-MODRJliZOnTI4SglgS7grL4BZDhgYRctqjCivACwI23ARABIABglfqXgqwHggEXY2EtcHViLTc1NTQ3OTM0OTcxOTIzNjLIAQmpArhJv7UzZ7I-4AIAqAMBqgT4AU_Qm2cwHRJq8x2mkUf0GK3tCeGzXDNnyO2GqSGGzaZhJQo5FykRax4-HhAGSgNK2QSc7uPGSq3qUbao3Eqc_Kd_rJGclJbpBwfT_l8mX6-Z3qQDDfjFkGMlNzeVc6RcbBufW9cAjgUyzA7KYFvwF-uxMu9kz8Hqhypz2D3nlaIDXgRtI1ahHpFE8cM9CBYPn-ZYh7wuUDf-yYlA_1_YekoTOVyW8OAlW7tT27cksi7tgg7tGCYPYyVeopjLiRAvRUZvKNtD2_dlMJ1ozeyE43u426RRDiAUjXjWUDtkF4g42PhhtCrEhXieKxOpKKmhEfDKLEynXXMx4AQBgAbE0Z70yIDOvKUBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_1fWoXb9j5p6leW3a656AtniIfMZQ%252526client%25253Dca-pub-7554793497192362%252526adurl%25253D&clickref=oneidDXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjWoneid__suite_Netmix_Reach128_WEBGAINSMOSTLY&viewref=oneideYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpboneid__suite_Netmix_Reach128_WEBGAINSMOSTLY
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=728&d=90&e=&g=0330d0c39cf699edc9dd789692fc5611%2F12912256110232126051&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183366889&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1hwhzn75vb5ps0pdyqrj5fwnnkd7h32xzkxhwyswysbzt2b2cwnr7qx1np0bzd5ne6qmtc7zpmmvvem0dc3ce8jagbj5bn44x1nn9y8qdsf7xnsa0hknkmxdb6n03ck4y3pmfc5ta6decpa5pt1s4xxhk70sgkkbp83k1xeaxea2rrtkzmbt82gg11wacdgwsjjph1n13mkv9wwtgbm789ymbxg15psph2j37bghnnc88a28ts1ab9yswfbqgd4wrqfsqeh60gf3taav1vmqpth744%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC-MODRJliZOnTI4SglgS7grL4BZDhgYRctqjCivACwI23ARABIABglfqXgqwHggEXY2EtcHViLTc1NTQ3OTM0OTcxOTIzNjLIAQmpArhJv7UzZ7I-4AIAqAMBqgT4AU_Qm2cwHRJq8x2mkUf0GK3tCeGzXDNnyO2GqSGGzaZhJQo5FykRax4-HhAGSgNK2QSc7uPGSq3qUbao3Eqc_Kd_rJGclJbpBwfT_l8mX6-Z3qQDDfjFkGMlNzeVc6RcbBufW9cAjgUyzA7KYFvwF-uxMu9kz8Hqhypz2D3nlaIDXgRtI1ahHpFE8cM9CBYPn-ZYh7wuUDf-yYlA_1_YekoTOVyW8OAlW7tT27cksi7tgg7tGCYPYyVeopjLiRAvRUZvKNtD2_dlMJ1ozeyE43u426RRDiAUjXjWUDtkF4g42PhhtCrEhXieKxOpKKmhEfDKLEynXXMx4AQBgAbE0Z70yIDOvKUBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_1fWoXb9j5p6leW3a656AtniIfMZQ%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.133.36.104 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-133-36-104.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: 8e6c57c83b9a309c566d01c3e8d4c185a00b4fc3c79962a191a3e97d4d4c541c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:47 GMT
last-modified: Mon, 15 May 2023 20:42:47 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Mon, 15 May 2023 20:43:47 GMT

POST
H/1.1 200
OK vevent
fra1-ib.adnxs.com/ Frame 50DA 0
1005 B 7ms
6ms Ping
text/html 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/vevent?an_audit=0&referrer=http%3A%2F%2Fwww.newtimes.co.rw%2F&e=wqT_3QKeBPBMHgIAAAMA1gAFAQjEsoqjBhDUvIP7p7WgmUsY4Nzyj6uy6tsQKjYJhjP4NBt3wz8R8jBScvN9wj8ZAAAAwPUoCkAh8jBScvN9wj8phjMJJMAxAAAA4FG4vj8w5OWUCjjYDECuYUi7A1AAWKaYlAFgAGjn1Ap4AIABAYoBA1VTRJIBAQb0PgGYAawCoAHYBKgBAbABALgBAcABBcgBAtABANgBAOABAPABANgCxwTgApu0B-oCGmh0dHA6Ly93d3cubmV3dGltZXMuY28ucncvgAMAiAMBkAMAmAMXoAMBqgMkGhM1NDE4NTM1ODcwOTYxNjA2MjI4KgNhbXg6CDY0MzA2MTc2wAOsAsgDANgDj8dT4AMA6AMA-AMBgAQAkgQNL3V0L3YzL3ByZWJpZJgEAKIEDjEzOC4xOTkuMzguMTM0qAQAsgQQCAAQARisAiDYBCgAMAA4ArgEAMAEAMgEANoEAggB4AQB8AQAiAUBmAUAoAX6oYnNrJDk-hHABQDJBQAAAAAAAPA_0gUJCQAAAAAAAAAA2AUA4AUB8AUA-gUECAAQAJAGAJgGALgGAMEGAAAAAAAA8D_aBhYKEAAAAAAAAAAABRSAAAAAEAAYAOAGAfIGAggAgAcBiAcAmAcBoAcByAcA0gcNFV8BJwzaBwYIBQlo4AcA6gcCCADwB4fjAooIAhAAlQgAAIA_mAgB&s=4d5080586434de43bec950d164d45984931c51b1&type=nv&nvt=5&jm=1003&px=0&py=0&bw=300&bh=600&sid=3588801321043981515&vd=ct~0|rr~0&sv=232&tv=view7-1hs&ua=chrome52&pl=win&x=v&tag_id=21312228&sw=1600&sh=1200&pw=300&ph=604&ww=300&wh=600&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/232/trk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:47 GMT
AN-X-Request-Uuid: e00df478-3c19-42c7-8f7f-d9188509a860
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 6875 22 KB
8 KB 14ms
7ms Document
text/html 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 489530
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 10 May 2023 04:43:57 GMT
expires: Thu, 09 May 2024 04:43:57 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 all
csm.eu.criteo.net/ Frame 766E 0
127 B 13ms
13ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 15 May 2023 20:42:47 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame EEBF 42 B
64 B 43ms
42ms Fetch
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsspExFFk73LGfRqQdauSEhAgWDw1CTFPDOJRCsKRjjEEav7mwrO9UO1w666IDxWgh4wjKblnbN7xTwvjR0Dwca8dm3t&sig=Cg0ArKJSzPzc4FzR9sJGEAE&id=lidar2&mcvt=1169&p=1110,315,1200,1285&mtos=1169,1169,1169,1169,1169&tos=1169,0,0,0,0&v=20230510&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1556553135&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1684183365766&rpt=788&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:47 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H3 200 rs
ad4m.at/ Frame 0
0 31ms
31ms Preflight
text/plain 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://as.ad4m.at
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,PATCH,POST,OPTIONS,DELETE
access-control-allow-origin: https://as.ad4m.at
access-control-max-age: 1800
allow: HEAD,POST,GET,OPTIONS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7c7e359fefcf3a86-FRA
content-length: 24
content-type: text/plain
date: Mon, 15 May 2023 20:42:47 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lN35X0SQ4GdZ40m1zLbI472U%2FqhwHSGGUfYscwwAS0vq12VYXLsZt1j2CkOC2wYYP%2Frz4XcZk7Q4q%2FUNAwKiQPG2wX9qxW18UG6RLSbjFMTpriYCVbfYxfesAfb0eCPqErKqZkk%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
via: 1.1 google
x-backend-server: aa-reachservice-group-europe-west1-0pxx

GET
H/1.1 200
OK viewability Show response
hal900023.redintelligence.net/ Frame F7CB 0
150 B 34ms
12ms Script
text/html 78.46.23.46
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900023.redintelligence.net/viewability?s=56230500198937108091756012325023&a=e7992c36&vb=v
Requested by: Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request_content.php?s=56230500198937108091756012325023&a=348a6790
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.23.46 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.46.23.46.78.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/request_content.php?s=56230500198937108091756012325023&a=348a6790
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 20:42:47 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame EF7A 1 KB
643 B 7ms
6ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34714
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 11:04:13 GMT
etag: 48472445140208031
expires: Tue, 16 May 2023 11:04:13 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame C60F 1 KB
643 B 7ms
7ms Document
text/html 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 34714
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 11:04:13 GMT
etag: 48472445140208031
expires: Tue, 16 May 2023 11:04:13 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 86ms
23ms Preflight 18.135.126.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.135.126.181 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-135-126-181.eu-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Mon, 15 May 2023 20:42:47 GMT
server: nginx

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 83DE 16 B
232 B 52ms
52ms Fetch
application/json 18.135.126.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.135.126.181 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-135-126-181.eu-west-2.compute.amazonaws.com

Software

nginx / PHP/8.1.14

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 15 May 2023 20:42:47 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/8.1.14
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame FCF9
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:42296462-9945-4b01-b126-3a5e83bcf37d&gdpr=0&gdpr_consent=

42 B
556 B

25ms
18ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:42296462-9945-4b01-b126-3a5e83bcf37d&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158370
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Mon, 15 May 2023 20:42:48 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0
Content-Type: image/gif
Date: Mon, 15 May 2023 20:42:47 GMT
Expires: Mon, 15 May 2023 20:42:46 GMT
Keep-Alive: timeout=360
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: MT3 851 9bd98ae master pao-pixel-x18 config_version:"unknown"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:42296462-9945-4b01-b126-3a5e83bcf37d&gdpr=0&gdpr_consent=

GET
H2

200

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 910A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=aJjOlCjATtuCC6jq3t8sIA%3D%3D&gdpr=0&gdpr_consent=
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=

16 KB
16 KB

10ms
8ms

Image
text/html

23.35.236.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158370
Protocol: H2
Server: 23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-201.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:47 GMT
content-encoding: gzip
last-modified: Fri, 16 Dec 2022 06:36:49 GMT
server: Apache
vary: Accept-Encoding
content-type: text/html
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=98522
accept-ranges: bytes
content-length: 5554
expires: Wed, 17 May 2023 00:04:49 GMT

Redirect headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:47 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 404 qmap
sync.crwdcntrl.net/ Frame 910A 49 B
264 B 98ms
29ms Image
image/gif 52.30.239.223
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=6898CE94-28C0-4EDB-820B-A8EADEDF2C20&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158370
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.30.239.223 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-30-239-223.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:47 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.45.7.3
content-length: 49
expires: 0

GET
H2

204

ids
idsync.frontend.weborama.fr/ Frame 910A
Redirect Chain

https://cr.frontend.weborama.fr/cr?key=pubmatic&gdpr=0&gdpr_consent=
https://cr.frontend.weborama.fr/cr?key=pubmatic&gdpr=0&gdpr_consent=&bounce=1&random=1276544414
https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fidsync.frontend.weborama.fr%2Fids%3Fkey%3Dpubmatic%26value%3D%23PM_USER_ID&gdpr=0
https://idsync.frontend.weborama.fr/ids?key=pubmatic&value=6898CE94-28C0-4EDB-820B-A8EADEDF2C20

0
284 B

55ms
16ms

Image
text/plain

34.111.131.239
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.frontend.weborama.fr/ids?key=pubmatic&value=6898CE94-28C0-4EDB-820B-A8EADEDF2C20
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158370
Protocol: H2
Server: 34.111.131.239 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 239.131.111.34.bc.googleusercontent.com
Software: Weborama Collect Frontend /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:48 GMT
via: 1.1 google
last-modified: Mon, 15 May 2023 20:42:48 GMT
server: Weborama Collect Frontend
vary: Origin
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 03 Jul 2001 06:00:00 GMT

Redirect headers

location: https://idsync.frontend.weborama.fr/ids?key=pubmatic&value=6898CE94-28C0-4EDB-820B-A8EADEDF2C20
date: Mon, 15 May 2023 20:42:47 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H/1.1

200

p
a.audrte.com/ Frame 910A
Redirect Chain

https://a.audrte.com/match?gdpr=0&gdpr_consent=&p=M1717054901&uid=6898CE94-28C0-4EDB-820B-A8EADEDF2C20
https://cm.g.doubleclick.net/pixel?google_nid=ar101281&google_hm=Z2wxNDE2U05FbjlTNkNYZGFGVUc5WWctQQ==&google_redir=https%3A%2F%2Fa.audrte.com%2Fddp%3Fred%3DeyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL...
https://a.audrte.com/ddp?red=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbeyJuYW1lIjoiYWRmb3JtIn1dfQ%3D%3D&gdpr=0&gdpr_consent=
https://dmp.adform.net/serving/cookie/match/?party=1003&r=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D&gdpr=0&gdpr_consent=
https://a.audrte.com/a?adform_uid=3618708674255803056&r=eyJ1IjoiaHR0cHM6Ly9hLmF1ZHJ0ZS5jb206NDQzL3AiLCJkIjpbXX0%3D
https://a.audrte.com/p

68 B
424 B

99ms
99ms

Image
image/png

23.21.155.77
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.audrte.com/p
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158370
Protocol: HTTP/1.1
Server: 23.21.155.77 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-23-21-155-77.compute-1.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Mon, 15 May 2023 20:42:48 GMT
Server: nginx/1.18.0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/png
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 68

Redirect headers

Date: Mon, 15 May 2023 20:42:48 GMT
Server: nginx/1.18.0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Allow-Origin: *
Location: https://a.audrte.com:443/p
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 910A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=Njg5OENFOTQtMjhDMC00RURCLTgyMEItQThFQURFREYyQzIw&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

42 B
245 B

63ms
12ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158370
Protocol: H2
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Mon, 15 May 2023 20:42:46 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:47 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 910A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEGyTfikOD8GGJ8oOnwNUO9o&google_cver=1

42 B
380 B

64ms
13ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEGyTfikOD8GGJ8oOnwNUO9o&google_cver=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158370
Protocol: H2
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Mon, 15 May 2023 20:42:47 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:47 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEGyTfikOD8GGJ8oOnwNUO9o&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubmatic
um.simpli.fi/ Frame 910A 43 B
409 B 18ms
17ms Image
image/gif 35.204.74.118
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158370

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.204.74.118 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

118.74.204.35.bc.googleusercontent.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:47 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Sun, 14 May 2023 20:42:47 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 910A
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=3618708674255803056

42 B
243 B

79ms
18ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=3618708674255803056
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158370
Protocol: H2
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Mon, 15 May 2023 20:42:48 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=3618708674255803056
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame 910A 70 B
264 B 34ms
33ms Image
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158370
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Mon, 15 May 2023 20:42:47 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

POST
H2 200 /
track.adform.net/csimpr/ Frame 50DA 35 B
626 B 23ms
23ms Ping
image/gif 37.157.3.20
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/csimpr/?bn=64306176&csi=MinyG0c8j7b6pclaw_S6TmpiU4staKlNOsLkoqMmg3HZKGWOLEEutt6vWmW1dlSa0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.20 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:47 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 58803989.jpg
s1.adform.net/Banners/58803989/ Frame 50DA 198 KB
198 KB 25ms
25ms Image
image/jpeg 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/58803989/58803989.jpg?bv=2
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 10bf3affce2e9c834ca6b5e04e920f9610fbed48c492da3b6756c30eb1790202

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:47 GMT
last-modified: Fri, 28 Apr 2023 15:46:10 GMT
server: nginx
x-amz-request-id: tx0000069a017cf7477c511-006450c96c-3295d06f-default
etag: "6164532b5ee036fdbbdd0eb67648cd94"
x-cache-status: STALE
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 202635

OPTIONS
H3 200 rs
ad4m.at/ Frame 0
0 26ms
25ms Preflight
text/plain 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://as.ad4m.at
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET,PATCH,POST,OPTIONS,DELETE
access-control-allow-origin: https://as.ad4m.at
access-control-max-age: 1800
allow: HEAD,POST,GET,OPTIONS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7c7e35a149c73a86-FRA
content-length: 24
content-type: text/plain
date: Mon, 15 May 2023 20:42:47 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jzPDl6EfyYUpuPYZaIHgybp5JyMx9t%2FUM%2Fxf7%2BFL%2BEgYx%2FcVFG82Oejl1tJPFbDeJHR5xCZuxSlg2tOuyLHFSEM94UUktxVH31%2F2VDWL95UcbhMbo3I1HgAx5kZZUNFXGVH%2FeDw%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
via: 1.1 google
x-backend-server: aa-reachservice-group-europe-west1-0pxx

POST
H3 200 rs Show response
ad4m.at/ Frame DC05 2 KB
2 KB 35ms
34ms XHR
text/plain 2606:4700:20::ac43:4a81
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/r62eglto.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::ac43:4a81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1a3e5b78fe853a772d885789f5179af806cb9ced6140483dff7e2cf998f40865

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 15 May 2023 20:42:47 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BGhl6pCoPmHJcM%2F3H9pM7I3Q0sPtNlyY4AN2FxUAMQD4uoXW2TaqG5nOLrlCspT3UMPDQPsnpsJKJm6r12bZkUg5bXXLCSie7Vm4m3UZs%2BAbHq%2BOIvyWucpmLfmm7brEftCfB3k%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://as.ad4m.at
access-control-allow-credentials: true
cf-ray: 7c7e35a16a083a86-FRA
x-backend-server: aa-reachservice-group-europe-west1-0pxx
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame B4A0 0
862 B 8ms
6ms Script
text/html 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:47 GMT
AN-X-Request-Uuid: 64cb669b-bcbe-4a6f-bc5e-2040db2b226f
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 34A1 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a8f4e9b2f7e68eaa04ba92e92434dcdde07840de52b88986cdfcb19330d4d6ac

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 9151 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 14332976209a1f217a72e58f745ba569e6b6bfded10c7b83953b5282945c9da2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame BAA9 0
862 B 7ms
7ms Script
text/html 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:47 GMT
AN-X-Request-Uuid: bf4da6e7-110c-4c13-8539-42605f3fb98c
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame ACA2 0
862 B 86ms
86ms Script
text/html 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:48 GMT
AN-X-Request-Uuid: 0df6b3c0-d2e0-4a20-9dfe-619e249e19b0
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 405C 0
862 B 25ms
24ms Script
text/html 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:47 GMT
AN-X-Request-Uuid: 9a08dd66-3ae6-486b-9594-2a402cce3945
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 20AA 0
862 B 94ms
94ms Script
text/html 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:48 GMT
AN-X-Request-Uuid: 676950aa-06b5-4420-85f0-cf5fa3fe96a1
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 22ms
22ms Preflight 18.135.126.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.135.126.181 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-135-126-181.eu-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Mon, 15 May 2023 20:42:47 GMT
server: nginx

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 8C30 16 B
232 B 65ms
65ms Fetch
application/json 18.135.126.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.135.126.181 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-135-126-181.eu-west-2.compute.amazonaws.com

Software

nginx / PHP/8.1.14

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 15 May 2023 20:42:48 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/8.1.14
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

GET
H2 200 12685250.js Show response
s1.adform.net/Banners/Elements/Files/160090/12685250/ Frame C0F8 3 KB
1 KB 19ms
19ms Script
application/x-javascript 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/12685250/12685250.js?ADFassetID=12685250&bv=258
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/article/6147/n
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 3d493fa9f9e615e1f6a32da4987ffaa49ad6322ed34f30881c9370a35d0545c4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:47 GMT
content-encoding: gzip
last-modified: Mon, 24 Apr 2023 08:37:16 GMT
server: nginx
x-amz-request-id: tx0000031285142d73d7c16-006461926b-3295d04c-default
etag: W/"766f928722c72d975dad635549f3fd63"
x-cache-status: STALE
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800

GET
H3 200 rar Show response
as.ad4m.at/ad/ Frame 29E8 14 KB
4 KB 36ms
35ms Document
text/html 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=183975%2C321853%2C46427&b=rWbTQf9f3XBdaAH7HjtqtBXVaYS8TgJka1JYM%2Cg62h8frfWBzXfPHbH8t5tj78WSmSQT954TMx4E%2CrWbTQf9fGq1tAH7HjtqtGReuYS8TgJka1JYM&f=P6AhBfbfbJMRC9HjHbtgCP6ASJS9TDpQcjqdY%2CBgwFgfPfYG1XFxH6H3tgCzVDAtjSeT8dbUB6xZ%2CP6AhBfbfeYET9HjHbtgCwJ2CJS9TDpQcjqdY&c=728&d=90&e=&g=26e11e3735c455e09b8160b4faee1eec%2F13339628171076748777&i=20597%2C111803%2C22481&j=21%2C21%2C21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183367716&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j37addvzsm6pg9wrec073ybpx10nh101evqamjpga5wh77zgakr2evjgqr83t27h8rejggp2s328q176ysvf2tn5b339wnme8dte3j35bgae27nw05z2czpzk68fxnx19pc08a9k9f6dgrpsmg9w8hzyd081ev0r8jctvr3k7hn4qvybbdp1q1wy7a9ng1qbt7c2yf29tchqqw5bzcavxmswp4h66a1ejcqry6mxraax60p4q2z082j67h36epb1c9dzqrb48n9rrkfes42d05p1w%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC04wERZliZKWkCoysbYzLt9AGkOGBhFy2qMKK8ALAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCakCuEm_tTNnsj7gAgCoAwGqBPgBT9D1hncuEGvr-5JJSltAD29RxLNPtO82ArmolBPnOycWps1XjPRURvA6sG1LN9_obUU_lRG9gkbNWpY-W1mub1ROlLbjBUFjlLBJ0NGlG-YoIbNzutp4zGS0TPG5GOS27kukMvs3H1dspf_UHa6pgu8jaBA1QwRPVgytVjkXqMmgAoupWp1emM4mIhsa_FcKMIniMyr9KkoRd8JZNWccCe1XxSHPWT83wse8-cW2-kxXGpvPONeo2V5XpH6ELmF5qOmcJHeQT0xFdZFhgYi48_277eP0LuvXn2zf_8PmFCerByyBt1n5_YX_j-hvVy8fLmdEum9nVz3gBAGABsTRnvTIgM68pQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3FB1mNWba4Er0x6X7fV_QthhgJ9A%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/r62eglto.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4fd330d3626d3ff9fd822d3d2e32c34c53540b8c00ff55811a0ffd74b7567724

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-src ;img-src data:;manifest-src 'none';media-src 'none';object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://as.ad4m.at/ad/dr?ed=1k94hv8sfhdtd9mmsrmpnhjq3h75v76892bpvxz0nh2b4ejs5qhdj3gf68fhq4rnpc48ppxbjd0bsek4a3ghzw7adync1nmde2j9ytn0dggmh8ahp604y44g6vgy1ahjdy3yv614g14tjr38agehdrj9akdr4ryanxym46twprn5tdage49xfezw396s13gv5hhncrsnv8gyrpentevthg8g91jypbf8r3k1c0w2f1n7n7bftbc1q0ghn1rc1qd7cp9zwm38bf70jtve7x7s2hfrmd0fjnwwasdx4qy9tj9s6rn3t45mbxzwww4jna3jk920jt68fqnyzgea8716fpxh2vt1hbztga71vv1x4v2x6m2ssgtjayc0re4f3430a4x0yncz0vdvppgmne7xetdvx6j83krmd47rff3rj510s5gzvzh60q35expy86gtw29nq4zjg4&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC04wERZliZKWkCoysbYzLt9AGkOGBhFy2qMKK8ALAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCakCuEm_tTNnsj7gAgCoAwGqBPgBT9D1hncuEGvr-5JJSltAD29RxLNPtO82ArmolBPnOycWps1XjPRURvA6sG1LN9_obUU_lRG9gkbNWpY-W1mub1ROlLbjBUFjlLBJ0NGlG-YoIbNzutp4zGS0TPG5GOS27kukMvs3H1dspf_UHa6pgu8jaBA1QwRPVgytVjkXqMmgAoupWp1emM4mIhsa_FcKMIniMyr9KkoRd8JZNWccCe1XxSHPWT83wse8-cW2-kxXGpvPONeo2V5XpH6ELmF5qOmcJHeQT0xFdZFhgYi48_277eP0LuvXn2zf_8PmFCerByyBt1n5_YX_j-hvVy8fLmdEum9nVz3gBAGABsTRnvTIgM68pQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3FB1mNWba4Er0x6X7fV_QthhgJ9A%26client%3Dca-pub-7554793497192362%26adurl%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7c7e35a1ea7a1c2c-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-src *;img-src * data:;manifest-src 'none';media-src 'none';object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:48 GMT
expires: 0
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame B2C6 85 KB
31 KB 8ms
7ms Script
text/javascript 18.66.147.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=3641431&wgcampaignid=1384975&js=1&nw=1&wgtarget=https%3A%2F%2Fas.ad4m.at%2Fad%2Frct%3Fed%3D1k3mhavr8t25k4qhwx038mmp5886ejw6f10h9r2vvdnrsrzwszjtq9a4teyjxychxcs55csrnnpr44hg7y0wm7zwehxj7qbpf67xgdep2c8nqcfby4w9ht5xn35tjxyd25d88sgswaj024sv7pycrczexn6p46e5ysxk4313rcy0twn9ej0v6mqv9fa68zp6rwatkznzcxcm9fmnn0qxyfbqvqx2t6njjyjz2ezkett0m0e03hzz6yr3yxx157x0r38p4%26a%3Dhttps%253A%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1hc4ca8sb0w79k9m5c2v743z02cem4ze99ns39kcz6rq282djs7msfpr73wbt26xppatvh4p8yzx95fcctzbw5tdm6ejg64r6j96d2w0egwwcn3dbyzs94b39s0q3pjavyef3vaz2r69k1xxbz88dy5cy1fmc6jwwnw97gy2rxzts216ym3tqdhvn4129zggqqcj3zrhk9r8b5ff3yvd60nan95gg42aecbamgykmvn96sxcb11nyxfy1v9971tm3fxkgpck1as6mg61rhcgqh24k8%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DClw_NRJliZKSdGpqB9fgP5K-K0AGQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE-AFP0CIO-mZyQiahzgS6hGfeY8A2pgFLowFFkpayfcFqpU3Ff7GvEDEYXDRfWCAaHY0lOZKoa-gqU8QeWcR0-d9P3CGEYQ15A0dUya_W-y7-W0tsT1S4bu1Av5u4RgmTChelHkyGxMu6CUO8Wvy7iPMlRjlt6oACVseK9dC8T_IVpbKoA6H_d9NTbkapOyqqNKBzc9D7btcPK1u_okA_BajnnAtBeuQutZaRaK3UKjvjAgP-mcC-2yzLP-GBOWCMeyZxVBRu9XSV-rNG2rTyq2NW_Pq9esN9b9MHU5YLljMPcknOZHiluoHM1eNAw-sT6jm1_AkOLgLWUuAEAYAGxNGe9MiAzrylAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%252526num%25253D1%252526sig%25253DAOD64_0herB7Ds3i_gUflTiCJ2XNousZcw%252526client%25253Dca-pub-7554793497192362%252526adurl%25253D&clickref=oneidDXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjWoneid__suite_Netmix_Reach128_WEBGAINSMOSTLY&viewref=oneideYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpboneid__suite_Netmix_Reach128_WEBGAINSMOSTLY
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-98.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 00c5621a3f56c052959f8f0591b65e893f132b49b1447fde20767966cacbfbfe

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 00:27:58 GMT
content-encoding: gzip
via: 1.1 12e62b05f63a1a2118cca20014b15012.cloudfront.net (CloudFront)
last-modified: Wed, 15 Mar 2023 17:26:29 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 75939
etag: W/"876c293e6c37046ecb0c11ce2e276942"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
x-amz-cf-id: M3SeI2VHNOWIqWggj8TEZZT11ibhVjvA1QAVHTpifWb7RVEnb3kkaQ==

GET
H2 200 1619604937_fPkEZHu3MNy3GC7XuV3lA1s9E5XlSAcF.png
cdn.track.production.webgains.team/286305/ Frame B2C6 15 KB
15 KB 7ms
6ms Image
image/png 99.86.4.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/286305/1619604937_fPkEZHu3MNy3GC7XuV3lA1s9E5XlSAcF.png?Expires=1684183667&Signature=WomMAJouOoWytn81H7-uDXueUjGs10fO6r8RKaal9SptzeROSVGMX-ufHlK73vtlbu0oVNpTzGSAwH9pL2ul5VASTEGE~VOvoI6Sz9fEejSkmQK95UZ0-RGjZVkwNzG16hvWqlz7CYcv20vfBBhVB~iTaCXJi0szm-7mnFllFtKkjvZ-kkNcbk4lsqGUDMm8kdCoIrFKWVgbcmds11e5LGxVjuW1k23nzsDpbNOFyPt5y-Z8tr3w0wYF06IFv2Tq6vRRTLBGGBd2g~WAGdo7L3DSKcGiQcN3W8g8G~rTYfZ6XrhG-nEKYvt4K1SRRmogL~n4ECurWiPtEvSph~WOBg__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=728&d=90&e=&g=9c8ee0e066bce4dcdc944efdb1283e96%2F15048059093230874786&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183366846&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1hc4ca8sb0w79k9m5c2v743z02cem4ze99ns39kcz6rq282djs7msfpr73wbt26xppatvh4p8yzx95fcctzbw5tdm6ejg64r6j96d2w0egwwcn3dbyzs94b39s0q3pjavyef3vaz2r69k1xxbz88dy5cy1fmc6jwwnw97gy2rxzts216ym3tqdhvn4129zggqqcj3zrhk9r8b5ff3yvd60nan95gg42aecbamgykmvn96sxcb11nyxfy1v9971tm3fxkgpck1as6mg61rhcgqh24k8%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DClw_NRJliZKSdGpqB9fgP5K-K0AGQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE-AFP0CIO-mZyQiahzgS6hGfeY8A2pgFLowFFkpayfcFqpU3Ff7GvEDEYXDRfWCAaHY0lOZKoa-gqU8QeWcR0-d9P3CGEYQ15A0dUya_W-y7-W0tsT1S4bu1Av5u4RgmTChelHkyGxMu6CUO8Wvy7iPMlRjlt6oACVseK9dC8T_IVpbKoA6H_d9NTbkapOyqqNKBzc9D7btcPK1u_okA_BajnnAtBeuQutZaRaK3UKjvjAgP-mcC-2yzLP-GBOWCMeyZxVBRu9XSV-rNG2rTyq2NW_Pq9esN9b9MHU5YLljMPcknOZHiluoHM1eNAw-sT6jm1_AkOLgLWUuAEAYAGxNGe9MiAzrylAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0herB7Ds3i_gUflTiCJ2XNousZcw%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-52.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 60bf02832688d14251ec1c7b8acfda233a91f927f26c7202bdaba781a1f0fcdf

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

x-amz-version-id: null
date: Mon, 15 May 2023 13:37:25 GMT
via: 1.1 7fcb41b117930690c299be9cec4a977a.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 10:41:35 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 67120
etag: "d4e8f970f24f6d19b53aa92b1907c1ef"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 15054
x-amz-cf-id: AIHME5-rHiwm6worHxl4elXxpx-fDHNW9ERiGoQDzGALfpWdgpTYdg==

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 5985 0
862 B 6ms
6ms Script
text/html 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels&seller_id=1624&pub_id=1968063&gdpr=0

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=1624&pub_id=1968063

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:47 GMT
AN-X-Request-Uuid: 6b377b31-c15f-4147-b874-b0e854abbfa8
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 rar Show response
as.ad4m.at/ad/ Frame 093E 13 KB
5 KB 33ms
33ms Document
text/html 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=200037%2C14019%2C183722&b=mV2HefGfWXGmSmHZHZtzt6qYtKSwTeZMHb1k5%2CeYdU3fVfxA6tjHZHet1t4mWTwSQTKrACYXpb%2CBgwFgfPfxKzeSxH6H3t9tVJwMajSeT8dbUB6xZ&f=7YmUqfzfj538crHXHgtECk98c4S1TQPbCEZQx%2CDXdT3fwfbJ6t3HmH9twCZDAhxSmTYW3aXdjW%2CjE2sEfGfqP9jtYHEH2tWC43eVhZSzT1XgTGpmR&c=970&d=90&e=&g=ba99554a4dbfa68e99ca82cd9152f370%2F2842032654825791844&i=22499%2C21596%2C71170&j=21%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183367931&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1khhrt6f8gjtga1bxy7csbkrwb0m1rhpprqvffawwn02bxbhfs6ddr1tfzmtfwn421r9ss33w3y12ev4ar03r5vy9t0qntgms0rk6cm5jrg84bxeez2b052g361s77nb0xyk44fp2x1fe669aqg2zzpmz4ym0wzf5bxza1d7vttkgj14g5d55znm9myy1z5dz062bygktts8z11774bjsgmtwygt4zqhp94h13vdwep18ve64vxzfxhjbtph6q2c5w4y27dm89ewpfc6fm63zv6s18%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCLBwtRZliZPngGfGB9fgPyLu5uAqQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE8gFP0MBKN3Ow-R0wtaCGbLMJeaZeL-SwA_Q3zDdbTa0gn6Im6nt4GWlZHyD77-yJvlD8OhGsRba0y5JcYvDzKQo7hmgqhMSQswxkR-RSBz5RUZtm542kZOpyiss0GFnIjcjBihR0kvgu34LNy7nEDf8ueR3D4s8joPtRz8uncpkzITZ_V4kzP1RwxJdFIZuRXFbNivpjMMskpPrmjBhbfc6aqNSjqP0CEcBsJE6oHoNe8P62aJ4M6c8rTSBEySTh4fOBSIBOMNC09tkuqZEnb8BPCTHFt6skGo49EFP5nv1Bh5_DGwZptL4PXsF3e2_W1ZvHZOAEAYAGzui6xZWzjYKnAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_1UwXbSGyKJWUMZzdC1BdIH98xNkA%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/r62eglto.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e321ed2eb5db83a024580fdb802c32f9319b8d82adbd07b39299d27118b62d86

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-src ;img-src data:;manifest-src 'none';media-src 'none';object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://as.ad4m.at/ad/dr?ed=1k1qk00rm203jhvf8577vvf6fexgqpa8mpzz6a2k0sv6z6yq2amh6a1qjqtb0ahw2bg02cpd2c1dy7kh95k9m8b8gw5bxpdxcy05em5g8g69ek4pwm3vv6qapd0z9evgkn99c02gvfhp4jwn4t7q61nndn9aa0atv0kgqcmdbcpacatebd2yq7fnhtng3207tarb92sthdt5e8bbkmer07vedw30brszyx0bvqh63w74gzsfzzt9eyet7fmcxsbdshskntf82dbg1dm5hry9y24bn5s3pwkypabahc4v9fmgazbtknav78v01r6z55w163v0ams2jdnksdtn9gp6t92mt1dnyhrxnhbqbwspdn7d3rtt8g672239vvv28awy6hgjy4rft7cffzcvapqbx0tb2q49y9w8005nvy0pk2hz9tf2kkrhhgdeaamnyrq3ddvapb01fm&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCLBwtRZliZPngGfGB9fgPyLu5uAqQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE8gFP0MBKN3Ow-R0wtaCGbLMJeaZeL-SwA_Q3zDdbTa0gn6Im6nt4GWlZHyD77-yJvlD8OhGsRba0y5JcYvDzKQo7hmgqhMSQswxkR-RSBz5RUZtm542kZOpyiss0GFnIjcjBihR0kvgu34LNy7nEDf8ueR3D4s8joPtRz8uncpkzITZ_V4kzP1RwxJdFIZuRXFbNivpjMMskpPrmjBhbfc6aqNSjqP0CEcBsJE6oHoNe8P62aJ4M6c8rTSBEySTh4fOBSIBOMNC09tkuqZEnb8BPCTHFt6skGo49EFP5nv1Bh5_DGwZptL4PXsF3e2_W1ZvHZOAEAYAGzui6xZWzjYKnAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1UwXbSGyKJWUMZzdC1BdIH98xNkA%26client%3Dca-pub-7554793497192362%26adurl%3D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
cf-cache-status: DYNAMIC
cf-ray: 7c7e35a21afc1c2c-FRA
content-encoding: br
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-src *;img-src * data:;manifest-src 'none';media-src 'none';object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:48 GMT
expires: 0
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
pragma: no-cache
referrer-policy: same-origin
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
server: cloudflare
strict-transport-security: max-age=86400; includeSubDomains; preload
surrogate-control: no-store
vary: accept-encoding
via: 1.1 google
x-content-type-options: nosniff
x-download-options: noopen
x-xss-protection: 1; mode=block

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.40/one-ad/ Frame 29E8 103 KB
13 KB 26ms
25ms Stylesheet
text/css 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://as.ad4m.at/ad/style/0.1.40/one-ad/default.css
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=183975%2C321853%2C46427&b=rWbTQf9f3XBdaAH7HjtqtBXVaYS8TgJka1JYM%2Cg62h8frfWBzXfPHbH8t5tj78WSmSQT954TMx4E%2CrWbTQf9fGq1tAH7HjtqtGReuYS8TgJka1JYM&f=P6AhBfbfbJMRC9HjHbtgCP6ASJS9TDpQcjqdY%2CBgwFgfPfYG1XFxH6H3tgCzVDAtjSeT8dbUB6xZ%2CP6AhBfbfeYET9HjHbtgCwJ2CJS9TDpQcjqdY&c=728&d=90&e=&g=26e11e3735c455e09b8160b4faee1eec%2F13339628171076748777&i=20597%2C111803%2C22481&j=21%2C21%2C21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183367716&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j37addvzsm6pg9wrec073ybpx10nh101evqamjpga5wh77zgakr2evjgqr83t27h8rejggp2s328q176ysvf2tn5b339wnme8dte3j35bgae27nw05z2czpzk68fxnx19pc08a9k9f6dgrpsmg9w8hzyd081ev0r8jctvr3k7hn4qvybbdp1q1wy7a9ng1qbt7c2yf29tchqqw5bzcavxmswp4h66a1ejcqry6mxraax60p4q2z082j67h36epb1c9dzqrb48n9rrkfes42d05p1w%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC04wERZliZKWkCoysbYzLt9AGkOGBhFy2qMKK8ALAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCakCuEm_tTNnsj7gAgCoAwGqBPgBT9D1hncuEGvr-5JJSltAD29RxLNPtO82ArmolBPnOycWps1XjPRURvA6sG1LN9_obUU_lRG9gkbNWpY-W1mub1ROlLbjBUFjlLBJ0NGlG-YoIbNzutp4zGS0TPG5GOS27kukMvs3H1dspf_UHa6pgu8jaBA1QwRPVgytVjkXqMmgAoupWp1emM4mIhsa_FcKMIniMyr9KkoRd8JZNWccCe1XxSHPWT83wse8-cW2-kxXGpvPONeo2V5XpH6ELmF5qOmcJHeQT0xFdZFhgYi48_277eP0LuvXn2zf_8PmFCerByyBt1n5_YX_j-hvVy8fLmdEum9nVz3gBAGABsTRnvTIgM68pQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3FB1mNWba4Er0x6X7fV_QthhgJ9A%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d77b5f2ca03eb8dab2acc515548b7b1ce7eeb4ca2189268552649e0391ee8c21

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/rar?a=183975%2C321853%2C46427&b=rWbTQf9f3XBdaAH7HjtqtBXVaYS8TgJka1JYM%2Cg62h8frfWBzXfPHbH8t5tj78WSmSQT954TMx4E%2CrWbTQf9fGq1tAH7HjtqtGReuYS8TgJka1JYM&f=P6AhBfbfbJMRC9HjHbtgCP6ASJS9TDpQcjqdY%2CBgwFgfPfYG1XFxH6H3tgCzVDAtjSeT8dbUB6xZ%2CP6AhBfbfeYET9HjHbtgCwJ2CJS9TDpQcjqdY&c=728&d=90&e=&g=26e11e3735c455e09b8160b4faee1eec%2F13339628171076748777&i=20597%2C111803%2C22481&j=21%2C21%2C21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183367716&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j37addvzsm6pg9wrec073ybpx10nh101evqamjpga5wh77zgakr2evjgqr83t27h8rejggp2s328q176ysvf2tn5b339wnme8dte3j35bgae27nw05z2czpzk68fxnx19pc08a9k9f6dgrpsmg9w8hzyd081ev0r8jctvr3k7hn4qvybbdp1q1wy7a9ng1qbt7c2yf29tchqqw5bzcavxmswp4h66a1ejcqry6mxraax60p4q2z082j67h36epb1c9dzqrb48n9rrkfes42d05p1w%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC04wERZliZKWkCoysbYzLt9AGkOGBhFy2qMKK8ALAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCakCuEm_tTNnsj7gAgCoAwGqBPgBT9D1hncuEGvr-5JJSltAD29RxLNPtO82ArmolBPnOycWps1XjPRURvA6sG1LN9_obUU_lRG9gkbNWpY-W1mub1ROlLbjBUFjlLBJ0NGlG-YoIbNzutp4zGS0TPG5GOS27kukMvs3H1dspf_UHa6pgu8jaBA1QwRPVgytVjkXqMmgAoupWp1emM4mIhsa_FcKMIniMyr9KkoRd8JZNWccCe1XxSHPWT83wse8-cW2-kxXGpvPONeo2V5XpH6ELmF5qOmcJHeQT0xFdZFhgYi48_277eP0LuvXn2zf_8PmFCerByyBt1n5_YX_j-hvVy8fLmdEum9nVz3gBAGABsTRnvTIgM68pQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3FB1mNWba4Er0x6X7fV_QthhgJ9A%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:48 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-meta-goog-reserved-file-mtime: 1683559916
age: 623011
cf-polished: origSize=105839
x-guploader-uploadid: ADPycdv9IJsM9Nda_T-YCF8tGjLSR9_5GyrPWBCiXo7o_2KPFa29jeIDurPOQJdzBat54FnfGmUqvpjJPo5BCE2ydDX2ig
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Mon, 08 May 2023 15:32:28 GMT
server: cloudflare
etag: W/"44fa96b813e145cb8b915ae1fb6a3b7a"
vary: Accept-Encoding
x-goog-generation: 1683559948253618
content-type: text/css
x-goog-hash: crc32c=FELYSw==, md5=RPqWuBPhRcuLkVrh+2o7eg==
cache-control: public, max-age=3600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YO6MaFLkqO1WEPvWt9t%2BwRVOWsiXJ4l%2FOH%2F6yVRK%2FLbIQwIDrGCIwMWBNB8M8aCg3VHS0XbY343vxccGaKenSXVbPwjCsuBfITKlL6mQJM7akCWkUgV4o158DyLeYjZ%2BgajpfAd4BzU%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 105839
cf-ray: 7c7e35a25b531c2c-FRA
expires: Mon, 15 May 2023 21:42:48 GMT

GET
H3 200 F9B39585BFA0505D63AEC15D6DB1B02D9089CB0BB1445FD9678DBB04C32C81A56DC3B966E24F60B1752A92F908AA27DE3F0994E5B1621436EB0D2328EC61055B
assets.ad4m.at/logo/ Frame 29E8 219 KB
220 KB 32ms
31ms Image
image/png 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/F9B39585BFA0505D63AEC15D6DB1B02D9089CB0BB1445FD9678DBB04C32C81A56DC3B966E24F60B1752A92F908AA27DE3F0994E5B1621436EB0D2328EC61055B
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=183975%2C321853%2C46427&b=rWbTQf9f3XBdaAH7HjtqtBXVaYS8TgJka1JYM%2Cg62h8frfWBzXfPHbH8t5tj78WSmSQT954TMx4E%2CrWbTQf9fGq1tAH7HjtqtGReuYS8TgJka1JYM&f=P6AhBfbfbJMRC9HjHbtgCP6ASJS9TDpQcjqdY%2CBgwFgfPfYG1XFxH6H3tgCzVDAtjSeT8dbUB6xZ%2CP6AhBfbfeYET9HjHbtgCwJ2CJS9TDpQcjqdY&c=728&d=90&e=&g=26e11e3735c455e09b8160b4faee1eec%2F13339628171076748777&i=20597%2C111803%2C22481&j=21%2C21%2C21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183367716&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j37addvzsm6pg9wrec073ybpx10nh101evqamjpga5wh77zgakr2evjgqr83t27h8rejggp2s328q176ysvf2tn5b339wnme8dte3j35bgae27nw05z2czpzk68fxnx19pc08a9k9f6dgrpsmg9w8hzyd081ev0r8jctvr3k7hn4qvybbdp1q1wy7a9ng1qbt7c2yf29tchqqw5bzcavxmswp4h66a1ejcqry6mxraax60p4q2z082j67h36epb1c9dzqrb48n9rrkfes42d05p1w%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC04wERZliZKWkCoysbYzLt9AGkOGBhFy2qMKK8ALAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCakCuEm_tTNnsj7gAgCoAwGqBPgBT9D1hncuEGvr-5JJSltAD29RxLNPtO82ArmolBPnOycWps1XjPRURvA6sG1LN9_obUU_lRG9gkbNWpY-W1mub1ROlLbjBUFjlLBJ0NGlG-YoIbNzutp4zGS0TPG5GOS27kukMvs3H1dspf_UHa6pgu8jaBA1QwRPVgytVjkXqMmgAoupWp1emM4mIhsa_FcKMIniMyr9KkoRd8JZNWccCe1XxSHPWT83wse8-cW2-kxXGpvPONeo2V5XpH6ELmF5qOmcJHeQT0xFdZFhgYi48_277eP0LuvXn2zf_8PmFCerByyBt1n5_YX_j-hvVy8fLmdEum9nVz3gBAGABsTRnvTIgM68pQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3FB1mNWba4Er0x6X7fV_QthhgJ9A%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c2ae6a18b973d0fbd53cd575408e3720cec1b94418b180ab6b83a82611eb1906

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:48 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 704152
cf-polished: origSize=233620, status=vary_header_present
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 224653
cf-bgj: imgq:85,h2pri
last-modified: Tue, 29 Mar 2022 07:10:51 GMT
server: cloudflare
etag: "d1d171dd651522f41a2fc0dba256a546"
vary: X-Goog-Allowed-Resources, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BbRWhmBNZjzDgCtKdQfDxQy8v2WEIGhuO1HGJ91j5Wi1%2FXjQqL2SklbNlWkfrQ2t7gYRYttd8YW4xYvFut1%2FHukHMf91rVG1cO8TMiH%2FO2bX%2FQ8sCEt8ioe7QZI52DylB%2BtqbtgizACMym3d"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7c7e35a25b541c2c-FRA
expires: Tue, 16 May 2023 20:42:48 GMT

GET
H3 200 1408E404D125984EC307986C30204BFB93CEF5A079A8B664A2AB24EB8E10E04B06FC2810F2A3432611FA8E4EB56D40C4CE476E3578F76162AC45AD15ADEE2CC0
assets.ad4m.at/product_image/ Frame 29E8 637 KB
637 KB 36ms
26ms Image
image/png 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/1408E404D125984EC307986C30204BFB93CEF5A079A8B664A2AB24EB8E10E04B06FC2810F2A3432611FA8E4EB56D40C4CE476E3578F76162AC45AD15ADEE2CC0
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=183975%2C321853%2C46427&b=rWbTQf9f3XBdaAH7HjtqtBXVaYS8TgJka1JYM%2Cg62h8frfWBzXfPHbH8t5tj78WSmSQT954TMx4E%2CrWbTQf9fGq1tAH7HjtqtGReuYS8TgJka1JYM&f=P6AhBfbfbJMRC9HjHbtgCP6ASJS9TDpQcjqdY%2CBgwFgfPfYG1XFxH6H3tgCzVDAtjSeT8dbUB6xZ%2CP6AhBfbfeYET9HjHbtgCwJ2CJS9TDpQcjqdY&c=728&d=90&e=&g=26e11e3735c455e09b8160b4faee1eec%2F13339628171076748777&i=20597%2C111803%2C22481&j=21%2C21%2C21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183367716&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j37addvzsm6pg9wrec073ybpx10nh101evqamjpga5wh77zgakr2evjgqr83t27h8rejggp2s328q176ysvf2tn5b339wnme8dte3j35bgae27nw05z2czpzk68fxnx19pc08a9k9f6dgrpsmg9w8hzyd081ev0r8jctvr3k7hn4qvybbdp1q1wy7a9ng1qbt7c2yf29tchqqw5bzcavxmswp4h66a1ejcqry6mxraax60p4q2z082j67h36epb1c9dzqrb48n9rrkfes42d05p1w%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC04wERZliZKWkCoysbYzLt9AGkOGBhFy2qMKK8ALAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCakCuEm_tTNnsj7gAgCoAwGqBPgBT9D1hncuEGvr-5JJSltAD29RxLNPtO82ArmolBPnOycWps1XjPRURvA6sG1LN9_obUU_lRG9gkbNWpY-W1mub1ROlLbjBUFjlLBJ0NGlG-YoIbNzutp4zGS0TPG5GOS27kukMvs3H1dspf_UHa6pgu8jaBA1QwRPVgytVjkXqMmgAoupWp1emM4mIhsa_FcKMIniMyr9KkoRd8JZNWccCe1XxSHPWT83wse8-cW2-kxXGpvPONeo2V5XpH6ELmF5qOmcJHeQT0xFdZFhgYi48_277eP0LuvXn2zf_8PmFCerByyBt1n5_YX_j-hvVy8fLmdEum9nVz3gBAGABsTRnvTIgM68pQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3FB1mNWba4Er0x6X7fV_QthhgJ9A%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 48544d39ceaebb01d8e31886a19c82330f02125740397558bb0baa16b81b8c6f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:48 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 172633
cf-polished: origSize=731561, status=vary_header_present
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 651990
cf-bgj: imgq:85,h2pri
last-modified: Tue, 29 Mar 2022 07:03:31 GMT
server: cloudflare
etag: "1b69278243c107df5b11186b1f6ca585"
vary: X-Goog-Allowed-Resources, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m47wiGFECoVzk6WHYmrN8gU7R6E%2FvBGEVhp0IWOOyaJs%2Bk7hnsgTClw4MWXmvJ8uqFbPcT9S4BKrV5w9Giy%2BuJFVNTCknLIBSi4AQyT6Bx0BrkTOfC2nPTG5umMy1CsmmaHvZCg5ltpCvNiZ"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7c7e35a29ba51c2c-FRA
expires: Tue, 16 May 2023 20:42:48 GMT

GET
H3 200 A533E7F607EF62FE4723E8DFFC0713F0C73B1B2D9CE8A1C3EC9B01CFC3E94E0E60300B8201CEC78FF7CFB2870EBC0F2255A36A642116E896F244C9C3B760671D
assets.ad4m.at/logo/ Frame 29E8 12 KB
13 KB 61ms
51ms Image
image/png 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/A533E7F607EF62FE4723E8DFFC0713F0C73B1B2D9CE8A1C3EC9B01CFC3E94E0E60300B8201CEC78FF7CFB2870EBC0F2255A36A642116E896F244C9C3B760671D
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=183975%2C321853%2C46427&b=rWbTQf9f3XBdaAH7HjtqtBXVaYS8TgJka1JYM%2Cg62h8frfWBzXfPHbH8t5tj78WSmSQT954TMx4E%2CrWbTQf9fGq1tAH7HjtqtGReuYS8TgJka1JYM&f=P6AhBfbfbJMRC9HjHbtgCP6ASJS9TDpQcjqdY%2CBgwFgfPfYG1XFxH6H3tgCzVDAtjSeT8dbUB6xZ%2CP6AhBfbfeYET9HjHbtgCwJ2CJS9TDpQcjqdY&c=728&d=90&e=&g=26e11e3735c455e09b8160b4faee1eec%2F13339628171076748777&i=20597%2C111803%2C22481&j=21%2C21%2C21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183367716&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j37addvzsm6pg9wrec073ybpx10nh101evqamjpga5wh77zgakr2evjgqr83t27h8rejggp2s328q176ysvf2tn5b339wnme8dte3j35bgae27nw05z2czpzk68fxnx19pc08a9k9f6dgrpsmg9w8hzyd081ev0r8jctvr3k7hn4qvybbdp1q1wy7a9ng1qbt7c2yf29tchqqw5bzcavxmswp4h66a1ejcqry6mxraax60p4q2z082j67h36epb1c9dzqrb48n9rrkfes42d05p1w%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC04wERZliZKWkCoysbYzLt9AGkOGBhFy2qMKK8ALAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCakCuEm_tTNnsj7gAgCoAwGqBPgBT9D1hncuEGvr-5JJSltAD29RxLNPtO82ArmolBPnOycWps1XjPRURvA6sG1LN9_obUU_lRG9gkbNWpY-W1mub1ROlLbjBUFjlLBJ0NGlG-YoIbNzutp4zGS0TPG5GOS27kukMvs3H1dspf_UHa6pgu8jaBA1QwRPVgytVjkXqMmgAoupWp1emM4mIhsa_FcKMIniMyr9KkoRd8JZNWccCe1XxSHPWT83wse8-cW2-kxXGpvPONeo2V5XpH6ELmF5qOmcJHeQT0xFdZFhgYi48_277eP0LuvXn2zf_8PmFCerByyBt1n5_YX_j-hvVy8fLmdEum9nVz3gBAGABsTRnvTIgM68pQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3FB1mNWba4Er0x6X7fV_QthhgJ9A%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1e4888cce84b12f519ea6a2123dc8a3e27097a2fec4b8adbe9294dde6af8250a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:48 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1523592
cf-polished: origSize=24038, status=vary_header_present
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 12371
cf-bgj: imgq:85,h2pri
last-modified: Fri, 18 Nov 2022 09:02:58 GMT
server: cloudflare
etag: "42fdf98ab75c036923270a333e2d19d9"
vary: X-Goog-Allowed-Resources, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BR4LC0m3P5QPljcfeZyQyjTFFVleb76XPTLmF%2Bue2mS2zjQ2wpqWkTNnL29GZQzc8g2hbY0djBCyWSGodJ9vwd2V0VGNWsvFdON0Wt3Z7T9rQRE%2BLuUMSlXL%2FefmI0DU8RjKCQeSv9FSz6zv"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7c7e35a29ba81c2c-FRA
expires: Tue, 16 May 2023 20:42:48 GMT

GET
H3 200 6CE771B21A8636F5C2024451E91C2D0F265D574A33091414717D7A9AD2DD6D650E6B7475ED8B65D4B666B69AB302F6ADFACD07EE68874124BBF350D45D9BAD1D
assets.ad4m.at/product_image/ Frame 29E8 545 KB
546 KB 70ms
60ms Image
image/png 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/6CE771B21A8636F5C2024451E91C2D0F265D574A33091414717D7A9AD2DD6D650E6B7475ED8B65D4B666B69AB302F6ADFACD07EE68874124BBF350D45D9BAD1D
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=183975%2C321853%2C46427&b=rWbTQf9f3XBdaAH7HjtqtBXVaYS8TgJka1JYM%2Cg62h8frfWBzXfPHbH8t5tj78WSmSQT954TMx4E%2CrWbTQf9fGq1tAH7HjtqtGReuYS8TgJka1JYM&f=P6AhBfbfbJMRC9HjHbtgCP6ASJS9TDpQcjqdY%2CBgwFgfPfYG1XFxH6H3tgCzVDAtjSeT8dbUB6xZ%2CP6AhBfbfeYET9HjHbtgCwJ2CJS9TDpQcjqdY&c=728&d=90&e=&g=26e11e3735c455e09b8160b4faee1eec%2F13339628171076748777&i=20597%2C111803%2C22481&j=21%2C21%2C21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183367716&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j37addvzsm6pg9wrec073ybpx10nh101evqamjpga5wh77zgakr2evjgqr83t27h8rejggp2s328q176ysvf2tn5b339wnme8dte3j35bgae27nw05z2czpzk68fxnx19pc08a9k9f6dgrpsmg9w8hzyd081ev0r8jctvr3k7hn4qvybbdp1q1wy7a9ng1qbt7c2yf29tchqqw5bzcavxmswp4h66a1ejcqry6mxraax60p4q2z082j67h36epb1c9dzqrb48n9rrkfes42d05p1w%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC04wERZliZKWkCoysbYzLt9AGkOGBhFy2qMKK8ALAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCakCuEm_tTNnsj7gAgCoAwGqBPgBT9D1hncuEGvr-5JJSltAD29RxLNPtO82ArmolBPnOycWps1XjPRURvA6sG1LN9_obUU_lRG9gkbNWpY-W1mub1ROlLbjBUFjlLBJ0NGlG-YoIbNzutp4zGS0TPG5GOS27kukMvs3H1dspf_UHa6pgu8jaBA1QwRPVgytVjkXqMmgAoupWp1emM4mIhsa_FcKMIniMyr9KkoRd8JZNWccCe1XxSHPWT83wse8-cW2-kxXGpvPONeo2V5XpH6ELmF5qOmcJHeQT0xFdZFhgYi48_277eP0LuvXn2zf_8PmFCerByyBt1n5_YX_j-hvVy8fLmdEum9nVz3gBAGABsTRnvTIgM68pQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3FB1mNWba4Er0x6X7fV_QthhgJ9A%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 002f1235c6484b5b45d65e285ac9623a469f9428889d6b7baa1b698593679321

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:48 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1526047
cf-polished: origSize=633427, status=vary_header_present
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 558334
cf-bgj: imgq:85,h2pri
last-modified: Fri, 18 Nov 2022 08:58:33 GMT
server: cloudflare
etag: "873e08540c475526df27feecfd1eaf3f"
vary: X-Goog-Allowed-Resources, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HFyNbAzWl4O0wW8Cm4mCu5qwI6ZY9kuwyuFwPgl5wATWvtlig9X7KvJ3cqXW7qtTWAHtIPAg%2F3FgSljpWZVcHcis9AMCxUufRl031DpbCS0jmM4raQg4hdB4oiplCnPr3XQVSvulSsnW57k%2B"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7c7e35a29baa1c2c-FRA
expires: Tue, 16 May 2023 20:42:48 GMT

GET
H3 200 DD95FF88FA3D93F6F44D3AC31E55B69E88B3B4546FE4BC6F8B33238666415C0B819A6AF1FC78B5EC7D26C7715A6F49E85CEDA62985F3A5877BCD8483DC0580F8
assets.ad4m.at/logo/ Frame 29E8 17 KB
17 KB 77ms
67ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/DD95FF88FA3D93F6F44D3AC31E55B69E88B3B4546FE4BC6F8B33238666415C0B819A6AF1FC78B5EC7D26C7715A6F49E85CEDA62985F3A5877BCD8483DC0580F8
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=183975%2C321853%2C46427&b=rWbTQf9f3XBdaAH7HjtqtBXVaYS8TgJka1JYM%2Cg62h8frfWBzXfPHbH8t5tj78WSmSQT954TMx4E%2CrWbTQf9fGq1tAH7HjtqtGReuYS8TgJka1JYM&f=P6AhBfbfbJMRC9HjHbtgCP6ASJS9TDpQcjqdY%2CBgwFgfPfYG1XFxH6H3tgCzVDAtjSeT8dbUB6xZ%2CP6AhBfbfeYET9HjHbtgCwJ2CJS9TDpQcjqdY&c=728&d=90&e=&g=26e11e3735c455e09b8160b4faee1eec%2F13339628171076748777&i=20597%2C111803%2C22481&j=21%2C21%2C21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183367716&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j37addvzsm6pg9wrec073ybpx10nh101evqamjpga5wh77zgakr2evjgqr83t27h8rejggp2s328q176ysvf2tn5b339wnme8dte3j35bgae27nw05z2czpzk68fxnx19pc08a9k9f6dgrpsmg9w8hzyd081ev0r8jctvr3k7hn4qvybbdp1q1wy7a9ng1qbt7c2yf29tchqqw5bzcavxmswp4h66a1ejcqry6mxraax60p4q2z082j67h36epb1c9dzqrb48n9rrkfes42d05p1w%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC04wERZliZKWkCoysbYzLt9AGkOGBhFy2qMKK8ALAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCakCuEm_tTNnsj7gAgCoAwGqBPgBT9D1hncuEGvr-5JJSltAD29RxLNPtO82ArmolBPnOycWps1XjPRURvA6sG1LN9_obUU_lRG9gkbNWpY-W1mub1ROlLbjBUFjlLBJ0NGlG-YoIbNzutp4zGS0TPG5GOS27kukMvs3H1dspf_UHa6pgu8jaBA1QwRPVgytVjkXqMmgAoupWp1emM4mIhsa_FcKMIniMyr9KkoRd8JZNWccCe1XxSHPWT83wse8-cW2-kxXGpvPONeo2V5XpH6ELmF5qOmcJHeQT0xFdZFhgYi48_277eP0LuvXn2zf_8PmFCerByyBt1n5_YX_j-hvVy8fLmdEum9nVz3gBAGABsTRnvTIgM68pQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3FB1mNWba4Er0x6X7fV_QthhgJ9A%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4a87ab137847708c417f2fe0e4b40b13045387e5450b590e36569844e7d2749a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:48 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2412617
cf-polished: origFmt=png, origSize=29332
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 17112
cf-bgj: imgq:85,h2pri
last-modified: Wed, 13 May 2020 13:33:22 GMT
server: cloudflare
etag: "122e7322a58f4a1954c70b4a17dfafb3"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KtkLRtCTDdAYeIhCpHECoW0hxESUr8z%2Bx0y6vBvJCxIZ2FlvGLL98d%2B7gwEr7okRqBr8wxe8cGDf0ph4sDQ%2FgpLSQGYQUX6EAGxqB7cPw1E6Gxykx3WbEz9E29Z5H0rhFgt1oMgG5JINZQl7"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7c7e35a29bac1c2c-FRA
expires: Tue, 16 May 2023 20:42:48 GMT

GET
H3 200 0E5BFA76C26FC73E55AB6D68B83E55550C792CB830C69D31D329CEBDC2E4AB9165A435BB4F9054A5789B03CA381227A36BCB33A334DD00ADA2F66E01950FC2DD
assets.ad4m.at/product_image/ Frame 29E8 173 KB
174 KB 77ms
67ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/0E5BFA76C26FC73E55AB6D68B83E55550C792CB830C69D31D329CEBDC2E4AB9165A435BB4F9054A5789B03CA381227A36BCB33A334DD00ADA2F66E01950FC2DD
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=183975%2C321853%2C46427&b=rWbTQf9f3XBdaAH7HjtqtBXVaYS8TgJka1JYM%2Cg62h8frfWBzXfPHbH8t5tj78WSmSQT954TMx4E%2CrWbTQf9fGq1tAH7HjtqtGReuYS8TgJka1JYM&f=P6AhBfbfbJMRC9HjHbtgCP6ASJS9TDpQcjqdY%2CBgwFgfPfYG1XFxH6H3tgCzVDAtjSeT8dbUB6xZ%2CP6AhBfbfeYET9HjHbtgCwJ2CJS9TDpQcjqdY&c=728&d=90&e=&g=26e11e3735c455e09b8160b4faee1eec%2F13339628171076748777&i=20597%2C111803%2C22481&j=21%2C21%2C21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183367716&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j37addvzsm6pg9wrec073ybpx10nh101evqamjpga5wh77zgakr2evjgqr83t27h8rejggp2s328q176ysvf2tn5b339wnme8dte3j35bgae27nw05z2czpzk68fxnx19pc08a9k9f6dgrpsmg9w8hzyd081ev0r8jctvr3k7hn4qvybbdp1q1wy7a9ng1qbt7c2yf29tchqqw5bzcavxmswp4h66a1ejcqry6mxraax60p4q2z082j67h36epb1c9dzqrb48n9rrkfes42d05p1w%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC04wERZliZKWkCoysbYzLt9AGkOGBhFy2qMKK8ALAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCakCuEm_tTNnsj7gAgCoAwGqBPgBT9D1hncuEGvr-5JJSltAD29RxLNPtO82ArmolBPnOycWps1XjPRURvA6sG1LN9_obUU_lRG9gkbNWpY-W1mub1ROlLbjBUFjlLBJ0NGlG-YoIbNzutp4zGS0TPG5GOS27kukMvs3H1dspf_UHa6pgu8jaBA1QwRPVgytVjkXqMmgAoupWp1emM4mIhsa_FcKMIniMyr9KkoRd8JZNWccCe1XxSHPWT83wse8-cW2-kxXGpvPONeo2V5XpH6ELmF5qOmcJHeQT0xFdZFhgYi48_277eP0LuvXn2zf_8PmFCerByyBt1n5_YX_j-hvVy8fLmdEum9nVz3gBAGABsTRnvTIgM68pQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3FB1mNWba4Er0x6X7fV_QthhgJ9A%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ac6819ddbdc4c3a3845e32f55947158747e75113248edc9644fa65c4ed9934ad

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:48 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 434372
cf-polished: origFmt=png, origSize=270249
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 177346
cf-bgj: imgq:85,h2pri
last-modified: Tue, 13 Oct 2020 11:03:48 GMT
server: cloudflare
etag: "e93e5f11efcf3516506c022b6dda411d"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KCI9dU4BMtWZ7%2BF76Fsge5%2FQWhg7kwSIImzS6S3SdrErg64gCY57k8eQAldkj0KQyJew%2Fm2nsYINPjVg30xK%2Bl0pfyvGp7%2FEt7iqY3rg0AsEZ7glKZAOVkQv5m3uQo9GTwkMMzuSyXvf6H7F"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7c7e35a29bae1c2c-FRA
expires: Tue, 16 May 2023 20:42:48 GMT

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame EF7A 70 B
264 B 37ms
33ms Image
image/gif 3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEK-Ba0DIvZ50GQq8VgQHsj8&google_cver=1&google_push=ATf1kGNqvTJ8VMVigp3MzSfcxjGnP-md5XFEbq2yk6U4BaGJjTL53NgA7ZLwGtOe6qVgOf8AL-I-FtAxfRn6O2soeuI0Z-5MHV3zlw
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Mon, 15 May 2023 20:42:48 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H2

200

cookiematch.aspx
dis.criteo.com/dis/rtb/google/ Frame EF7A
Redirect Chain

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DPUSH_DATA&...
https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_hm=k-nObDVdK9WZnb4CQh60fmkL_WOLZ6-REkWj4kZg&google_push=PUSH_DATA
https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_error=5

43 B
369 B

13ms
12ms

Image
image/gif

178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_error=5

Protocol

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:47 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 115808
timing-allow-origin: *
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:48 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 274
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EF7A
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEG-r3gCok_CQ6HTKS-rezLU&google_cver=1&google_push=ATf1kGOUanAzMi8LnGYf7Ee11WiCqu8PUUXbtN_i3TYZgBmOsNCG0bhlc-0RmLPsjm7ZH7tfPKi...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEhQQkFFWlgtMjQtNVBNNw==&google_push=ATf1kGOUanAzMi8LnGYf7Ee11WiCqu8PUUXbtN_i3TYZgBmOsNCG0bhlc-0RmLPsjm7ZH7tfPKiiJc4Ccns_zcdwYsA80OL8u1Wu

170 B
188 B

20ms
19ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEhQQkFFWlgtMjQtNVBNNw==&google_push=ATf1kGOUanAzMi8LnGYf7Ee11WiCqu8PUUXbtN_i3TYZgBmOsNCG0bhlc-0RmLPsjm7ZH7tfPKiiJc4Ccns_zcdwYsA80OL8u1Wu

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEhQQkFFWlgtMjQtNVBNNw==&google_push=ATf1kGOUanAzMi8LnGYf7Ee11WiCqu8PUUXbtN_i3TYZgBmOsNCG0bhlc-0RmLPsjm7ZH7tfPKiiJc4Ccns_zcdwYsA80OL8u1Wu
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: c1913d0f161dfd12bb229b87994a2d1d
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EF7A
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESECGHKKh33Ipw102tTRlwk2M&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESECGHKKh33Ipw102tTRlwk2M&google_hm=ZGKZRCybRghSAFROgsBfOQAADHsAAAIB&google_nid=index&google_push=ATf1kGMi0TBbqFMI9-prd26dnI8CzZwmIcVO8...

170 B
188 B

20ms
17ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESECGHKKh33Ipw102tTRlwk2M&google_hm=ZGKZRCybRghSAFROgsBfOQAADHsAAAIB&google_nid=index&google_push=ATf1kGMi0TBbqFMI9-prd26dnI8CzZwmIcVO8-q6ugPFZr8Ssv-01L2KbwIi_N-9Qm0p64j3s_3S-E0tsWFXL5sU-3XxsUX3tLo5wQ

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:48 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESECGHKKh33Ipw102tTRlwk2M&google_hm=ZGKZRCybRghSAFROgsBfOQAADHsAAAIB&google_nid=index&google_push=ATf1kGMi0TBbqFMI9-prd26dnI8CzZwmIcVO8-q6ugPFZr8Ssv-01L2KbwIi_N-9Qm0p64j3s_3S-E0tsWFXL5sU-3XxsUX3tLo5wQ
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 0
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EF7A
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESELQXSGJqEpsDJB_bsWeFOf0&google_cver=1&google_push=ATf1kGM0xgfNtIIVx3jxqOMIYmKTK4hbmnf9pcwqWyNG4o5oOwYD0_0yEe5SZTTVcMbxwBQ0Xn8UJMaMgVt5...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGM0xgfNtIIVx3jxqOMIYmKTK4hbmnf9pcwqWyNG4o5oOwYD0_0yEe5SZTTVcMbxwBQ0Xn8UJMaMgVt5YLBMUHLd96rPZ7Eo1w

170 B
188 B

29ms
23ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGM0xgfNtIIVx3jxqOMIYmKTK4hbmnf9pcwqWyNG4o5oOwYD0_0yEe5SZTTVcMbxwBQ0Xn8UJMaMgVt5YLBMUHLd96rPZ7Eo1w

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGM0xgfNtIIVx3jxqOMIYmKTK4hbmnf9pcwqWyNG4o5oOwYD0_0yEe5SZTTVcMbxwBQ0Xn8UJMaMgVt5YLBMUHLd96rPZ7Eo1w
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H2 200 sync
ssbsync.smartadserver.com/api/ Frame EF7A 0
44 B 20ms
16ms Image
text/plain 185.86.139.93
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEFE3Aw1rOlM-_BW7nTU-7Pg&google_cver=1&google_push=ATf1kGMrPD58yuu5d9_ZLwiiHkuKb95g1nbSWCeJsS2GAm-lGn32Pngm9kuxBEsJUZ4cVGwjMdvaMrN-wjCBYZQiI67dC4k9lAua
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.93 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:47 GMT
content-length: 0

GET
H2

200

/
onetag-sys.com/match/ Frame EF7A
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESELQXSGJqEpsDJB_bsWeFOf0&google_cver=1&google_push=ATf1kGOoUSs9Qjzf4yi7XeUHqRX9SfAvY91SDzocGJxyySvfstGocrzgPdfwZgcusOrdDgE2XzzE_tEM0y_...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGOoUSs9Qjzf4yi7XeUHqRX9SfAvY91SDzocGJxyySvfstGocrzgPdfwZgcusOrdDgE2XzzE_tEM0y_eNGXFbB3Ya_BNdTTbE0s
https://onetag-sys.com/match/?int_id=19&google_error=5

0
151 B

87ms
85ms

Image
text/plain

51.38.120.206
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Protocol

Server

51.38.120.206 Hessen, Germany, ASN16276 (OVH, FR),

Reverse DNS

ip206.ip-51-38-120.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:48 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame EF7A 0
12 B 23ms
21ms Image
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Ij9LenUNNnxT3jhv87hn4ElwYyGQ49n3f-67kTsWPzXyU0mvNj54lKO-vB74iEuX4880SzJA

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:48 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C60F
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEPYbpoVJNDFNoQ42PDag9UQ&google_cver=1&google_push=ATf1kGO80nea32F9LWfBQiCO6CzvYMRbkplEJchN-aSqG90yarYY9f7_8J...
https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=ATf1kGO80nea32F9LWfBQiCO6CzvYMRbkplEJchN-aSqG90yarYY9f7_8JTa82np9NJtBeHVP_jHnVMTRuzT3PRUFzxn9X8UF1m8&google_hm=skAkrLmaK9CZ...

170 B
188 B

23ms
22ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=ATf1kGO80nea32F9LWfBQiCO6CzvYMRbkplEJchN-aSqG90yarYY9f7_8JTa82np9NJtBeHVP_jHnVMTRuzT3PRUFzxn9X8UF1m8&google_hm=skAkrLmaK9CZOexuwIUP_A

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?&google_nid=B765081F39B1F7&google_push=ATf1kGO80nea32F9LWfBQiCO6CzvYMRbkplEJchN-aSqG90yarYY9f7_8JTa82np9NJtBeHVP_jHnVMTRuzT3PRUFzxn9X8UF1m8&google_hm=skAkrLmaK9CZOexuwIUP_A
pragma: no-cache
date: Mon, 15 May 2023 20:42:48 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
strict-transport-security: max-age=86400
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C60F
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEJ2ueJKrMhCAQwaqZIJQxQI&google_cver=1&google_push=ATf1kGPkq81vKxxX0QUnly9E88puKRYhySvCUHfxkmmRa6_Q2tetgYHvg0qsU4qBu0spnZ7NbO-4FjYm_tHewdgvLkO35peB8bo
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=A22ABC9E77424ED6B170286A8A1A3AAE&google_push=ATf1kGPkq81vKxxX0QUnly9E88puKRYhySvCUHfxkmmRa6_Q2tetgYHvg0qsU4qBu0spnZ7NbO-4FjYm_tHewdg...

170 B
188 B

25ms
23ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=A22ABC9E77424ED6B170286A8A1A3AAE&google_push=ATf1kGPkq81vKxxX0QUnly9E88puKRYhySvCUHfxkmmRa6_Q2tetgYHvg0qsU4qBu0spnZ7NbO-4FjYm_tHewdgvLkO35peB8bo

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 15 May 2023 20:42:48 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=A22ABC9E77424ED6B170286A8A1A3AAE&google_push=ATf1kGPkq81vKxxX0QUnly9E88puKRYhySvCUHfxkmmRa6_Q2tetgYHvg0qsU4qBu0spnZ7NbO-4FjYm_tHewdgvLkO35peB8bo
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Sun, 14 May 2023 20:42:48 GMT

GET
H3 200 dds
rtb.openx.net/sync/ Frame C60F 43 B
58 B 22ms
20ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESEJktBEQvC-6pnzoSTsKdE-Y&google_cver=1&google_push=ATf1kGMRZTne50xFWi8sEMMAY5xQI3xGTPejK-taMT1TCnhxRmzAaBiB_-jSb_rg-65LMwcrz_7_MRg-6xd3QTswXRfuUgrDhK58
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:48 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C60F
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEHyVjsheMpGIXOOYl4QaQ-k&google_cver=1&google_push=ATf1kGOJ0Sf5V3eC3GJfW-MEwYo-vNcTxX5HvoNmGAPGqD48zqvliUHw0AmT9oih3m_Mu5d8nchfMtQz9Z2kBn5S...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ATf1kGOJ0Sf5V3eC3GJfW-MEwYo-vNcTxX5HvoNmGAPGqD48zqvliUHw0AmT9oih3m_Mu5d8nchfMtQz9Z2kBn5SdW9Iz1exICDO

170 B
188 B

24ms
22ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ATf1kGOJ0Sf5V3eC3GJfW-MEwYo-vNcTxX5HvoNmGAPGqD48zqvliUHw0AmT9oih3m_Mu5d8nchfMtQz9Z2kBn5SdW9Iz1exICDO

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 15 May 2023 20:42:48 GMT
via: 1.1 747e99d9d8c5e29fdc713cf866bc3f82.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA56-C2
x-cache: FunctionGeneratedResponse from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_push=ATf1kGOJ0Sf5V3eC3GJfW-MEwYo-vNcTxX5HvoNmGAPGqD48zqvliUHw0AmT9oih3m_Mu5d8nchfMtQz9Z2kBn5SdW9Iz1exICDO
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: ZWIZvRyvUJZBemCJoNZHK7r40thWFvlr-QHwYsWITSU4kW4YBzBWMg==

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C60F
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&google_gid=CAESELghKnXhXdIiJ2YGroFYnAU&google_cver=1&google_push=ATf1kGN6T2FkRg_4wBVS-Yi05H3FMJToDTvwcMylV6uwtiRtdsFdU3YQyU2K_YwdtYnQblsIvQ9y4rOXqulDdXLwCd_psG4zMQo
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDY0NTM4NjM3NTk5NDc4ODc5ODQz&google_push=ATf1kGN6T2FkRg_4wBVS-Yi05H3FMJToDTvwcMylV6uwtiRtdsFdU3YQyU2K_Ywd...

170 B
188 B

23ms
21ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDY0NTM4NjM3NTk5NDc4ODc5ODQz&google_push=ATf1kGN6T2FkRg_4wBVS-Yi05H3FMJToDTvwcMylV6uwtiRtdsFdU3YQyU2K_YwdtYnQblsIvQ9y4rOXqulDdXLwCd_psG4zMQo

Protocol

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=NDY0NTM4NjM3NTk5NDc4ODc5ODQz&google_push=ATf1kGN6T2FkRg_4wBVS-Yi05H3FMJToDTvwcMylV6uwtiRtdsFdU3YQyU2K_YwdtYnQblsIvQ9y4rOXqulDdXLwCd_psG4zMQo
date: Mon, 15 May 2023 20:42:48 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 sync
ssbsync.smartadserver.com/api/ Frame C60F 0
44 B 18ms
16ms Image
text/plain 185.86.139.93
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEFE3Aw1rOlM-_BW7nTU-7Pg&google_cver=1&google_push=ATf1kGNuAJMr-UTFv4skZD2DvSheDJiBCuG0f9DiY83p3OJ5b5COLtGrkkrZ7YeMdgz0ZNbU6z_i-X64mgTnR6upK1LmG6uKePQ_
Requested by: Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.93 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:47 GMT
content-length: 0

GET
H2

200

/
onetag-sys.com/match/ Frame C60F
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESELQXSGJqEpsDJB_bsWeFOf0&google_cver=1&google_push=ATf1kGOJ6Vev_hhv2fB7nySBFymC9w4ivcEtQiDbI1YEH75wPdJPsGu-a17IhQXH-ZZgcdvzrn4UEItCEpf...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=ATf1kGOJ6Vev_hhv2fB7nySBFymC9w4ivcEtQiDbI1YEH75wPdJPsGu-a17IhQXH-ZZgcdvzrn4UEItCEpffxy8X0ks9fdOkYLlTVA
https://onetag-sys.com/match/?int_id=19&google_error=5

0
151 B

9ms
7ms

Image
text/plain

51.38.120.206
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Protocol

Server

51.38.120.206 Hessen, Germany, ASN16276 (OVH, FR),

Reverse DNS

ip206.ip-51-38-120.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:48 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame C60F 0
12 B 22ms
20ms Image
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IxGyaWsH_6HnsjoVci7dwqzomODDlRDrqLL84ayQSEHPHLKWe0Si3A35gAN2kAM-sCmoB31g

Requested by

Host: a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s21-in-f130.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:48 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame AB30 85 KB
31 KB 11ms
10ms Script
text/javascript 18.66.147.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=3641431&wgcampaignid=1384975&js=1&nw=1&wgtarget=https%3A%2F%2Fas.ad4m.at%2Fad%2Frct%3Fed%3D1g2fmjgsmnvs5hbjkxwpd9bskpbjj37r51g615b4rjzd0k6ky9vsg6a02agdbnvmbh105095350svycr2cejrwvfa5n7wnaqfcy9sd7ngxez6x0tzk28as59zwnekgcre5hn50zv5ppv20sq23ywsa822c7bqb8244ht22z9cbrh7tsmhgahsp271zmqpk4pwkatwrh094sqbam44vnj98wap95y4r4tjvbyzy7b2jccgkzyvqeyjtafazmr66rvm7wh2%26a%3Dhttps%253A%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1hwhzn75vb5ps0pdyqrj5fwnnkd7h32xzkxhwyswysbzt2b2cwnr7qx1np0bzd5ne6qmtc7zpmmvvem0dc3ce8jagbj5bn44x1nn9y8qdsf7xnsa0hknkmxdb6n03ck4y3pmfc5ta6decpa5pt1s4xxhk70sgkkbp83k1xeaxea2rrtkzmbt82gg11wacdgwsjjph1n13mkv9wwtgbm789ymbxg15psph2j37bghnnc88a28ts1ab9yswfbqgd4wrqfsqeh60gf3taav1vmqpth744%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DC-MODRJliZOnTI4SglgS7grL4BZDhgYRctqjCivACwI23ARABIABglfqXgqwHggEXY2EtcHViLTc1NTQ3OTM0OTcxOTIzNjLIAQmpArhJv7UzZ7I-4AIAqAMBqgT4AU_Qm2cwHRJq8x2mkUf0GK3tCeGzXDNnyO2GqSGGzaZhJQo5FykRax4-HhAGSgNK2QSc7uPGSq3qUbao3Eqc_Kd_rJGclJbpBwfT_l8mX6-Z3qQDDfjFkGMlNzeVc6RcbBufW9cAjgUyzA7KYFvwF-uxMu9kz8Hqhypz2D3nlaIDXgRtI1ahHpFE8cM9CBYPn-ZYh7wuUDf-yYlA_1_YekoTOVyW8OAlW7tT27cksi7tgg7tGCYPYyVeopjLiRAvRUZvKNtD2_dlMJ1ozeyE43u426RRDiAUjXjWUDtkF4g42PhhtCrEhXieKxOpKKmhEfDKLEynXXMx4AQBgAbE0Z70yIDOvKUBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_1fWoXb9j5p6leW3a656AtniIfMZQ%252526client%25253Dca-pub-7554793497192362%252526adurl%25253D&clickref=oneidDXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjWoneid__suite_Netmix_Reach128_WEBGAINSMOSTLY&viewref=oneideYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpboneid__suite_Netmix_Reach128_WEBGAINSMOSTLY
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-98.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 00c5621a3f56c052959f8f0591b65e893f132b49b1447fde20767966cacbfbfe

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 00:27:58 GMT
content-encoding: gzip
via: 1.1 12e62b05f63a1a2118cca20014b15012.cloudfront.net (CloudFront)
last-modified: Wed, 15 Mar 2023 17:26:29 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 75940
etag: W/"876c293e6c37046ecb0c11ce2e276942"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
x-amz-cf-id: zxF_XeXNyhruhrxJX2PEmJaJhZXkcPitfxxML14eBZwgSg_I2fD2Ww==

GET
H2 200 1619604937_fPkEZHu3MNy3GC7XuV3lA1s9E5XlSAcF.png
cdn.track.production.webgains.team/286305/ Frame AB30 15 KB
15 KB 10ms
9ms Image
image/png 99.86.4.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/286305/1619604937_fPkEZHu3MNy3GC7XuV3lA1s9E5XlSAcF.png?Expires=1684183667&Signature=WomMAJouOoWytn81H7-uDXueUjGs10fO6r8RKaal9SptzeROSVGMX-ufHlK73vtlbu0oVNpTzGSAwH9pL2ul5VASTEGE~VOvoI6Sz9fEejSkmQK95UZ0-RGjZVkwNzG16hvWqlz7CYcv20vfBBhVB~iTaCXJi0szm-7mnFllFtKkjvZ-kkNcbk4lsqGUDMm8kdCoIrFKWVgbcmds11e5LGxVjuW1k23nzsDpbNOFyPt5y-Z8tr3w0wYF06IFv2Tq6vRRTLBGGBd2g~WAGdo7L3DSKcGiQcN3W8g8G~rTYfZ6XrhG-nEKYvt4K1SRRmogL~n4ECurWiPtEvSph~WOBg__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=3641431&wgcampaignid=1384975&js=1&nw=1&wgtarget=https%3A%2F%2Fas.ad4m.at%2Fad%2Frct%3Fed%3D1g2fmjgsmnvs5hbjkxwpd9bskpbjj37r51g615b4rjzd0k6ky9vsg6a02agdbnvmbh105095350svycr2cejrwvfa5n7wnaqfcy9sd7ngxez6x0tzk28as59zwnekgcre5hn50zv5ppv20sq23ywsa822c7bqb8244ht22z9cbrh7tsmhgahsp271zmqpk4pwkatwrh094sqbam44vnj98wap95y4r4tjvbyzy7b2jccgkzyvqeyjtafazmr66rvm7wh2%26a%3Dhttps%253A%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1hwhzn75vb5ps0pdyqrj5fwnnkd7h32xzkxhwyswysbzt2b2cwnr7qx1np0bzd5ne6qmtc7zpmmvvem0dc3ce8jagbj5bn44x1nn9y8qdsf7xnsa0hknkmxdb6n03ck4y3pmfc5ta6decpa5pt1s4xxhk70sgkkbp83k1xeaxea2rrtkzmbt82gg11wacdgwsjjph1n13mkv9wwtgbm789ymbxg15psph2j37bghnnc88a28ts1ab9yswfbqgd4wrqfsqeh60gf3taav1vmqpth744%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DC-MODRJliZOnTI4SglgS7grL4BZDhgYRctqjCivACwI23ARABIABglfqXgqwHggEXY2EtcHViLTc1NTQ3OTM0OTcxOTIzNjLIAQmpArhJv7UzZ7I-4AIAqAMBqgT4AU_Qm2cwHRJq8x2mkUf0GK3tCeGzXDNnyO2GqSGGzaZhJQo5FykRax4-HhAGSgNK2QSc7uPGSq3qUbao3Eqc_Kd_rJGclJbpBwfT_l8mX6-Z3qQDDfjFkGMlNzeVc6RcbBufW9cAjgUyzA7KYFvwF-uxMu9kz8Hqhypz2D3nlaIDXgRtI1ahHpFE8cM9CBYPn-ZYh7wuUDf-yYlA_1_YekoTOVyW8OAlW7tT27cksi7tgg7tGCYPYyVeopjLiRAvRUZvKNtD2_dlMJ1ozeyE43u426RRDiAUjXjWUDtkF4g42PhhtCrEhXieKxOpKKmhEfDKLEynXXMx4AQBgAbE0Z70yIDOvKUBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%252526num%25253D1%252526sig%25253DAOD64_1fWoXb9j5p6leW3a656AtniIfMZQ%252526client%25253Dca-pub-7554793497192362%252526adurl%25253D&clickref=oneidDXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjWoneid__suite_Netmix_Reach128_WEBGAINSMOSTLY&viewref=oneideYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpboneid__suite_Netmix_Reach128_WEBGAINSMOSTLY
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-52.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 60bf02832688d14251ec1c7b8acfda233a91f927f26c7202bdaba781a1f0fcdf

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

x-amz-version-id: null
date: Mon, 15 May 2023 13:37:25 GMT
via: 1.1 7fcb41b117930690c299be9cec4a977a.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 10:41:35 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 67121
etag: "d4e8f970f24f6d19b53aa92b1907c1ef"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/png
accept-ranges: bytes
content-length: 15054
x-amz-cf-id: GxUwRiDjJUmpZPed2A4JuNnM0VELcVr_sSTHDLRJcbjjtPySrEk-CQ==

GET
H2 200 screen.css
s1.adform.net/Banners/Elements/Files/160090/12685250/bvpath_258/ Frame C0F8 1 KB
961 B 31ms
15ms Stylesheet
text/css 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/12685250/bvpath_258/screen.css
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.228/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 60b9d4305db4ec8d879e28528cf1fd875dfc2dc7d7b6478b12eb3c205f19e9f4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:48 GMT
content-encoding: gzip
last-modified: Mon, 24 Apr 2023 08:37:16 GMT
server: nginx
x-amz-request-id: tx0000079383809ceef1579-006461926b-32950a8f-default
etag: W/"75815473b383f85037d53fa20f71fa58"
x-cache-status: STALE
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800

GET
H2 200 Adform.DHTML.js Show response
s1.adform.net/banners/scripts/rmb/ Frame C0F8 30 KB
14 KB 40ms
17ms Script
application/javascript 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/banners/scripts/rmb/Adform.DHTML.js?bv=626
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.228/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:48 GMT
content-encoding: gzip
last-modified: Wed, 08 Jun 2022 12:02:22 GMT
server: nginx
x-amz-request-id: tx00000dcb04a2980ec1f5a-0063765ffa-329373d4-default
etag: W/"4731aef0a5114a59b4311776d270e848"
x-cache-status: HIT
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-rgw-object-type: Normal
cache-control: public, max-age=604800

GET
H2 200 introfill.png
s1.adform.net/Banners/Elements/Files/160090/12685250/bvpath_258/ Frame C0F8 103 B
433 B 41ms
18ms Image
image/png 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/12685250/bvpath_258/introfill.png
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.228/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: ee6d3b54a9065c8ff1c55528d83a8b11aa932915d3004f3dab2c5355027bbf3f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:48 GMT
last-modified: Mon, 24 Apr 2023 08:37:16 GMT
server: nginx
x-amz-request-id: tx000007208b4cd6b0b291d-006461926b-3295a825-default
etag: "eeb9c35d55092b02bf5fa183ecd734f8"
x-cache-status: STALE
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 103

GET
H2 200 text0.png
s1.adform.net/Banners/Elements/Files/160090/12685250/bvpath_258/ Frame C0F8 5 KB
5 KB 41ms
19ms Image
image/png 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/12685250/bvpath_258/text0.png
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.228/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 07773674da8a5d7de6575be849321af69c60333d821b2e531b8b6aad8cb8deba

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:48 GMT
last-modified: Mon, 24 Apr 2023 08:37:16 GMT
server: nginx
x-amz-request-id: tx000002ba75f2fc417824d-006461926b-3295d06f-default
etag: "b40bca9f571a135a168188a0310caad3"
x-cache-status: STALE
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 4939

GET
H2 200 text1.png
s1.adform.net/Banners/Elements/Files/160090/12685250/bvpath_258/ Frame C0F8 14 KB
15 KB 42ms
20ms Image
image/png 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/12685250/bvpath_258/text1.png
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.228/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 82709cc1cd991e26967b850fd332310bcd1df1732c0469c1ec8645d34767b43b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:48 GMT
last-modified: Mon, 24 Apr 2023 08:37:16 GMT
server: nginx
x-amz-request-id: tx00000b1546e0376b65a98-006461926b-32950a8f-default
etag: "f049d6a0b841fb5889b39e46c725f41a"
x-cache-status: STALE
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 14684

GET
H2 200 text2.png
s1.adform.net/Banners/Elements/Files/160090/12685250/bvpath_258/ Frame C0F8 8 KB
8 KB 43ms
21ms Image
image/png 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/12685250/bvpath_258/text2.png
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.228/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 5f375509c1452589c13e5d6dc5f3b39d297dfd6930148ac1a8e9930d3102da53

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:48 GMT
last-modified: Mon, 24 Apr 2023 08:37:16 GMT
server: nginx
x-amz-request-id: tx00000a1bb92693c26c06f-006461926b-3295d06f-default
etag: "1773c399dbd24ade9e45b31477196231"
x-cache-status: STALE
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 7877

GET
H2 200 stoerer.png
s1.adform.net/Banners/Elements/Files/160090/12685250/bvpath_258/ Frame C0F8 11 KB
12 KB 44ms
21ms Image
image/png 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/12685250/bvpath_258/stoerer.png
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.228/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 4379780ec7a60ee9e3be3daae1679424e45bbcad947348e5eed4393dce45b0fc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:48 GMT
last-modified: Mon, 24 Apr 2023 08:37:16 GMT
server: nginx
x-amz-request-id: tx00000793dc98129fb488a-006461926b-3295a825-default
etag: "6de5d278ef810d5b289e892260f122b6"
x-cache-status: STALE
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 11488

GET
H2 200 disclaimer.png
s1.adform.net/Banners/Elements/Files/160090/12685250/bvpath_258/ Frame C0F8 2 KB
3 KB 44ms
22ms Image
image/png 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/12685250/bvpath_258/disclaimer.png
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.228/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: d7459fa18280a3e39c5ffd0eb2445c3d375d0dda10100a51ec20faba34beb92f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:48 GMT
last-modified: Mon, 24 Apr 2023 08:37:16 GMT
server: nginx
x-amz-request-id: tx0000065a70903dbe71605-006461926b-3295d06f-default
etag: "ce93a9e2c2541ffd2cd1f235c786aa84"
x-cache-status: STALE
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 2242

GET
H2 200 date.png
s1.adform.net/Banners/Elements/Files/160090/12685250/bvpath_258/ Frame C0F8 2 KB
2 KB 44ms
22ms Image
image/png 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/12685250/bvpath_258/date.png
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.228/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 939f15aa3264213b1f5a015b77fe316ce2031cbdb0c35d190d7eec9803fec941

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:48 GMT
last-modified: Mon, 24 Apr 2023 08:37:16 GMT
server: nginx
x-amz-request-id: tx00000f355402c767f1e18-006461926b-3295d06f-default
etag: "115b7905f381b270c2cb3e9e5f1c4ed2"
x-cache-status: STALE
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 1969

GET
H2 200 cta.png
s1.adform.net/Banners/Elements/Files/160090/12685250/bvpath_258/ Frame C0F8 2 KB
2 KB 50ms
28ms Image
image/png 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/12685250/bvpath_258/cta.png
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.228/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 53fd29aa898a338e420a878bf7eaa2f91fa8ce775f356bafadc70989c5344d1b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:48 GMT
last-modified: Mon, 24 Apr 2023 08:37:16 GMT
server: nginx
x-amz-request-id: tx00000752265f1f61e0e58-006461926b-32950a49-default
etag: "28fed1b781c9f893a7071697d605d153"
x-cache-status: STALE
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 1673

GET
H2 200 logostart.png
s1.adform.net/Banners/Elements/Files/160090/12685250/bvpath_258/ Frame C0F8 5 KB
5 KB 50ms
29ms Image
image/png 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/12685250/bvpath_258/logostart.png
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.228/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: f324377940583ba7a0f81123404cc032334edf5ace8e9f5d58da1cc340e41027

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:48 GMT
last-modified: Mon, 24 Apr 2023 08:37:16 GMT
server: nginx
x-amz-request-id: tx0000066b3f7554797af28-006461926b-32957f68-default
etag: "0539ca6530d6756126aee292b52e0cf8"
x-cache-status: STALE
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 4815

GET
H2 200 logo.png
s1.adform.net/Banners/Elements/Files/160090/12685250/bvpath_258/ Frame C0F8 4 KB
4 KB 50ms
29ms Image
image/png 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/12685250/bvpath_258/logo.png
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.228/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: c5d9f11f95196250f6797acef21bd147fe22a802940735d88ac2a7a9308247ac

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:48 GMT
last-modified: Mon, 24 Apr 2023 08:37:16 GMT
server: nginx
x-amz-request-id: tx00000b890c0016c1b0f70-006461926b-3295d04c-default
etag: "926213b1f44a9786a29d0fa8b723023f"
x-cache-status: STALE
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 3791

GET
H2 200 model.jpg
s1.adform.net/Banners/Elements/Files/160090/12685250/bvpath_258/ Frame C0F8 8 KB
9 KB 51ms
30ms Image
image/jpeg 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/12685250/bvpath_258/model.jpg
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.228/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: a070ec5d5d045cb6be2b058c76a03159a6ec5ec50d83653eaef33856a22a50a3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:48 GMT
last-modified: Mon, 24 Apr 2023 08:37:16 GMT
server: nginx
x-amz-request-id: tx0000017868dec278565a5-006461926b-32950a49-default
etag: "51f93811bd89f8382551b4cf5e40e618"
x-cache-status: STALE
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 8432

GET
H2 200 background.jpg
s1.adform.net/Banners/Elements/Files/160090/12685250/bvpath_258/ Frame C0F8 5 KB
5 KB 51ms
30ms Image
image/jpeg 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/12685250/bvpath_258/background.jpg
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.228/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 5df79eddbef90ad7812dabb7e205681d726406b290b06033adf10ee06929097e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:48 GMT
last-modified: Mon, 24 Apr 2023 08:37:16 GMT
server: nginx
x-amz-request-id: tx00000011b423b44c598d6-006461926b-32950a8f-default
etag: "ae68ce2fe0f4549341fc4e073f1be0bb"
x-cache-status: STALE
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 5111

GET
H3 200 CSSPlugin.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/plugins/ Frame C0F8 38 KB
14 KB 34ms
18ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/plugins/CSSPlugin.min.js

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.228/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cbf2228ab439f89b83feb79ea549213521a81212fde9ff67f9c73d002d586198

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:48 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 337144
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 13669
last-modified: Mon, 04 May 2020 16:10:25 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e71-9833"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MzqwBCE1wdfqdlVFNrOQIhEsl7%2Bl96O0QO9I4eW1Ak782e0PetCKEkwZV8yJl0zkJ7ySmJdgLjT11SxsvpkO2h6u%2Bwqpya5Y%2BiojqkJKZwY6QZHPqplTfeexpovgN8MPYzeTtQh1F8VmiAhiE3bt7tmp"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7c7e35a29d1a18de-FRA
expires: Sat, 04 May 2024 20:42:48 GMT

GET
H3 200 EasePack.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/easing/ Frame C0F8 5 KB
2 KB 47ms
30ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/easing/EasePack.min.js

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.228/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

37bc930c63149650677d732eea9526432bd8494c55737f45c98e7f8ad7c1e7ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:48 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 2146688
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1730
last-modified: Mon, 04 May 2020 16:10:25 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e71-146f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=945gCxlosO9u%2BaYuxoRXt%2F8G4nrKbqSCwFKwyNOK8bGTdfUDXfspG9UQQwTJiTE7CbBdOZaPqqOA7HmznyKXmcc%2FQsI79t9EoaGlxKe8zisk2hf3OhjzMD%2BnhyBSMoBHCDSTTX9ZaR8feQZzd%2BE%2FMBbW"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7c7e35a29d1c18de-FRA
expires: Sat, 04 May 2024 20:42:48 GMT

GET
H3 200 TweenLite.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/ Frame C0F8 26 KB
9 KB 50ms
34ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/1.18.0/TweenLite.min.js

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.228/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e5b4dd28e58e76dbe83eb2b357fdad7e54b85a9def9bf953063d5970a91ee6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:48 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 406972
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 8578
last-modified: Mon, 04 May 2020 16:10:25 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e71-697f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2YcmA4drsjHe34wEYai3%2B86rIAZK9XyhrJi3rGpd%2BiMMoLAEg9dU%2B%2Fh9PkgnGu0FJRN%2Bg%2FWuF8KIZXXQFqOaNl7XZssTvT4tmRqoJRZ0lIRcZKmx2SUgKhQNPoY1AGI8sM4SJLIejCG47V8F%2FbW%2FO5Yt"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 7c7e35a29d1d18de-FRA
expires: Sat, 04 May 2024 20:42:48 GMT

GET
H2 200 script.js Show response
s1.adform.net/Banners/Elements/Files/160090/12685250/bvpath_258/ Frame C0F8 9 KB
2 KB 36ms
18ms Script
application/x-javascript 37.157.5.73
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL: https://s1.adform.net/Banners/Elements/Files/160090/12685250/bvpath_258/script.js
Requested by: Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/load/v/0.0.228/e/igSBggDQ/i/vCAv.IAAAAAUAA/r:AdConstructor:contents/HTML:types/Standard
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.5.73 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: fd4baf763043b388f2c14d9f4cadd1b5bb14459c59e6e700dc0951570d9d6f39

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:48 GMT
content-encoding: gzip
last-modified: Mon, 24 Apr 2023 08:37:16 GMT
server: nginx
x-amz-request-id: tx000009c6b6abd2eae3f44-006461926b-32950a49-default
etag: W/"81e0191b5e5a2b993d3d782d8c9e5a51"
x-cache-status: STALE
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Range,Content-Length
x-rgw-object-type: Normal
cache-control: public, max-age=604800

GET
H3 200 A6DkqFxHDGl7nKslapf_JwSgNLk5S51nxKr2xdQhtdg.js Show response
pagead2.googlesyndication.com/bg/ Frame 4012 37 KB
14 KB 23ms
8ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/A6DkqFxHDGl7nKslapf_JwSgNLk5S51nxKr2xdQhtdg.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

03a0e4a85c470c697b9cab256a97ff2704a034b9394b9d67c4aaf6c5d421b5d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 18:31:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7888
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14779
x-xss-protection: 0
last-modified: Mon, 08 May 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 14 May 2024 18:31:20 GMT

GET
H3 200 A6DkqFxHDGl7nKslapf_JwSgNLk5S51nxKr2xdQhtdg.js Show response
pagead2.googlesyndication.com/bg/ Frame 6875 37 KB
14 KB 19ms
8ms Script
text/javascript 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/A6DkqFxHDGl7nKslapf_JwSgNLk5S51nxKr2xdQhtdg.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

03a0e4a85c470c697b9cab256a97ff2704a034b9394b9d67c4aaf6c5d421b5d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 18:31:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7888
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14779
x-xss-protection: 0
last-modified: Mon, 08 May 2023 09:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 14 May 2024 18:31:20 GMT

GET
H3 200 default.css
as.ad4m.at/ad/style/0.1.40/one-ad/ Frame 093E 103 KB
13 KB 33ms
22ms Stylesheet
text/css 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://as.ad4m.at/ad/style/0.1.40/one-ad/default.css
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=200037%2C14019%2C183722&b=mV2HefGfWXGmSmHZHZtzt6qYtKSwTeZMHb1k5%2CeYdU3fVfxA6tjHZHet1t4mWTwSQTKrACYXpb%2CBgwFgfPfxKzeSxH6H3t9tVJwMajSeT8dbUB6xZ&f=7YmUqfzfj538crHXHgtECk98c4S1TQPbCEZQx%2CDXdT3fwfbJ6t3HmH9twCZDAhxSmTYW3aXdjW%2CjE2sEfGfqP9jtYHEH2tWC43eVhZSzT1XgTGpmR&c=970&d=90&e=&g=ba99554a4dbfa68e99ca82cd9152f370%2F2842032654825791844&i=22499%2C21596%2C71170&j=21%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183367931&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1khhrt6f8gjtga1bxy7csbkrwb0m1rhpprqvffawwn02bxbhfs6ddr1tfzmtfwn421r9ss33w3y12ev4ar03r5vy9t0qntgms0rk6cm5jrg84bxeez2b052g361s77nb0xyk44fp2x1fe669aqg2zzpmz4ym0wzf5bxza1d7vttkgj14g5d55znm9myy1z5dz062bygktts8z11774bjsgmtwygt4zqhp94h13vdwep18ve64vxzfxhjbtph6q2c5w4y27dm89ewpfc6fm63zv6s18%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCLBwtRZliZPngGfGB9fgPyLu5uAqQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE8gFP0MBKN3Ow-R0wtaCGbLMJeaZeL-SwA_Q3zDdbTa0gn6Im6nt4GWlZHyD77-yJvlD8OhGsRba0y5JcYvDzKQo7hmgqhMSQswxkR-RSBz5RUZtm542kZOpyiss0GFnIjcjBihR0kvgu34LNy7nEDf8ueR3D4s8joPtRz8uncpkzITZ_V4kzP1RwxJdFIZuRXFbNivpjMMskpPrmjBhbfc6aqNSjqP0CEcBsJE6oHoNe8P62aJ4M6c8rTSBEySTh4fOBSIBOMNC09tkuqZEnb8BPCTHFt6skGo49EFP5nv1Bh5_DGwZptL4PXsF3e2_W1ZvHZOAEAYAGzui6xZWzjYKnAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_1UwXbSGyKJWUMZzdC1BdIH98xNkA%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d77b5f2ca03eb8dab2acc515548b7b1ce7eeb4ca2189268552649e0391ee8c21

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://as.ad4m.at/ad/rar?a=200037%2C14019%2C183722&b=mV2HefGfWXGmSmHZHZtzt6qYtKSwTeZMHb1k5%2CeYdU3fVfxA6tjHZHet1t4mWTwSQTKrACYXpb%2CBgwFgfPfxKzeSxH6H3t9tVJwMajSeT8dbUB6xZ&f=7YmUqfzfj538crHXHgtECk98c4S1TQPbCEZQx%2CDXdT3fwfbJ6t3HmH9twCZDAhxSmTYW3aXdjW%2CjE2sEfGfqP9jtYHEH2tWC43eVhZSzT1XgTGpmR&c=970&d=90&e=&g=ba99554a4dbfa68e99ca82cd9152f370%2F2842032654825791844&i=22499%2C21596%2C71170&j=21%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183367931&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1khhrt6f8gjtga1bxy7csbkrwb0m1rhpprqvffawwn02bxbhfs6ddr1tfzmtfwn421r9ss33w3y12ev4ar03r5vy9t0qntgms0rk6cm5jrg84bxeez2b052g361s77nb0xyk44fp2x1fe669aqg2zzpmz4ym0wzf5bxza1d7vttkgj14g5d55znm9myy1z5dz062bygktts8z11774bjsgmtwygt4zqhp94h13vdwep18ve64vxzfxhjbtph6q2c5w4y27dm89ewpfc6fm63zv6s18%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCLBwtRZliZPngGfGB9fgPyLu5uAqQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE8gFP0MBKN3Ow-R0wtaCGbLMJeaZeL-SwA_Q3zDdbTa0gn6Im6nt4GWlZHyD77-yJvlD8OhGsRba0y5JcYvDzKQo7hmgqhMSQswxkR-RSBz5RUZtm542kZOpyiss0GFnIjcjBihR0kvgu34LNy7nEDf8ueR3D4s8joPtRz8uncpkzITZ_V4kzP1RwxJdFIZuRXFbNivpjMMskpPrmjBhbfc6aqNSjqP0CEcBsJE6oHoNe8P62aJ4M6c8rTSBEySTh4fOBSIBOMNC09tkuqZEnb8BPCTHFt6skGo49EFP5nv1Bh5_DGwZptL4PXsF3e2_W1ZvHZOAEAYAGzui6xZWzjYKnAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_1UwXbSGyKJWUMZzdC1BdIH98xNkA%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:48 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-goog-meta-goog-reserved-file-mtime: 1683559916
age: 623011
cf-polished: origSize=105839
x-guploader-uploadid: ADPycdv9IJsM9Nda_T-YCF8tGjLSR9_5GyrPWBCiXo7o_2KPFa29jeIDurPOQJdzBat54FnfGmUqvpjJPo5BCE2ydDX2ig
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify
last-modified: Mon, 08 May 2023 15:32:28 GMT
server: cloudflare
etag: W/"44fa96b813e145cb8b915ae1fb6a3b7a"
vary: Accept-Encoding
x-goog-generation: 1683559948253618
content-type: text/css
x-goog-hash: crc32c=FELYSw==, md5=RPqWuBPhRcuLkVrh+2o7eg==
cache-control: public, max-age=3600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o%2BpiBiJG2nCoP09HHHNqVxoP9WxjFP9yEIqe7sm%2F1XqGIjF4nP47ocU4beSF05rlM6wOOoIw9J6zfpJAe%2Bgz0%2F2i2%2FbI7B7n1hIY67hewG4BhO7vs2cI4%2FDT%2FlZNpSRv5%2FOqN0LKFqw%3D"}],"group":"cf-nel","max_age":604800}
x-goog-stored-content-length: 105839
cf-ray: 7c7e35a29ba01c2c-FRA
expires: Mon, 15 May 2023 21:42:48 GMT

GET
H3 200 822734168B827B1A0E57FF53EC6CBFBBD002FC8D7460BA6B8DE6F46F0023BD74E50D9FBBA049A063AB16B30699CAF8E6582A3DFB3481ACA57EB03EB039D10995
assets.ad4m.at/logo/ Frame 093E 42 KB
43 KB 68ms
58ms Image
image/png 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/822734168B827B1A0E57FF53EC6CBFBBD002FC8D7460BA6B8DE6F46F0023BD74E50D9FBBA049A063AB16B30699CAF8E6582A3DFB3481ACA57EB03EB039D10995
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=200037%2C14019%2C183722&b=mV2HefGfWXGmSmHZHZtzt6qYtKSwTeZMHb1k5%2CeYdU3fVfxA6tjHZHet1t4mWTwSQTKrACYXpb%2CBgwFgfPfxKzeSxH6H3t9tVJwMajSeT8dbUB6xZ&f=7YmUqfzfj538crHXHgtECk98c4S1TQPbCEZQx%2CDXdT3fwfbJ6t3HmH9twCZDAhxSmTYW3aXdjW%2CjE2sEfGfqP9jtYHEH2tWC43eVhZSzT1XgTGpmR&c=970&d=90&e=&g=ba99554a4dbfa68e99ca82cd9152f370%2F2842032654825791844&i=22499%2C21596%2C71170&j=21%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183367931&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1khhrt6f8gjtga1bxy7csbkrwb0m1rhpprqvffawwn02bxbhfs6ddr1tfzmtfwn421r9ss33w3y12ev4ar03r5vy9t0qntgms0rk6cm5jrg84bxeez2b052g361s77nb0xyk44fp2x1fe669aqg2zzpmz4ym0wzf5bxza1d7vttkgj14g5d55znm9myy1z5dz062bygktts8z11774bjsgmtwygt4zqhp94h13vdwep18ve64vxzfxhjbtph6q2c5w4y27dm89ewpfc6fm63zv6s18%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCLBwtRZliZPngGfGB9fgPyLu5uAqQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE8gFP0MBKN3Ow-R0wtaCGbLMJeaZeL-SwA_Q3zDdbTa0gn6Im6nt4GWlZHyD77-yJvlD8OhGsRba0y5JcYvDzKQo7hmgqhMSQswxkR-RSBz5RUZtm542kZOpyiss0GFnIjcjBihR0kvgu34LNy7nEDf8ueR3D4s8joPtRz8uncpkzITZ_V4kzP1RwxJdFIZuRXFbNivpjMMskpPrmjBhbfc6aqNSjqP0CEcBsJE6oHoNe8P62aJ4M6c8rTSBEySTh4fOBSIBOMNC09tkuqZEnb8BPCTHFt6skGo49EFP5nv1Bh5_DGwZptL4PXsF3e2_W1ZvHZOAEAYAGzui6xZWzjYKnAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_1UwXbSGyKJWUMZzdC1BdIH98xNkA%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f5b11a8ed95cc5ef94a4a6fe4d32f704dfeca16300ca4c67cdcffaa01aa2481

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:48 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1451995
cf-polished: origSize=48887, status=vary_header_present
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43327
cf-bgj: imgq:85,h2pri
last-modified: Mon, 19 Oct 2020 12:32:26 GMT
server: cloudflare
etag: "4fe1ecb98ff38283cdb2ae157e399ba2"
vary: X-Goog-Allowed-Resources, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gtEvFQ7r1xQO%2F7g%2B0EU2989YP4nbrqfXreQdM2nP37twp9YnA5u%2FTC78INpI30NjSaNnHpX8EWWbFWR51fGWTFSHkjmmRM0yoBzwj5G4MeM5sNyg%2BOUQfQZEkDfVa6K9S34yTuQWBKej9ZW3"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7c7e35a29ba41c2c-FRA
expires: Tue, 16 May 2023 20:42:48 GMT

GET
H3 200 A8818152897B16598F154C678AE450026823820908A7A6CE6B0DB3C201FEB6D81C9FF76AC0F45E93D9C0D720F61EF6CAED2B76299D63A398AA158A0B10C14129
assets.ad4m.at/product_image/ Frame 093E 71 KB
71 KB 77ms
74ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/A8818152897B16598F154C678AE450026823820908A7A6CE6B0DB3C201FEB6D81C9FF76AC0F45E93D9C0D720F61EF6CAED2B76299D63A398AA158A0B10C14129
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=200037%2C14019%2C183722&b=mV2HefGfWXGmSmHZHZtzt6qYtKSwTeZMHb1k5%2CeYdU3fVfxA6tjHZHet1t4mWTwSQTKrACYXpb%2CBgwFgfPfxKzeSxH6H3t9tVJwMajSeT8dbUB6xZ&f=7YmUqfzfj538crHXHgtECk98c4S1TQPbCEZQx%2CDXdT3fwfbJ6t3HmH9twCZDAhxSmTYW3aXdjW%2CjE2sEfGfqP9jtYHEH2tWC43eVhZSzT1XgTGpmR&c=970&d=90&e=&g=ba99554a4dbfa68e99ca82cd9152f370%2F2842032654825791844&i=22499%2C21596%2C71170&j=21%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183367931&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1khhrt6f8gjtga1bxy7csbkrwb0m1rhpprqvffawwn02bxbhfs6ddr1tfzmtfwn421r9ss33w3y12ev4ar03r5vy9t0qntgms0rk6cm5jrg84bxeez2b052g361s77nb0xyk44fp2x1fe669aqg2zzpmz4ym0wzf5bxza1d7vttkgj14g5d55znm9myy1z5dz062bygktts8z11774bjsgmtwygt4zqhp94h13vdwep18ve64vxzfxhjbtph6q2c5w4y27dm89ewpfc6fm63zv6s18%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCLBwtRZliZPngGfGB9fgPyLu5uAqQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE8gFP0MBKN3Ow-R0wtaCGbLMJeaZeL-SwA_Q3zDdbTa0gn6Im6nt4GWlZHyD77-yJvlD8OhGsRba0y5JcYvDzKQo7hmgqhMSQswxkR-RSBz5RUZtm542kZOpyiss0GFnIjcjBihR0kvgu34LNy7nEDf8ueR3D4s8joPtRz8uncpkzITZ_V4kzP1RwxJdFIZuRXFbNivpjMMskpPrmjBhbfc6aqNSjqP0CEcBsJE6oHoNe8P62aJ4M6c8rTSBEySTh4fOBSIBOMNC09tkuqZEnb8BPCTHFt6skGo49EFP5nv1Bh5_DGwZptL4PXsF3e2_W1ZvHZOAEAYAGzui6xZWzjYKnAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_1UwXbSGyKJWUMZzdC1BdIH98xNkA%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1a92cc32b861676d73dee67a54d16f367fbe774354b1c25189348ee4a85a98e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:48 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1375901
cf-polished: qual=85, origFmt=jpeg, origSize=78008
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 72376
cf-bgj: imgq:85,h2pri
last-modified: Thu, 12 Jan 2023 17:19:13 GMT
server: cloudflare
etag: "06d436b8ec91b25b14f92995cb31da99"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q%2F0gizJlr7pU4TNiqzbLP0a3P55wlp4qWB59I5lPQpUKi6gpbiFwcBZ8%2FyGNg3ACDEamC957QLVst2yyAxlKn0zOZ42FbjM6A9qs2BtEiI32KkFmv%2F3WSEqtLEnYSscuYe0pQ1SdnFB6ezWs"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7c7e35a2abbc1c2c-FRA
expires: Tue, 16 May 2023 20:42:48 GMT

GET
H3 200 762E992A001272DDC355514B76DC4960DDF6238B0F54854C0B29BE64A7E78BA5693E54C1A602322E523834805FE15471ECC3FEB06D9A02796A930A4085F71F84
assets.ad4m.at/logo/ Frame 093E 44 KB
44 KB 81ms
78ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/762E992A001272DDC355514B76DC4960DDF6238B0F54854C0B29BE64A7E78BA5693E54C1A602322E523834805FE15471ECC3FEB06D9A02796A930A4085F71F84
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=200037%2C14019%2C183722&b=mV2HefGfWXGmSmHZHZtzt6qYtKSwTeZMHb1k5%2CeYdU3fVfxA6tjHZHet1t4mWTwSQTKrACYXpb%2CBgwFgfPfxKzeSxH6H3t9tVJwMajSeT8dbUB6xZ&f=7YmUqfzfj538crHXHgtECk98c4S1TQPbCEZQx%2CDXdT3fwfbJ6t3HmH9twCZDAhxSmTYW3aXdjW%2CjE2sEfGfqP9jtYHEH2tWC43eVhZSzT1XgTGpmR&c=970&d=90&e=&g=ba99554a4dbfa68e99ca82cd9152f370%2F2842032654825791844&i=22499%2C21596%2C71170&j=21%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183367931&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1khhrt6f8gjtga1bxy7csbkrwb0m1rhpprqvffawwn02bxbhfs6ddr1tfzmtfwn421r9ss33w3y12ev4ar03r5vy9t0qntgms0rk6cm5jrg84bxeez2b052g361s77nb0xyk44fp2x1fe669aqg2zzpmz4ym0wzf5bxza1d7vttkgj14g5d55znm9myy1z5dz062bygktts8z11774bjsgmtwygt4zqhp94h13vdwep18ve64vxzfxhjbtph6q2c5w4y27dm89ewpfc6fm63zv6s18%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCLBwtRZliZPngGfGB9fgPyLu5uAqQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE8gFP0MBKN3Ow-R0wtaCGbLMJeaZeL-SwA_Q3zDdbTa0gn6Im6nt4GWlZHyD77-yJvlD8OhGsRba0y5JcYvDzKQo7hmgqhMSQswxkR-RSBz5RUZtm542kZOpyiss0GFnIjcjBihR0kvgu34LNy7nEDf8ueR3D4s8joPtRz8uncpkzITZ_V4kzP1RwxJdFIZuRXFbNivpjMMskpPrmjBhbfc6aqNSjqP0CEcBsJE6oHoNe8P62aJ4M6c8rTSBEySTh4fOBSIBOMNC09tkuqZEnb8BPCTHFt6skGo49EFP5nv1Bh5_DGwZptL4PXsF3e2_W1ZvHZOAEAYAGzui6xZWzjYKnAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_1UwXbSGyKJWUMZzdC1BdIH98xNkA%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ffae8fb9199235cf70171d14a964159b4eda2da695a258c2586de98e3cb27bb2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:48 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 133884
cf-polished: origFmt=png, origSize=65187
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 44710
cf-bgj: imgq:85,h2pri
last-modified: Tue, 17 Jan 2023 14:45:52 GMT
server: cloudflare
etag: "99941d3864a6d6ef01023c96e0475815"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ojfQvMkdk3EZzEu%2F8xvmGaAVd6c8B4A6AaSCHNoSKg%2Bh%2FjaWh1u8f9lVUkfGuFU4M6yzZl4izvalC%2B3P5K89KMhApfBFT6zjT1gW8U%2BS3ds5a943jURmFuHHl5e6Ot1zSZ5OTi2%2FNkIsubaL"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7c7e35a2abc01c2c-FRA
expires: Tue, 16 May 2023 20:42:48 GMT

GET
H3 200 EC9093D4AF3799CF781B1E590A25D192F3BFBB8EF4C33117758FB5ADF524B34A287AF80FDD08D80A46541DEAE1FFA692B6F4CA688E7C199182253AEB01A2863C
assets.ad4m.at/product_image/ Frame 093E 222 KB
222 KB 83ms
80ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/EC9093D4AF3799CF781B1E590A25D192F3BFBB8EF4C33117758FB5ADF524B34A287AF80FDD08D80A46541DEAE1FFA692B6F4CA688E7C199182253AEB01A2863C
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=200037%2C14019%2C183722&b=mV2HefGfWXGmSmHZHZtzt6qYtKSwTeZMHb1k5%2CeYdU3fVfxA6tjHZHet1t4mWTwSQTKrACYXpb%2CBgwFgfPfxKzeSxH6H3t9tVJwMajSeT8dbUB6xZ&f=7YmUqfzfj538crHXHgtECk98c4S1TQPbCEZQx%2CDXdT3fwfbJ6t3HmH9twCZDAhxSmTYW3aXdjW%2CjE2sEfGfqP9jtYHEH2tWC43eVhZSzT1XgTGpmR&c=970&d=90&e=&g=ba99554a4dbfa68e99ca82cd9152f370%2F2842032654825791844&i=22499%2C21596%2C71170&j=21%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183367931&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1khhrt6f8gjtga1bxy7csbkrwb0m1rhpprqvffawwn02bxbhfs6ddr1tfzmtfwn421r9ss33w3y12ev4ar03r5vy9t0qntgms0rk6cm5jrg84bxeez2b052g361s77nb0xyk44fp2x1fe669aqg2zzpmz4ym0wzf5bxza1d7vttkgj14g5d55znm9myy1z5dz062bygktts8z11774bjsgmtwygt4zqhp94h13vdwep18ve64vxzfxhjbtph6q2c5w4y27dm89ewpfc6fm63zv6s18%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCLBwtRZliZPngGfGB9fgPyLu5uAqQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE8gFP0MBKN3Ow-R0wtaCGbLMJeaZeL-SwA_Q3zDdbTa0gn6Im6nt4GWlZHyD77-yJvlD8OhGsRba0y5JcYvDzKQo7hmgqhMSQswxkR-RSBz5RUZtm542kZOpyiss0GFnIjcjBihR0kvgu34LNy7nEDf8ueR3D4s8joPtRz8uncpkzITZ_V4kzP1RwxJdFIZuRXFbNivpjMMskpPrmjBhbfc6aqNSjqP0CEcBsJE6oHoNe8P62aJ4M6c8rTSBEySTh4fOBSIBOMNC09tkuqZEnb8BPCTHFt6skGo49EFP5nv1Bh5_DGwZptL4PXsF3e2_W1ZvHZOAEAYAGzui6xZWzjYKnAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_1UwXbSGyKJWUMZzdC1BdIH98xNkA%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 41b9b9d488e3a57902a671111dd089363c2f7d3a41ec3177f196abbb7cbac078

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:48 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 277122
cf-polished: origFmt=png, origSize=342797
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 226916
cf-bgj: imgq:85,h2pri
last-modified: Wed, 15 Jun 2022 14:01:11 GMT
server: cloudflare
etag: "82c7de0f42ff55fdd0acc07731664031"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xrXgNBCkzFfstu3zm7o24k6sqPsaJ%2BFOeygfFl320ukh24jNpKepiUiqNCkN6TwlsGp8geKh43vtlrHQipnDCWC%2FpypOWAX0CJXB1UspnSniOTBz47EaiMjN5JFOMZkfATX6dY9K3cTf6%2ByJ"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7c7e35a2abc11c2c-FRA
expires: Tue, 16 May 2023 20:42:48 GMT

GET
H2

200

ztpv.php
www.conrad.de/ Frame 093E
Redirect Chain

https://www.awin1.com/cshow.php?s=2470185&v=11354&q=377129&r=412871&pv=1&pref3=oneideYdU3fVfxA6tjHZHet1t4mWTwSQTKrACYXpboneid__suite_Netmix_Reach128_WEBGAINSMOSTLY&gdpr_consent=&gdpr=0&gdpr_pd=0
https://www.conrad.de/ztpv.php?awc=11354_412871_1684183368_0d73e5f0-f361-11ed-9d45-2261c3620022&insert=AW&&gdpr=0&gdpr_consent=

0
474 B

54ms
20ms

Image
text/plain

2606:4700::6812:7f05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.conrad.de/ztpv.php?awc=11354_412871_1684183368_0d73e5f0-f361-11ed-9d45-2261c3620022&insert=AW&&gdpr=0&gdpr_consent=

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=200037%2C14019%2C183722&b=mV2HefGfWXGmSmHZHZtzt6qYtKSwTeZMHb1k5%2CeYdU3fVfxA6tjHZHet1t4mWTwSQTKrACYXpb%2CBgwFgfPfxKzeSxH6H3t9tVJwMajSeT8dbUB6xZ&f=7YmUqfzfj538crHXHgtECk98c4S1TQPbCEZQx%2CDXdT3fwfbJ6t3HmH9twCZDAhxSmTYW3aXdjW%2CjE2sEfGfqP9jtYHEH2tWC43eVhZSzT1XgTGpmR&c=970&d=90&e=&g=ba99554a4dbfa68e99ca82cd9152f370%2F2842032654825791844&i=22499%2C21596%2C71170&j=21%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183367931&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1khhrt6f8gjtga1bxy7csbkrwb0m1rhpprqvffawwn02bxbhfs6ddr1tfzmtfwn421r9ss33w3y12ev4ar03r5vy9t0qntgms0rk6cm5jrg84bxeez2b052g361s77nb0xyk44fp2x1fe669aqg2zzpmz4ym0wzf5bxza1d7vttkgj14g5d55znm9myy1z5dz062bygktts8z11774bjsgmtwygt4zqhp94h13vdwep18ve64vxzfxhjbtph6q2c5w4y27dm89ewpfc6fm63zv6s18%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCLBwtRZliZPngGfGB9fgPyLu5uAqQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE8gFP0MBKN3Ow-R0wtaCGbLMJeaZeL-SwA_Q3zDdbTa0gn6Im6nt4GWlZHyD77-yJvlD8OhGsRba0y5JcYvDzKQo7hmgqhMSQswxkR-RSBz5RUZtm542kZOpyiss0GFnIjcjBihR0kvgu34LNy7nEDf8ueR3D4s8joPtRz8uncpkzITZ_V4kzP1RwxJdFIZuRXFbNivpjMMskpPrmjBhbfc6aqNSjqP0CEcBsJE6oHoNe8P62aJ4M6c8rTSBEySTh4fOBSIBOMNC09tkuqZEnb8BPCTHFt6skGo49EFP5nv1Bh5_DGwZptL4PXsF3e2_W1ZvHZOAEAYAGzui6xZWzjYKnAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_1UwXbSGyKJWUMZzdC1BdIH98xNkA%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0

Protocol

Server

2606:4700::6812:7f05 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:48 GMT
strict-transport-security: max-age=15552000
cf-ccp-worker: HTLPHandler-v1
server: cloudflare
vary: Accept-Encoding
cache-control: no-cache
cf-ray: 7c7e35a39ca0903a-FRA
content-length: 0
expires: -1

Redirect headers

Date: Mon, 15 May 2023 20:42:48 GMT
Strict-Transport-Security: max-age=86400
Node: Helix
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Location: https://www.conrad.de/ztpv.php?awc=11354_412871_1684183368_0d73e5f0-f361-11ed-9d45-2261c3620022&insert=AW&&gdpr=0&gdpr_consent=
Awin-Akamai-Rule-Set: default
Connection: keep-alive
Content-Length: 0

GET
H3 200 103A3360E051111301FBD16EC6E9A2283BD237D9231363AE30EA643F918251F9284AA2DFE7A8CE15529F1057F737D4157215A9C52943E90CBC6D8223BDC1C5EE
assets.ad4m.at/logo/ Frame 093E 4 KB
5 KB 90ms
87ms Image
image/webp 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/103A3360E051111301FBD16EC6E9A2283BD237D9231363AE30EA643F918251F9284AA2DFE7A8CE15529F1057F737D4157215A9C52943E90CBC6D8223BDC1C5EE
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=200037%2C14019%2C183722&b=mV2HefGfWXGmSmHZHZtzt6qYtKSwTeZMHb1k5%2CeYdU3fVfxA6tjHZHet1t4mWTwSQTKrACYXpb%2CBgwFgfPfxKzeSxH6H3t9tVJwMajSeT8dbUB6xZ&f=7YmUqfzfj538crHXHgtECk98c4S1TQPbCEZQx%2CDXdT3fwfbJ6t3HmH9twCZDAhxSmTYW3aXdjW%2CjE2sEfGfqP9jtYHEH2tWC43eVhZSzT1XgTGpmR&c=970&d=90&e=&g=ba99554a4dbfa68e99ca82cd9152f370%2F2842032654825791844&i=22499%2C21596%2C71170&j=21%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183367931&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1khhrt6f8gjtga1bxy7csbkrwb0m1rhpprqvffawwn02bxbhfs6ddr1tfzmtfwn421r9ss33w3y12ev4ar03r5vy9t0qntgms0rk6cm5jrg84bxeez2b052g361s77nb0xyk44fp2x1fe669aqg2zzpmz4ym0wzf5bxza1d7vttkgj14g5d55znm9myy1z5dz062bygktts8z11774bjsgmtwygt4zqhp94h13vdwep18ve64vxzfxhjbtph6q2c5w4y27dm89ewpfc6fm63zv6s18%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCLBwtRZliZPngGfGB9fgPyLu5uAqQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE8gFP0MBKN3Ow-R0wtaCGbLMJeaZeL-SwA_Q3zDdbTa0gn6Im6nt4GWlZHyD77-yJvlD8OhGsRba0y5JcYvDzKQo7hmgqhMSQswxkR-RSBz5RUZtm542kZOpyiss0GFnIjcjBihR0kvgu34LNy7nEDf8ueR3D4s8joPtRz8uncpkzITZ_V4kzP1RwxJdFIZuRXFbNivpjMMskpPrmjBhbfc6aqNSjqP0CEcBsJE6oHoNe8P62aJ4M6c8rTSBEySTh4fOBSIBOMNC09tkuqZEnb8BPCTHFt6skGo49EFP5nv1Bh5_DGwZptL4PXsF3e2_W1ZvHZOAEAYAGzui6xZWzjYKnAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_1UwXbSGyKJWUMZzdC1BdIH98xNkA%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b2af32f323ea3d058e5a0e7fa8e2634cad235b28d9c5a555a6063a7dd917d240

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:48 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1384722
cf-polished: origFmt=png, origSize=13977
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4360
cf-bgj: imgq:85,h2pri
last-modified: Thu, 16 Dec 2021 07:02:14 GMT
server: cloudflare
etag: "c945652af3bf3981722833beef3f9b60"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Sth1gFH1KG1Lp%2B%2Fa%2FQZNuJ%2B4che71yo9RWv%2Bxnw2BJBJdtUxh5pCkmXmoheLTgaCHHPcN4CqXPdW503smk4lVVWuLaZwoAqc9B%2BJp%2FUtuc4LVqwAcBc6eEh1BVf6p2ub0%2B1u0FeeW2AI7iZ4"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7c7e35a2abc21c2c-FRA
expires: Tue, 16 May 2023 20:42:48 GMT

GET
H3 200 CFD3F78423E432C09CAB1CDCE4564990D14CE280D20EA00DC5ED3DE92CCD632B7E62A7F34A06537672CC7512B772A471411ECC818CEDAE09249CB1305940647B
assets.ad4m.at/product_image/ Frame 093E 490 KB
490 KB 30ms
27ms Image
image/png 2606:4700:20::681a:bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/CFD3F78423E432C09CAB1CDCE4564990D14CE280D20EA00DC5ED3DE92CCD632B7E62A7F34A06537672CC7512B772A471411ECC818CEDAE09249CB1305940647B
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=200037%2C14019%2C183722&b=mV2HefGfWXGmSmHZHZtzt6qYtKSwTeZMHb1k5%2CeYdU3fVfxA6tjHZHet1t4mWTwSQTKrACYXpb%2CBgwFgfPfxKzeSxH6H3t9tVJwMajSeT8dbUB6xZ&f=7YmUqfzfj538crHXHgtECk98c4S1TQPbCEZQx%2CDXdT3fwfbJ6t3HmH9twCZDAhxSmTYW3aXdjW%2CjE2sEfGfqP9jtYHEH2tWC43eVhZSzT1XgTGpmR&c=970&d=90&e=&g=ba99554a4dbfa68e99ca82cd9152f370%2F2842032654825791844&i=22499%2C21596%2C71170&j=21%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183367931&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1khhrt6f8gjtga1bxy7csbkrwb0m1rhpprqvffawwn02bxbhfs6ddr1tfzmtfwn421r9ss33w3y12ev4ar03r5vy9t0qntgms0rk6cm5jrg84bxeez2b052g361s77nb0xyk44fp2x1fe669aqg2zzpmz4ym0wzf5bxza1d7vttkgj14g5d55znm9myy1z5dz062bygktts8z11774bjsgmtwygt4zqhp94h13vdwep18ve64vxzfxhjbtph6q2c5w4y27dm89ewpfc6fm63zv6s18%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCLBwtRZliZPngGfGB9fgPyLu5uAqQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE8gFP0MBKN3Ow-R0wtaCGbLMJeaZeL-SwA_Q3zDdbTa0gn6Im6nt4GWlZHyD77-yJvlD8OhGsRba0y5JcYvDzKQo7hmgqhMSQswxkR-RSBz5RUZtm542kZOpyiss0GFnIjcjBihR0kvgu34LNy7nEDf8ueR3D4s8joPtRz8uncpkzITZ_V4kzP1RwxJdFIZuRXFbNivpjMMskpPrmjBhbfc6aqNSjqP0CEcBsJE6oHoNe8P62aJ4M6c8rTSBEySTh4fOBSIBOMNC09tkuqZEnb8BPCTHFt6skGo49EFP5nv1Bh5_DGwZptL4PXsF3e2_W1ZvHZOAEAYAGzui6xZWzjYKnAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_1UwXbSGyKJWUMZzdC1BdIH98xNkA%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:bd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7e8726aba04a3ce80d5e053075b99879808e4bd38675b2f8309ca794ccffe03b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:48 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 167582
cf-polished: origSize=569890, status=vary_header_present
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 501301
cf-bgj: imgq:85,h2pri
last-modified: Fri, 25 Mar 2022 09:24:02 GMT
server: cloudflare
etag: "200750310bd7452e6896755c32cc9ce5"
vary: X-Goog-Allowed-Resources, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fk0t3ZWt1tqDhcX26fDUFLq1wShJtL3uYkylERhpXvyE0FA6FnmZNNBG9MXr4Io%2FiZV%2FSWutMPr568227o%2BDDhQ1uCJ%2FBnqxJU2nSGXS%2BHIs3da3g8AFbxOUXkrPmzMV20zzXKj6uTECis2s"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=86400
accept-ranges: bytes
cf-ray: 7c7e35a2abc51c2c-FRA
expires: Tue, 16 May 2023 20:42:48 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 0717 0
0 48ms
47ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjss75BpakNqdcFQfnBuxX3_YZmDPNL2en5yz_8Rm6ai3ApGCyhwfsV4594onwbOv8E72XGcY7TMJpe9SAX6nTTXFMgAX2GiNRjYcc6OH_sy3rxUhcVjR6RW9PFNvBsRifCVx1vQ0dr2Xoeein8Dh4c263pCd9jSMr1QsAaRfUidlKWuK2y1YfcNptfXxuroaapwOOvuGaJDOy3QsqXb-RdXHtWF0KDZAp6RMwa7VxyZA_wetsLd_jPAiU1PKdhO8GnGTmRJOSiO53aG0_nMsO286cXvCSuXTbcg31ebfrp_lqn-2Pw1aBZQkAusnvK_sJed2eOBl94cTHtwI&sai=AMfl-YQQQrVvsm0kBuGzaqDKocfQExuYV-SspVVLv3s0ffdRfxFYJePfhQjrba8vI8w-sGj_rjlBekUvi4R4ajoLRy8lzx3fpL09nqcQoUPEJS_n-K0pdYjV7yiUOIEhYP8&sig=Cg0ArKJSzOCdxRapCQ83EAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:48 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 15 May 2023 20:42:48 GMT

GET
H2 200 link.html Show response
track.webgains.com/ Frame 29E8 1 KB
2 KB 70ms
63ms Script
text/html 18.133.36.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=2194035&wgcampaignid=1384975&js=1&nw=1&wgtarget=https%3A%2F%2Fas.ad4m.at%2Fad%2Frct%3Fed%3D1jcn9hkkx46bf1xfzhs2w5dpxwy6h5qrxfazca5q95asmzy1e7hz4aggqn12z967r1b9anqcgrhk5vjmjpy1rx6y6wvnrjj3pgcq0wbqwcxj32bsg8j5pw2a2e2bgzrkvnbrh5rmx67p6pfesnzt4gctv7wzh1r94hfsa12zmnrz12xrw4kqnjne74re6ew0xnwdjmztgkr28dr5nr68kyjwjfcesamaak5cmxg1rmje6wg5cxfqyqdsnph3rn77z7jmj%26a%3Dhttps%253A%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1j37addvzsm6pg9wrec073ybpx10nh101evqamjpga5wh77zgakr2evjgqr83t27h8rejggp2s328q176ysvf2tn5b339wnme8dte3j35bgae27nw05z2czpzk68fxnx19pc08a9k9f6dgrpsmg9w8hzyd081ev0r8jctvr3k7hn4qvybbdp1q1wy7a9ng1qbt7c2yf29tchqqw5bzcavxmswp4h66a1ejcqry6mxraax60p4q2z082j67h36epb1c9dzqrb48n9rrkfes42d05p1w%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DC04wERZliZKWkCoysbYzLt9AGkOGBhFy2qMKK8ALAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCakCuEm_tTNnsj7gAgCoAwGqBPgBT9D1hncuEGvr-5JJSltAD29RxLNPtO82ArmolBPnOycWps1XjPRURvA6sG1LN9_obUU_lRG9gkbNWpY-W1mub1ROlLbjBUFjlLBJ0NGlG-YoIbNzutp4zGS0TPG5GOS27kukMvs3H1dspf_UHa6pgu8jaBA1QwRPVgytVjkXqMmgAoupWp1emM4mIhsa_FcKMIniMyr9KkoRd8JZNWccCe1XxSHPWT83wse8-cW2-kxXGpvPONeo2V5XpH6ELmF5qOmcJHeQT0xFdZFhgYi48_277eP0LuvXn2zf_8PmFCerByyBt1n5_YX_j-hvVy8fLmdEum9nVz3gBAGABsTRnvTIgM68pQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%252526num%25253D1%252526sig%25253DAOD64_3FB1mNWba4Er0x6X7fV_QthhgJ9A%252526client%25253Dca-pub-7554793497192362%252526adurl%25253D&clickref=oneidP6AhBfbfbJMRC9HjHbtgCP6ASJS9TDpQcjqdYoneid__suite_Netmix_Reach128_WEBGAINSMOSTLY&viewref=oneidrWbTQf9f3XBdaAH7HjtqtBXVaYS8TgJka1JYMoneid__suite_Netmix_Reach128_WEBGAINSMOSTLY
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=183975%2C321853%2C46427&b=rWbTQf9f3XBdaAH7HjtqtBXVaYS8TgJka1JYM%2Cg62h8frfWBzXfPHbH8t5tj78WSmSQT954TMx4E%2CrWbTQf9fGq1tAH7HjtqtGReuYS8TgJka1JYM&f=P6AhBfbfbJMRC9HjHbtgCP6ASJS9TDpQcjqdY%2CBgwFgfPfYG1XFxH6H3tgCzVDAtjSeT8dbUB6xZ%2CP6AhBfbfeYET9HjHbtgCwJ2CJS9TDpQcjqdY&c=728&d=90&e=&g=26e11e3735c455e09b8160b4faee1eec%2F13339628171076748777&i=20597%2C111803%2C22481&j=21%2C21%2C21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183367716&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j37addvzsm6pg9wrec073ybpx10nh101evqamjpga5wh77zgakr2evjgqr83t27h8rejggp2s328q176ysvf2tn5b339wnme8dte3j35bgae27nw05z2czpzk68fxnx19pc08a9k9f6dgrpsmg9w8hzyd081ev0r8jctvr3k7hn4qvybbdp1q1wy7a9ng1qbt7c2yf29tchqqw5bzcavxmswp4h66a1ejcqry6mxraax60p4q2z082j67h36epb1c9dzqrb48n9rrkfes42d05p1w%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC04wERZliZKWkCoysbYzLt9AGkOGBhFy2qMKK8ALAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCakCuEm_tTNnsj7gAgCoAwGqBPgBT9D1hncuEGvr-5JJSltAD29RxLNPtO82ArmolBPnOycWps1XjPRURvA6sG1LN9_obUU_lRG9gkbNWpY-W1mub1ROlLbjBUFjlLBJ0NGlG-YoIbNzutp4zGS0TPG5GOS27kukMvs3H1dspf_UHa6pgu8jaBA1QwRPVgytVjkXqMmgAoupWp1emM4mIhsa_FcKMIniMyr9KkoRd8JZNWccCe1XxSHPWT83wse8-cW2-kxXGpvPONeo2V5XpH6ELmF5qOmcJHeQT0xFdZFhgYi48_277eP0LuvXn2zf_8PmFCerByyBt1n5_YX_j-hvVy8fLmdEum9nVz3gBAGABsTRnvTIgM68pQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3FB1mNWba4Er0x6X7fV_QthhgJ9A%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.133.36.104 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-133-36-104.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: eb5e546a000458768c8082463ac22b85a5144bdfebb735d67828f4446b33144d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:48 GMT
last-modified: Mon, 15 May 2023 20:42:48 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Mon, 15 May 2023 20:43:48 GMT

GET
H2 200 link.html Show response
track.webgains.com/ Frame 29E8 1 KB
2 KB 74ms
73ms Script
text/html 18.133.36.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=4452068&wgcampaignid=1384975&js=1&nw=1&wgtarget=https%3A%2F%2Fas.ad4m.at%2Fad%2Frct%3Fed%3D1j4swt8p6jx7t3t34b1wh09p16xjces3cbyjxb3wymkb1ar5053r12zs3588nev0qtp5x0c9mrt7p81ekys02fj34tb343tqd6v5s1aq5g66053nn8mge38dw2tc1nteejdfanny9reg6qbcxd63z4zct9y07aybaktckyxvdda2aqgp3yawgxf2vyc8d2w04qaqmm2v6fry0x6ckhzx0vdrq2d8cfywmf43mbv9ptq9k50tm6w5ybjw9cf2x4kda7nkaz0%26a%3Dhttps%253A%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1j37addvzsm6pg9wrec073ybpx10nh101evqamjpga5wh77zgakr2evjgqr83t27h8rejggp2s328q176ysvf2tn5b339wnme8dte3j35bgae27nw05z2czpzk68fxnx19pc08a9k9f6dgrpsmg9w8hzyd081ev0r8jctvr3k7hn4qvybbdp1q1wy7a9ng1qbt7c2yf29tchqqw5bzcavxmswp4h66a1ejcqry6mxraax60p4q2z082j67h36epb1c9dzqrb48n9rrkfes42d05p1w%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DC04wERZliZKWkCoysbYzLt9AGkOGBhFy2qMKK8ALAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCakCuEm_tTNnsj7gAgCoAwGqBPgBT9D1hncuEGvr-5JJSltAD29RxLNPtO82ArmolBPnOycWps1XjPRURvA6sG1LN9_obUU_lRG9gkbNWpY-W1mub1ROlLbjBUFjlLBJ0NGlG-YoIbNzutp4zGS0TPG5GOS27kukMvs3H1dspf_UHa6pgu8jaBA1QwRPVgytVjkXqMmgAoupWp1emM4mIhsa_FcKMIniMyr9KkoRd8JZNWccCe1XxSHPWT83wse8-cW2-kxXGpvPONeo2V5XpH6ELmF5qOmcJHeQT0xFdZFhgYi48_277eP0LuvXn2zf_8PmFCerByyBt1n5_YX_j-hvVy8fLmdEum9nVz3gBAGABsTRnvTIgM68pQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%252526num%25253D1%252526sig%25253DAOD64_3FB1mNWba4Er0x6X7fV_QthhgJ9A%252526client%25253Dca-pub-7554793497192362%252526adurl%25253D&clickref=oneidBgwFgfPfYG1XFxH6H3tgCzVDAtjSeT8dbUB6xZoneid__suite_Netmix_Reach128_WEBGAINSMOSTLY&viewref=oneidg62h8frfWBzXfPHbH8t5tj78WSmSQT954TMx4Eoneid__suite_Netmix_Reach128_WEBGAINSMOSTLY
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=183975%2C321853%2C46427&b=rWbTQf9f3XBdaAH7HjtqtBXVaYS8TgJka1JYM%2Cg62h8frfWBzXfPHbH8t5tj78WSmSQT954TMx4E%2CrWbTQf9fGq1tAH7HjtqtGReuYS8TgJka1JYM&f=P6AhBfbfbJMRC9HjHbtgCP6ASJS9TDpQcjqdY%2CBgwFgfPfYG1XFxH6H3tgCzVDAtjSeT8dbUB6xZ%2CP6AhBfbfeYET9HjHbtgCwJ2CJS9TDpQcjqdY&c=728&d=90&e=&g=26e11e3735c455e09b8160b4faee1eec%2F13339628171076748777&i=20597%2C111803%2C22481&j=21%2C21%2C21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183367716&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j37addvzsm6pg9wrec073ybpx10nh101evqamjpga5wh77zgakr2evjgqr83t27h8rejggp2s328q176ysvf2tn5b339wnme8dte3j35bgae27nw05z2czpzk68fxnx19pc08a9k9f6dgrpsmg9w8hzyd081ev0r8jctvr3k7hn4qvybbdp1q1wy7a9ng1qbt7c2yf29tchqqw5bzcavxmswp4h66a1ejcqry6mxraax60p4q2z082j67h36epb1c9dzqrb48n9rrkfes42d05p1w%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC04wERZliZKWkCoysbYzLt9AGkOGBhFy2qMKK8ALAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCakCuEm_tTNnsj7gAgCoAwGqBPgBT9D1hncuEGvr-5JJSltAD29RxLNPtO82ArmolBPnOycWps1XjPRURvA6sG1LN9_obUU_lRG9gkbNWpY-W1mub1ROlLbjBUFjlLBJ0NGlG-YoIbNzutp4zGS0TPG5GOS27kukMvs3H1dspf_UHa6pgu8jaBA1QwRPVgytVjkXqMmgAoupWp1emM4mIhsa_FcKMIniMyr9KkoRd8JZNWccCe1XxSHPWT83wse8-cW2-kxXGpvPONeo2V5XpH6ELmF5qOmcJHeQT0xFdZFhgYi48_277eP0LuvXn2zf_8PmFCerByyBt1n5_YX_j-hvVy8fLmdEum9nVz3gBAGABsTRnvTIgM68pQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3FB1mNWba4Er0x6X7fV_QthhgJ9A%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.133.36.104 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-133-36-104.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: a5b518aed57899d2c75577a03eeb5872eb62f493fa0dcc4059e369358f6e8198

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:48 GMT
last-modified: Mon, 15 May 2023 20:42:48 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Mon, 15 May 2023 20:43:48 GMT

GET
H2 429 link.html
track.webgains.com/ Frame 29E8 0
0 29ms
29ms Script
text/html 18.133.36.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=2100065&wgcampaignid=1384975&js=1&nw=1&wgtarget=https%3A%2F%2Fas.ad4m.at%2Fad%2Frct%3Fed%3D1hd7kq0cezs0jznfh8ysw4jmregdx992tm9q0728p46yamc6445yx70yd8dptrexdxyxq30c4shesgbyvg658v7p8jbnmskxaxbtzzzqttjcc3rzjy4xfcm5t446805y05pcb5skrvhcrfj9vmpewmmsjmewj2esjjkcsyxd03ds6vkvqtnr0cybmwdjdg47n7mx8gj4ytvmp6y9fx79e6e58qn99zdtej7jnwz1km3y4t8vmh8ttma4zskbpqeeerm0%26a%3Dhttps%253A%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1j37addvzsm6pg9wrec073ybpx10nh101evqamjpga5wh77zgakr2evjgqr83t27h8rejggp2s328q176ysvf2tn5b339wnme8dte3j35bgae27nw05z2czpzk68fxnx19pc08a9k9f6dgrpsmg9w8hzyd081ev0r8jctvr3k7hn4qvybbdp1q1wy7a9ng1qbt7c2yf29tchqqw5bzcavxmswp4h66a1ejcqry6mxraax60p4q2z082j67h36epb1c9dzqrb48n9rrkfes42d05p1w%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DC04wERZliZKWkCoysbYzLt9AGkOGBhFy2qMKK8ALAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCakCuEm_tTNnsj7gAgCoAwGqBPgBT9D1hncuEGvr-5JJSltAD29RxLNPtO82ArmolBPnOycWps1XjPRURvA6sG1LN9_obUU_lRG9gkbNWpY-W1mub1ROlLbjBUFjlLBJ0NGlG-YoIbNzutp4zGS0TPG5GOS27kukMvs3H1dspf_UHa6pgu8jaBA1QwRPVgytVjkXqMmgAoupWp1emM4mIhsa_FcKMIniMyr9KkoRd8JZNWccCe1XxSHPWT83wse8-cW2-kxXGpvPONeo2V5XpH6ELmF5qOmcJHeQT0xFdZFhgYi48_277eP0LuvXn2zf_8PmFCerByyBt1n5_YX_j-hvVy8fLmdEum9nVz3gBAGABsTRnvTIgM68pQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%252526num%25253D1%252526sig%25253DAOD64_3FB1mNWba4Er0x6X7fV_QthhgJ9A%252526client%25253Dca-pub-7554793497192362%252526adurl%25253D&clickref=oneidP6AhBfbfeYET9HjHbtgCwJ2CJS9TDpQcjqdYoneid__suite_Netmix_Reach128_WEBGAINSMOSTLY&viewref=oneidrWbTQf9fGq1tAH7HjtqtGReuYS8TgJka1JYMoneid__suite_Netmix_Reach128_WEBGAINSMOSTLY
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=183975%2C321853%2C46427&b=rWbTQf9f3XBdaAH7HjtqtBXVaYS8TgJka1JYM%2Cg62h8frfWBzXfPHbH8t5tj78WSmSQT954TMx4E%2CrWbTQf9fGq1tAH7HjtqtGReuYS8TgJka1JYM&f=P6AhBfbfbJMRC9HjHbtgCP6ASJS9TDpQcjqdY%2CBgwFgfPfYG1XFxH6H3tgCzVDAtjSeT8dbUB6xZ%2CP6AhBfbfeYET9HjHbtgCwJ2CJS9TDpQcjqdY&c=728&d=90&e=&g=26e11e3735c455e09b8160b4faee1eec%2F13339628171076748777&i=20597%2C111803%2C22481&j=21%2C21%2C21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183367716&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j37addvzsm6pg9wrec073ybpx10nh101evqamjpga5wh77zgakr2evjgqr83t27h8rejggp2s328q176ysvf2tn5b339wnme8dte3j35bgae27nw05z2czpzk68fxnx19pc08a9k9f6dgrpsmg9w8hzyd081ev0r8jctvr3k7hn4qvybbdp1q1wy7a9ng1qbt7c2yf29tchqqw5bzcavxmswp4h66a1ejcqry6mxraax60p4q2z082j67h36epb1c9dzqrb48n9rrkfes42d05p1w%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC04wERZliZKWkCoysbYzLt9AGkOGBhFy2qMKK8ALAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCakCuEm_tTNnsj7gAgCoAwGqBPgBT9D1hncuEGvr-5JJSltAD29RxLNPtO82ArmolBPnOycWps1XjPRURvA6sG1LN9_obUU_lRG9gkbNWpY-W1mub1ROlLbjBUFjlLBJ0NGlG-YoIbNzutp4zGS0TPG5GOS27kukMvs3H1dspf_UHa6pgu8jaBA1QwRPVgytVjkXqMmgAoupWp1emM4mIhsa_FcKMIniMyr9KkoRd8JZNWccCe1XxSHPWT83wse8-cW2-kxXGpvPONeo2V5XpH6ELmF5qOmcJHeQT0xFdZFhgYi48_277eP0LuvXn2zf_8PmFCerByyBt1n5_YX_j-hvVy8fLmdEum9nVz3gBAGABsTRnvTIgM68pQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3FB1mNWba4Er0x6X7fV_QthhgJ9A%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.133.36.104 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-133-36-104.eu-west-2.compute.amazonaws.com
Software: awselb/2.0 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:48 GMT
server: awselb/2.0
content-length: 45
content-type: text/html

GET
H2 200 link.html Show response
track.webgains.com/ Frame 093E 2 KB
2 KB 78ms
75ms Script
text/html 18.133.36.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=3540285&wgcampaignid=1384975&js=1&nw=1&wgtarget=https%3A%2F%2Fas.ad4m.at%2Fad%2Frct%3Fed%3D1ksm1he7gh7xd1en851p7sxr2m5h7kgb6qx0bcjha8kpz3n7he72f74c7t958xbghp4e8tw6wb8j67knzj37mkk0ahexhz5yv5pd4nszr40xpagz45p70d7tr6a8d5k9k17v9pxmgcncyjmxc2632nbsnhmnzg4hf2k6q47bcecxt1yan1awe7z5tvj689n06txnx3fdb8fneq0c5bf04fh8j2hhq32x8j2d7p65n3v64p41wgjbspang936zf1p0tk0%26a%3Dhttps%253A%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1khhrt6f8gjtga1bxy7csbkrwb0m1rhpprqvffawwn02bxbhfs6ddr1tfzmtfwn421r9ss33w3y12ev4ar03r5vy9t0qntgms0rk6cm5jrg84bxeez2b052g361s77nb0xyk44fp2x1fe669aqg2zzpmz4ym0wzf5bxza1d7vttkgj14g5d55znm9myy1z5dz062bygktts8z11774bjsgmtwygt4zqhp94h13vdwep18ve64vxzfxhjbtph6q2c5w4y27dm89ewpfc6fm63zv6s18%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCLBwtRZliZPngGfGB9fgPyLu5uAqQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE8gFP0MBKN3Ow-R0wtaCGbLMJeaZeL-SwA_Q3zDdbTa0gn6Im6nt4GWlZHyD77-yJvlD8OhGsRba0y5JcYvDzKQo7hmgqhMSQswxkR-RSBz5RUZtm542kZOpyiss0GFnIjcjBihR0kvgu34LNy7nEDf8ueR3D4s8joPtRz8uncpkzITZ_V4kzP1RwxJdFIZuRXFbNivpjMMskpPrmjBhbfc6aqNSjqP0CEcBsJE6oHoNe8P62aJ4M6c8rTSBEySTh4fOBSIBOMNC09tkuqZEnb8BPCTHFt6skGo49EFP5nv1Bh5_DGwZptL4PXsF3e2_W1ZvHZOAEAYAGzui6xZWzjYKnAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%252526num%25253D1%252526sig%25253DAOD64_1UwXbSGyKJWUMZzdC1BdIH98xNkA%252526client%25253Dca-pub-7554793497192362%252526adurl%25253D&clickref=oneid7YmUqfzfj538crHXHgtECk98c4S1TQPbCEZQxoneid__suite_Netmix_Reach128_WEBGAINSMOSTLY&viewref=oneidmV2HefGfWXGmSmHZHZtzt6qYtKSwTeZMHb1k5oneid__suite_Netmix_Reach128_WEBGAINSMOSTLY
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=200037%2C14019%2C183722&b=mV2HefGfWXGmSmHZHZtzt6qYtKSwTeZMHb1k5%2CeYdU3fVfxA6tjHZHet1t4mWTwSQTKrACYXpb%2CBgwFgfPfxKzeSxH6H3t9tVJwMajSeT8dbUB6xZ&f=7YmUqfzfj538crHXHgtECk98c4S1TQPbCEZQx%2CDXdT3fwfbJ6t3HmH9twCZDAhxSmTYW3aXdjW%2CjE2sEfGfqP9jtYHEH2tWC43eVhZSzT1XgTGpmR&c=970&d=90&e=&g=ba99554a4dbfa68e99ca82cd9152f370%2F2842032654825791844&i=22499%2C21596%2C71170&j=21%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183367931&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1khhrt6f8gjtga1bxy7csbkrwb0m1rhpprqvffawwn02bxbhfs6ddr1tfzmtfwn421r9ss33w3y12ev4ar03r5vy9t0qntgms0rk6cm5jrg84bxeez2b052g361s77nb0xyk44fp2x1fe669aqg2zzpmz4ym0wzf5bxza1d7vttkgj14g5d55znm9myy1z5dz062bygktts8z11774bjsgmtwygt4zqhp94h13vdwep18ve64vxzfxhjbtph6q2c5w4y27dm89ewpfc6fm63zv6s18%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCLBwtRZliZPngGfGB9fgPyLu5uAqQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE8gFP0MBKN3Ow-R0wtaCGbLMJeaZeL-SwA_Q3zDdbTa0gn6Im6nt4GWlZHyD77-yJvlD8OhGsRba0y5JcYvDzKQo7hmgqhMSQswxkR-RSBz5RUZtm542kZOpyiss0GFnIjcjBihR0kvgu34LNy7nEDf8ueR3D4s8joPtRz8uncpkzITZ_V4kzP1RwxJdFIZuRXFbNivpjMMskpPrmjBhbfc6aqNSjqP0CEcBsJE6oHoNe8P62aJ4M6c8rTSBEySTh4fOBSIBOMNC09tkuqZEnb8BPCTHFt6skGo49EFP5nv1Bh5_DGwZptL4PXsF3e2_W1ZvHZOAEAYAGzui6xZWzjYKnAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_1UwXbSGyKJWUMZzdC1BdIH98xNkA%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.133.36.104 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-133-36-104.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: 71be6629a069a87727896d49e682c05e4676545732bdb6d91d7ebb92c2068253

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:48 GMT
last-modified: Mon, 15 May 2023 20:42:48 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Mon, 15 May 2023 20:43:48 GMT

GET
H2 200 link.html Show response
track.webgains.com/ Frame 093E 2 KB
2 KB 81ms
81ms Script
text/html 18.133.36.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=3921825&wgcampaignid=1384975&js=1&nw=1&wgtarget=https%3A%2F%2Fas.ad4m.at%2Fad%2Frct%3Fed%3D1ka9pbn3jdj4fhrc9t9d70tn81avehezanzd5dkzg3sdtadka3vhj5fyehvzj18v85tn6wg8cphq9aggse1s744aab49ez4r4d17yp5ym9z0xkn1t8t6h9w4qnbjr2zq4amjyjz561hgyw8d5nvexj3e7rxt24vn550b50aqfj3w6kbv8st63rjyzy79b8h6kqwyft17zb1vyhz88vzmqf9kbxspyef28pcryqx4qfr3btwtd7b0pvmtd5g923hn9p0g%26a%3Dhttps%253A%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1khhrt6f8gjtga1bxy7csbkrwb0m1rhpprqvffawwn02bxbhfs6ddr1tfzmtfwn421r9ss33w3y12ev4ar03r5vy9t0qntgms0rk6cm5jrg84bxeez2b052g361s77nb0xyk44fp2x1fe669aqg2zzpmz4ym0wzf5bxza1d7vttkgj14g5d55znm9myy1z5dz062bygktts8z11774bjsgmtwygt4zqhp94h13vdwep18ve64vxzfxhjbtph6q2c5w4y27dm89ewpfc6fm63zv6s18%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCLBwtRZliZPngGfGB9fgPyLu5uAqQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE8gFP0MBKN3Ow-R0wtaCGbLMJeaZeL-SwA_Q3zDdbTa0gn6Im6nt4GWlZHyD77-yJvlD8OhGsRba0y5JcYvDzKQo7hmgqhMSQswxkR-RSBz5RUZtm542kZOpyiss0GFnIjcjBihR0kvgu34LNy7nEDf8ueR3D4s8joPtRz8uncpkzITZ_V4kzP1RwxJdFIZuRXFbNivpjMMskpPrmjBhbfc6aqNSjqP0CEcBsJE6oHoNe8P62aJ4M6c8rTSBEySTh4fOBSIBOMNC09tkuqZEnb8BPCTHFt6skGo49EFP5nv1Bh5_DGwZptL4PXsF3e2_W1ZvHZOAEAYAGzui6xZWzjYKnAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%252526num%25253D1%252526sig%25253DAOD64_1UwXbSGyKJWUMZzdC1BdIH98xNkA%252526client%25253Dca-pub-7554793497192362%252526adurl%25253D&clickref=oneidjE2sEfGfqP9jtYHEH2tWC43eVhZSzT1XgTGpmRoneid__suite_Netmix_Reach128_WEBGAINSMOSTLY&viewref=oneidBgwFgfPfxKzeSxH6H3t9tVJwMajSeT8dbUB6xZoneid__suite_Netmix_Reach128_WEBGAINSMOSTLY
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=200037%2C14019%2C183722&b=mV2HefGfWXGmSmHZHZtzt6qYtKSwTeZMHb1k5%2CeYdU3fVfxA6tjHZHet1t4mWTwSQTKrACYXpb%2CBgwFgfPfxKzeSxH6H3t9tVJwMajSeT8dbUB6xZ&f=7YmUqfzfj538crHXHgtECk98c4S1TQPbCEZQx%2CDXdT3fwfbJ6t3HmH9twCZDAhxSmTYW3aXdjW%2CjE2sEfGfqP9jtYHEH2tWC43eVhZSzT1XgTGpmR&c=970&d=90&e=&g=ba99554a4dbfa68e99ca82cd9152f370%2F2842032654825791844&i=22499%2C21596%2C71170&j=21%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183367931&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1khhrt6f8gjtga1bxy7csbkrwb0m1rhpprqvffawwn02bxbhfs6ddr1tfzmtfwn421r9ss33w3y12ev4ar03r5vy9t0qntgms0rk6cm5jrg84bxeez2b052g361s77nb0xyk44fp2x1fe669aqg2zzpmz4ym0wzf5bxza1d7vttkgj14g5d55znm9myy1z5dz062bygktts8z11774bjsgmtwygt4zqhp94h13vdwep18ve64vxzfxhjbtph6q2c5w4y27dm89ewpfc6fm63zv6s18%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCLBwtRZliZPngGfGB9fgPyLu5uAqQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE8gFP0MBKN3Ow-R0wtaCGbLMJeaZeL-SwA_Q3zDdbTa0gn6Im6nt4GWlZHyD77-yJvlD8OhGsRba0y5JcYvDzKQo7hmgqhMSQswxkR-RSBz5RUZtm542kZOpyiss0GFnIjcjBihR0kvgu34LNy7nEDf8ueR3D4s8joPtRz8uncpkzITZ_V4kzP1RwxJdFIZuRXFbNivpjMMskpPrmjBhbfc6aqNSjqP0CEcBsJE6oHoNe8P62aJ4M6c8rTSBEySTh4fOBSIBOMNC09tkuqZEnb8BPCTHFt6skGo49EFP5nv1Bh5_DGwZptL4PXsF3e2_W1ZvHZOAEAYAGzui6xZWzjYKnAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_1UwXbSGyKJWUMZzdC1BdIH98xNkA%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.133.36.104 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-133-36-104.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: 2ac4ad8ef55dee2db8525d8dfa1332cc011eb973a021b9409a9a2f673aa15c15

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:48 GMT
last-modified: Mon, 15 May 2023 20:42:48 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Mon, 15 May 2023 20:43:48 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 9151 42 B
64 B 48ms
48ms Fetch
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvdx01buHwCvvRUN_W7Wz2TmfInJgNpU8OR_lYQWDiIMM78pJgtp-9_6ZZfxiE3BVwAsKyTmqm7hha-9uxbtmrOjtCBb15jWTho3xNxpprqvkpqz8s2VL5CPRTr2QXHgeanIaq50g&sai=AMfl-YRrpJypCR46w7au1vteNOO196BBWZ8LKKQxWHtg2Jorc27nrpZFDtBdFWDFFYXGhygbA2KutZPczNBJ3D99vLoZ4-hyM-_d8RKcnTCpO3h8ADfgA-NdMVn_7kcf&sig=Cg0ArKJSzLwoyYEY_9GWEAE&cid=CAQSPABygQiDU_BaR7EWUPMD1rq-ha8Woieb3mwLymwmAIz2mBqPLdkaxn7uaVqszBjJ6JLpNcn5uOfSJVz4jhgB&id=lidar2&mcvt=1032&p=923,436,1017,1164&mtos=0,1032,1032,1032,1032&tos=0,1032,0,0,0&v=20230510&bin=7&avms=nio&bs=0,0&mc=0.96&if=1&vu=1&app=0&itpl=20&adk=3869717851&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1684183364514&rpt=2662&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 34A1 42 B
64 B 58ms
57ms Fetch
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstA0rdzwEZ4fZUHnr3A41JYwqxOym6oDmXVItCV-yEA7m9sB-8sJQwtFwx89Z1DS0oRDxAA-TKsTOI9wVSE4VFs8itt21Q_&sig=Cg0ArKJSzNzhEcoqHzDhEAE&id=lidar2&mcvt=1034&p=0,0,90,728&mtos=1034,1034,1034,1034,1034&tos=1034,0,0,0,0&v=20230510&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=32&adk=4167744942&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1684183364402&rpt=2769&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 34A1 42 B
64 B 62ms
61ms Fetch
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvxIcYH5sGtY7ysBkqAA1Bb_7A0RXQP-tGSWWeVRJy7fvqpCQV1BwWceYGCMMXdWYrTKiif7kptiXLFHazA-Xmn740uB3cs__u8_60DlTTvNjzqHid19IskrCHWfo1JDNIxIMR3xg&sai=AMfl-YQiitwErfQi9Kzl4ck3miVWPu1xesb6sYMsliyCBUe5PuxCP3nsztBv3xbctKApkC16qn3P1Fc-WuW_YYN8y4o8s2iQXlW6k3Gk3wRMQv5NwEIm93tCwzeyIVn-&sig=Cg0ArKJSzGqFaHUqtrS4EAE&cid=CAQSPABygQiDp2tdQgqR_73fjJ94LVTaZCu4XQQapi-BI0Up1zY-Yj7ZuMP0wvZN-UuAS_zrr_zp52ZVbdfmdhgB&id=lidar2&mcvt=1037&p=1087,231,1181,959&mtos=0,1037,1037,1037,1037&tos=0,1037,0,0,0&v=20230510&bin=7&avms=nio&bs=0,0&mc=0.96&if=1&vu=1&app=0&itpl=20&adk=3591600024&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1684183364402&rpt=2764&isd=0&lsd=0&met=ie&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 9151 42 B
64 B 55ms
54ms Fetch
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstX62z7i5QWrXOHa34yyK04PK-aen-yINLOK3IdSHpL_y3jhgu_6PHI2FutbohmyR4Jne3qm-vOOYV8gsD1T-eYIDgalGos&sig=Cg0ArKJSzJN3Eu9N3L6VEAE&id=lidar2&mcvt=1039&p=0,0,90,728&mtos=1039,1039,1039,1039,1039&tos=1039,0,0,0,0&v=20230510&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=32&adk=2658142083&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1684183364514&rpt=2665&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 7AA3 0
0 45ms
44ms Fetch
image/gif 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuAObtMPqMRk_z0AMm6Eig7jOq3zHJirsGXUMS3_5_ckX9SooPBI7USk1c7WGYlocuu7jMQLZb81eOuZurF22h4SzAiooqqTfyumXtQRmA2b--ioA4p3lLDVtD69m5ytPM4WUV7Ho0ju_ufGPYRX4QsZ7LwAuKxJ8kwx61YWnJ_Ng_2c9Rjq0J6z5toAZe_h2QftFnKtyp331sy_MfSiWpHD1xo9McyF79EG9Et1SGrLxQp77kYWr__EbyhY31njV298oS0Dk0GnouirqP1uswHKzT2aYZsXScXdmA3KIQ52voEBS7Ft6CD3JJku1rG08lSiiuH1ez8X436SA&sai=AMfl-YTUKjw0tQgcSZopJZrYp0koTw3N37XwnVGn7z3IkR1fVAYrZTwzIjxw1v-Ib7hRJZbZRnEhLrM0yzbqYVas_c25-wdYRrwv9JqkWiekgTr0b-hQOgzM6IO-cYlbJoc&sig=Cg0ArKJSzDppZ19r5gXIEAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:48 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 15 May 2023 20:42:48 GMT

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 29E8 85 KB
31 KB 7ms
7ms Script
text/javascript 18.66.147.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=2194035&wgcampaignid=1384975&js=1&nw=1&wgtarget=https%3A%2F%2Fas.ad4m.at%2Fad%2Frct%3Fed%3D1jcn9hkkx46bf1xfzhs2w5dpxwy6h5qrxfazca5q95asmzy1e7hz4aggqn12z967r1b9anqcgrhk5vjmjpy1rx6y6wvnrjj3pgcq0wbqwcxj32bsg8j5pw2a2e2bgzrkvnbrh5rmx67p6pfesnzt4gctv7wzh1r94hfsa12zmnrz12xrw4kqnjne74re6ew0xnwdjmztgkr28dr5nr68kyjwjfcesamaak5cmxg1rmje6wg5cxfqyqdsnph3rn77z7jmj%26a%3Dhttps%253A%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1j37addvzsm6pg9wrec073ybpx10nh101evqamjpga5wh77zgakr2evjgqr83t27h8rejggp2s328q176ysvf2tn5b339wnme8dte3j35bgae27nw05z2czpzk68fxnx19pc08a9k9f6dgrpsmg9w8hzyd081ev0r8jctvr3k7hn4qvybbdp1q1wy7a9ng1qbt7c2yf29tchqqw5bzcavxmswp4h66a1ejcqry6mxraax60p4q2z082j67h36epb1c9dzqrb48n9rrkfes42d05p1w%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DC04wERZliZKWkCoysbYzLt9AGkOGBhFy2qMKK8ALAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCakCuEm_tTNnsj7gAgCoAwGqBPgBT9D1hncuEGvr-5JJSltAD29RxLNPtO82ArmolBPnOycWps1XjPRURvA6sG1LN9_obUU_lRG9gkbNWpY-W1mub1ROlLbjBUFjlLBJ0NGlG-YoIbNzutp4zGS0TPG5GOS27kukMvs3H1dspf_UHa6pgu8jaBA1QwRPVgytVjkXqMmgAoupWp1emM4mIhsa_FcKMIniMyr9KkoRd8JZNWccCe1XxSHPWT83wse8-cW2-kxXGpvPONeo2V5XpH6ELmF5qOmcJHeQT0xFdZFhgYi48_277eP0LuvXn2zf_8PmFCerByyBt1n5_YX_j-hvVy8fLmdEum9nVz3gBAGABsTRnvTIgM68pQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%252526num%25253D1%252526sig%25253DAOD64_3FB1mNWba4Er0x6X7fV_QthhgJ9A%252526client%25253Dca-pub-7554793497192362%252526adurl%25253D&clickref=oneidP6AhBfbfbJMRC9HjHbtgCP6ASJS9TDpQcjqdYoneid__suite_Netmix_Reach128_WEBGAINSMOSTLY&viewref=oneidrWbTQf9f3XBdaAH7HjtqtBXVaYS8TgJka1JYMoneid__suite_Netmix_Reach128_WEBGAINSMOSTLY
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-98.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 00c5621a3f56c052959f8f0591b65e893f132b49b1447fde20767966cacbfbfe

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 00:27:58 GMT
content-encoding: gzip
via: 1.1 12e62b05f63a1a2118cca20014b15012.cloudfront.net (CloudFront)
last-modified: Wed, 15 Mar 2023 17:26:29 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 75940
etag: W/"876c293e6c37046ecb0c11ce2e276942"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
x-amz-cf-id: EFBwXErF1vYkgNRVJ2NmjZgkZOyv37SKlRaaNircaJaDjJPMCwt6uA==

GET
H2 200 link.html
track.webgains.com/ Frame 29E8 48 KB
49 KB 84ms
84ms Image
image/gif 18.133.36.104
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.webgains.com/link.html?wgdedup=1&wgcampaignid=1384975&viewref=oneidrWbTQf9f3XBdaAH7HjtqtBXVaYS8TgJka1JYMoneid__suite_Netmix_Reach128_WEBGAINSMOSTLY&wglinkid=2194035
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=183975%2C321853%2C46427&b=rWbTQf9f3XBdaAH7HjtqtBXVaYS8TgJka1JYM%2Cg62h8frfWBzXfPHbH8t5tj78WSmSQT954TMx4E%2CrWbTQf9fGq1tAH7HjtqtGReuYS8TgJka1JYM&f=P6AhBfbfbJMRC9HjHbtgCP6ASJS9TDpQcjqdY%2CBgwFgfPfYG1XFxH6H3tgCzVDAtjSeT8dbUB6xZ%2CP6AhBfbfeYET9HjHbtgCwJ2CJS9TDpQcjqdY&c=728&d=90&e=&g=26e11e3735c455e09b8160b4faee1eec%2F13339628171076748777&i=20597%2C111803%2C22481&j=21%2C21%2C21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183367716&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j37addvzsm6pg9wrec073ybpx10nh101evqamjpga5wh77zgakr2evjgqr83t27h8rejggp2s328q176ysvf2tn5b339wnme8dte3j35bgae27nw05z2czpzk68fxnx19pc08a9k9f6dgrpsmg9w8hzyd081ev0r8jctvr3k7hn4qvybbdp1q1wy7a9ng1qbt7c2yf29tchqqw5bzcavxmswp4h66a1ejcqry6mxraax60p4q2z082j67h36epb1c9dzqrb48n9rrkfes42d05p1w%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC04wERZliZKWkCoysbYzLt9AGkOGBhFy2qMKK8ALAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCakCuEm_tTNnsj7gAgCoAwGqBPgBT9D1hncuEGvr-5JJSltAD29RxLNPtO82ArmolBPnOycWps1XjPRURvA6sG1LN9_obUU_lRG9gkbNWpY-W1mub1ROlLbjBUFjlLBJ0NGlG-YoIbNzutp4zGS0TPG5GOS27kukMvs3H1dspf_UHa6pgu8jaBA1QwRPVgytVjkXqMmgAoupWp1emM4mIhsa_FcKMIniMyr9KkoRd8JZNWccCe1XxSHPWT83wse8-cW2-kxXGpvPONeo2V5XpH6ELmF5qOmcJHeQT0xFdZFhgYi48_277eP0LuvXn2zf_8PmFCerByyBt1n5_YX_j-hvVy8fLmdEum9nVz3gBAGABsTRnvTIgM68pQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3FB1mNWba4Er0x6X7fV_QthhgJ9A%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.133.36.104 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-133-36-104.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: e634cdea6fc8a42921753f7da1799c4719b763400d8891a778bdcc519e43c919

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:48 GMT
last-modified: Mon, 15 May 2023 20:42:48 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Mon, 15 May 2023 20:43:48 GMT

GET
H2 200 link.html
track.webgains.com/ Frame 29E8 24 KB
24 KB 64ms
63ms Image
image/gif 18.133.36.104
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.webgains.com/link.html?wgdedup=1&wgcampaignid=1384975&viewref=oneidg62h8frfWBzXfPHbH8t5tj78WSmSQT954TMx4Eoneid__suite_Netmix_Reach128_WEBGAINSMOSTLY&wglinkid=4452068
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=183975%2C321853%2C46427&b=rWbTQf9f3XBdaAH7HjtqtBXVaYS8TgJka1JYM%2Cg62h8frfWBzXfPHbH8t5tj78WSmSQT954TMx4E%2CrWbTQf9fGq1tAH7HjtqtGReuYS8TgJka1JYM&f=P6AhBfbfbJMRC9HjHbtgCP6ASJS9TDpQcjqdY%2CBgwFgfPfYG1XFxH6H3tgCzVDAtjSeT8dbUB6xZ%2CP6AhBfbfeYET9HjHbtgCwJ2CJS9TDpQcjqdY&c=728&d=90&e=&g=26e11e3735c455e09b8160b4faee1eec%2F13339628171076748777&i=20597%2C111803%2C22481&j=21%2C21%2C21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183367716&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j37addvzsm6pg9wrec073ybpx10nh101evqamjpga5wh77zgakr2evjgqr83t27h8rejggp2s328q176ysvf2tn5b339wnme8dte3j35bgae27nw05z2czpzk68fxnx19pc08a9k9f6dgrpsmg9w8hzyd081ev0r8jctvr3k7hn4qvybbdp1q1wy7a9ng1qbt7c2yf29tchqqw5bzcavxmswp4h66a1ejcqry6mxraax60p4q2z082j67h36epb1c9dzqrb48n9rrkfes42d05p1w%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC04wERZliZKWkCoysbYzLt9AGkOGBhFy2qMKK8ALAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCakCuEm_tTNnsj7gAgCoAwGqBPgBT9D1hncuEGvr-5JJSltAD29RxLNPtO82ArmolBPnOycWps1XjPRURvA6sG1LN9_obUU_lRG9gkbNWpY-W1mub1ROlLbjBUFjlLBJ0NGlG-YoIbNzutp4zGS0TPG5GOS27kukMvs3H1dspf_UHa6pgu8jaBA1QwRPVgytVjkXqMmgAoupWp1emM4mIhsa_FcKMIniMyr9KkoRd8JZNWccCe1XxSHPWT83wse8-cW2-kxXGpvPONeo2V5XpH6ELmF5qOmcJHeQT0xFdZFhgYi48_277eP0LuvXn2zf_8PmFCerByyBt1n5_YX_j-hvVy8fLmdEum9nVz3gBAGABsTRnvTIgM68pQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3FB1mNWba4Er0x6X7fV_QthhgJ9A%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.133.36.104 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-133-36-104.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: c7bc8098c1b013492c04c1f333e56d3980945b0882c7f57441bf0688362eef29

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:48 GMT
last-modified: Mon, 15 May 2023 20:42:48 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Mon, 15 May 2023 20:43:48 GMT

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 093E 85 KB
31 KB 8ms
7ms Script
text/javascript 18.66.147.98
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=3540285&wgcampaignid=1384975&js=1&nw=1&wgtarget=https%3A%2F%2Fas.ad4m.at%2Fad%2Frct%3Fed%3D1ksm1he7gh7xd1en851p7sxr2m5h7kgb6qx0bcjha8kpz3n7he72f74c7t958xbghp4e8tw6wb8j67knzj37mkk0ahexhz5yv5pd4nszr40xpagz45p70d7tr6a8d5k9k17v9pxmgcncyjmxc2632nbsnhmnzg4hf2k6q47bcecxt1yan1awe7z5tvj689n06txnx3fdb8fneq0c5bf04fh8j2hhq32x8j2d7p65n3v64p41wgjbspang936zf1p0tk0%26a%3Dhttps%253A%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1khhrt6f8gjtga1bxy7csbkrwb0m1rhpprqvffawwn02bxbhfs6ddr1tfzmtfwn421r9ss33w3y12ev4ar03r5vy9t0qntgms0rk6cm5jrg84bxeez2b052g361s77nb0xyk44fp2x1fe669aqg2zzpmz4ym0wzf5bxza1d7vttkgj14g5d55znm9myy1z5dz062bygktts8z11774bjsgmtwygt4zqhp94h13vdwep18ve64vxzfxhjbtph6q2c5w4y27dm89ewpfc6fm63zv6s18%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DCLBwtRZliZPngGfGB9fgPyLu5uAqQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE8gFP0MBKN3Ow-R0wtaCGbLMJeaZeL-SwA_Q3zDdbTa0gn6Im6nt4GWlZHyD77-yJvlD8OhGsRba0y5JcYvDzKQo7hmgqhMSQswxkR-RSBz5RUZtm542kZOpyiss0GFnIjcjBihR0kvgu34LNy7nEDf8ueR3D4s8joPtRz8uncpkzITZ_V4kzP1RwxJdFIZuRXFbNivpjMMskpPrmjBhbfc6aqNSjqP0CEcBsJE6oHoNe8P62aJ4M6c8rTSBEySTh4fOBSIBOMNC09tkuqZEnb8BPCTHFt6skGo49EFP5nv1Bh5_DGwZptL4PXsF3e2_W1ZvHZOAEAYAGzui6xZWzjYKnAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%252526num%25253D1%252526sig%25253DAOD64_1UwXbSGyKJWUMZzdC1BdIH98xNkA%252526client%25253Dca-pub-7554793497192362%252526adurl%25253D&clickref=oneid7YmUqfzfj538crHXHgtECk98c4S1TQPbCEZQxoneid__suite_Netmix_Reach128_WEBGAINSMOSTLY&viewref=oneidmV2HefGfWXGmSmHZHZtzt6qYtKSwTeZMHb1k5oneid__suite_Netmix_Reach128_WEBGAINSMOSTLY
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-98.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 00c5621a3f56c052959f8f0591b65e893f132b49b1447fde20767966cacbfbfe

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 00:27:58 GMT
content-encoding: gzip
via: 1.1 12e62b05f63a1a2118cca20014b15012.cloudfront.net (CloudFront)
last-modified: Wed, 15 Mar 2023 17:26:29 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 75940
etag: W/"876c293e6c37046ecb0c11ce2e276942"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
x-amz-cf-id: OLyq4i0jmcTJDxYiboXx9MisSaY7YavWv2jJZSf_oGVJhIvwd_ipSQ==

GET
H2 200 1673517666_8mAJMotjQsuVYOFll0kUIco09hozQ9Wk.jpg
cdn.track.production.webgains.team/268155/ Frame 093E 76 KB
77 KB 7ms
7ms Image
image/jpeg 99.86.4.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/268155/1673517666_8mAJMotjQsuVYOFll0kUIco09hozQ9Wk.jpg?Expires=1684183668&Signature=CenSZV1M8ljyip9r7bMYkHZmhVRc6L5v90F~HpDPz6KgeiTZhzJ3Fn2gSymf8Yske-x5kuP6RpHE~ihTPM269sOlHmASLydNsrRv0kJPqbeIZ-a9znp0ifQ571pPP3Lt8g0J~WhJOdJ2MalWhGksQ8w~aB8jJOJm8MMk1X7Q2Z~ZZO0bUsgK02jxL7PCKQj9XnrhcoCeQZSYeZqg815nJru~OSKEGv0~zgN9pCH2ubzLDsUwKirxzp6STtkz7SIUpb74GEJXNsZRR1bGerwtTNG58i2t~LigSijRudSmTuB67EIE2FtiaHuWv023CBYOJUSwkHqG1kJwbpii1hkC7w__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=200037%2C14019%2C183722&b=mV2HefGfWXGmSmHZHZtzt6qYtKSwTeZMHb1k5%2CeYdU3fVfxA6tjHZHet1t4mWTwSQTKrACYXpb%2CBgwFgfPfxKzeSxH6H3t9tVJwMajSeT8dbUB6xZ&f=7YmUqfzfj538crHXHgtECk98c4S1TQPbCEZQx%2CDXdT3fwfbJ6t3HmH9twCZDAhxSmTYW3aXdjW%2CjE2sEfGfqP9jtYHEH2tWC43eVhZSzT1XgTGpmR&c=970&d=90&e=&g=ba99554a4dbfa68e99ca82cd9152f370%2F2842032654825791844&i=22499%2C21596%2C71170&j=21%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183367931&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1khhrt6f8gjtga1bxy7csbkrwb0m1rhpprqvffawwn02bxbhfs6ddr1tfzmtfwn421r9ss33w3y12ev4ar03r5vy9t0qntgms0rk6cm5jrg84bxeez2b052g361s77nb0xyk44fp2x1fe669aqg2zzpmz4ym0wzf5bxza1d7vttkgj14g5d55znm9myy1z5dz062bygktts8z11774bjsgmtwygt4zqhp94h13vdwep18ve64vxzfxhjbtph6q2c5w4y27dm89ewpfc6fm63zv6s18%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCLBwtRZliZPngGfGB9fgPyLu5uAqQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE8gFP0MBKN3Ow-R0wtaCGbLMJeaZeL-SwA_Q3zDdbTa0gn6Im6nt4GWlZHyD77-yJvlD8OhGsRba0y5JcYvDzKQo7hmgqhMSQswxkR-RSBz5RUZtm542kZOpyiss0GFnIjcjBihR0kvgu34LNy7nEDf8ueR3D4s8joPtRz8uncpkzITZ_V4kzP1RwxJdFIZuRXFbNivpjMMskpPrmjBhbfc6aqNSjqP0CEcBsJE6oHoNe8P62aJ4M6c8rTSBEySTh4fOBSIBOMNC09tkuqZEnb8BPCTHFt6skGo49EFP5nv1Bh5_DGwZptL4PXsF3e2_W1ZvHZOAEAYAGzui6xZWzjYKnAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_1UwXbSGyKJWUMZzdC1BdIH98xNkA%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-52.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a5d9bc65c8e2961fe877111c0fdc0544dacabb282c016be9630a133ea7cc8e78

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

x-amz-version-id: null
date: Mon, 15 May 2023 01:35:59 GMT
via: 1.1 7fcb41b117930690c299be9cec4a977a.cloudfront.net (CloudFront)
last-modified: Thu, 12 Jan 2023 10:01:07 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 68809
x-amz-server-side-encryption: AES256
etag: "06d436b8ec91b25b14f92995cb31da99"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 78008
x-amz-cf-id: xfS7t0GRUjDLOjYHqADNr020VrMBLkXfP9X9_vxha5NHz7ZVMsrhFw==

POST
H2 200 all
csm.eu.criteo.net/ Frame 9523 0
127 B 14ms
13ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 15 May 2023 20:42:48 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 Bewerbungen-300x50px-Customsize.JPG
cdn.track.production.webgains.team/283545/ Frame 093E 3 KB
4 KB 7ms
6ms Image
image/jpeg 99.86.4.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/283545/Bewerbungen-300x50px-Customsize.JPG?Expires=1684183668&Signature=mu59q-xgTM0F7f5azjA3lmMt4UpzSqpIqbgTUxSPPCTfJtvQwHFX0qNr8nvh5lD58U--qX9r1eheF9HG40i8Nlj8h4jZ3nE69dblqTltIsdbKLk6IVqYaXcx4AIKqEg4z2E3CpqGuH~Alswba4uF5dlk1FwNtSOxACan29IPvH0ec80AYXSVHw4C9CJcaDQDS0S7uK0AuyY7VeBV8VnJmvxIft3kdn98ZAU5FLsiKdGjVk6ICt4XbhOqTES2G8-oxXq3Ihtrf9rVabn3xBsvyIERUz1e8Jmk1h1S~qjrqTq0ZPJuq32a7nS-mPqL0OCaRX~~mxZrPo5QUtvI5wyxXg__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=200037%2C14019%2C183722&b=mV2HefGfWXGmSmHZHZtzt6qYtKSwTeZMHb1k5%2CeYdU3fVfxA6tjHZHet1t4mWTwSQTKrACYXpb%2CBgwFgfPfxKzeSxH6H3t9tVJwMajSeT8dbUB6xZ&f=7YmUqfzfj538crHXHgtECk98c4S1TQPbCEZQx%2CDXdT3fwfbJ6t3HmH9twCZDAhxSmTYW3aXdjW%2CjE2sEfGfqP9jtYHEH2tWC43eVhZSzT1XgTGpmR&c=970&d=90&e=&g=ba99554a4dbfa68e99ca82cd9152f370%2F2842032654825791844&i=22499%2C21596%2C71170&j=21%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183367931&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1khhrt6f8gjtga1bxy7csbkrwb0m1rhpprqvffawwn02bxbhfs6ddr1tfzmtfwn421r9ss33w3y12ev4ar03r5vy9t0qntgms0rk6cm5jrg84bxeez2b052g361s77nb0xyk44fp2x1fe669aqg2zzpmz4ym0wzf5bxza1d7vttkgj14g5d55znm9myy1z5dz062bygktts8z11774bjsgmtwygt4zqhp94h13vdwep18ve64vxzfxhjbtph6q2c5w4y27dm89ewpfc6fm63zv6s18%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCLBwtRZliZPngGfGB9fgPyLu5uAqQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE8gFP0MBKN3Ow-R0wtaCGbLMJeaZeL-SwA_Q3zDdbTa0gn6Im6nt4GWlZHyD77-yJvlD8OhGsRba0y5JcYvDzKQo7hmgqhMSQswxkR-RSBz5RUZtm542kZOpyiss0GFnIjcjBihR0kvgu34LNy7nEDf8ueR3D4s8joPtRz8uncpkzITZ_V4kzP1RwxJdFIZuRXFbNivpjMMskpPrmjBhbfc6aqNSjqP0CEcBsJE6oHoNe8P62aJ4M6c8rTSBEySTh4fOBSIBOMNC09tkuqZEnb8BPCTHFt6skGo49EFP5nv1Bh5_DGwZptL4PXsF3e2_W1ZvHZOAEAYAGzui6xZWzjYKnAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_1UwXbSGyKJWUMZzdC1BdIH98xNkA%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-52.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6f9a070acffcced835a2ad0f016bc04f02754dc7032647d3e0ba35a77c0dc8ff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

x-amz-version-id: null
date: Mon, 15 May 2023 03:29:51 GMT
via: 1.1 7fcb41b117930690c299be9cec4a977a.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 10:39:03 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 61978
etag: "58ff3e40a00dad98fa72b8561042681d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/jpeg
accept-ranges: bytes
content-length: 3439
x-amz-cf-id: NnsX_m8znJ4gI9eBYvgj47op_V8Bm9WLUHkQPDwJlo6EXAZBXZob_A==

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4012 0
20 B 43ms
43ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B8Q5GRpliZKT_LI2z9u8Pv96xqAYAAAAAOAHgBAI&bg=!UFOlUwfNAAYldGN0BXQ7ADkAdvg8WtMb9B-pC9h26ConQanSDahSsM8dJjhMxgCthIZe_4FJpHufJf3s20XAK_0gyZHxF4qjbVICAAAA4lIAAAACaAEHCgBvulXPCRUOf9Pl-lJzWwtv3ShX2Jtpi0EezuUsk4WiuODW1pkiIaLtEehrGD429fAB3vje4cpXxtJxqAHC7K_K-4m5_aIP_TtgBPWxjoE3_C4ak3GOzvWSE3QxjnSVt4JKfYjpPZl55WQ4qlmAuh8cmQMB1mGIcu5lmyD8sXQk_T26hM0nMLxH7QOs1CAKoMe7KNfZugN2fDJXX1AXyyIG4QpnDf2H9gLwEwQ0gmMgtuXCyNE0vTqZaBOzAnLrpgfuExZNUFp0HXPky12V83o1iw6h8JEVig_kLgOmAPdQrYShsNeQaTpnltLkV1evY4yI4043fTA0kUZzpXJldOJV01uUu1UXJBqnQD19D9Vq1wrkg-g9pg_6IFM5_Pfff2E-HxMVRRo0D7lf3r-JkpIaPOu6Tr3zMSlfyViEPLfK0BH9APxyHmBjr_hHzYGdAdOvGN_5kxKxnY6Lbts1utMpXaGdOb2huA_nkH2nKyTb6Vp-VX9T5faN71kzXA_x9FDB3Me8UBHUeI9mV_0S7GPKMVfGbBbV3GUc8PM58XgmmMtKoCW2Oxm-dlkwc6lp3JX8BroJrCpMnsp1q1-VuxRnGJ_hNP_6h19TyLyHzn5DD7RpfZmZSBwnuE2QLLSnHaRRSsxiF7ZOMRl6r6D0hkUNm9SJPPf-9TizherpRMi6FQtFzxi7NqEdqpsMM2pK-ejE2ncb6y0ke1IMqGdBwursOzZdzCsFJlraJVq3nbjpEdcMI0mG7EAJg1bltDZPQn64bx6Sz-jfK68YMrJiigUWoK2rHLJTc2qA-WExACqZVznss3PPLdDY4vZPEAV5dn_LhQ_GDHubhwiKVo-gfr6gbIpIM8hBK9jWR11jouVWSMKOpgUj9R-ZVbDHJv-E8gEJzJWZz9K38EeY1k0TnxZNnCISxTCVBcFOIhItMok0O_wkYJNEI-hQQbNBtEgH-z1A1eg4ceOCWZtYq8Hpe45Z0FlZrKQy3kPpuMoNLQCwv8Jfv893We6n2J4OgmmF9gHJU5vOZn3vS3eqeEhsGEqHkt9la0Apf_buc0jINO7a9jds-wCTZ3PjfSyHsoHBLPYSiX_3gFsA9GGz2B3sbvntHTtPI3FkMiiVKtLS1YyNyi6maZ495r5UsYerXLdsCKMW-GV6Jmw0P-KVpLTei1NESxBC0g

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6875 0
20 B 44ms
43ms Image
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B6-LMRpliZNmXLYaMjuwPsL2K8AgAAAAAOAHgBAI&bg=!7u2l7bnNAAYldGN0BXQ7ADkAdvg8WvZxLCs2kfwvE8WRAi0bMYQMSztHRWbNRoqDqLJgVQ6qGVSTLtwFhgIskWjh1ZNTe72IELwCAAAA2FIAAAADaAEHCgBq1EuKiSRqnJPNktBv-90eDKfTFM1TcoJyqpgdt9covXnm-NkkL8-uugroCYuJdxehyH1FGdlMAPit5pkX2kMkoW_OIPOEPFFHgIfHB5jLZNA97BlXNpw2yYhgcfNrg6S5UT8sZT4uvnOaFZkC8ODol1Oqs0PJoeBAaMLu7bF-jI95KTPCgK73fq112q6VTAkB2uWZi7hWjANLGrLE0AD9L7jiNYURVB2dFznaQPqO8I8vSCB89-mla8YMKxR2VF5ido9T215ivQcvW_Wf2HJ30vBxIDKanFnMfyAfKwBJseh5qwvxSLOseTKV3eMhaTh5yRJWTvjfu8IlwQa97ETYymZRFVt24vrOHdvDcjl1YzcOg1a65bR7pR-5hibLNFck4XkZeTJ903PZfjhDOER2KGLY9_yqrVpqr6erb5L408EWP8cR8iUGWOYcYTnAMLpqLqdJ7nb86hMBBgMQviX95I-APXhuBRTUSQmp3KANSnySjEKpEGnTD22-ZkaGbqGbBm-6KdWFKa-XdORZNGn3RNLQPLSDEQZwLUm6iERDZkpcj8vrk-v8HMd93CzfRcZSykOAjErxZdNTRRnBvMSNo3bI264ZPxXDbfT0ro5-231G29o7ZIGLJJL5DltaOSk39ubIbDodogiUxXX_qyZYMRUMoKY3N1Rt2CJRSMxohbUajqLVMKMwxNZ_Ck0NJ4ZJ_bhsUXti7V5io4y_BGnqfMyv08PtaBhD4IG9ufcOOTipVbMv2DRCieAx8vI3XtoDzVO1ZUzgWkM_-pkyIUk59VMLxCGDvcR6Aotp2j7WBeqpSAy-OdPMgbWEuOnEPIu_b-sWWObWoMcRFuYoVtPNW-aTZMShUO6yOrBeuAIDAcV9PiU0freKV1VxJXszL5l8PazOaKVOVJJ-hvwtjHSCDcjIEfYRAiRQm7MLwuxXuYpiEf5rKS-OXmHZTy-uSjv9zPnPw7AzAQxeSkdNvRFI56BoXiGQkomHuvGQFLQcrHVl8dUSXr5nfGSW7ZCzukhyLfUhr4MQgek3B-V6PLE0C7fdUHJFanYGHLsw4IR3gKQhgxGAirvS4EV4tF-ASl35RCsqFmolBvQz0Ybl-K5zLxmWCL7AzFsKMSJvFy2ZxAksA6PkTXLzgynl18YN

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 collect
region1.analytics.google.com/g/ 0
17 B 13ms
13ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-MEM2QN6706&gtm=45je35a0&_p=1824289973&cid=1224847520.1684183361&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1684183361&sct=1&seg=1&dl=https%3A%2F%2Fwww.newtimes.co.rw%2F&dr=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&dt=The%20New%20Times%20-%20Home&en=page_view
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-MEM2QN6706&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:48 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.newtimes.co.rw
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame B4A0 0
862 B 6ms
6ms Script
text/html 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:49 GMT
AN-X-Request-Uuid: 030aea86-d56e-4405-9594-87a14498112e
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame BAA9 0
862 B 7ms
6ms Script
text/html 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:49 GMT
AN-X-Request-Uuid: 3cb005b8-1e2f-4a16-bbe6-2615f7fe8c36
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame ACA2 0
862 B 9ms
8ms Script
text/html 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:49 GMT
AN-X-Request-Uuid: 7f7e65cb-86a5-4fbe-afb1-f172a12888be
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 405C 0
862 B 22ms
21ms Script
text/html 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:49 GMT
AN-X-Request-Uuid: af684603-0cf0-4f3f-ab92-9936c63324e5
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 20AA 0
862 B 6ms
6ms Script
text/html 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:49 GMT
AN-X-Request-Uuid: 9da2284a-a178-461f-bf60-f84148655932
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK async_usersync Show response
ib.adnxs.com/ Frame 5985 0
862 B 57ms
57ms Script
text/html 37.252.171.21
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels&seller_id=1624&pub_id=1968063&gdpr=0

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=1624&pub_id=1968063

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.171.21 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 15 May 2023 20:42:49 GMT
AN-X-Request-Uuid: 20ee0c94-84f5-4b97-861c-14f57b498e9d
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame C2B3 0
127 B 13ms
12ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 15 May 2023 20:42:49 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 34A1 0
20 B 40ms
40ms Ping
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=8888896110093&version=m202301230201&ct=77&x=1&cor=12117149635090074000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:49 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9151 0
20 B 40ms
40ms Ping
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=1969841284490&version=m202301230201&ct=77&x=1&cor=5103912680228167000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:49 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 /
track.adform.net/serving/unload/ Frame F7CB 35 B
601 B 23ms
23ms Ping
image/gif 37.157.3.20
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=3618708674255803056@@64147897,7523883104820695772,100|1294|0|0|0|0|0|0|0||44|1|||||1|0|0|NDb05cOk0abxBx_RTJEBJ0RwAv8ySk7c-d0kFwKbV_yBdyhZKGKYYfL_QlhaeLlf0|||11||0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.20 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://hal900023.redintelligence.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:49 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://hal900023.redintelligence.net
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 7AA3 42 B
64 B 42ms
42ms Fetch
image/gif 2a00:1450:4001:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvLDFFr6xOfCQCkpWJPVu6gDDxqLIq2IwmT2XI7xaXhTzJyxBTPOCkcJVrF-zYOU2DzhugcrM8a2ziaJHf8g816G4ASkhovmSpjaygo6cUj2wStaU1S&sig=Cg0ArKJSzAnBHQno4kvCEAE&id=lidar2&mcvt=1313&p=44,436,134,1164&mtos=1313,1313,1313,1313,1313&tos=1313,0,0,0,0&v=20230510&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=19&adk=3658131758&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1684183364192&rpt=4069&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:49 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 22ms
22ms Preflight 18.135.126.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.135.126.181 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-135-126-181.eu-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://as.ad4m.at
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Mon, 15 May 2023 20:42:49 GMT
server: nginx

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame B2C6 16 B
232 B 62ms
62ms Fetch
application/json 18.135.126.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.135.126.181 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-135-126-181.eu-west-2.compute.amazonaws.com

Software

nginx / PHP/8.1.14

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 15 May 2023 20:42:49 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/8.1.14
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 22ms
22ms Preflight 18.135.126.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.135.126.181 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-135-126-181.eu-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://as.ad4m.at
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Mon, 15 May 2023 20:42:49 GMT
server: nginx

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 29E8 16 B
232 B 73ms
73ms Fetch
application/json 18.135.126.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.135.126.181 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-135-126-181.eu-west-2.compute.amazonaws.com

Software

nginx / PHP/8.1.14

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 15 May 2023 20:42:49 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/8.1.14
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 22ms
21ms Preflight 18.135.126.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.135.126.181 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-135-126-181.eu-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://as.ad4m.at
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Mon, 15 May 2023 20:42:49 GMT
server: nginx

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 29E8 16 B
232 B 64ms
63ms Fetch
application/json 18.135.126.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.135.126.181 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-135-126-181.eu-west-2.compute.amazonaws.com

Software

nginx / PHP/8.1.14

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 15 May 2023 20:42:49 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/8.1.14
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 22ms
22ms Preflight 18.135.126.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.135.126.181 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-135-126-181.eu-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://as.ad4m.at
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Mon, 15 May 2023 20:42:49 GMT
server: nginx

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 093E 16 B
232 B 81ms
81ms Fetch
application/json 18.135.126.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.135.126.181 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-135-126-181.eu-west-2.compute.amazonaws.com

Software

nginx / PHP/8.1.14

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 15 May 2023 20:42:49 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/8.1.14
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame AB30 16 B
232 B 66ms
65ms Fetch
application/json 18.135.126.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.135.126.181 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-135-126-181.eu-west-2.compute.amazonaws.com

Software

nginx / PHP/8.1.14

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 15 May 2023 20:42:49 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/8.1.14
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 22ms
22ms Preflight 18.135.126.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.135.126.181 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-135-126-181.eu-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://as.ad4m.at
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Mon, 15 May 2023 20:42:49 GMT
server: nginx

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 093E 16 B
232 B 66ms
66ms Fetch
application/json 18.135.126.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.135.126.181 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-135-126-181.eu-west-2.compute.amazonaws.com

Software

nginx / PHP/8.1.14

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 15 May 2023 20:42:49 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/8.1.14
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 22ms
22ms Preflight 18.135.126.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.135.126.181 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-135-126-181.eu-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://as.ad4m.at
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Mon, 15 May 2023 20:42:49 GMT
server: nginx

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame 910A 0
260 B 113ms
13ms Script
text/plain 198.47.127.20
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=158370&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158370
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.47.127.20 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:49 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 7AD9 2 KB
2 KB 12ms
12ms Script
text/html 185.64.189.115
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=30817601&p=158370&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158370
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.115 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: c04524ea70ff018157d8ccc0e26d14ce7d658feae7e8a0be356e73a7d9734d1f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Mon, 15 May 2023 20:42:49 GMT
content-length: 1836
content-type: text/html; charset=UTF-8

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 6480 2 KB
2 KB 13ms
12ms Script
text/html 185.64.189.115
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=25802907&p=158370&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158370
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.115 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: c04524ea70ff018157d8ccc0e26d14ce7d658feae7e8a0be356e73a7d9734d1f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Mon, 15 May 2023 20:42:50 GMT
content-length: 1836
content-type: text/html; charset=UTF-8

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame CC15 817 B
1 KB 13ms
12ms Script
text/html 185.64.189.115
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=58203102&p=158370&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158370
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.115 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 579445f908efc814f2967128c9b439fa377d567f2305697cec038d9dcae261cd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Mon, 15 May 2023 20:42:49 GMT
content-length: 817
content-type: text/html; charset=UTF-8

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame CB76 817 B
1 KB 12ms
12ms Script
text/html 185.64.189.115
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=57817693&p=158370&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158370
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.115 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 579445f908efc814f2967128c9b439fa377d567f2305697cec038d9dcae261cd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Mon, 15 May 2023 20:42:50 GMT
content-length: 817
content-type: text/html; charset=UTF-8

GET
H2 200 match Show response
c1.adform.net/serving/cookie/ Frame 118C 35 B
600 B 23ms
23ms Document
image/gif 37.157.6.243
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://c1.adform.net/serving/cookie/match?party=14&cid=6898CE94-28C0-4EDB-820B-A8EADEDF2C20&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158370

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.243 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
content-type: image/gif
date: Mon, 15 May 2023 20:42:51 GMT
expires: -1
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 8E38
Redirect Chain

https://p.rfihub.com/cm?pub=224&in=1&getuid=https%3A//image2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw%26piggybackCookie%3D%24UID%26gdpr%3D0%26gdpr_consent%3D
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=5142336723222583972

42 B
194 B

13ms
12ms

Document
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=5142336723222583972
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158370
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Mon, 15 May 2023 20:42:50 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Content-Length: 0
Date: Mon, 15 May 2023 20:42:51 GMT
Location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=5142336723222583972
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Server: Jetty(9.4.51.v20230217)

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 917D
Redirect Chain

https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCooki...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=

42 B
95 B

19ms
18ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158370
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Mon, 15 May 2023 20:42:51 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

cache-control: no-cache
content-length: 0
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:50 GMT
expires: Mon, 15 May 2023 00:00:00 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 803357
strict-transport-security: max-age=31536000; preload;
x-errorlevel: 0

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame C521
Redirect Chain

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=8441730088378381050

42 B
195 B

16ms
15ms

Document
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=8441730088378381050
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158370
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Mon, 15 May 2023 20:42:50 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

content-length: 0
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=8441730088378381050
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame D62C
Redirect Chain

https://ib.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=1204617872861343328&gdpr=0&gdpr_consent=

42 B
297 B

18ms
18ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=1204617872861343328&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158370
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Mon, 15 May 2023 20:42:51 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

AN-X-Request-Uuid: 15f95743-2c1f-4f86-a739-227e6c4c9967
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Length: 0
Content-Type: text/html; charset=utf-8
Date: Mon, 15 May 2023 20:42:51 GMT
Expires: Sat, 15 Nov 2008 16:00:00 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=1204617872861343328&gdpr=0&gdpr_consent=
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Pragma: no-cache
Server: nginx/1.21.3
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-XSS-Protection: 0

GET
H/1.1 200
OK dcm Show response
aax-eu.amazon-adsystem.com/s/ Frame 034C 43 B
855 B 38ms
38ms Document
image/gif 67.220.228.201
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=6898CE94-28C0-4EDB-820B-A8EADEDF2C20&redir=true&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158370

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

67.220.228.201 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif
Date: Mon, 15 May 2023 20:42:51 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid: XWQPFQCT41G2TC2R9YK1

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame D54C
Redirect Chain

https://cms.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=L3h_BSB1fQM0KHBUK3pkUiF6LQQ0KiwGLHqevwVL

42 B
421 B

13ms
13ms

Document
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=L3h_BSB1fQM0KHBUK3pkUiF6LQQ0KiwGLHqevwVL
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158370
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Mon, 15 May 2023 20:42:50 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
date: Mon, 15 May 2023 20:42:51 GMT
expires: Fri, 04 Aug 1978 12:00:00 GMT
location: https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=L3h_BSB1fQM0KHBUK3pkUiF6LQQ0KiwGLHqevwVL
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
pragma: no-cache
strict-transport-security: max-age=86400

GET
H2 200 mw
mwzeom.zeotap.com/ Frame 7AD9 95 B
232 B 874ms
26ms Image
image/png 2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=1384&env=mWeb&gdpr=0&gdpr_consent=&cid=6898CE94-28C0-4EDB-820B-A8EADEDF2C20
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:51 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
vary: Origin
content-type: image/png
access-control-allow-origin: https://ads.pubmatic.com
access-control-allow-credentials: true
cf-ray: 7c7e35b5c9543813-FRA
access-control-allow-headers: *
content-length: 95

GET
H/1.1

200
OK

info2
uipglob.semasio.net/pubmatic/1/ Frame 7AD9
Redirect Chain

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=6898CE94-28C0-4EDB-820B-A8EADEDF2C20&sInitiator=external&gdpr=0&gdpr_consent=
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=6898CE94-28C0-4EDB-820B-A8EADEDF2C20&sInitiator=external&gdpr=0&gdpr_consent=

42 B
603 B

28ms
27ms

Image
image/gif

77.243.51.122
NETIC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=6898CE94-28C0-4EDB-820B-A8EADEDF2C20&sInitiator=external&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Server: 77.243.51.122 Norresundby, Denmark, ASN42697 (NETIC-AS, DK),
Reverse DNS
Software: /
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:59 GMT
frontend-id: 2
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
content-type: image/gif
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-origin: *
content-length: 42
routing-server-id: -1
expires: Sat, 01 Jan 2011 12:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:59 GMT
frontend-id: 4
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
location: /pubmatic/1/info2?sType=sync&sExtCookieId=6898CE94-28C0-4EDB-820B-A8EADEDF2C20&sInitiator=external&gdpr=0&gdpr_consent=
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-origin: *
content-length: 0
routing-server-id: -1
expires: Sat, 01 Jan 2011 12:00:00 GMT

GET
H2

200

generic
match.adsrvr.org/track/cmf/ Frame 7AD9
Redirect Chain

https://pixel.onaudience.com/?partner=214&mapped=6898CE94-28C0-4EDB-820B-A8EADEDF2C20&gdpr=0&gdpr_consent=
https://loada.exelator.com/load/?p=1164&g=1&j=r&gdpr=0&ru=https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D161%26icm%26cver%26mapped%3D%25%25UID%25%25%26gdpr%3D0
https://loada.exelator.com/load/?p=1164&g=1&j=r&gdpr=0&ru=https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D161%26icm%26cver%26mapped%3D%25%25UID%25%25%26gdpr%3D0&xl8blockcheck=1
https://pixel.onaudience.com/?partner=161&icm&cver&mapped=92b46da4cc292e3c4d42a3191789781b&gdpr=0
https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1&gdpr=0

70 B
264 B

33ms
33ms

Image
image/gif

3.33.220.150
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1&gdpr=0
Protocol: H2
Server: 3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Mon, 15 May 2023 20:42:51 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

Redirect headers

location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1&gdpr=0
content-length: 0

GET
H2 200 mw
mwzeom.zeotap.com/ Frame 6480 95 B
382 B 870ms
24ms Image
image/png 2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=1384&env=mWeb&gdpr=0&gdpr_consent=&cid=6898CE94-28C0-4EDB-820B-A8EADEDF2C20
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158370
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:51 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
vary: Origin
content-type: image/png
access-control-allow-origin: https://ads.pubmatic.com
access-control-allow-credentials: true
cf-ray: 7c7e35b5c9563813-FRA
access-control-allow-headers: *
content-length: 95

GET
H/1.1

200
OK

info2
uipglob.semasio.net/pubmatic/1/ Frame 6480
Redirect Chain

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=6898CE94-28C0-4EDB-820B-A8EADEDF2C20&sInitiator=external&gdpr=0&gdpr_consent=
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=6898CE94-28C0-4EDB-820B-A8EADEDF2C20&sInitiator=external&gdpr=0&gdpr_consent=

42 B
603 B

27ms
26ms

Image
image/gif

77.243.51.122
NETIC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=6898CE94-28C0-4EDB-820B-A8EADEDF2C20&sInitiator=external&gdpr=0&gdpr_consent=
Protocol: HTTP/1.1
Server: 77.243.51.122 Norresundby, Denmark, ASN42697 (NETIC-AS, DK),
Reverse DNS
Software: /
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:59 GMT
frontend-id: 2
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
content-type: image/gif
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-origin: *
content-length: 42
routing-server-id: -1
expires: Sat, 01 Jan 2011 12:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:59 GMT
frontend-id: 5
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
location: /pubmatic/1/info2?sType=sync&sExtCookieId=6898CE94-28C0-4EDB-820B-A8EADEDF2C20&sInitiator=external&gdpr=0&gdpr_consent=
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
access-control-allow-origin: *
content-length: 0
routing-server-id: -1
expires: Sat, 01 Jan 2011 12:00:00 GMT

GET
H2

200

52799
stags.bluekai.com/site/ Frame 6480
Redirect Chain

https://pixel.onaudience.com/?partner=214&mapped=6898CE94-28C0-4EDB-820B-A8EADEDF2C20&gdpr=0&gdpr_consent=
https://sync.crwdcntrl.net/map/c=8587/tp=CLOD/tpid=fbed0406ae3fc1ac/gdpr=0/gdpr_consent=?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D%26gdpr%3D%...
https://pixel.onaudience.com/?partner=104&icm&cver&mapped=&gdpr=1
https://pixel.onaudience.com/?partner=282&icm&cver&gdpr=1&smartmap=1&redirect=stags.bluekai.com%2Fsite%2F52799%3Fid%3D%25m
https://stags.bluekai.com/site/52799?id=9ccea369776c18af

62 B
227 B

193ms
148ms

Image
image/gif

69.192.160.219
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://stags.bluekai.com/site/52799?id=9ccea369776c18af
Protocol: H2
Server: 69.192.160.219 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a69-192-160-219.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
date: Mon, 15 May 2023 20:42:51 GMT
content-length: 62
content-type: image/gif

Redirect headers

location: https://stags.bluekai.com/site/52799?id=9ccea369776c18af
content-length: 0

GET
H2 200 match Show response
c1.adform.net/serving/cookie/ Frame 8AF8 35 B
591 B 23ms
23ms Document
image/gif 37.157.6.243
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://c1.adform.net/serving/cookie/match?party=14&cid=6898CE94-28C0-4EDB-820B-A8EADEDF2C20&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158370

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.243 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
content-type: image/gif
date: Mon, 15 May 2023 20:42:51 GMT
expires: -1
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 8D94
Redirect Chain

https://p.rfihub.com/cm?pub=224&in=1&getuid=https%3A//image2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw%26piggybackCookie%3D%24UID%26gdpr%3D0%26gdpr_consent%3D
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=5107433827890933733

42 B
195 B

14ms
13ms

Document
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=5107433827890933733
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158370
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Mon, 15 May 2023 20:42:50 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Content-Length: 0
Date: Mon, 15 May 2023 20:42:51 GMT
Location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=5107433827890933733
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Server: Jetty(9.4.51.v20230217)

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame B29E
Redirect Chain

https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCooki...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=

42 B
95 B

18ms
18ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158370
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Mon, 15 May 2023 20:42:51 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

cache-control: no-cache
content-length: 0
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:50 GMT
expires: Mon, 15 May 2023 00:00:00 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 787435
strict-transport-security: max-age=31536000; preload;
x-errorlevel: 0

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 0BE6
Redirect Chain

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=8441730088378381050

42 B
195 B

18ms
14ms

Document
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=8441730088378381050
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158370
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Mon, 15 May 2023 20:42:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

content-length: 0
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=8441730088378381050
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame D1E8
Redirect Chain

https://ib.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=1204617872861343328&gdpr=0&gdpr_consent=

42 B
97 B

21ms
17ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=1204617872861343328&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158370
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Mon, 15 May 2023 20:42:51 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

AN-X-Request-Uuid: a132613b-32bb-4cee-837c-68756d86a64a
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Length: 0
Content-Type: text/html; charset=utf-8
Date: Mon, 15 May 2023 20:42:51 GMT
Expires: Sat, 15 Nov 2008 16:00:00 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=1204617872861343328&gdpr=0&gdpr_consent=
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Pragma: no-cache
Server: nginx/1.21.3
X-Proxy-Origin: 138.199.38.134; 138.199.38.134; 1004.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-XSS-Protection: 0

GET
H/1.1 200
OK dcm Show response
aax-eu.amazon-adsystem.com/s/ Frame A594 43 B
855 B 74ms
39ms Document
image/gif 67.220.228.201
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=6898CE94-28C0-4EDB-820B-A8EADEDF2C20&redir=true&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158370

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

67.220.228.201 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif
Date: Mon, 15 May 2023 20:42:51 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Server: Server
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Vary: Content-Type,Accept-Encoding,User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid: KF8S3HVMJ5QFRS4F54XZ

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 982F
Redirect Chain

https://cms.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=L3h_BSB1fQM0KHBUK3pkUiF6LQQ0KiwGLHqevwVL

42 B
422 B

14ms
13ms

Document
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=L3h_BSB1fQM0KHBUK3pkUiF6LQQ0KiwGLHqevwVL
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158370
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Mon, 15 May 2023 20:42:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
date: Mon, 15 May 2023 20:42:51 GMT
expires: Fri, 04 Aug 1978 12:00:00 GMT
location: https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=L3h_BSB1fQM0KHBUK3pkUiF6LQQ0KiwGLHqevwVL
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
pragma: no-cache
strict-transport-security: max-age=86400

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame A22B
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=9&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA%3D&piggybackCookie=7233512498918455450&gdpr=0&gdpr_consent=

42 B
299 B

18ms
18ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA%3D&piggybackCookie=7233512498918455450&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158370
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Mon, 15 May 2023 20:42:49 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Connection: keep-alive
Date: Mon, 15 May 2023 20:42:51 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA%3D&piggybackCookie=7233512498918455450&gdpr=0&gdpr_consent=
Server: nginx
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H2

200

SPug
image4.pubmatic.com/AdServer/ Frame CC15
Redirect Chain

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=6898CE94-28C0-4EDB-820B-A8EADEDF2C20&redir=true&gdpr=0&gdpr_consent=
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-mRRBPINE2uXyV2_I9eq8.9HAmtFaOKk-~A&gdpr=0

0
48 B

32ms
12ms

Image
text/plain

198.47.127.20
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-mRRBPINE2uXyV2_I9eq8.9HAmtFaOKk-~A&gdpr=0
Protocol: H2
Server: 198.47.127.20 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:49 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-mRRBPINE2uXyV2_I9eq8.9HAmtFaOKk-~A&gdpr=0
date: Mon, 15 May 2023 20:42:50 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.57
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 6898CE94-28C0-4EDB-820B-A8EADEDF2C20
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame CC15 43 B
603 B 34ms
33ms Image
image/gif 2a05:d018:d29:3605:e341:f6b2:dd43:a873
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/pubmatic/6898CE94-28C0-4EDB-820B-A8EADEDF2C20?gdpr=0&gdpr_consent=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a05:d018:d29:3605:e341:f6b2:dd43:a873 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:50 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
content-length: 43

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame CC15
Redirect Chain

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=pubmatic&bsw_custom_parameter=8a126298-bee8-44c9-bd96-f06275f7d961&gdpr=0&gdpr_consent=
https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=pubmatic&bsw_custom_parameter=8a126298-bee8-44c9-bd96-f06275f7d961&gdpr=0&gdpr_consent=
https://x.bidswitch.net/sync?dsp_id=4&user_id=bd89a4d6-377c-4302-90d1-33a8180c16ad&ssp=pubmatic&expires=30&user_group=5&bsw_param=8a126298-bee8-44c9-bd96-f06275f7d961
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=8a126298-bee8-44c9-bd96-f06275f7d961&gdpr=&gdpr_consent=&gdpr_pd=

1 B
185 B

19ms
19ms

Image
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=8a126298-bee8-44c9-bd96-f06275f7d961&gdpr=&gdpr_consent=&gdpr_pd=
Protocol: H2
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-type: text/html; charset=utf-8
date: Mon, 15 May 2023 20:42:51 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: //simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=8a126298-bee8-44c9-bd96-f06275f7d961&gdpr=&gdpr_consent=&gdpr_pd=
date: Mon, 15 May 2023 20:42:51 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2 204 current
pubmatic-match.dotomi.com/match/bounce/ Frame CC15 0
103 B 28ms
12ms Image
text/plain 2a02:fa8:8806:13::1370
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=6898CE94-28C0-4EDB-820B-A8EADEDF2C20&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:13::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:50 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame CC15
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent=
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=3&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MTI5NjAw&piggybackCookie=40d02eae-8a91-410d-85ad-0afc78ec2028-6462994b-5858&gdpr=0&gdpr_consent=

42 B
262 B

13ms
12ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MTI5NjAw&piggybackCookie=40d02eae-8a91-410d-85ad-0afc78ec2028-6462994b-5858&gdpr=0&gdpr_consent=
Protocol: H2
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Mon, 15 May 2023 20:42:50 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:50 GMT
server: A
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MTI5NjAw&piggybackCookie=40d02eae-8a91-410d-85ad-0afc78ec2028-6462994b-5858&gdpr=0&gdpr_consent=
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2

200

SPug
image4.pubmatic.com/AdServer/ Frame CB76
Redirect Chain

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=6898CE94-28C0-4EDB-820B-A8EADEDF2C20&redir=true&gdpr=0&gdpr_consent=
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-mRRBPINE2uXyV2_I9eq8.9HAmtFaOKk-~A&gdpr=0

0
48 B

25ms
13ms

Image
text/plain

198.47.127.20
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-mRRBPINE2uXyV2_I9eq8.9HAmtFaOKk-~A&gdpr=0
Protocol: H2
Server: 198.47.127.20 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:49 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-mRRBPINE2uXyV2_I9eq8.9HAmtFaOKk-~A&gdpr=0
date: Mon, 15 May 2023 20:42:50 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.57
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 6898CE94-28C0-4EDB-820B-A8EADEDF2C20
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame CB76 43 B
603 B 33ms
33ms Image
image/gif 2a05:d018:d29:3605:e341:f6b2:dd43:a873
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/pubmatic/6898CE94-28C0-4EDB-820B-A8EADEDF2C20?gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158370

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a05:d018:d29:3605:e341:f6b2:dd43:a873 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:50 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
content-length: 43

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 5320
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=9&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA%3D&piggybackCookie=7233512498918455435&gdpr=0&gdpr_consent=

42 B
219 B

18ms
17ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA%3D&piggybackCookie=7233512498918455435&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158370
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Mon, 15 May 2023 20:42:51 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Connection: keep-alive
Date: Mon, 15 May 2023 20:42:51 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA%3D&piggybackCookie=7233512498918455435&gdpr=0&gdpr_consent=
Server: nginx
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame CB76
Redirect Chain

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
https://r.scoota.co/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic
https://r.scoota.co/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic
https://x.bidswitch.net/sync?dsp_id=29&expires=30&user_id=a35fea3c-59d2-4aee-9cce-1ae9b97af80d&ssp=pubmatic
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=8a126298-bee8-44c9-bd96-f06275f7d961&gdpr=&gdpr_consent=&gdpr_pd=

1 B
55 B

18ms
18ms

Image
text/html

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=8a126298-bee8-44c9-bd96-f06275f7d961&gdpr=&gdpr_consent=&gdpr_pd=
Protocol: H2
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-type: text/html; charset=utf-8
date: Mon, 15 May 2023 20:42:51 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: //simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=8a126298-bee8-44c9-bd96-f06275f7d961&gdpr=&gdpr_consent=&gdpr_pd=
date: Mon, 15 May 2023 20:42:51 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H2 204 current
pubmatic-match.dotomi.com/match/bounce/ Frame CB76 0
103 B 33ms
23ms Image
text/plain 2a02:fa8:8806:13::1370
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=6898CE94-28C0-4EDB-820B-A8EADEDF2C20&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158370
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:13::1370 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:50 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame CB76
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent=
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=3&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MTI5NjAw&piggybackCookie=40d02eae-8a91-410d-85ad-0afc78ec2028-6462994b-5858&gdpr=0&gdpr_consent=

42 B
97 B

13ms
12ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MTI5NjAw&piggybackCookie=40d02eae-8a91-410d-85ad-0afc78ec2028-6462994b-5858&gdpr=0&gdpr_consent=
Protocol: H2
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Mon, 15 May 2023 20:42:50 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:50 GMT
server: A
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MTI5NjAw&piggybackCookie=40d02eae-8a91-410d-85ad-0afc78ec2028-6462994b-5858&gdpr=0&gdpr_consent=
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame 7AD9 0
128 B 13ms
12ms Script
text/plain 198.47.127.20
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=158370&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158370
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.47.127.20 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:51 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame 6480 0
48 B 14ms
13ms Script
text/plain 198.47.127.20
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=158370&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158370
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.47.127.20 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:51 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame CC15 0
48 B 12ms
12ms Script
text/plain 198.47.127.20
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=158370&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158370
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.47.127.20 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:51 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame CB76 0
128 B 13ms
12ms Script
text/plain 198.47.127.20
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=158370&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158370
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.47.127.20 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:50 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

POST
H2 200 /
track.adform.net/serving/unload/ Frame F7CB 35 B
601 B 23ms
23ms Ping
image/gif 37.157.3.20
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=3618708674255803056@@64147897,7523883104820695772,100|4405|0|0|0|0|0|0|0||150|1|||||1|0|0|NDb05cOk0abxBx_RTJEBJ0RwAv8ySk7c-d0kFwKbV_yBdyhZKGKYYfL_QlhaeLlf0|||01||0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.20 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://hal900023.redintelligence.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:52 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://hal900023.redintelligence.net
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

POST
H2 200 /
track.adform.net/serving/unload/ Frame 50DA 35 B
626 B 23ms
23ms Ping
image/gif 37.157.3.20
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://track.adform.net/serving/unload/?version=15&unload=0@@64306176,864258375875591749,0|0|0|0|0|0|0|0|0||0|1|||0||1|0|0|lV0fbFhYzETi5nP9TebYOumn3tQYot-A0|0qddfS-rL6EqHMLsI0XOHWFCwsvtjpxtWWfrJa27o1EgfbtipCkY5ZT7WXJg35mTeJ85jxc6rtQDgNeykdScU4IItIRySGpn60EKh_oBMFY7rw1qKY-wGBbG5IZUfH3ttn-ZPbPZ9W_J8dS_OgoqPHUDv_rXWtdrBrVs9pi7TI5rgNH-t0z17GOgnFsabOmJIfnu7iBCm-VH-t3dKgLQ4IGiu2VCW4yvA7z_uuw_WOM1||11||0

Requested by

Host: s1.adform.net
URL: https://s1.adform.net/stoat/626/s1.adform.net/bootstrap.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.20 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 15 May 2023 20:42:52 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: image/gif
access-control-allow-origin: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

POST
H2 200 all
csm.eu.criteo.net/ Frame 5072 0
127 B 15ms
15ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 15 May 2023 20:42:52 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

POST
H2 200 all
csm.eu.criteo.net/ Frame 766E 0
127 B 13ms
13ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 15 May 2023 20:42:52 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

POST
H2 200 all
csm.eu.criteo.net/ Frame C218 0
127 B 13ms
13ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 15 May 2023 20:42:52 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 initial.js Show response
www.newtimes.co.rw/theme_newtimes/js/ 1 KB
823 B 231ms
230ms Script
application/javascript 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.newtimes.co.rw/theme_newtimes/js/initial.js?v=0.37
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 801c81b956934441ec8e6dc3dab9e49aa300021114b1e743c96e5c59cc29b50a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:53 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 22 Jun 2022 06:24:39 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
locationdebug: 1
age: 867
etag: W/"62b2b5a7-4e0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OLn%2Fc%2B7pYwVc198LUElHn%2FbSlF6EFQbzwOTrd7iYK%2B5IhXD%2FYy2pwCBi%2BcZnV88ePv3dmXjJBc8F0bdxB6YLknDnmqJnxbe06cqCc6%2BkqhaaJGNahv%2FFCz1AUlOg4%2FCt2M%2FLZnQGQloLLy836VYLpw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=14400
cf-ray: 7c7e35c4cd999bc2-FRA

POST
H2 200 ajaxWidgets Show response
www.newtimes.co.rw/ajax/ 84 KB
13 KB 121ms
121ms XHR
application/json 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.newtimes.co.rw/ajax/ajaxWidgets
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 41ed06c2268f9e19b513c051ee21502768ffe5dc1e323fac3717f3b55ea8a16e

Request headers

Accept: */*
Referer: https://www.newtimes.co.rw/
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Mon, 15 May 2023 20:42:53 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XAiki%2FwPQ6oFOjodVnYMBE93CCJ1xwjWLPIzB15mdpSNl8KkVQbT1Of1OaSoA%2Fwwp5%2Fl53zBXiCwrwadCOqPdZHhGUSu49zN48co%2BIQiMa3CzIYoxwUlkPshHgWxq3w5FsG8Z%2BRHNDpmLLDMjICV9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
cache-control: no-cache, private
cf-ray: 7c7e35c4edcc9bc2-FRA
x-device: desktop

POST
H2 200 all
csm.eu.criteo.net/ Frame 9523 0
127 B 13ms
13ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 15 May 2023 20:42:53 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H3 200 css2
fonts.googleapis.com/ 8 KB
588 B 18ms
17ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Archivo:wght@400;500;600;700;800;900&display=swap

Requested by

Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f910e4ad88c6833f05ccb40b8c17fdd0834f1e467a64bf7bf81cf91e4e0ebd99

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 15 May 2023 20:42:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 15 May 2023 20:42:53 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 15 May 2023 20:42:53 GMT

GET
H3 200 css2
fonts.googleapis.com/ 10 KB
732 B 17ms
17ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Lora:ital,wght@0,400;0,500;0,600;0,700;1,600;1,700&display=swap

Requested by

Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

52571c91fe462198f5c5bf4a93926a3d00f7b910cd65fbbe44c17cc487fab126

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 15 May 2023 20:42:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 15 May 2023 20:42:53 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 15 May 2023 20:42:53 GMT

GET
H2 200 2aIbpqdGYac Show response
www.youtube.com/embed/ Frame 4CC5 75 KB
31 KB 96ms
66ms Document
text/html 2a00:1450:4001:827::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/2aIbpqdGYac?rel=0

Requested by

Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

8b8e1a97986ac2cd89b2470bd6b1025bf7d35c1b39e74839376d046f3a455769

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:53 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
origin-trial: AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ohUJzYvrLP4 Show response
www.youtube.com/embed/ Frame 0A24 75 KB
31 KB 86ms
56ms Document
text/html 2a00:1450:4001:827::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/ohUJzYvrLP4?rel=0

Requested by

Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

a06490c702d36a1529a88824f408d512ccb8bab6614836e615f8c548c8976c4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:53 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
origin-trial: AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 60N1BsqYfLk Show response
www.youtube.com/embed/ Frame 0E49 75 KB
32 KB 84ms
55ms Document
text/html 2a00:1450:4001:827::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/60N1BsqYfLk?rel=0

Requested by

Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

a5b0834c54e491fcd04fefaff1d8121a698602015cb2b649fba710ba7d610a18

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:53 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
origin-trial: AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 -Z5tOYApDig Show response
www.youtube.com/embed/ Frame 5B02 75 KB
31 KB 100ms
72ms Document
text/html 2a00:1450:4001:827::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/-Z5tOYApDig?rel=0

Requested by

Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

fba14e068756cb018cf50ef23628ab6135f0485606798af1711bc1999bad3d6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.newtimes.co.rw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
cross-origin-resource-policy: cross-origin
date: Mon, 15 May 2023 20:42:53 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
origin-trial: AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 18747.jpeg
www.newtimes.co.rw/thenewtimes/uploads/images/2023/05/15/ 292 KB
293 KB 39ms
37ms Image
image/webp 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.newtimes.co.rw/thenewtimes/uploads/images/2023/05/15/18747.jpeg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 09a54c2a7ea5b66617bebbf0db36f8bd6274463477533355a49a38a2c9d26da5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:53 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
locationdebug: 1
cf-polished: origFmt=jpeg, origSize=494669
content-disposition: inline; filename="18747.webp"
content-length: 299190
cf-bgj: imgq:100,h2pri
last-modified: Mon, 15 May 2023 13:35:52 GMT
server: cloudflare
etag: "64623538-78c4d"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OVjl5eRq8Sps9iPdFKewczBYQQ9GdvuAK4qFN%2BaGp1KO8vnbng9jpvMSb1COfAzKjbVrUN5HWYzJT2dVPXeO8wUjjn7%2BeE7xYtVx7dASEVfLj8z9Wg96Ban%2FUrXuJHA0U3wyWc%2BA6s41p7VrmpICKA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7c7e35c678559bc2-FRA

GET
H2 200 18718.jpg
www.newtimes.co.rw/thenewtimes/uploads/images/2023/05/15/ 321 KB
322 KB 23ms
21ms Image
image/webp 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.newtimes.co.rw/thenewtimes/uploads/images/2023/05/15/18718.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 145c7970d3a7b49c6e87ef61e22d83fcbe280cc3f478b28444db70ac358e2eb4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:53 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
locationdebug: 1
cf-polished: origFmt=jpeg, origSize=593707
content-disposition: inline; filename="18718.webp"
content-length: 328706
cf-bgj: imgq:100,h2pri
last-modified: Mon, 15 May 2023 12:15:51 GMT
server: cloudflare
etag: "64622277-90f2b"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sx%2Fe0FW5cISFqyGlD62NjuecE0tgmhu0Q8hBMnTI2ALTlbVQbpMCikY6g93lY%2B3dQKsjCAl9JL%2F7jOExCIB1CpG%2FQP4HEdKgIvBFEV5aKmYootw6zBdt3zFE%2FbBXTVidRzUP%2FTye6XtDbCWIimbOgA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7c7e35c678579bc2-FRA

GET
H2 200 18751.jpeg
www.newtimes.co.rw/thenewtimes/uploads/images/2023/05/15/ 106 KB
107 KB 29ms
27ms Image
image/webp 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.newtimes.co.rw/thenewtimes/uploads/images/2023/05/15/18751.jpeg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9b556be9b0a4a4245548d841972d5ca3c34fcc79d80041627d69fd884047b49b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
locationdebug: 1
age: 4101
cf-polished: origFmt=jpeg, origSize=230648
content-disposition: inline; filename="18751.webp"
content-length: 109008
cf-bgj: imgq:100,h2pri
last-modified: Mon, 15 May 2023 14:54:01 GMT
server: cloudflare
etag: "64624789-384f8"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zhJ3oEAj5vODG1RVS3QnCrdQh%2F6UbdTDbicu8btcmeGMJOXHw7FpQSspxMy1%2BOhTyoiLIc%2B%2BxI%2FS7%2FRIibm9mMzHCy8Ebg03xrSXcDJVkOttvy5QjSDIqyhq4ppCYk0VcI92KLT65R4oWpHwUc9F0w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7c7e35c6785a9bc2-FRA

GET
H2 200 18676.jpg
www.newtimes.co.rw/thenewtimes/uploads/images/2023/05/14/ 250 KB
251 KB 30ms
28ms Image
image/webp 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.newtimes.co.rw/thenewtimes/uploads/images/2023/05/14/18676.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 59c979a599383c5d585d64e81b048a10e9c7b317310984bd8d1628919c8a2b13

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:53 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
locationdebug: 1
cf-polished: origFmt=jpeg, origSize=497931
content-disposition: inline; filename="18676.webp"
content-length: 256228
cf-bgj: imgq:100,h2pri
last-modified: Sun, 14 May 2023 19:39:55 GMT
server: cloudflare
etag: "6461390b-7990b"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9B52BrOvdlH%2B3bckAOD1cufd7alTUUpf6qxCIexu2YsEIVB77%2Bgn%2BSSeBKcCTVhOL4Loc6tK8bzLNvZEUdRxHLR6FnXYTIi%2FCcj%2BXV3ZfGPgXda6U9aJGHKDwI6v%2FjEXIxFlj6%2F0l1Ad66d%2BPm0ypg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7c7e35c6785c9bc2-FRA

GET
H2 200 18713.jpg
www.newtimes.co.rw/thenewtimes/uploads/images/2023/05/15/ 311 KB
312 KB 43ms
41ms Image
image/webp 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.newtimes.co.rw/thenewtimes/uploads/images/2023/05/15/18713.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1ca0df715ccbd64f3743f0d0d7c10e07bf14a6145d5349dfe162da8f52603b3c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:53 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
locationdebug: 1
cf-polished: origFmt=jpeg, origSize=565627
content-disposition: inline; filename="18713.webp"
content-length: 318894
cf-bgj: imgq:100,h2pri
last-modified: Mon, 15 May 2023 10:57:21 GMT
server: cloudflare
etag: "64621011-8a17b"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dk%2BKvJIBCxvFrp6%2FRBc8AW2t0fix4T5skig5c0TS5CR%2BrlC2grF3D1ZiV4on26WzEgVPxUDb0INfcPWsci1dZvW3fGlQB%2FNp2NCY7%2Bbp3lKt3rYlze90e3%2F783w6ipAQmM5gMQekm1QL3LJs3DKPig%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7c7e35c6785d9bc2-FRA

GET
H2 200 18710.jpg
www.newtimes.co.rw/thenewtimes/uploads/images/2023/05/15/ 298 KB
299 KB 33ms
31ms Image
image/webp 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.newtimes.co.rw/thenewtimes/uploads/images/2023/05/15/18710.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d1cefd6e7f577c8f6c44462356badd8df8e2cbe5caaf8150ea65bca6711195fb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:53 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
locationdebug: 1
cf-polished: origFmt=jpeg, origSize=596388
content-disposition: inline; filename="18710.webp"
content-length: 304940
cf-bgj: imgq:100,h2pri
last-modified: Mon, 15 May 2023 09:39:53 GMT
server: cloudflare
etag: "6461fde9-919a4"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0ZgRtqhuP6IkYlDAQYueuuWzKikjQmITT4a1JUqzKRq%2FGQuCcRdYZpa2BlCPYu6eKzPcVVLDLx9s83qLKVMAzfIKbQgCpXWY2FheGJ92dBqA14VPiHhgkxDdnK5u4lGCAtvAbKD1nvYyAIPer7EtcA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7c7e35c688679bc2-FRA

GET
H2 200 18701.jpg
www.newtimes.co.rw/thenewtimes/uploads/images/2023/05/15/ 283 KB
283 KB 23ms
21ms Image
image/webp 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.newtimes.co.rw/thenewtimes/uploads/images/2023/05/15/18701.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ac75af1fd6d2dd6fbdb02d2f7df44ad790061f9231899ea27c6fa779a9d15365

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:53 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
locationdebug: 1
cf-polished: origFmt=jpeg, origSize=417173
content-disposition: inline; filename="18701.webp"
content-length: 289408
cf-bgj: imgq:100,h2pri
last-modified: Mon, 15 May 2023 06:33:49 GMT
server: cloudflare
etag: "6461d24d-65d95"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h2cGsIqtlgdusFOYsXYERaadeWtcZYVbP6R%2FbOYjDc%2FnbxW1WUEAFwlvb6n2tQSbwHwKxiuKC7iEw2OzOX3HllJgIma3pcSpAYGrFnCX%2FxyHJ8XzwhQKyxJKPFpkH%2BQuKD9oDdKKoutlMlzi3NqQGg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7c7e35c6c8ab9bc2-FRA

GET
H2 200 18699.jpg
www.newtimes.co.rw/thenewtimes/uploads/images/2023/05/14/ 253 KB
254 KB 22ms
19ms Image
image/webp 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.newtimes.co.rw/thenewtimes/uploads/images/2023/05/14/18699.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 91723f4bf15139392fd9425731b5d795958f6e5ce883aeba7abe8c95b57bbd2e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:53 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
locationdebug: 1
cf-polished: origFmt=jpeg, origSize=491497
content-disposition: inline; filename="18699.webp"
content-length: 259244
cf-bgj: imgq:100,h2pri
last-modified: Sun, 14 May 2023 20:11:49 GMT
server: cloudflare
etag: "64614085-77fe9"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FUFIS1jJs2qEfbyJZ%2BQpk20uJqyEMMLwwuJJnjBf%2FbsX5VI46VVajGM0fEdrP0GKksKWogIVTxFymcK2o3ABk2l7MnsaFufT3rt81nYP9wXAadlWCyXJNr1a99xlgbNjXBgV12OUR3V094p2htcOIg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7c7e35c6c8b19bc2-FRA

GET
H2 200 18643.jpeg
www.newtimes.co.rw/thenewtimes/uploads/images/2023/05/14/ 33 KB
34 KB 24ms
23ms Image
image/webp 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.newtimes.co.rw/thenewtimes/uploads/images/2023/05/14/18643.jpeg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 12abda8dd3b6a00d0afd893e62ed9b4dbad0f5b2d0dc900e992622d0ea7f44e9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:53 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
locationdebug: 1
cf-polished: origFmt=jpeg, origSize=83436
content-disposition: inline; filename="18643.webp"
content-length: 34190
cf-bgj: imgq:100,h2pri
last-modified: Sun, 14 May 2023 08:04:48 GMT
server: cloudflare
etag: "64609620-145ec"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u%2FpURTQ8KeGmjtIKLTwJg6ySTCO71IdWs1fefjVKhzWK%2B6SWzQrTTQ%2Fi9PQUnibtaK5lZLn2LJDAt146gy537ACvULdf6oTniAvloOLcERRW10oSjdwBgkEnMI%2BiuXcgPf7bE7y5p1iz%2FaJRsvgigw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7c7e35c6c8ba9bc2-FRA

GET
H2 200 18043.jpeg
www.newtimes.co.rw/thenewtimes/uploads/images/2023/05/07/ 138 KB
139 KB 22ms
20ms Image
image/webp 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.newtimes.co.rw/thenewtimes/uploads/images/2023/05/07/18043.jpeg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 99bea178b89d7cba46b4970e76ebca630486c955f20f1aa7b1ab11396bca4a0e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:53 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
locationdebug: 1
cf-polished: origFmt=jpeg, origSize=279204
content-disposition: inline; filename="18043.webp"
content-length: 141592
cf-bgj: imgq:100,h2pri
last-modified: Sun, 07 May 2023 08:28:19 GMT
server: cloudflare
etag: "64576123-442a4"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j0X3MzP%2Bp5EjZggYTaTym77r5p11mlfiN2Xia9fLTCmQidFVnh%2F7AWRorB3YedQL6DB3mQCeDyybh85AvAbdHtXhPJfYRcRKX9ptOyGHmv8Few6WOv3xVUozYEo0t0KjHBAB%2BmwFPlxA9DzO4DxREg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7c7e35c6c8bb9bc2-FRA

GET
H2 200 15611.jpg
www.newtimes.co.rw/thenewtimes/uploads/images/2023/04/02/ 144 KB
145 KB 24ms
23ms Image
image/webp 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.newtimes.co.rw/thenewtimes/uploads/images/2023/04/02/15611.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 83a7723430f74e8a151bd7fcc800fc80b511d413e3af110ef0d5e443a6e60209

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:53 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
locationdebug: 1
cf-polished: origFmt=jpeg, origSize=323736
content-disposition: inline; filename="15611.webp"
content-length: 147658
cf-bgj: imgq:100,h2pri
last-modified: Sun, 02 Apr 2023 16:34:34 GMT
server: cloudflare
etag: "6429ae9a-4f098"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fRKdHxqLDpAfb0mHEFXqg35m8%2BTB2c%2F6FT%2BeFcZy0gWlriZEVrvtFbWAu9ZSI%2Ba%2B%2B4DJgQN7l%2F%2BKtX2GGDv07HUMWbh1MmSkMKrzrpSNgVlnqh1%2FboqMqKIx0%2BiWCORClunk%2FZR1bJO%2Fe3CVN2Y1sA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7c7e35c6c8c09bc2-FRA

GET
H2 200 15454.jpg
www.newtimes.co.rw/thenewtimes/uploads/images/2023/03/31/ 186 KB
186 KB 22ms
22ms Image
image/webp 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.newtimes.co.rw/thenewtimes/uploads/images/2023/03/31/15454.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 77aff5793d453962bac0dec9f50d18a7c59fc982ccf8e35fb6a73d3a1f0b4693

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:53 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
locationdebug: 1
cf-polished: origFmt=jpeg, origSize=356395
content-disposition: inline; filename="15454.webp"
content-length: 190204
cf-bgj: imgq:100,h2pri
last-modified: Fri, 31 Mar 2023 12:58:28 GMT
server: cloudflare
etag: "6426d8f4-5702b"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aXGhTebQqDjrU3JnnJzhfax64ObF2xBL4HjdcK8wCAVrqFl9yC1Z5dcQMVme9LDIQnu5G49Fs5mq9OxM5shL6aX%2F2pB0dEillElO%2BSJvFyYdpHKDiZchS2RZo49c6gs5dDMp6fHV6Y3LJ9NGU8cUCg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7c7e35c6d8c19bc2-FRA

GET
H2 200 18691.jpg
www.newtimes.co.rw/thenewtimes/uploads/images/2023/05/14/ 179 KB
179 KB 24ms
23ms Image
image/webp 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.newtimes.co.rw/thenewtimes/uploads/images/2023/05/14/18691.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8b33fed241c7e1b330ef1fbc693f13f9f25b876ea99e004e02347356aaba929c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:53 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
locationdebug: 1
cf-polished: origFmt=jpeg, origSize=350330
content-disposition: inline; filename="18691.webp"
content-length: 183086
cf-bgj: imgq:100,h2pri
last-modified: Sun, 14 May 2023 19:55:30 GMT
server: cloudflare
etag: "64613cb2-5587a"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HUDFIEGnJaGOPBHL0gR3aHKrHrIvMEe%2F1yIun3eHC7siaA5KD4Zi6Azr%2F%2Fye2ZWC09rI5H4yYl0kE%2BqZReD31NEgOF8IizgB9iF8dmrBE1%2BduqlsBiXdSbOjUcJfms5kKqK5jUnXvkboD2jI%2FBTfPw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7c7e35c6e8e59bc2-FRA

GET
H2 200 18698.jpg
www.newtimes.co.rw/thenewtimes/uploads/images/2023/05/14/ 372 KB
372 KB 27ms
26ms Image
image/webp 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.newtimes.co.rw/thenewtimes/uploads/images/2023/05/14/18698.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bd5a390ca4dbd0bfb3d4359cbd6d4264ea40a316d879529ed82d030f62003002

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:53 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
locationdebug: 1
cf-polished: origFmt=jpeg, origSize=675618
content-disposition: inline; filename="18698.webp"
content-length: 380430
cf-bgj: imgq:100,h2pri
last-modified: Sun, 14 May 2023 20:07:49 GMT
server: cloudflare
etag: "64613f95-a4f22"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9vNUP4QCWvlx39ls07qBlmZyplRv3tAJJajo72cepk8WzwIAc4fuGVSpFY9KokZX92v%2F%2B2dFx7BmUl9XgIRYpb%2B3QFxSsASWcDVb5NyfFkADBaWpUeeY%2Bzo3ynma8hIXS471hjUhXvyePh%2Fo6QgF7w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7c7e35c6e8e89bc2-FRA

GET
H2 200 18638.jpg
www.newtimes.co.rw/thenewtimes/uploads/images/2023/05/13/ 414 KB
415 KB 34ms
32ms Image
image/webp 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.newtimes.co.rw/thenewtimes/uploads/images/2023/05/13/18638.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 67332ef2cea8b2c3ada817e3230526766c2e246254e1fc6c7a12b5bc7877b979

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:53 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
locationdebug: 1
cf-polished: origFmt=jpeg, origSize=728030
content-disposition: inline; filename="18638.webp"
content-length: 424074
cf-bgj: imgq:100,h2pri
last-modified: Sat, 13 May 2023 17:14:43 GMT
server: cloudflare
etag: "645fc583-b1bde"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=98vB0dVJ78pHsii1KAUlLIE2R77nv0MOgcBUfTJ794UuujOwpizjcX8Z4iDhnGtheSZ5pYHumhSCNua1WX%2FzdyHBhuciLO1Q93oTD1BtsLR6d6hnvNm67j2ikj3B1z9NK%2FHR7GGkZH04Q0J3zA%2FpIA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7c7e35c6f8ee9bc2-FRA

GET
H2 200 18511.jpg
www.newtimes.co.rw/thenewtimes/uploads/images/2023/05/12/ 168 KB
169 KB 28ms
27ms Image
image/webp 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.newtimes.co.rw/thenewtimes/uploads/images/2023/05/12/18511.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7550484b8be6ddfa7c7ea0778d64e7dca976ccc74f0d0c8c058f796d244f1eef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:53 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
locationdebug: 1
cf-polished: origFmt=jpeg, origSize=341908
content-disposition: inline; filename="18511.webp"
content-length: 172088
cf-bgj: imgq:100,h2pri
last-modified: Thu, 11 May 2023 22:04:33 GMT
server: cloudflare
etag: "645d6671-53794"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kv4IqMqGEGz5Ro6Sih1OkOxxjNeV1yl4lxomgd%2Bo0ti5ucQ5kh1lBbDsHzCZLVc9k3ZFe%2ByxvviUl2w2RpfnD%2FhbrBAsUamn8WfXlUH0WjXA%2FumTiFpEht3xG4N%2BcQJD8lprkS09qwuYeV1ECgujRA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7c7e35c6f8ef9bc2-FRA

GET
H2 200 18112.jpg
www.newtimes.co.rw/thenewtimes/uploads/images/2023/05/08/ 197 KB
198 KB 36ms
34ms Image
image/webp 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.newtimes.co.rw/thenewtimes/uploads/images/2023/05/08/18112.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 75756355c8fcfccf30c6d8d782705713f70e804d7fd27b7263f44712a6ab053a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:53 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
locationdebug: 1
cf-polished: origFmt=jpeg, origSize=411172
content-disposition: inline; filename="18112.webp"
content-length: 202106
cf-bgj: imgq:100,h2pri
last-modified: Mon, 08 May 2023 12:28:21 GMT
server: cloudflare
etag: "6458eae5-64624"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q2cUrNDP2hJC73sEe7gW3pBG%2B2jQYW5u73u6PDNDq6pwrNb%2BwuPRf7LPhd36L6ljMiudYgBaYJfvF6tY7Y0dG4WoaZx69r72NOmUYHAlkBRUQmTCu2GDhv%2Foz70OUcTgT9Y%2FS%2FePTbjbAixhtTKxZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7c7e35c6f8f89bc2-FRA

GET
H2 200 15813.jpg
www.newtimes.co.rw/thenewtimes/uploads/images/2023/04/05/ 185 KB
185 KB 37ms
36ms Image
image/webp 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.newtimes.co.rw/thenewtimes/uploads/images/2023/04/05/15813.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d2da8c71cfc9b35209e6b25ef5f1ff60f255d0c56abf78ebda497a30cad2c57d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:53 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
locationdebug: 1
cf-polished: origFmt=jpeg, origSize=405562
content-disposition: inline; filename="15813.webp"
content-length: 188978
cf-bgj: imgq:100,h2pri
last-modified: Wed, 05 Apr 2023 10:28:56 GMT
server: cloudflare
etag: "642d4d68-6303a"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d58fQZValOMrFNJXZqMMSiNO5iKz6zMMJ0DLInun1dc9prrhujWRJxIxdZgMs%2FdGu2Td8cFrfKRiU2Os6I0ebHqfaD7yMXh217HgpbyX0yxB2CSG9SLFjcvtKxplifMr%2FB9tGNto3BHtm7dHh6br1w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7c7e35c6f8fb9bc2-FRA

GET
H2 200 14557.jpg
www.newtimes.co.rw/thenewtimes/uploads/images/2023/03/20/ 284 KB
285 KB 20ms
19ms Image
image/webp 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.newtimes.co.rw/thenewtimes/uploads/images/2023/03/20/14557.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 633b875d225dcad3d57a563834f83b4c49fa0e315511050e5846baf6a02934b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:53 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
locationdebug: 1
cf-polished: origFmt=jpeg, origSize=537710
content-disposition: inline; filename="14557.webp"
content-length: 290632
cf-bgj: imgq:100,h2pri
last-modified: Mon, 20 Mar 2023 17:36:28 GMT
server: cloudflare
etag: "6418999c-8346e"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q0yMVC3ZtgHsEu7%2FD23Y6UsuUmW9O9v3XtyGnSz%2B1eO8UU1XIwWncsdjZq1Jgq1QQo1cR2YnXCUDaLFZkiRC3OS%2FRVCIoRPWY9zb18UwvJZKRkbZwHC2XTrSNSeoj6r%2BTb2%2BFQ%2FbeOSdmOUifHmguw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7c7e35c7192a9bc2-FRA

GET
H2 200 14209.jpg
www.newtimes.co.rw/thenewtimes/uploads/images/2023/03/16/ 211 KB
212 KB 43ms
40ms Image
image/webp 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.newtimes.co.rw/thenewtimes/uploads/images/2023/03/16/14209.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 63e6202e0e20fafa3f600ddce93331b32cea3b47789a59f0e66653e10ebcf028

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:53 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
locationdebug: 1
cf-polished: origFmt=jpeg, origSize=417137
content-disposition: inline; filename="14209.webp"
content-length: 216490
cf-bgj: imgq:100,h2pri
last-modified: Thu, 16 Mar 2023 12:35:54 GMT
server: cloudflare
etag: "64130d2a-65d71"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4Ewtvvb%2BjMmQdvzRNpRZ5vsWvt0mwwS%2BWTwYbQjj%2BiR8iAutUuswPvvGlCaOcPVZ6FsjfNLgAh4Mteu5un%2BW3%2B7PMzbQzsjp2LYHF1vMKiQN4FCa7jnonFXu6XMUWs%2FfQ09SSsYhlTdgMY1iWR%2F4Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7c7e35c729399bc2-FRA

GET
H2 200 18687.jpeg
www.newtimes.co.rw/thenewtimes/uploads/images/2023/05/14/ 175 KB
176 KB 28ms
26ms Image
image/webp 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.newtimes.co.rw/thenewtimes/uploads/images/2023/05/14/18687.jpeg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7ce4cfe49bd4275e9e080671c07da769ede7359411f9e9ac8898a13dc071408b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:53 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
locationdebug: 1
cf-polished: origFmt=jpeg, origSize=325824
content-disposition: inline; filename="18687.webp"
content-length: 179556
cf-bgj: imgq:100,h2pri
last-modified: Sun, 14 May 2023 19:44:26 GMT
server: cloudflare
etag: "64613a1a-4f8c0"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JziX7GjqMWVmryFegSuJAmDAe7V6HyRRQHS27vhZmci05Ox5GaozWooBSErQVGFRa%2FIabEFcm1n%2B2%2Fi0XqkK89xL8qFRn1Y8qDAK7XdCCbMomPl6%2BS4FbuyGkfInICZ4KJHuPRNmkKu%2BOQkkgFK2cQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7c7e35c739409bc2-FRA

GET
H2 200 18781.jpeg
www.newtimes.co.rw/thenewtimes/uploads/images/2023/05/15/ 195 KB
196 KB 43ms
40ms Image
image/webp 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.newtimes.co.rw/thenewtimes/uploads/images/2023/05/15/18781.jpeg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: adedd2344705d690f045ed0be660d11dfa1b3bf313752b5d25e4b6f0a7b8b7b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:53 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
locationdebug: 1
cf-polished: origFmt=jpeg, origSize=392637
content-disposition: inline; filename="18781.webp"
content-length: 199736
cf-bgj: imgq:100,h2pri
last-modified: Mon, 15 May 2023 17:18:08 GMT
server: cloudflare
etag: "64626950-5fdbd"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VjC19tacZnZjIS3o6WL%2BfCg6AZlJQXeITaXGBi0AbmpwSwcsjZBVfPZ1scpawXemWClfIKPNOO%2FrKQuktzM54siWrcB783eG7%2FXXJ5G8z%2FXTgBb5ECQ%2FXlN%2B1M7fMpvu9Yv5xLvWwH%2F4K1RgPiZqGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7c7e35c739479bc2-FRA

GET
H2 200 18782.jpeg
www.newtimes.co.rw/thenewtimes/uploads/images/2023/05/15/ 54 KB
54 KB 24ms
22ms Image
image/webp 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.newtimes.co.rw/thenewtimes/uploads/images/2023/05/15/18782.jpeg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 39198f1730d2e4e4188a177586ebc753590bea656f86ee2131c467eb7755d03d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
locationdebug: 1
age: 4098
cf-polished: origFmt=jpeg, origSize=116150
content-disposition: inline; filename="18782.webp"
content-length: 54840
cf-bgj: imgq:100,h2pri
last-modified: Mon, 15 May 2023 19:23:40 GMT
server: cloudflare
etag: "646286bc-1c5b6"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MDOhq3pvC%2Fn0haoPoy0bC2TnheABtH8zVHb%2Brm5sekW0rxEyNtsVoTzKBkekRdClJ6Gxr82PUjF6mlEenJPXkILwjpFTSLu09K1G90AeeDV2HOs1czZHMSmUDqSRZKrxlfc3woZydfm%2FTltFPfriPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7c7e35c6a88d9bc2-FRA

GET
H2 200 18749.jpeg
www.newtimes.co.rw/thenewtimes/uploads/images/2023/05/15/ 136 KB
136 KB 28ms
26ms Image
image/webp 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.newtimes.co.rw/thenewtimes/uploads/images/2023/05/15/18749.jpeg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 37495dddf76381833c30f35fffab5ea89f7207184cc939b7c2ba640e7d9d5194

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:53 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
locationdebug: 1
cf-polished: origFmt=jpeg, origSize=283671
content-disposition: inline; filename="18749.webp"
content-length: 139020
cf-bgj: imgq:100,h2pri
last-modified: Mon, 15 May 2023 14:47:48 GMT
server: cloudflare
etag: "64624614-45417"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DJTbtuc%2B2VtGKFj4UjlEMJssXoJzA5xKpYe2Slrwnsnwu%2B5yqrIMg99F99nsQCNsD2Wq%2Bq2WtOdsBb4RVTbC%2Fto8c6cQH7pBlyhwvKNgFJ%2Fvl7PI4X%2FmaloIssfmaHIfzd%2F4Sjd7A9AyBa3gI4%2BHhw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7c7e35c6a8899bc2-FRA

GET
H2 200 18723.jpg
www.newtimes.co.rw/thenewtimes/uploads/images/2023/05/15/ 196 KB
196 KB 26ms
24ms Image
image/webp 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.newtimes.co.rw/thenewtimes/uploads/images/2023/05/15/18723.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8031aaf823460f4fcc21cbbbfd4ff728a7ce4bd847fa26c0e3755e3f0b94d810

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:53 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
locationdebug: 1
cf-polished: origFmt=jpeg, origSize=433652
content-disposition: inline; filename="18723.webp"
content-length: 200572
cf-bgj: imgq:100,h2pri
last-modified: Mon, 15 May 2023 12:26:31 GMT
server: cloudflare
etag: "646224f7-69df4"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bIixD5TPfqKrkaqilZs0%2FAp54kGOfbF58dj%2Ft5Xequqt%2F%2BU0%2FagyZdxhQXYpIyVbURJxff8WjK%2FEg4xZPR9c42T8P7NBWNTVSi7pGeHQ9XdGRkyQcCl%2BFobbg3InI%2FF3%2FgDMfvS%2BMCbJM5Yh5%2FVJvw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7c7e35c6a8889bc2-FRA

GET
H2 200 18711.jpg
www.newtimes.co.rw/thenewtimes/uploads/images/2023/05/15/ 179 KB
180 KB 21ms
19ms Image
image/webp 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.newtimes.co.rw/thenewtimes/uploads/images/2023/05/15/18711.jpg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a73fe18d02cda6c90fde12de4d3ce1ac52ec0d8879c84f65748dbd1ff5a23081

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.newtimes.co.rw/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:53 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
locationdebug: 1
age: 4092
cf-polished: origFmt=jpeg, origSize=354474
content-disposition: inline; filename="18711.webp"
content-length: 183414
cf-bgj: imgq:100,h2pri
last-modified: Mon, 15 May 2023 09:48:31 GMT
server: cloudflare
etag: "6461ffef-568aa"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2UxFrZRb%2BlQpMO7DQZZmz2UagpmvRAlaPm%2F8%2FPl7UsvMw%2F%2F0dLL%2BVtcxmmQ2xCxtQffT6jx7ic4whnZlFsWjn5st7ZRZlx8bQMOlRvYP1xUaEtG1UcTgj%2BnlhaHXwKEsQXspMBDPQwzSy9Y7Uoggmg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7c7e35c6a88a9bc2-FRA

GET
H2 200 DuplicateSans-Bold.ttf
www.newtimes.co.rw/theme_newtimes/fonts/ 90 KB
90 KB 19ms
18ms Font
application/octet-stream 2606:4700:20::681a:956
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.newtimes.co.rw/theme_newtimes/fonts/DuplicateSans-Bold.ttf
Requested by: Host: www.newtimes.co.rw
URL: https://www.newtimes.co.rw/theme_newtimes/css/general-styles.min.css?v=0.37
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:956 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b6342f094b5d3b9c180f8fd9ad4d2d9c56e4270b2c648f8ec883393d5b899c6e

Request headers

Referer: https://www.newtimes.co.rw/theme_newtimes/css/general-styles.min.css?v=0.37
Origin: https://www.newtimes.co.rw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:53 GMT
cf-cache-status: HIT
last-modified: Wed, 22 Jun 2022 06:24:39 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
locationdebug: 1
age: 7029
etag: "62b2b5a7-16740"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MGyt5OYrj5sdLtYS4RiPdMrooJKMbeoXkXXrYqgT92k%2F5TOc%2BTf0jCX3woHmFRw%2BM%2FPFwQXB4QFKGZqEb4x%2B0toUIc0x5ynRzNuv%2FFxrsiJopMGNnLx9ZMboBHwFJCBuM1ifSHVtfl%2Bqf6FwHP7xAw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7c7e35c688699bc2-FRA
content-length: 91968

GET
H3 200 4iCs6KVjbNBYlgoKfw72.woff2
fonts.gstatic.com/s/ubuntu/v20/ 34 KB
34 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ubuntu/v20/4iCs6KVjbNBYlgoKfw72.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Ubuntu&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7f653b3ce9d3277457fc6da4edb246ae2f6c913f088c42dcb8cd2e96267aa21a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.newtimes.co.rw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Sat, 13 May 2023 17:40:30 GMT
x-content-type-options: nosniff
age: 183743
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34852
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:31:23 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 May 2024 17:40:30 GMT

GET
H3 200 k3kPo8UDI-1M0wlSV9XAw6lQkqWY8Q82sLydOxI.woff2
fonts.gstatic.com/s/archivo/v18/ 31 KB
31 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/archivo/v18/k3kPo8UDI-1M0wlSV9XAw6lQkqWY8Q82sLydOxI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Archivo:wght@400;500;600;700;800;900&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

68c831b3324ca6fea43d48681ac2b9338b794ecdb60ff7fa7059a997d4007604

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.newtimes.co.rw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Thu, 11 May 2023 19:40:47 GMT
x-content-type-options: nosniff
age: 349326
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31516
x-xss-protection: 0
last-modified: Fri, 24 Jun 2022 19:34:15 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 10 May 2024 19:40:47 GMT

GET
H3 200 k3kPo8UDI-1M0wlSV9XAw6lQkqWY8Q82sLydOxI.woff2
fonts.gstatic.com/s/archivo/v18/ 31 KB
31 KB 10ms
10ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/archivo/v18/k3kPo8UDI-1M0wlSV9XAw6lQkqWY8Q82sLydOxI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Archivo:wght@400;500;600;700;800;900&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

68c831b3324ca6fea43d48681ac2b9338b794ecdb60ff7fa7059a997d4007604

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.newtimes.co.rw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Thu, 11 May 2023 19:40:47 GMT
x-content-type-options: nosniff
age: 349326
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31516
x-xss-protection: 0
last-modified: Fri, 24 Jun 2022 19:34:15 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 10 May 2024 19:40:47 GMT

GET
H3 200 k3kPo8UDI-1M0wlSV9XAw6lQkqWY8Q82sLydOxI.woff2
fonts.gstatic.com/s/archivo/v18/ 31 KB
31 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/archivo/v18/k3kPo8UDI-1M0wlSV9XAw6lQkqWY8Q82sLydOxI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Archivo:wght@400;500;600;700;800;900&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

68c831b3324ca6fea43d48681ac2b9338b794ecdb60ff7fa7059a997d4007604

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.newtimes.co.rw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Thu, 11 May 2023 19:40:47 GMT
x-content-type-options: nosniff
age: 349326
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31516
x-xss-protection: 0
last-modified: Fri, 24 Jun 2022 19:34:15 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 10 May 2024 19:40:47 GMT

GET
H2 200 www-player.css
www.youtube.com/s/player/cfa9e7cb/ Frame 0E49 405 KB
48 KB 17ms
15ms Stylesheet
text/css 2a00:1450:4001:827::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/cfa9e7cb/www-player.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/60N1BsqYfLk?rel=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

eccf57b62dbae261e99c42c11f1d643aa66362fc72a0696be044a75466ba5202

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/60N1BsqYfLk?rel=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:37:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 345
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48645
x-xss-protection: 0
last-modified: Wed, 10 May 2023 01:29:37 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 14 May 2024 20:37:08 GMT

GET
H2 200 www-embed-player.js Show response
www.youtube.com/s/player/cfa9e7cb/www-embed-player.vflset/ Frame 0E49 338 KB
95 KB 21ms
19ms Script
text/javascript 2a00:1450:4001:827::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/cfa9e7cb/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/60N1BsqYfLk?rel=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

48a391f29bc14459aa881d701beed00820c0b7ef72aa0a85fc08d6e21d169ec1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/60N1BsqYfLk?rel=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:38:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 277
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 97217
x-xss-protection: 0
last-modified: Wed, 10 May 2023 01:29:37 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 14 May 2024 20:38:16 GMT

GET
H2 200 base.js Show response
www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/ Frame 0E49 2 MB
733 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:827::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/60N1BsqYfLk?rel=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

4eb5fefb8416c598f01847e5b53605cc6d3ffb3784067dba4185954a19ef2fe5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/60N1BsqYfLk?rel=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Wed, 10 May 2023 15:52:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 449412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 750263
x-xss-protection: 0
last-modified: Wed, 10 May 2023 01:29:37 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 09 May 2024 15:52:41 GMT

GET
H2 200 fetch-polyfill.js Show response
www.youtube.com/s/player/cfa9e7cb/fetch-polyfill.vflset/ Frame 0E49 9 KB
3 KB 22ms
20ms Script
text/javascript 2a00:1450:4001:827::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/cfa9e7cb/fetch-polyfill.vflset/fetch-polyfill.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/60N1BsqYfLk?rel=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

498b3f2a0357fbd50a80eb18b23ab4b461b791d640e5560b799f08ed960748a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/60N1BsqYfLk?rel=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:24:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1100
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2604
x-xss-protection: 0
last-modified: Wed, 10 May 2023 01:29:37 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 14 May 2024 20:24:33 GMT

GET
H2 200 www-player.css
www.youtube.com/s/player/cfa9e7cb/ Frame 0A24 405 KB
48 KB 14ms
13ms Stylesheet
text/css 2a00:1450:4001:827::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/cfa9e7cb/www-player.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/ohUJzYvrLP4?rel=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

eccf57b62dbae261e99c42c11f1d643aa66362fc72a0696be044a75466ba5202

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/ohUJzYvrLP4?rel=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:37:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 345
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48645
x-xss-protection: 0
last-modified: Wed, 10 May 2023 01:29:37 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 14 May 2024 20:37:08 GMT

GET
H2 200 www-embed-player.js Show response
www.youtube.com/s/player/cfa9e7cb/www-embed-player.vflset/ Frame 0A24 338 KB
95 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:827::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/cfa9e7cb/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/ohUJzYvrLP4?rel=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

48a391f29bc14459aa881d701beed00820c0b7ef72aa0a85fc08d6e21d169ec1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/ohUJzYvrLP4?rel=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:38:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 277
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 97217
x-xss-protection: 0
last-modified: Wed, 10 May 2023 01:29:37 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 14 May 2024 20:38:16 GMT

GET
H2 200 base.js Show response
www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/ Frame 0A24 2 MB
733 KB 42ms
42ms Script
text/javascript 2a00:1450:4001:827::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/ohUJzYvrLP4?rel=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

4eb5fefb8416c598f01847e5b53605cc6d3ffb3784067dba4185954a19ef2fe5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/ohUJzYvrLP4?rel=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Wed, 10 May 2023 15:52:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 449412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 750263
x-xss-protection: 0
last-modified: Wed, 10 May 2023 01:29:37 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 09 May 2024 15:52:41 GMT

GET
H2 200 fetch-polyfill.js Show response
www.youtube.com/s/player/cfa9e7cb/fetch-polyfill.vflset/ Frame 0A24 9 KB
3 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:827::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/cfa9e7cb/fetch-polyfill.vflset/fetch-polyfill.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/ohUJzYvrLP4?rel=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

498b3f2a0357fbd50a80eb18b23ab4b461b791d640e5560b799f08ed960748a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/ohUJzYvrLP4?rel=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:24:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1100
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2604
x-xss-protection: 0
last-modified: Wed, 10 May 2023 01:29:37 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 14 May 2024 20:24:33 GMT

GET
H2 200 www-player.css
www.youtube.com/s/player/cfa9e7cb/ Frame 4CC5 405 KB
48 KB 51ms
46ms Stylesheet
text/css 2a00:1450:4001:827::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/cfa9e7cb/www-player.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/2aIbpqdGYac?rel=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

eccf57b62dbae261e99c42c11f1d643aa66362fc72a0696be044a75466ba5202

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/2aIbpqdGYac?rel=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:37:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 345
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48645
x-xss-protection: 0
last-modified: Wed, 10 May 2023 01:29:37 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 14 May 2024 20:37:08 GMT

GET
H2 200 www-embed-player.js Show response
www.youtube.com/s/player/cfa9e7cb/www-embed-player.vflset/ Frame 4CC5 338 KB
95 KB 55ms
49ms Script
text/javascript 2a00:1450:4001:827::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/cfa9e7cb/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/2aIbpqdGYac?rel=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

48a391f29bc14459aa881d701beed00820c0b7ef72aa0a85fc08d6e21d169ec1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/2aIbpqdGYac?rel=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:38:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 277
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 97217
x-xss-protection: 0
last-modified: Wed, 10 May 2023 01:29:37 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 14 May 2024 20:38:16 GMT

GET
H2 200 base.js Show response
www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/ Frame 4CC5 2 MB
733 KB 57ms
51ms Script
text/javascript 2a00:1450:4001:827::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/2aIbpqdGYac?rel=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

4eb5fefb8416c598f01847e5b53605cc6d3ffb3784067dba4185954a19ef2fe5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/2aIbpqdGYac?rel=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Wed, 10 May 2023 15:52:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 449412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 750263
x-xss-protection: 0
last-modified: Wed, 10 May 2023 01:29:37 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 09 May 2024 15:52:41 GMT

GET
H2 200 fetch-polyfill.js Show response
www.youtube.com/s/player/cfa9e7cb/fetch-polyfill.vflset/ Frame 4CC5 9 KB
3 KB 58ms
53ms Script
text/javascript 2a00:1450:4001:827::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/cfa9e7cb/fetch-polyfill.vflset/fetch-polyfill.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/2aIbpqdGYac?rel=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

498b3f2a0357fbd50a80eb18b23ab4b461b791d640e5560b799f08ed960748a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/2aIbpqdGYac?rel=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:24:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1100
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2604
x-xss-protection: 0
last-modified: Wed, 10 May 2023 01:29:37 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 14 May 2024 20:24:33 GMT

GET
H2 200 www-player.css
www.youtube.com/s/player/cfa9e7cb/ Frame 5B02 405 KB
48 KB 50ms
42ms Stylesheet
text/css 2a00:1450:4001:827::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/cfa9e7cb/www-player.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/-Z5tOYApDig?rel=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

eccf57b62dbae261e99c42c11f1d643aa66362fc72a0696be044a75466ba5202

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/-Z5tOYApDig?rel=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:37:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 345
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48645
x-xss-protection: 0
last-modified: Wed, 10 May 2023 01:29:37 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 14 May 2024 20:37:08 GMT

GET
H2 200 www-embed-player.js Show response
www.youtube.com/s/player/cfa9e7cb/www-embed-player.vflset/ Frame 5B02 338 KB
95 KB 57ms
50ms Script
text/javascript 2a00:1450:4001:827::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/cfa9e7cb/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/-Z5tOYApDig?rel=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

48a391f29bc14459aa881d701beed00820c0b7ef72aa0a85fc08d6e21d169ec1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/-Z5tOYApDig?rel=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:38:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 277
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 97217
x-xss-protection: 0
last-modified: Wed, 10 May 2023 01:29:37 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 14 May 2024 20:38:16 GMT

GET
H2 200 base.js Show response
www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/ Frame 5B02 2 MB
733 KB 58ms
50ms Script
text/javascript 2a00:1450:4001:827::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/-Z5tOYApDig?rel=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

4eb5fefb8416c598f01847e5b53605cc6d3ffb3784067dba4185954a19ef2fe5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/-Z5tOYApDig?rel=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Wed, 10 May 2023 15:52:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 449412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 750263
x-xss-protection: 0
last-modified: Wed, 10 May 2023 01:29:37 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 09 May 2024 15:52:41 GMT

GET
H2 200 fetch-polyfill.js Show response
www.youtube.com/s/player/cfa9e7cb/fetch-polyfill.vflset/ Frame 5B02 9 KB
3 KB 60ms
52ms Script
text/javascript 2a00:1450:4001:827::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/cfa9e7cb/fetch-polyfill.vflset/fetch-polyfill.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/-Z5tOYApDig?rel=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

498b3f2a0357fbd50a80eb18b23ab4b461b791d640e5560b799f08ed960748a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/-Z5tOYApDig?rel=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:24:33 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1100
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2604
x-xss-protection: 0
last-modified: Wed, 10 May 2023 01:29:37 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Tue, 14 May 2024 20:24:33 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 0E49 15 KB
15 KB 11ms
9ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/60N1BsqYfLk?rel=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Sat, 13 May 2023 23:28:35 GMT
x-content-type-options: nosniff
age: 162859
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 May 2024 23:28:35 GMT

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 0E49 15 KB
15 KB 12ms
11ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/60N1BsqYfLk?rel=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Sat, 13 May 2023 17:47:45 GMT
x-content-type-options: nosniff
age: 183309
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 May 2024 17:47:45 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 0A24 15 KB
15 KB 18ms
17ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/ohUJzYvrLP4?rel=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Sat, 13 May 2023 23:28:35 GMT
x-content-type-options: nosniff
age: 162859
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 May 2024 23:28:35 GMT

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 0A24 15 KB
15 KB 18ms
18ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/ohUJzYvrLP4?rel=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Sat, 13 May 2023 17:47:45 GMT
x-content-type-options: nosniff
age: 183309
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 May 2024 17:47:45 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 4CC5 15 KB
15 KB 26ms
24ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/2aIbpqdGYac?rel=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Sat, 13 May 2023 23:28:35 GMT
x-content-type-options: nosniff
age: 162859
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 May 2024 23:28:35 GMT

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 4CC5 15 KB
15 KB 26ms
25ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/2aIbpqdGYac?rel=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Sat, 13 May 2023 17:47:45 GMT
x-content-type-options: nosniff
age: 183309
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 May 2024 17:47:45 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 5B02 15 KB
15 KB 28ms
25ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/-Z5tOYApDig?rel=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Sat, 13 May 2023 23:28:35 GMT
x-content-type-options: nosniff
age: 162859
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 May 2024 23:28:35 GMT

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 5B02 15 KB
15 KB 29ms
26ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/-Z5tOYApDig?rel=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Sat, 13 May 2023 17:47:45 GMT
x-content-type-options: nosniff
age: 183309
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 12 May 2024 17:47:45 GMT

GET
H3 200 id Show response
googleads.g.doubleclick.net/pagead/ Frame 0A24 113 B
159 B 15ms
15ms XHR
application/json 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cfa9e7cb/www-embed-player.vflset/www-embed-player.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

287671b61678a24eab2a323e016bddc1f6532d7c445bafe2876b05dc70a88b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 133
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame 0A24 29 B
495 B 31ms
7ms Script
text/javascript 2a00:1450:4001:829::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cfa9e7cb/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:37:07 GMT
x-content-type-options: nosniff
age: 347
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29
x-xss-protection: 0
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 15 May 2023 20:52:07 GMT

GET
H3 200 id Show response
googleads.g.doubleclick.net/pagead/ Frame 4CC5 113 B
159 B 16ms
15ms XHR
application/json 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cfa9e7cb/www-embed-player.vflset/www-embed-player.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f6e92812141d757d7e04a4b348e5e6dcaa12daf4550f928575cf188308f6fb44

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 133
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame 4CC5 29 B
89 B 9ms
8ms Script
text/javascript 2a00:1450:4001:829::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cfa9e7cb/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:37:07 GMT
x-content-type-options: nosniff
age: 347
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29
x-xss-protection: 0
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 15 May 2023 20:52:07 GMT

GET
H3 200 id Show response
googleads.g.doubleclick.net/pagead/ Frame 5B02 113 B
159 B 18ms
16ms XHR
application/json 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cfa9e7cb/www-embed-player.vflset/www-embed-player.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

72a2dbe7a8c52c5a28e33842d1abc2227b5508e86d4362d6472c7ac23a860ffe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 133
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame 5B02 29 B
89 B 7ms
6ms Script
text/javascript 2a00:1450:4001:829::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cfa9e7cb/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:37:07 GMT
x-content-type-options: nosniff
age: 347
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29
x-xss-protection: 0
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 15 May 2023 20:52:07 GMT

OPTIONS
H2 200 Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 36ms
14ms Preflight
text/html 2a00:1450:4001:810::200a

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Mon, 15 May 2023 20:42:54 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H2 200 Create Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0A24 68 KB
31 KB 23ms
22ms XHR
application/json+protobuf 2a00:1450:4001:810::200a

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200a -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

f0360050e503a5f308f03aa804a207831ae8d40bfd1eec2911c9ce7b9d812450

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Mon, 15 May 2023 20:42:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31664
x-xss-protection: 0

GET
H3 200 remote.js Show response
www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/ Frame 0A24 116 KB
33 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:827::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/remote.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

ad4781a7a8a0213ffbfda27884eb31924f8f55c52565c6440c2f517d8e32ddbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/ohUJzYvrLP4?rel=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Wed, 10 May 2023 15:52:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 449412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33682
x-xss-protection: 0
last-modified: Wed, 10 May 2023 01:29:37 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 09 May 2024 15:52:42 GMT

GET
H3 200 fcStgh4smOfAMc9IDeSBs19kD1Z1p72kXSRQ46_CmJQ.js Show response
www.google.com/js/th/ Frame 0A24 37 KB
14 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/th/fcStgh4smOfAMc9IDeSBs19kD1Z1p72kXSRQ46_CmJQ.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7dc4ad821e2c98e7c031cf480de481b35f640f5675a7bda45d2450e3afc29894

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Sun, 14 May 2023 01:00:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 157358
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14683
x-xss-protection: 0
last-modified: Tue, 25 Apr 2023 16:30:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 13 May 2024 01:00:16 GMT

GET
H2 200 sddefault.jpg
i.ytimg.com/vi/ohUJzYvrLP4/ Frame 0A24 42 KB
43 KB 41ms
19ms Image
image/jpeg 2a00:1450:4001:80f::2016

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/ohUJzYvrLP4/sddefault.jpg?sqp=-oaymwEmCIAFEOAD8quKqQMa8AEB-AH-CYAC0AWKAgwIABABGH8gEygaMA8=&rs=AOn4CLDv0ajG-B3W8AL3NL7ltSlTu6zysA

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/ohUJzYvrLP4?rel=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2016 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

163201a725db302ec666c1821720e696a86664bbde5d6dfec34662a3d7380332

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:54 GMT
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43177
x-xss-protection: 0
server: sffe
etag: "0"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Mon, 15 May 2023 22:42:54 GMT

GET
H3 200 embed.js Show response
www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/ Frame 0A24 29 KB
8 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:827::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

642a400039a41170589c933fd106710a2100d06d2c0d5e8150d21a5d89f30ce8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/ohUJzYvrLP4?rel=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Thu, 11 May 2023 16:37:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 360312
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8308
x-xss-protection: 0
last-modified: Wed, 10 May 2023 01:29:37 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 10 May 2024 16:37:42 GMT

GET
H3 200 id Show response
googleads.g.doubleclick.net/pagead/ Frame 0E49 113 B
159 B 15ms
15ms XHR
application/json 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cfa9e7cb/www-embed-player.vflset/www-embed-player.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9dbd44f73b9f851ac4ba10edd410d3ce975eed7f74baafb4470257d59f90625a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 133
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame 0E49 29 B
54 B 7ms
6ms Script
text/javascript 2a00:1450:4001:829::2006

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cfa9e7cb/www-embed-player.vflset/www-embed-player.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2006 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:37:07 GMT
x-content-type-options: nosniff
age: 347
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29
x-xss-protection: 0
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 15 May 2023 20:52:07 GMT

GET
DATA 200
OK truncated
/ Frame 0A24 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 AGIKgqNWJUlX5VIv9aMLhdANVhYhqRLSrjH2mpdauhDO=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ytc/ Frame 0A24 4 KB
4 KB 34ms
7ms Image
image/jpeg 2a00:1450:4001:827::2001

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/ytc/AGIKgqNWJUlX5VIv9aMLhdANVhYhqRLSrjH2mpdauhDO=s68-c-k-c0x00ffffff-no-rj

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/ohUJzYvrLP4?rel=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 -, , ASN (),

Reverse DNS

Software

fife /

Resource Hash

e1545dd0c2cfbfc070ea032404c746ce55c86ae551bd70b057a114d605f39ec4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:34:16 GMT
x-content-type-options: nosniff
age: 518
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3967
x-xss-protection: 0
server: fife
etag: "v8"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 16 May 2023 20:34:16 GMT

OPTIONS
H3 200 Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 15ms
15ms Preflight
text/html 2a00:1450:4001:810::200a

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Mon, 15 May 2023 20:42:54 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 Create Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 4CC5 68 KB
31 KB 23ms
22ms XHR
application/json+protobuf 2a00:1450:4001:810::200a

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

6e88924d7fb722281b8da6fb82687db30e8c19c35f3ae66515ef1e0bd1af47ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Mon, 15 May 2023 20:42:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31565
x-xss-protection: 0

GET
H3 200 remote.js Show response
www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/ Frame 4CC5 116 KB
33 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:827::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/remote.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

ad4781a7a8a0213ffbfda27884eb31924f8f55c52565c6440c2f517d8e32ddbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/2aIbpqdGYac?rel=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Wed, 10 May 2023 15:52:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 449412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33682
x-xss-protection: 0
last-modified: Wed, 10 May 2023 01:29:37 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 09 May 2024 15:52:42 GMT

GET
H3 200 fcStgh4smOfAMc9IDeSBs19kD1Z1p72kXSRQ46_CmJQ.js Show response
www.google.com/js/th/ Frame 4CC5 37 KB
14 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/th/fcStgh4smOfAMc9IDeSBs19kD1Z1p72kXSRQ46_CmJQ.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7dc4ad821e2c98e7c031cf480de481b35f640f5675a7bda45d2450e3afc29894

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Sun, 14 May 2023 01:00:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 157358
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14683
x-xss-protection: 0
last-modified: Tue, 25 Apr 2023 16:30:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 13 May 2024 01:00:16 GMT

GET
H2 200 sddefault.jpg
i.ytimg.com/vi/2aIbpqdGYac/ Frame 4CC5 40 KB
40 KB 19ms
19ms Image
image/jpeg 2a00:1450:4001:80f::2016

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/2aIbpqdGYac/sddefault.jpg?sqp=-oaymwEmCIAFEOAD8quKqQMa8AEB-AH-CYAC0AWKAgwIABABGHIgUyhEMA8=&rs=AOn4CLBJ4AYR0dgJpzCj8jv3mcyq7ocjGA

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/2aIbpqdGYac?rel=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2016 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

37390b6680be1c6194ccfe43f7340b3088c27d6f5398666379d9569a9aa95d72

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:54 GMT
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41009
x-xss-protection: 0
server: sffe
etag: "1682198347"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Mon, 15 May 2023 22:42:54 GMT

GET
H3 200 embed.js Show response
www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/ Frame 4CC5 29 KB
8 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:827::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

642a400039a41170589c933fd106710a2100d06d2c0d5e8150d21a5d89f30ce8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/2aIbpqdGYac?rel=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Thu, 11 May 2023 16:37:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 360312
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8308
x-xss-protection: 0
last-modified: Wed, 10 May 2023 01:29:37 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 10 May 2024 16:37:42 GMT

OPTIONS
H3 200 Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 15ms
14ms Preflight
text/html 2a00:1450:4001:810::200a

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Mon, 15 May 2023 20:42:54 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 Create Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 5B02 68 KB
31 KB 22ms
22ms XHR
application/json+protobuf 2a00:1450:4001:810::200a

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

7a092aa6da21f38f6e9975fb378f690ce4e02df715cdd82f6f6ed7bef2f60988

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Mon, 15 May 2023 20:42:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31763
x-xss-protection: 0

GET
H3 200 remote.js Show response
www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/ Frame 5B02 116 KB
33 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:827::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/remote.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

ad4781a7a8a0213ffbfda27884eb31924f8f55c52565c6440c2f517d8e32ddbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/-Z5tOYApDig?rel=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Wed, 10 May 2023 15:52:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 449412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33682
x-xss-protection: 0
last-modified: Wed, 10 May 2023 01:29:37 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 09 May 2024 15:52:42 GMT

GET
H3 200 fcStgh4smOfAMc9IDeSBs19kD1Z1p72kXSRQ46_CmJQ.js Show response
www.google.com/js/th/ Frame 5B02 37 KB
14 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/th/fcStgh4smOfAMc9IDeSBs19kD1Z1p72kXSRQ46_CmJQ.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7dc4ad821e2c98e7c031cf480de481b35f640f5675a7bda45d2450e3afc29894

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Sun, 14 May 2023 01:00:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 157358
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14683
x-xss-protection: 0
last-modified: Tue, 25 Apr 2023 16:30:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 13 May 2024 01:00:16 GMT

GET
H3 200 hqdefault.jpg
i.ytimg.com/vi/-Z5tOYApDig/ Frame 5B02 9 KB
9 KB 17ms
17ms Image
image/jpeg 2a00:1450:4001:80f::2016

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/-Z5tOYApDig/hqdefault.jpg?sqp=-oaymwEmCOADEOgC8quKqQMa8AEB-AH-CYAC0AWKAgwIABABGE8gVChlMA8=&rs=AOn4CLAQ-LWAX5tKdJTlfcnnZ6VRNTQT6w

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/-Z5tOYApDig?rel=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2016 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

741201f1dd055218343fad7b034dc52b30b84ac6af67e9a30edccddb4ce9f516

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:54 GMT
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9102
x-xss-protection: 0
server: sffe
etag: "1681055097"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/jpeg
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Mon, 15 May 2023 22:42:54 GMT

GET
H3 200 embed.js Show response
www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/ Frame 5B02 29 KB
8 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:827::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

642a400039a41170589c933fd106710a2100d06d2c0d5e8150d21a5d89f30ce8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/-Z5tOYApDig?rel=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Thu, 11 May 2023 16:37:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 360312
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8308
x-xss-protection: 0
last-modified: Wed, 10 May 2023 01:29:37 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 10 May 2024 16:37:42 GMT

GET
DATA 200
OK truncated
/ Frame 4CC5 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 AGIKgqNWJUlX5VIv9aMLhdANVhYhqRLSrjH2mpdauhDO=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ytc/ Frame 4CC5 4 KB
4 KB 7ms
6ms Image
image/jpeg 2a00:1450:4001:827::2001

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/ytc/AGIKgqNWJUlX5VIv9aMLhdANVhYhqRLSrjH2mpdauhDO=s68-c-k-c0x00ffffff-no-rj

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/2aIbpqdGYac?rel=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 -, , ASN (),

Reverse DNS

Software

fife /

Resource Hash

e1545dd0c2cfbfc070ea032404c746ce55c86ae551bd70b057a114d605f39ec4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:34:16 GMT
x-content-type-options: nosniff
age: 518
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3967
x-xss-protection: 0
server: fife
etag: "v8"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 16 May 2023 20:34:16 GMT

GET
DATA 200
OK truncated
/ Frame 5B02 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 AGIKgqNWJUlX5VIv9aMLhdANVhYhqRLSrjH2mpdauhDO=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ytc/ Frame 5B02 4 KB
4 KB 6ms
6ms Image
image/jpeg 2a00:1450:4001:827::2001

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/ytc/AGIKgqNWJUlX5VIv9aMLhdANVhYhqRLSrjH2mpdauhDO=s68-c-k-c0x00ffffff-no-rj

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/-Z5tOYApDig?rel=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 -, , ASN (),

Reverse DNS

Software

fife /

Resource Hash

e1545dd0c2cfbfc070ea032404c746ce55c86ae551bd70b057a114d605f39ec4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:34:16 GMT
x-content-type-options: nosniff
age: 518
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3967
x-xss-protection: 0
server: fife
etag: "v8"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 16 May 2023 20:34:16 GMT

OPTIONS
H3 200 Create
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 15ms
14ms Preflight
text/html 2a00:1450:4001:810::200a

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Mon, 15 May 2023 20:42:54 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 Create Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0E49 67 KB
31 KB 23ms
23ms XHR
application/json+protobuf 2a00:1450:4001:810::200a

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

449d4d51c1b8b7ea8584ee082652d1087678f67989ddb073e2fb9fce5ea13e08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Mon, 15 May 2023 20:42:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31532
x-xss-protection: 0

GET
H3 200 remote.js Show response
www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/ Frame 0E49 116 KB
33 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:827::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/remote.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

ad4781a7a8a0213ffbfda27884eb31924f8f55c52565c6440c2f517d8e32ddbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/60N1BsqYfLk?rel=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Wed, 10 May 2023 15:52:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 449412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33682
x-xss-protection: 0
last-modified: Wed, 10 May 2023 01:29:37 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 09 May 2024 15:52:42 GMT

GET
H3 200 fcStgh4smOfAMc9IDeSBs19kD1Z1p72kXSRQ46_CmJQ.js Show response
www.google.com/js/th/ Frame 0E49 37 KB
14 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/th/fcStgh4smOfAMc9IDeSBs19kD1Z1p72kXSRQ46_CmJQ.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7dc4ad821e2c98e7c031cf480de481b35f640f5675a7bda45d2450e3afc29894

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Sun, 14 May 2023 01:00:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 157358
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14683
x-xss-protection: 0
last-modified: Tue, 25 Apr 2023 16:30:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 13 May 2024 01:00:16 GMT

GET
H3 200 sddefault.webp
i.ytimg.com/vi_webp/60N1BsqYfLk/ Frame 0E49 40 KB
40 KB 17ms
17ms Image
image/webp 2a00:1450:4001:80f::2016

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi_webp/60N1BsqYfLk/sddefault.webp

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/60N1BsqYfLk?rel=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2016 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

78ed4597e2349287e8b68b827116e75a209e8b538bb082e9af907e0024735861

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:54 GMT
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40948
x-xss-protection: 0
server: sffe
etag: "1681475569"
vary: Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: image/webp
cache-control: public, max-age=7200
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Mon, 15 May 2023 22:42:54 GMT

GET
H3 200 embed.js Show response
www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/ Frame 0E49 29 KB
8 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:827::200e

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

642a400039a41170589c933fd106710a2100d06d2c0d5e8150d21a5d89f30ce8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/60N1BsqYfLk?rel=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Thu, 11 May 2023 16:37:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 360312
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8308
x-xss-protection: 0
last-modified: Wed, 10 May 2023 01:29:37 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 10 May 2024 16:37:42 GMT

GET
DATA 200
OK truncated
/ Frame 0E49 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 AGIKgqNWJUlX5VIv9aMLhdANVhYhqRLSrjH2mpdauhDO=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ytc/ Frame 0E49 4 KB
4 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:827::2001

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/ytc/AGIKgqNWJUlX5VIv9aMLhdANVhYhqRLSrjH2mpdauhDO=s68-c-k-c0x00ffffff-no-rj

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/60N1BsqYfLk?rel=0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2001 -, , ASN (),

Reverse DNS

Software

fife /

Resource Hash

e1545dd0c2cfbfc070ea032404c746ce55c86ae551bd70b057a114d605f39ec4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:34:16 GMT
x-content-type-options: nosniff
age: 518
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3967
x-xss-protection: 0
server: fife
etag: "v8"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 16 May 2023 20:34:16 GMT

POST
H2 200 all
csm.eu.criteo.net/ Frame C2B3 0
127 B 14ms
13ms Ping
text/plain 2a02:2638:3::1a
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::1a , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.eu.criteo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 15 May 2023 20:42:54 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

OPTIONS
H3 200 GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 14ms
14ms Preflight
text/html 2a00:1450:4001:810::200a

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Mon, 15 May 2023 20:42:54 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 GenerateIT Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0A24 90 B
134 B 18ms
17ms XHR
application/json+protobuf 2a00:1450:4001:810::200a

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

1b33436a8be416841d81046f6e5815878898636530bf6c9299ae04be235e3861

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Mon, 15 May 2023 20:42:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 110
x-xss-protection: 0

OPTIONS
H3 200 GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 15ms
15ms Preflight
text/html 2a00:1450:4001:810::200a

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Mon, 15 May 2023 20:42:54 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 GenerateIT Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 4CC5 90 B
134 B 18ms
17ms XHR
application/json+protobuf 2a00:1450:4001:810::200a

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

a631c91529e4828882fdea85da4f31be2fde050382c50b26ca0878c26668928b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Mon, 15 May 2023 20:42:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 110
x-xss-protection: 0

OPTIONS
H3 200 GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 15ms
15ms Preflight
text/html 2a00:1450:4001:810::200a

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Mon, 15 May 2023 20:42:55 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 GenerateIT Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 5B02 90 B
134 B 19ms
18ms XHR
application/json+protobuf 2a00:1450:4001:810::200a

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

725a68fb2976065cd12cc2452075ca554d830f932a392ab7570c79f227e6e942

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Mon, 15 May 2023 20:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 110
x-xss-protection: 0

OPTIONS
H3 200 GenerateIT
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0
0 15ms
14ms Preflight
text/html 2a00:1450:4001:810::200a

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Access-Control-Request-Method: POST
Origin: https://www.youtube.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin: https://www.youtube.com
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Mon, 15 May 2023 20:42:55 GMT
server: ESF
vary: origin referer x-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0

POST
H3 200 GenerateIT Show response
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/ Frame 0E49 90 B
134 B 19ms
19ms XHR
application/json+protobuf 2a00:1450:4001:810::200a

General

Check archive.org

Show headers Download Go to

Full URL

https://jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200a -, , ASN (),

Reverse DNS

Software

ESF /

Resource Hash

e4e0bd7d15af62b9d2a3b213d727c5f89ae9e0475622e4daf225f8533cb2c717

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-User-Agent: grpc-web-javascript/0.1
Referer: https://www.youtube.com/
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: application/json+protobuf

Response headers

date: Mon, 15 May 2023 20:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json+protobuf; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 110
x-xss-protection: 0

GET
H3 204 generate_204
www.youtube.com/ Frame 0A24 0
10 B 7ms
6ms Image
text/plain 2a00:1450:4001:827::200e

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/generate_204?S2_8Ew
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::200e -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/ohUJzYvrLP4?rel=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:55 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 cast_sender.js Show response
www.gstatic.com/cv/js/sender/v1/ Frame 0A24 4 KB
2 KB 101ms
79ms Script
text/javascript 2a00:1450:4001:811::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2007
x-xss-protection: 0
last-modified: Tue, 16 Feb 2021 23:57:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview"
vary: Accept-Encoding
report-to: {"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 15 May 2023 20:42:55 GMT

GET
H3 204 generate_204
www.youtube.com/ Frame 4CC5 0
10 B 7ms
6ms Image
text/plain 2a00:1450:4001:827::200e

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/generate_204?ovVklA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::200e -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/2aIbpqdGYac?rel=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:55 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 cast_sender.js Show response
www.gstatic.com/cv/js/sender/v1/ Frame 4CC5 4 KB
2 KB 115ms
114ms Script
text/javascript 2a00:1450:4001:811::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2007
x-xss-protection: 0
last-modified: Tue, 16 Feb 2021 23:57:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview"
vary: Accept-Encoding
report-to: {"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 15 May 2023 20:42:55 GMT

GET
H3 204 generate_204
www.youtube.com/ Frame 5B02 0
10 B 7ms
7ms Image
text/plain 2a00:1450:4001:827::200e

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/generate_204?qmqBsw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::200e -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/-Z5tOYApDig?rel=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:55 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 cast_sender.js Show response
www.gstatic.com/cv/js/sender/v1/ Frame 5B02 4 KB
2 KB 54ms
54ms Script
text/javascript 2a00:1450:4001:811::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2007
x-xss-protection: 0
last-modified: Tue, 16 Feb 2021 23:57:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview"
vary: Accept-Encoding
report-to: {"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 15 May 2023 20:42:55 GMT

GET
H3 204 generate_204
www.youtube.com/ Frame 0E49 0
10 B 7ms
6ms Image
text/plain 2a00:1450:4001:827::200e

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/generate_204?DavYpw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::200e -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/embed/60N1BsqYfLk?rel=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:55 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 cast_sender.js Show response
www.gstatic.com/cv/js/sender/v1/ Frame 0E49 4 KB
2 KB 62ms
62ms Script
text/javascript 2a00:1450:4001:811::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/cfa9e7cb/player_ias.vflset/de_DE/base.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 20:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2007
x-xss-protection: 0
last-modified: Tue, 16 Feb 2021 23:57:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview"
vary: Accept-Encoding
report-to: {"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 15 May 2023 20:42:55 GMT

GET
H3 200 cast_sender.js Show response
www.gstatic.com/eureka/clank/113/ Frame 0A24 51 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:811::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/eureka/clank/113/cast_sender.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

2a54e29a4b1f0cdf4f5cb2e77963987ff5051d96515bf7ee4cf0a17a28756539

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 17:55:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10072
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15228
x-xss-protection: 0
last-modified: Mon, 13 Mar 2023 15:06:04 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview-release"
vary: Accept-Encoding
report-to: {"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]}
content-type: text/javascript
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Tue, 16 May 2023 17:55:03 GMT

GET
H3 200 cast_sender.js Show response
www.gstatic.com/eureka/clank/113/ Frame 4CC5 51 KB
15 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:811::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/eureka/clank/113/cast_sender.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

2a54e29a4b1f0cdf4f5cb2e77963987ff5051d96515bf7ee4cf0a17a28756539

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 17:55:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10072
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15228
x-xss-protection: 0
last-modified: Mon, 13 Mar 2023 15:06:04 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview-release"
vary: Accept-Encoding
report-to: {"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]}
content-type: text/javascript
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Tue, 16 May 2023 17:55:03 GMT

GET
H3 200 cast_sender.js Show response
www.gstatic.com/eureka/clank/113/ Frame 5B02 51 KB
15 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:811::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/eureka/clank/113/cast_sender.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

2a54e29a4b1f0cdf4f5cb2e77963987ff5051d96515bf7ee4cf0a17a28756539

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 17:55:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10072
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15228
x-xss-protection: 0
last-modified: Mon, 13 Mar 2023 15:06:04 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview-release"
vary: Accept-Encoding
report-to: {"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]}
content-type: text/javascript
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Tue, 16 May 2023 17:55:03 GMT

GET
H3 200 cast_sender.js Show response
www.gstatic.com/eureka/clank/113/ Frame 0E49 51 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:811::2003

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/eureka/clank/113/cast_sender.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 -, , ASN (),

Reverse DNS

Software

sffe /

Resource Hash

2a54e29a4b1f0cdf4f5cb2e77963987ff5051d96515bf7ee4cf0a17a28756539

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Mon, 15 May 2023 17:55:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10072
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview-release
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15228
x-xss-protection: 0
last-modified: Mon, 13 Mar 2023 15:06:04 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview-release"
vary: Accept-Encoding
report-to: {"group":"cloudview-release","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview-release"}]}
content-type: text/javascript
cache-control: public, max-age=86400
accept-ranges: bytes
expires: Tue, 16 May 2023 17:55:03 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: region1.analytics.google.com
URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-MEM2QN6706&gtm=45je35a0&_p=343091659&cid=1224847520.1684183361&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&_s=2&sid=1684183361&sct=1&seg=0&dl=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&dt=&en=scroll&epn.percent_scrolled=90&_et=6

Domain: region1.analytics.google.com
URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-MEM2QN6706&gtm=45je35a0&_p=343091659&cid=1224847520.1684183361&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=3&sid=1684183361&sct=1&seg=0&dl=https%3A%2F%2Fwww.newtimes.co.rw%2Farticle%2F6147%2Fn&dt=&en=user_engagement&_et=2150

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvRy1vCzwFfKYXy0BpyoVwFa56OpgeJwXxvtR5cr0XcGTuLH_-75iHNxHt3ctTO3ifjIHNibSNTYR0BY5bzO6uOFEg&sig=Cg0ArKJSzCcmL55LIerDEAE&id=lidartos&mcvt=355&p=44,315,134,1285&mtos=355,355,355,355,355&tos=355,0,0,0,0&v=20230510&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=4030047229&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=3&r=b&rst=1684183362374&rpt=453&isd=0&lsd=0&ec=1&met=ie&wmsd=0&pbe=0&vae=0&spb=0

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst3EXOQEAaUs39WS-yhbQZdOedOJgusWYuPdcjdVl8uS1kYSAs5LF0pEGbjqc3RAohGi6J348tbl2ikPEvIQZqe_NM&sig=Cg0ArKJSzPDj166dS-lUEAE&id=lidartos&mcvt=532&p=1110,315,1200,1285&mtos=532,532,532,532,532&tos=532,0,0,0,0&v=20230510&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=3660242229&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=3&r=b&rst=1684183362354&rpt=304&isd=0&lsd=0&ec=1&met=ie&wmsd=0&pbe=0&vae=0&spb=0

Verdicts & Comments Add Verdict or Comment

93 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

118 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.newtimes.co.rw/	1970-01-20 11:51:09	Name: _gid Value: GA1.3.940470946.1684183361
.newtimes.co.rw/	1970-01-20 11:49:43	Name: _gat_gtag_UA_74288219_1 Value: 1
.newtimes.co.rw/	1970-01-20 21:18:31	Name: _cb Value: C2hOJkBGN4QLEN4ys
.newtimes.co.rw/	1970-01-20 11:49:45	Name: _cb_svref Value: null
.adnxs.com/	1970-01-20 13:59:19	Name: uuid2 Value: 1204617872861343328
.rubiconproject.com/	1970-01-20 20:35:19	Name: khaos Value: LHPBAEZX-24-5PM7
.rubiconproject.com/	1970-01-20 20:35:19	Name: audit Value: 1\|naVuGyos1qp5Jb0D2AEo1njc0/aJelRdbjRFtGIHH0vAwlOVW3UfWCKRKk+cRODi/L1VRT9GEK0e8KluwtC+E+HKhgAmctjPpchQv14IEKHQD5U7tEfUTQ==
.newtimes.co.rw/	1970-01-20 21:11:19	Name: __gads Value: ID=9aaffe5e15c1aac3:T=1684183362:S=ALNI_Ma9jKnX2iRWyThg5ibpFngNLZiOxw
.newtimes.co.rw/	1970-01-20 21:11:19	Name: __gpi Value: UID=00000c17af5f1690:T=1684183362:RT=1684183362:S=ALNI_MbiM4NLUrzgVL4HLfPYJSLMvXKpsQ
.doubleclick.net/	1970-01-20 21:11:19	Name: IDE Value: AHWqTUlh5w6odoLqJ4LxeHGl1dK6eLHVXiobBIKA33doY8k7uBuhLZ_Z4ZWbBLSiI94
www.newtimes.co.rw/	1969-12-31 23:59:59	Name: device Value: Desktop
.newtimes.co.rw/	1970-01-20 21:18:31	Name: _chartbeat2 Value: .1684183361055.1684183363369.1.BlOmPyBVSEKMD3WSl0ecHEfBxTn0-.2
.newtimes.co.rw/	1970-01-20 21:25:43	Name: _ga_MEM2QN6706 Value: GS1.1.1684183361.1.1.1684183363.58.0.0
.newtimes.co.rw/	1970-01-20 21:25:43	Name: _ga Value: GA1.1.1224847520.1684183361
.bidswitch.net/	1970-01-20 20:35:19	Name: tuuid Value: 8a126298-bee8-44c9-bd96-f06275f7d961
.bidswitch.net/	1970-01-20 20:35:19	Name: c Value: 1684183364
.bidswitch.net/	1970-01-20 20:35:19	Name: tuuid_lu Value: 1684183364
.adform.net/	1970-01-20 12:34:21	Name: C Value: 1
.adform.net/	1970-01-20 13:16:07	Name: uid Value: 3618708674255803056
.casalemedia.com/	1970-01-20 20:35:19	Name: CMID Value: ZGKZRCybRghSAFROgsBfOQAA
.casalemedia.com/	1970-01-20 13:59:19	Name: CMPS Value: 3195
.casalemedia.com/	1970-01-20 13:59:19	Name: CMPRO Value: 3195
m.exactag.com/	1970-01-20 13:59:19	Name: exactag_new_gk Value: 95dec0509b494901b23ed81a0ba2d210%7c14.07.2023+20%3a42%3a44
m.exactag.com/	1970-01-20 16:08:55	Name: exactag_new_uk Value: 882185a8563a41168811b57c23985651%7c
m.exactag.com/	1969-12-31 23:59:59	Name: session_session Value: 113ba77b054a4b3bb071dda9
.adnxs.com/	1970-01-20 13:59:19	Name: anj Value: dTM7k!M41.D>6NRF']wIg2HbyJRU@_!@wnfH8K6pQK`!5=E<L5?%L[b_eV4J2sEi-2bC/K_p<3MTNt9O$vc^2T5n%nugO%v4VB%nmo'*#-)c
.turn.com/	1970-01-20 16:08:55	Name: uid Value: 2714621490598317178
.3lift.com/	1970-01-20 13:59:19	Name: tluid Value: 464538637599478879843
.quantserve.com/	1970-01-20 21:19:57	Name: mc Value: 64629944-d9c26-e86d3-fe156
.lijit.com/	1970-01-20 20:35:19	Name: ljt_reader Value: GpsatGZHaeNOCZpHRJuw4U2V
.ctnsnet.com/	1970-01-20 20:35:19	Name: gid_CAESEOli8LDG3vrhjUPyQK4o1pc Value: 1
.ctnsnet.com/	1970-01-20 20:35:19	Name: cid_e40f573d21564dcf9c8b169f668a1bd5 Value: 1
pool.admedo.com/	1970-01-20 20:35:19	Name: tuuid Value: c4c2253b-a26c-483d-a5dd-058d8627e020
pool.admedo.com/	1970-01-20 20:35:19	Name: c Value: 1684183365
pool.admedo.com/	1970-01-20 20:35:19	Name: tuuid_lu Value: 1684183365
.everesttech.net/	1970-01-20 20:35:19	Name: everest_g_v2 Value: g_surferid~ZGKZRAAAFIL2ZQAD
.mathtag.com/	1970-01-20 20:35:19	Name: uuid Value: 42296462-9945-4b01-b126-3a5e83bcf37d
.adnxs.com/	1970-01-20 13:59:19	Name: icu Value: ChgIwPRBEAoYBiAGKAYwxbKKowY4BkAGSAYKGAi_j3gQChgEIAQoBDDFsoqjBjgEQARIBBDFsoqjBhgJ
.yahoo.com/	1970-01-20 20:35:40	Name: A3 Value: d=AQABBEWZYmQCEM1MQxrbAQjYCZELlDFU2GMFEgEBAQHqY2RsZOANyiMA_eMAAA&S=AQAAAkSjlgFis8T4X_0zD2zI3J8
.360yield.com/	1970-01-20 13:59:19	Name: tuuid Value: f2d9f242-3649-4877-bfd9-b4f8664e2c05
.360yield.com/	1970-01-20 13:59:19	Name: tuuid_lu Value: 1684183365
.de17a.com/	1970-01-20 20:28:07	Name: guid Value: 1.8441730088378381050
.sportradarserving.com/	1970-01-20 20:35:19	Name: zuuid Value: 28518217-43a4-4d5a-bb0c-9322758a0795
.sportradarserving.com/	1970-01-20 20:35:19	Name: c Value: 1684183365
.sportradarserving.com/	1970-01-20 20:35:19	Name: zuuid_lu Value: 1684183365
.sportradarserving.com/	1970-01-20 20:35:19	Name: zuuid_k Value: 1
.sportradarserving.com/	1970-01-20 20:35:19	Name: zuuid_k_lu Value: 1684183365
.1rx.io/	1970-01-20 20:35:19	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-6a1819c8-ec9d-4825-8cf8-3c9b0068a6c3-003%22%7D
.tribalfusion.com/	1970-01-20 13:59:19	Name: ANON_ID Value: a0nsIHS3n0gryoxDnPmZaxOvtrUybYgZdk2qYsjMvV9QTufZcXOaqPOZbwhDwTuvqcZdSPvfBmGSGqAjBmZaOtqIHFyt5O
.pubmatic.com/	1970-01-20 20:35:19	Name: KADUSERCOOKIE Value: 6898CE94-28C0-4EDB-820B-A8EADEDF2C20
.targeting.unrulymedia.com/	1970-01-20 20:35:19	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-6a1819c8-ec9d-4825-8cf8-3c9b0068a6c3-003%22%7D
.tradedoubler.com/	1970-01-20 20:35:19	Name: UI Value: 1z11zz114z1FcvAFztbDyOpXg
.tradedoubler.com/	1970-01-20 20:35:19	Name: PI Value: 1z11z1z114z2S0WVyz7ab3y1y21FmOy1FRDyyy7WPTyvUky2KwLfjyyE%79Rs5o8C%79HKn1N.Fa4QPWmlv0%79Se3wic3ucA.%78GHqnU4A7eTkkEmrpMy
.retailads.net/	1970-01-20 12:32:55	Name: ppb2172 Value: 2724564333
.redintelligence.net/	1970-01-20 13:59:19	Name: 8lcfmzhxc8d6_uid Value: 28a57e917ef7b3db
.simpli.fi/	1970-01-20 20:36:45	Name: suid Value: A22ABC9E77424ED6B170286A8A1A3AAE
.futalis.de/	1970-01-20 13:16:07	Name: raSIDb Value: 2724564333
.office-partner.de/	1970-01-20 21:25:43	Name: source Value: {"webgains_webgains":{"timestamp":1684183366635,"clickCookie":false}}
.criteo.com/	1970-01-20 21:11:19	Name: uid Value: 3073f4a8-841e-4698-87af-a19f37b5a761
.adform.net/	1970-01-20 11:59:48	Name: TPC Value: 1684183366817
.mathtag.com/	1970-01-20 12:32:55	Name: mt_mop Value: 4:1684183366
.mathtag.com/	1970-01-20 12:32:55	Name: mt_misc Value: mt_bt:1
.linkedin.com/	1970-01-20 20:35:19	Name: bcookie Value: "v=2&51aab24c-fee5-442c-8d24-2845c56fe55a"
.linkedin.com/	1970-01-20 16:08:55	Name: li_gc Value: MTswOzE2ODQxODMzNjc7MjswMjHNyhVuJOE+8voG3A8+U7YaHTS6DsVke1q44vRb+JydLA==
.linkedin.com/	1970-01-20 11:51:09	Name: lidc Value: "b=OGST08:s=O:r=O:a=O:p=O:g=2568:u=1:x=1:i=1684183367:t=1684269767:v=2:sig=AQHDY7yQHXdVL-EESZHGkMtmqBmK0sW8"
.amazon-adsystem.com/	1970-01-20 17:22:21	Name: ad-id Value: AzXrtrc_901bn_pfQAK4b4s
.amazon-adsystem.com/	1970-01-20 21:25:43	Name: ad-privacy Value: 0
.awin1.com/	1970-01-20 11:52:36	Name: awpv14702 Value: 412871\|1684183367\|0d179520-f361-11ed-b339-2265b7c46fb7
.awin1.com/	1970-01-20 11:52:36	Name: awpv20044 Value: 412871\|1684183367\|0d187f81-f361-11ed-b339-2265b7c46fb7
.weborama.fr/	1970-01-20 21:15:38	Name: AFFICHE_W Value: qrzoeu6xXEiq23
.pubmatic.com/	1970-01-20 12:32:55	Name: KRTBCOOKIE_80 Value: 22987-CAESEGyTfikOD8GGJ8oOnwNUO9o&KRTB&16514-CAESEGyTfikOD8GGJ8oOnwNUO9o&KRTB&23025-CAESEGyTfikOD8GGJ8oOnwNUO9o&KRTB&23386-CAESEGyTfikOD8GGJ8oOnwNUO9o
.pubmatic.com/	1970-01-20 12:32:55	Name: KRTBCOOKIE_27 Value: 16735-uid:42296462-9945-4b01-b126-3a5e83bcf37d&KRTB&16736-uid:42296462-9945-4b01-b126-3a5e83bcf37d&KRTB&23019-uid:42296462-9945-4b01-b126-3a5e83bcf37d&KRTB&23114-uid:42296462-9945-4b01-b126-3a5e83bcf37d
.pubmatic.com/	1970-01-20 12:32:55	Name: KRTBCOOKIE_391 Value: 22924-3618708674255803056&KRTB&23263-3618708674255803056&KRTB&23481-3618708674255803056
.awin1.com/	1970-01-20 11:54:02	Name: awpv11354 Value: 412871\|1684183368\|0d73e5f0-f361-11ed-9d45-2261c3620022
.awin1.com/	1969-12-31 23:59:59	Name: AWSESS Value: 377129:2470185
www.conrad.de/	1970-01-20 11:54:02	Name: HTLP_timestamp Value: 1684183368267
www.conrad.de/	1970-01-20 11:54:02	Name: CEAffHA Value: YD
.www.conrad.de/	1970-01-20 11:49:45	Name: __cf_bm Value: 87sZZOuN2hc0CFyaGQwlb0aayajgOVbQn.HRJ9HqAq4-1684183368-0-AUPg0tKH6iGtOwr9OrLQ9UwcYvPfj5ubinMG3GzriBZHAvJ2ok9gzOlLOODsGv1v6aMPCkNSA7en41YZSC5SZng=
.audrte.com/	1970-01-20 12:11:19	Name: arcki2 Value: gl1416SNEn9S6CXdaFUG9Yg-A!20220908!1684183368229!ip#138.199.38.134
.audrte.com/	1970-01-20 12:11:19	Name: arcki2_pubmatic Value: 6898CE94-28C0-4EDB-820B-A8EADEDF2C20!20220908!1684183368231
.audrte.com/	1970-01-20 12:11:19	Name: arcki2_ddp2 Value: gl1416SNEn9S6CXdaFUG9Yg-A!20220908!1684183368411
.audrte.com/	1970-01-20 12:11:19	Name: arcki2_adform Value: 3618708674255803056!20220908!1684183368559
.pubmatic.com/	1970-01-20 13:59:19	Name: DPSync3 Value: 1685318400%3A241_235_227_226_219_197_201_245
.pubmatic.com/	1970-01-20 11:51:09	Name: pi Value: 158370:4
.pubmatic.com/	1970-01-20 13:59:19	Name: chkChromeAb67Sec Value: 3
.pubmatic.com/	1970-01-20 13:59:19	Name: SyncRTB3 Value: 1684713600%3A223_15%7C1686700800%3A203%7C1685318400%3A8_54_55_7_46_13_71_56_251_220_21_161_3%7C1685404800%3A35%7C1684972800%3A63
.analytics.yahoo.com/	1970-01-20 20:35:19	Name: IDSYNC Value: "18yx~2bnw:18z8~2bnw"
.quantserve.com/	1970-01-20 13:59:19	Name: d Value: EI8BDgH_KIEO-TA
.pubmatic.com/	1970-01-20 12:32:55	Name: KRTBCOOKIE_153 Value: 1923-L3h_BSB1fQM0KHBUK3pkUiF6LQQ0KiwGLHqevwVL&KRTB&19420-L3h_BSB1fQM0KHBUK3pkUiF6LQQ0KiwGLHqevwVL&KRTB&22979-L3h_BSB1fQM0KHBUK3pkUiF6LQQ0KiwGLHqevwVL&KRTB&23462-L3h_BSB1fQM0KHBUK3pkUiF6LQQ0KiwGLHqevwVL
.pubmatic.com/	1970-01-20 12:32:55	Name: KRTBCOOKIE_57 Value: 22776-1204617872861343328&KRTB&23339-1204617872861343328
.creative-serving.com/	1970-01-20 21:11:19	Name: tuuid Value: bd89a4d6-377c-4302-90d1-33a8180c16ad
.creative-serving.com/	1970-01-20 21:11:19	Name: c Value: 1684183371
.creative-serving.com/	1970-01-20 21:11:19	Name: tuuid_lu Value: 1684183371
.sitescout.com/	1970-01-20 20:35:19	Name: ssi Value: 40d02eae-8a91-410d-85ad-0afc78ec2028#1684183371171
.onaudience.com/	1970-01-20 11:51:09	Name: done_redirects161 Value: 1
.onaudience.com/	1970-01-20 20:35:19	Name: cookie Value: fbed0406ae3fc1ac
.onaudience.com/	1970-01-20 11:51:09	Name: done_redirects104 Value: 1
.pubmatic.com/	1970-01-20 12:32:55	Name: KRTBCOOKIE_336 Value: 5844-8441730088378381050
.zeotap.com/	1970-01-20 20:35:19	Name: zc Value: 36112237-0bf7-4aad-74c8-95a6a9699519
.semasio.net/	1970-01-20 20:35:19	Name: SEUNCY Value: 293C40E2BCDA9ACB
.sitescout.com/	1970-01-20 12:32:55	Name: _ssuma Value: eyI0NSI6MTY4NDE4MzM3MTE5MX0
.adfarm1.adition.com/	1970-01-20 13:59:19	Name: UserID1 Value: 7233512498918455435
.pubmatic.com/	1970-01-20 12:32:55	Name: KRTBCOOKIE_188 Value: 3189-40d02eae-8a91-410d-85ad-0afc78ec2028-6462994b-5858&KRTB&23418-40d02eae-8a91-410d-85ad-0afc78ec2028-6462994b-5858
.pubmatic.com/	1970-01-20 12:32:55	Name: KRTBCOOKIE_1101 Value: 23040-7233512498918455435&KRTB&23369-7233512498918455435
.pubmatic.com/	1970-01-20 12:32:55	Name: KRTBCOOKIE_466 Value: 16530-8a126298-bee8-44c9-bd96-f06275f7d961
.scoota.co/	1970-01-20 21:25:43	Name: tuuid Value: a35fea3c-59d2-4aee-9cce-1ae9b97af80d
.scoota.co/	1970-01-20 21:25:43	Name: c Value: 1684183371
.scoota.co/	1970-01-20 21:25:43	Name: tuuid_lu Value: 1684183371
.onaudience.com/	1970-01-20 11:51:09	Name: done_redirects282 Value: 1
.exelator.com/	1970-01-20 14:42:31	Name: EE Value: "92b46da4cc292e3c4d42a3191789781b"
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAA_-MSNjU0MDcxNrYwMrewNLA0NjY3NhbiM9QtqfIq9TZ1dC73CfQGAKd-X34lAAAA
.rfihub.com/	1970-01-20 21:11:19	Name: eud Value: H4sIAAAAAAAA_9vEyGtoZmFiaGFsbG5oZGQJAIcCvqAQAAAA
.rfihub.com/	1970-01-20 21:11:19	Name: rud Value: H4sIAAAAAAAA_-MSNjU0MDcxNrYwMrewNLA0NjY3NhbiM9QtqfIq9TZ1dC73CfQGAKd-X34lAAAA
.pubmatic.com/	1970-01-20 12:32:55	Name: KRTBCOOKIE_18 Value: 22947-5107433827890933733
.exelator.com/	1970-01-20 14:42:31	Name: ud Value: "eJxrXxzq6XKLQcHSKMnELCXRJDnZyNIo1TjZJMXEKNHY0NLQ3MLS3MIwaXFZatGCpaXFqSlJh5ZU5JTkNK0uiw91jHdz9PX0iVzmnFGUn5u6AiwU5hq02NDQeEl%252BUWb6IhfXxUUpaQyLSopPBR8RmAwAhsApng%253D%253D"
.onaudience.com/	1970-01-20 11:51:09	Name: done_redirects147 Value: 1
.pubmatic.com/	1970-01-20 12:32:55	Name: PugT Value: 1684183371
.pubmatic.com/	1970-01-20 12:32:55	Name: SPugT Value: 1684183370

47 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.newtimes.co.rw/article/6147/n Message: Failed to load resource: the server responded with a status of 404 ()
other	warning	URL: https://2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html(Line 15) Message: Origin trial controlled feature not enabled: 'attribution-reporting'.
other	warning	URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html(Line 15) Message: Origin trial controlled feature not enabled: 'attribution-reporting'.
security	error	URL: https://as.ad4m.at/ad/dr?ed=1kteyh50x7cpchem3eccg990peba0ty1dgqn5xgr7wvnma1pb39hqqkx2qez2k4td1ysa3wwvjaqk57y0e10pyt7se8btg2kft62grkmb0h3pj60tbmqv0jjjw3gxxe2j50agkez66846ww0d9harqgq7hetpqtjbp7qdj8d8w6j1qtq8txhe0xk3cjfrv2tym9ncevknmbc3gzrrw00ey9e4ng74enjae319pzrvph13a87rfjg1cymc61tzn7h4exqkvgqw9zwdbbw6156xwz092tfn6zccmme2ramkas23x5x05z7cg5znm9t1g4k5r2g96r4cbesapcf65g2j935jfzyy8sry0y8x31azqqtbwbxk0k6ckq6tsbey80jfdarpyr0mxy7ey4g9vrnrpqkt8v0bdkcda82d7ap8s2q033crep665gatsybpbek2c9zmny62c&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DClw_NRJliZKSdGpqB9fgP5K-K0AGQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE-AFP0CIO-mZyQiahzgS6hGfeY8A2pgFLowFFkpayfcFqpU3Ff7GvEDEYXDRfWCAaHY0lOZKoa-gqU8QeWcR0-d9P3CGEYQ15A0dUya_W-y7-W0tsT1S4bu1Av5u4RgmTChelHkyGxMu6CUO8Wvy7iPMlRjlt6oACVseK9dC8T_IVpbKoA6H_d9NTbkapOyqqNKBzc9D7btcPK1u_okA_BajnnAtBeuQutZaRaK3UKjvjAgP-mcC-2yzLP-GBOWCMeyZxVBRu9XSV-rNG2rTyq2NW_Pq9esN9b9MHU5YLljMPcknOZHiluoHM1eNAw-sT6jm1_AkOLgLWUuAEAYAGxNGe9MiAzrylAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0herB7Ds3i_gUflTiCJ2XNousZcw%26client%3Dca-pub-7554793497192362%26adurl%3D Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	URL: https://as.ad4m.at/ad/dr?ed=1j0sd5kc2dh37e315h4ysrq35wtrfrgkxfbqgg6tjg2gg98449fszn6vdg5gr6n5v77rkktnz5v1afjgwvessm5nadkk075913fd5kf01vt0tj61715xe5d3jx33nj218kvw592e2djnfr7r7szmf9xav8sfcss6srpjhyhj9ec6a05z6eegah2s3zpwhbj8npn33bcxnbc11d9zqa01a2wk81gfypccfp72gczn2wy5bw9087kzwz46bt0nkyk2tn0jy6e2sa9v3qqam4kh4mh0ek3ms3mdt17er94tzbh7hw20ht0yehjgtck933e24m2fjxa5pyvv4zwyrbspedqvxq795wppjb8r0e6g2xfb312tm9femqg9np49y33h7z4zpet0mfpmvzsxjg5460tygn9rgac42f4k9he98qs4kq6x3frjxszzd7rz9tb69f8a2b60vc&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC-MODRJliZOnTI4SglgS7grL4BZDhgYRctqjCivACwI23ARABIABglfqXgqwHggEXY2EtcHViLTc1NTQ3OTM0OTcxOTIzNjLIAQmpArhJv7UzZ7I-4AIAqAMBqgT4AU_Qm2cwHRJq8x2mkUf0GK3tCeGzXDNnyO2GqSGGzaZhJQo5FykRax4-HhAGSgNK2QSc7uPGSq3qUbao3Eqc_Kd_rJGclJbpBwfT_l8mX6-Z3qQDDfjFkGMlNzeVc6RcbBufW9cAjgUyzA7KYFvwF-uxMu9kz8Hqhypz2D3nlaIDXgRtI1ahHpFE8cM9CBYPn-ZYh7wuUDf-yYlA_1_YekoTOVyW8OAlW7tT27cksi7tgg7tGCYPYyVeopjLiRAvRUZvKNtD2_dlMJ1ozeyE43u426RRDiAUjXjWUDtkF4g42PhhtCrEhXieKxOpKKmhEfDKLEynXXMx4AQBgAbE0Z70yIDOvKUBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_1fWoXb9j5p6leW3a656AtniIfMZQ%26client%3Dca-pub-7554793497192362%26adurl%3D Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	URL: https://ad4m.at/r62eglto.js Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	URL: https://ad4m.at/r62eglto.js Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	URL: https://as.ad4m.at/ad/dr?ed=1k94hv8sfhdtd9mmsrmpnhjq3h75v76892bpvxz0nh2b4ejs5qhdj3gf68fhq4rnpc48ppxbjd0bsek4a3ghzw7adync1nmde2j9ytn0dggmh8ahp604y44g6vgy1ahjdy3yv614g14tjr38agehdrj9akdr4ryanxym46twprn5tdage49xfezw396s13gv5hhncrsnv8gyrpentevthg8g91jypbf8r3k1c0w2f1n7n7bftbc1q0ghn1rc1qd7cp9zwm38bf70jtve7x7s2hfrmd0fjnwwasdx4qy9tj9s6rn3t45mbxzwww4jna3jk920jt68fqnyzgea8716fpxh2vt1hbztga71vv1x4v2x6m2ssgtjayc0re4f3430a4x0yncz0vdvppgmne7xetdvx6j83krmd47rff3rj510s5gzvzh60q35expy86gtw29nq4zjg4&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC04wERZliZKWkCoysbYzLt9AGkOGBhFy2qMKK8ALAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCakCuEm_tTNnsj7gAgCoAwGqBPgBT9D1hncuEGvr-5JJSltAD29RxLNPtO82ArmolBPnOycWps1XjPRURvA6sG1LN9_obUU_lRG9gkbNWpY-W1mub1ROlLbjBUFjlLBJ0NGlG-YoIbNzutp4zGS0TPG5GOS27kukMvs3H1dspf_UHa6pgu8jaBA1QwRPVgytVjkXqMmgAoupWp1emM4mIhsa_FcKMIniMyr9KkoRd8JZNWccCe1XxSHPWT83wse8-cW2-kxXGpvPONeo2V5XpH6ELmF5qOmcJHeQT0xFdZFhgYi48_277eP0LuvXn2zf_8PmFCerByyBt1n5_YX_j-hvVy8fLmdEum9nVz3gBAGABsTRnvTIgM68pQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_3FB1mNWba4Er0x6X7fV_QthhgJ9A%26client%3Dca-pub-7554793497192362%26adurl%3D Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	URL: https://as.ad4m.at/ad/dr?ed=1k1qk00rm203jhvf8577vvf6fexgqpa8mpzz6a2k0sv6z6yq2amh6a1qjqtb0ahw2bg02cpd2c1dy7kh95k9m8b8gw5bxpdxcy05em5g8g69ek4pwm3vv6qapd0z9evgkn99c02gvfhp4jwn4t7q61nndn9aa0atv0kgqcmdbcpacatebd2yq7fnhtng3207tarb92sthdt5e8bbkmer07vedw30brszyx0bvqh63w74gzsfzzt9eyet7fmcxsbdshskntf82dbg1dm5hry9y24bn5s3pwkypabahc4v9fmgazbtknav78v01r6z55w163v0ams2jdnksdtn9gp6t92mt1dnyhrxnhbqbwspdn7d3rtt8g672239vvv28awy6hgjy4rft7cffzcvapqbx0tb2q49y9w8005nvy0pk2hz9tf2kkrhhgdeaamnyrq3ddvapb01fm&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCLBwtRZliZPngGfGB9fgPyLu5uAqQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE8gFP0MBKN3Ow-R0wtaCGbLMJeaZeL-SwA_Q3zDdbTa0gn6Im6nt4GWlZHyD77-yJvlD8OhGsRba0y5JcYvDzKQo7hmgqhMSQswxkR-RSBz5RUZtm542kZOpyiss0GFnIjcjBihR0kvgu34LNy7nEDf8ueR3D4s8joPtRz8uncpkzITZ_V4kzP1RwxJdFIZuRXFbNivpjMMskpPrmjBhbfc6aqNSjqP0CEcBsJE6oHoNe8P62aJ4M6c8rTSBEySTh4fOBSIBOMNC09tkuqZEnb8BPCTHFt6skGo49EFP5nv1Bh5_DGwZptL4PXsF3e2_W1ZvHZOAEAYAGzui6xZWzjYKnAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_1UwXbSGyKJWUMZzdC1BdIH98xNkA%26client%3Dca-pub-7554793497192362%26adurl%3D Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	URL: https://ad4m.at/r62eglto.js Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	URL: https://ad4m.at/r62eglto.js Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
other	warning	URL: https://www.googletagservices.com/dcm/impl_v95.js(Line 97) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://www.googletagservices.com/dcm/impl_v95.js(Line 97) Message: Unrecognized feature: 'attribution-reporting'.
security	error	URL: https://ad4m.at/r62eglto.js Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	URL: https://ad4m.at/r62eglto.js Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	URL: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=728&d=90&e=&g=9c8ee0e066bce4dcdc944efdb1283e96%2F15048059093230874786&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183366846&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1hc4ca8sb0w79k9m5c2v743z02cem4ze99ns39kcz6rq282djs7msfpr73wbt26xppatvh4p8yzx95fcctzbw5tdm6ejg64r6j96d2w0egwwcn3dbyzs94b39s0q3pjavyef3vaz2r69k1xxbz88dy5cy1fmc6jwwnw97gy2rxzts216ym3tqdhvn4129zggqqcj3zrhk9r8b5ff3yvd60nan95gg42aecbamgykmvn96sxcb11nyxfy1v9971tm3fxkgpck1as6mg61rhcgqh24k8%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DClw_NRJliZKSdGpqB9fgP5K-K0AGQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE-AFP0CIO-mZyQiahzgS6hGfeY8A2pgFLowFFkpayfcFqpU3Ff7GvEDEYXDRfWCAaHY0lOZKoa-gqU8QeWcR0-d9P3CGEYQ15A0dUya_W-y7-W0tsT1S4bu1Av5u4RgmTChelHkyGxMu6CUO8Wvy7iPMlRjlt6oACVseK9dC8T_IVpbKoA6H_d9NTbkapOyqqNKBzc9D7btcPK1u_okA_BajnnAtBeuQutZaRaK3UKjvjAgP-mcC-2yzLP-GBOWCMeyZxVBRu9XSV-rNG2rTyq2NW_Pq9esN9b9MHU5YLljMPcknOZHiluoHM1eNAw-sT6jm1_AkOLgLWUuAEAYAGxNGe9MiAzrylAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0herB7Ds3i_gUflTiCJ2XNousZcw%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0 Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	URL: https://as.ad4m.at/ad/rar?a=197862%2C117569%2C19769&b=eYdU3fVfreQGCjHZHet1tXpEZfwSQTKrACYXpb%2Ck7Vh5f3fD2kYa4HwHetBtxPrtZSjTm3baj7m6%2CppXa1fgfpAwfkH4HmtztQJjt9SRT8WwUAQkr&f=DXdT3fwfGjkQU3HmH9twCkp9QCxSmTYW3aXdjW%2CzR7CRfYfk3KMFpHBHMtJC9dGtVSwTQ2GCrp6Y%2CJgKFzf5fqjZhBH6H7tqCpKbTxSgT4MetAmKM&c=728&d=90&e=&g=0330d0c39cf699edc9dd789692fc5611%2F12912256110232126051&i=71725%2C29981%2C21630&j=21%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183366889&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1hwhzn75vb5ps0pdyqrj5fwnnkd7h32xzkxhwyswysbzt2b2cwnr7qx1np0bzd5ne6qmtc7zpmmvvem0dc3ce8jagbj5bn44x1nn9y8qdsf7xnsa0hknkmxdb6n03ck4y3pmfc5ta6decpa5pt1s4xxhk70sgkkbp83k1xeaxea2rrtkzmbt82gg11wacdgwsjjph1n13mkv9wwtgbm789ymbxg15psph2j37bghnnc88a28ts1ab9yswfbqgd4wrqfsqeh60gf3taav1vmqpth744%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC-MODRJliZOnTI4SglgS7grL4BZDhgYRctqjCivACwI23ARABIABglfqXgqwHggEXY2EtcHViLTc1NTQ3OTM0OTcxOTIzNjLIAQmpArhJv7UzZ7I-4AIAqAMBqgT4AU_Qm2cwHRJq8x2mkUf0GK3tCeGzXDNnyO2GqSGGzaZhJQo5FykRax4-HhAGSgNK2QSc7uPGSq3qUbao3Eqc_Kd_rJGclJbpBwfT_l8mX6-Z3qQDDfjFkGMlNzeVc6RcbBufW9cAjgUyzA7KYFvwF-uxMu9kz8Hqhypz2D3nlaIDXgRtI1ahHpFE8cM9CBYPn-ZYh7wuUDf-yYlA_1_YekoTOVyW8OAlW7tT27cksi7tgg7tGCYPYyVeopjLiRAvRUZvKNtD2_dlMJ1ozeyE43u426RRDiAUjXjWUDtkF4g42PhhtCrEhXieKxOpKKmhEfDKLEynXXMx4AQBgAbE0Z70yIDOvKUBoAYhqAemvhuoB5bYG6gHqpuxAqgHg62xAqgH_56xAqgH35-xAtgHANIIDwiA4YAQEAEyAqoCOgKAQPoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_1fWoXb9j5p6leW3a656AtniIfMZQ%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0 Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html Message: Refused to execute script from 'https://m.exactag.com/ai.aspx?extProvId=327&extPu=vf-dv360&extLi=17041625256&extPm=17041625256&extCr=487434436&rnd=1684183364103102' because its MIME type ('image/gif') is not executable, and strict MIME type checking is enabled.
security	error	URL: https://a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html Message: Refused to execute script from 'https://m.exactag.com/ai.aspx?extProvId=327&extPu=vf-dv360&extLi=19904691783&extPm=19904691783&extCr=482156909&rnd=1684183364197789' because its MIME type ('image/gif') is not executable, and strict MIME type checking is enabled.
security	error	URL: https://ad4m.at/r62eglto.js Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	URL: https://ad4m.at/r62eglto.js Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
network	error	URL: https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=6898CE94-28C0-4EDB-820B-A8EADEDF2C20&gdpr=0&gdpr_consent= Message: Failed to load resource: the server responded with a status of 404 ()
security	error	URL: https://as.ad4m.at/ad/rar?a=183975%2C321853%2C46427&b=rWbTQf9f3XBdaAH7HjtqtBXVaYS8TgJka1JYM%2Cg62h8frfWBzXfPHbH8t5tj78WSmSQT954TMx4E%2CrWbTQf9fGq1tAH7HjtqtGReuYS8TgJka1JYM&f=P6AhBfbfbJMRC9HjHbtgCP6ASJS9TDpQcjqdY%2CBgwFgfPfYG1XFxH6H3tgCzVDAtjSeT8dbUB6xZ%2CP6AhBfbfeYET9HjHbtgCwJ2CJS9TDpQcjqdY&c=728&d=90&e=&g=26e11e3735c455e09b8160b4faee1eec%2F13339628171076748777&i=20597%2C111803%2C22481&j=21%2C21%2C21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183367716&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1j37addvzsm6pg9wrec073ybpx10nh101evqamjpga5wh77zgakr2evjgqr83t27h8rejggp2s328q176ysvf2tn5b339wnme8dte3j35bgae27nw05z2czpzk68fxnx19pc08a9k9f6dgrpsmg9w8hzyd081ev0r8jctvr3k7hn4qvybbdp1q1wy7a9ng1qbt7c2yf29tchqqw5bzcavxmswp4h66a1ejcqry6mxraax60p4q2z082j67h36epb1c9dzqrb48n9rrkfes42d05p1w%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DC04wERZliZKWkCoysbYzLt9AGkOGBhFy2qMKK8ALAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCakCuEm_tTNnsj7gAgCoAwGqBPgBT9D1hncuEGvr-5JJSltAD29RxLNPtO82ArmolBPnOycWps1XjPRURvA6sG1LN9_obUU_lRG9gkbNWpY-W1mub1ROlLbjBUFjlLBJ0NGlG-YoIbNzutp4zGS0TPG5GOS27kukMvs3H1dspf_UHa6pgu8jaBA1QwRPVgytVjkXqMmgAoupWp1emM4mIhsa_FcKMIniMyr9KkoRd8JZNWccCe1XxSHPWT83wse8-cW2-kxXGpvPONeo2V5XpH6ELmF5qOmcJHeQT0xFdZFhgYi48_277eP0LuvXn2zf_8PmFCerByyBt1n5_YX_j-hvVy8fLmdEum9nVz3gBAGABsTRnvTIgM68pQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_3FB1mNWba4Er0x6X7fV_QthhgJ9A%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0 Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	URL: https://as.ad4m.at/ad/rar?a=200037%2C14019%2C183722&b=mV2HefGfWXGmSmHZHZtzt6qYtKSwTeZMHb1k5%2CeYdU3fVfxA6tjHZHet1t4mWTwSQTKrACYXpb%2CBgwFgfPfxKzeSxH6H3t9tVJwMajSeT8dbUB6xZ&f=7YmUqfzfj538crHXHgtECk98c4S1TQPbCEZQx%2CDXdT3fwfbJ6t3HmH9twCZDAhxSmTYW3aXdjW%2CjE2sEfGfqP9jtYHEH2tWC43eVhZSzT1XgTGpmR&c=970&d=90&e=&g=ba99554a4dbfa68e99ca82cd9152f370%2F2842032654825791844&i=22499%2C21596%2C71170&j=21%2C16%2C21&k=0&l=0&m=0&n=&p=&q=&o=suite_Netmix_Reach128_WEBGAINSMOSTLY&r=1684183367931&h=https%3A%2F%2Fas.ad4m.at%2Fdct%3Fed%3D1khhrt6f8gjtga1bxy7csbkrwb0m1rhpprqvffawwn02bxbhfs6ddr1tfzmtfwn421r9ss33w3y12ev4ar03r5vy9t0qntgms0rk6cm5jrg84bxeez2b052g361s77nb0xyk44fp2x1fe669aqg2zzpmz4ym0wzf5bxza1d7vttkgj14g5d55znm9myy1z5dz062bygktts8z11774bjsgmtwygt4zqhp94h13vdwep18ve64vxzfxhjbtph6q2c5w4y27dm89ewpfc6fm63zv6s18%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCLBwtRZliZPngGfGB9fgPyLu5uAqQ4YGEXLaoworwAsCNtwEQASAAYJX6l4KsB4IBF2NhLXB1Yi03NTU0NzkzNDk3MTkyMzYyyAEJqQK4Sb-1M2eyPuACAKgDAaoE8gFP0MBKN3Ow-R0wtaCGbLMJeaZeL-SwA_Q3zDdbTa0gn6Im6nt4GWlZHyD77-yJvlD8OhGsRba0y5JcYvDzKQo7hmgqhMSQswxkR-RSBz5RUZtm542kZOpyiss0GFnIjcjBihR0kvgu34LNy7nEDf8ueR3D4s8joPtRz8uncpkzITZ_V4kzP1RwxJdFIZuRXFbNivpjMMskpPrmjBhbfc6aqNSjqP0CEcBsJE6oHoNe8P62aJ4M6c8rTSBEySTh4fOBSIBOMNC09tkuqZEnb8BPCTHFt6skGo49EFP5nv1Bh5_DGwZptL4PXsF3e2_W1ZvHZOAEAYAGzui6xZWzjYKnAaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCA8IgOGAEBABMgKqAjoCgED6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_1UwXbSGyKJWUMZzdC1BdIH98xNkA%2526client%253Dca-pub-7554793497192362%2526adurl%253D&y=1&s=&z=0 Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
network	error	URL: https://track.webgains.com/link.html?wglinkid=2100065&wgcampaignid=1384975&js=1&nw=1&wgtarget=https%3A%2F%2Fas.ad4m.at%2Fad%2Frct%3Fed%3D1hd7kq0cezs0jznfh8ysw4jmregdx992tm9q0728p46yamc6445yx70yd8dptrexdxyxq30c4shesgbyvg658v7p8jbnmskxaxbtzzzqttjcc3rzjy4xfcm5t446805y05pcb5skrvhcrfj9vmpewmmsjmewj2esjjkcsyxd03ds6vkvqtnr0cybmwdjdg47n7mx8gj4ytvmp6y9fx79e6e58qn99zdtej7jnwz1km3y4t8vmh8ttma4zskbpqeeerm0%26a%3Dhttps%253A%252F%252Fas.ad4m.at%252Fdct%253Fed%253D1j37addvzsm6pg9wrec073ybpx10nh101evqamjpga5wh77zgakr2evjgqr83t27h8rejggp2s328q176ysvf2tn5b339wnme8dte3j35bgae27nw05z2czpzk68fxnx19pc08a9k9f6dgrpsmg9w8hzyd081ev0r8jctvr3k7hn4qvybbdp1q1wy7a9ng1qbt7c2yf29tchqqw5bzcavxmswp4h66a1ejcqry6mxraax60p4q2z082j67h36epb1c9dzqrb48n9rrkfes42d05p1w%2526h%253Dhttps%25253A%25252F%25252Fadclick.g.doubleclick.net%25252Faclk%25253Fsa%25253DL%252526ai%25253DC04wERZliZKWkCoysbYzLt9AGkOGBhFy2qMKK8ALAjbcBEAEgAGCV-peCrAeCARdjYS1wdWItNzU1NDc5MzQ5NzE5MjM2MsgBCakCuEm_tTNnsj7gAgCoAwGqBPgBT9D1hncuEGvr-5JJSltAD29RxLNPtO82ArmolBPnOycWps1XjPRURvA6sG1LN9_obUU_lRG9gkbNWpY-W1mub1ROlLbjBUFjlLBJ0NGlG-YoIbNzutp4zGS0TPG5GOS27kukMvs3H1dspf_UHa6pgu8jaBA1QwRPVgytVjkXqMmgAoupWp1emM4mIhsa_FcKMIniMyr9KkoRd8JZNWccCe1XxSHPWT83wse8-cW2-kxXGpvPONeo2V5XpH6ELmF5qOmcJHeQT0xFdZFhgYi48_277eP0LuvXn2zf_8PmFCerByyBt1n5_YX_j-hvVy8fLmdEum9nVz3gBAGABsTRnvTIgM68pQGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggPCIDhgBAQATICqgI6AoBA-gsCCAGADAHQFQGAFwE%252526num%25253D1%252526sig%25253DAOD64_3FB1mNWba4Er0x6X7fV_QthhgJ9A%252526client%25253Dca-pub-7554793497192362%252526adurl%25253D&clickref=oneidP6AhBfbfeYET9HjHbtgCwJ2CJS9TDpQcjqdYoneid__suite_Netmix_Reach128_WEBGAINSMOSTLY&viewref=oneidrWbTQf9fGq1tAH7HjtqtGReuYS8TgJka1JYMoneid__suite_Netmix_Reach128_WEBGAINSMOSTLY Message: Failed to load resource: the server responded with a status of 429 ()
security	error	URL: https://analytics.webgains.io/pvClk.min.js Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	URL: https://analytics.webgains.io/pvClk.min.js Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	URL: https://analytics.webgains.io/pvClk.min.js Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	URL: https://analytics.webgains.io/pvClk.min.js Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	URL: https://analytics.webgains.io/pvClk.min.js Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	URL: https://analytics.webgains.io/pvClk.min.js Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	URL: https://analytics.webgains.io/pvClk.min.js Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	URL: https://analytics.webgains.io/pvClk.min.js Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	URL: https://analytics.webgains.io/pvClk.min.js Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	URL: https://analytics.webgains.io/pvClk.min.js Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	URL: https://analytics.webgains.io/pvClk.min.js Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	URL: https://analytics.webgains.io/pvClk.min.js Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	URL: https://analytics.webgains.io/pvClk.min.js Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	URL: https://analytics.webgains.io/pvClk.min.js Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	URL: https://analytics.webgains.io/pvClk.min.js Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	URL: https://analytics.webgains.io/pvClk.min.js Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	URL: https://analytics.webgains.io/pvClk.min.js Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	URL: https://analytics.webgains.io/pvClk.min.js Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	URL: https://analytics.webgains.io/pvClk.min.js Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	URL: https://analytics.webgains.io/pvClk.min.js Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	URL: https://analytics.webgains.io/pvClk.min.js Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.
security	error	URL: https://analytics.webgains.io/pvClk.min.js Message: Unrecognized Content-Security-Policy directive 'prefetch-src'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1x1.a-mo.net
2b56ab2986e06752c3133cd0e68f5743.safeframe.googlesyndication.com
a.audrte.com
a.sportradarserving.com
a.tribalfusion.com
a8603dda0a877254f03d24af1d331ce8.safeframe.googlesyndication.com
aax-eu.amazon-adsystem.com
aax.amazon-adsystem.com
acdn.adnxs.com
ad.doubleclick.net
ad.turn.com
ad4m.at
ads.creative-serving.com
ads.eu.criteo.com
ads.pubmatic.com
adservice.google.com
adservice.google.de
adv.office-partner.de
analytics.webgains.io
ap.lijit.com
api.webgains.io
as.ad4m.at
assets.a-mo.net
assets.ad4m.at
beacon-ams3.rubiconproject.com
btlr.sharethrough.com
c.amazon-adsystem.com
c1.adform.net
cat.fr3.eu.criteo.com
cdn.adnxs.com
cdn.contentspread.net
cdn.doubleverify.com
cdn.jsdelivr.net
cdn.retailads.net
cdn.track.production.webgains.team
cdn.yourbow.com
cdnjs.cloudflare.com
cm.g.doubleclick.net
cms.quantserve.com
contextual.media.net
cr.frontend.weborama.fr
csm.eu.criteo.net
d5p.de17a.com
dclk-match.dotomi.com
dis.criteo.com
dmp.adform.net
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
eb2.3lift.com
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
fra1-ib.adnxs.com
futalis.de
gcm.ctnsnet.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
hal9000.redintelligence.net
hal900023.redintelligence.net
hal900029.redintelligence.net
hal900030.redintelligence.net
hbopenbid.pubmatic.com
i.ytimg.com
ib.adnxs.com
idsync.frontend.weborama.fr
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
imageproxy.eu.criteo.net
img.tradedoubler.com
impfr.tradedoubler.com
jnn-pa.googleapis.com
loada.exelator.com
m.exactag.com
mab.chartbeat.com
match.360yield.com
match.adsrvr.org
mwzeom.zeotap.com
newtimes.co.rw
onetag-sys.com
p.rfihub.com
pagead2.googlesyndication.com
ping.chartbeat.net
pixel-sync.sitescout.com
pixel.mathtag.com
pixel.onaudience.com
pixel.rubiconproject.com
pool.admedo.com
pr-bh.ybp.yahoo.com
prebid.media.net
prod-rtb.ad4mat.net
prod.us-east-1.cxm-bcn.publisher-services.amazon.dev
pubmatic-match.dotomi.com
px.ads.linkedin.com
r.scoota.co
r.turn.com
region1.analytics.google.com
rtb.fr3.eu.criteo.com
rtb.nl3.eu.criteo.com
rtb.openx.net
rtb0.doubleverify.com
rtbc-ew1.doubleverify.com
s.ad.smaato.net
s.amazon-adsystem.com
s.tribalfusion.com
s0.2mdn.net
s1.adform.net
secure.adnxs.com
secure.cdn.fastclick.net
securepubads.g.doubleclick.net
simage2.pubmatic.com
simage4.pubmatic.com
ssbsync.smartadserver.com
ssum-sec.casalemedia.com
stags.bluekai.com
static-de.ad4mat.net
static.chartbeat.com
static.criteo.net
static.doubleclick.net
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.1rx.io
sync.crwdcntrl.net
sync.mathtag.com
sync.targeting.unrulymedia.com
sync.teads.tv
tags.mathtag.com
token.rubiconproject.com
tpc.googlesyndication.com
track.adform.net
track.webgains.com
uipglob.semasio.net
um.simpli.fi
ups.analytics.yahoo.com
us-u.openx.net
widget.fr3.eu.criteo.com
www.awin1.com
www.conrad.de
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.newtimes.co.rw
www.youtube.com
x.bidswitch.net
yt3.ggpht.com
pagead2.googlesyndication.com
region1.analytics.google.com
104.111.217.42
108.138.9.235
13.224.189.110
13.248.245.213
130.211.44.5
136.243.149.243
141.94.171.213
142.250.185.226
142.250.186.38
151.101.193.108
151.101.2.49
151.101.65.108
167.233.14.134
178.250.1.9
178.250.7.11
178.250.7.9
18.133.36.104
18.135.126.181
18.198.69.109
18.66.147.98
185.29.134.245
185.64.189.110
185.64.189.112
185.64.189.115
185.64.190.80
185.80.39.216
185.86.139.93
193.0.160.130
198.47.127.20
2.18.233.201
2.18.235.93
2001:4860:4802:32::36
213.155.156.184
213.19.147.45
213.202.235.10
216.52.2.48
216.58.212.130
23.197.149.186
23.21.155.77
23.218.48.210
23.35.236.201
23.56.202.187
2600:1901:0:76b9::
2600:9000:2057:f000:18:1fcd:351:7bc1
2600:9000:211e:e000:1b:5138:8a40:93a1
2602:803:c003:200::41
2602:803:c003:200::67
2606:4700:10::6816:1857
2606:4700:20::681a:71b
2606:4700:20::681a:956
2606:4700:20::681a:bd1
2606:4700:20::ac43:4a81
2606:4700::6811:180e
2606:4700::6812:18ad
2606:4700::6812:7f05
2606:4700::6813:9e13
2620:116:800d:21:7eb1:3826:be7e:d981
2620:1ec:21::14
2a00:1450:4001:806::2008
2a00:1450:4001:808::2003
2a00:1450:4001:80b::2002
2a00:1450:4001:80f::2016
2a00:1450:4001:810::2002
2a00:1450:4001:810::200a
2a00:1450:4001:811::2002
2a00:1450:4001:811::2003
2a00:1450:4001:813::2002
2a00:1450:4001:813::2003
2a00:1450:4001:827::2001
2a00:1450:4001:827::2002
2a00:1450:4001:827::200a
2a00:1450:4001:827::200e
2a00:1450:4001:828::2006
2a00:1450:4001:829::2006
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::2004
2a00:1450:4001:82f::2001
2a00:1450:4001:82f::200e
2a00:1450:4001:831::2001
2a00:1450:400c:c0b::9a
2a01:4f8:d0a:2321::2
2a02:2638:3::1a
2a02:2638:3::3
2a02:2638:3::9
2a02:2638:d::13
2a02:2638:d::4
2a02:2638:d::c
2a02:26f0:3500:d::1732:83d6
2a02:fa8:8806:13::1370
2a04:4e42:400::485
2a04:4e42::714
2a05:d018:d29:3605:e341:f6b2:dd43:a873
2a0b:4d07:101::1
3.125.82.56
3.33.220.150
3.65.173.148
3.75.62.37
34.107.148.139
34.111.129.221
34.111.131.239
34.239.75.135
34.98.64.218
35.156.61.220
35.186.193.173
35.186.231.97
35.204.74.118
35.210.53.219
35.227.252.103
35.244.141.151
37.157.3.20
37.157.5.73
37.157.6.243
37.252.171.21
37.252.171.84
46.228.164.11
51.38.120.206
52.17.185.171
52.209.9.234
52.222.208.154
52.30.239.223
52.46.128.147
54.157.91.210
54.165.163.91
54.93.178.54
67.220.228.201
69.173.144.138
69.173.144.165
69.192.160.219
74.121.143.245
77.243.51.122
78.46.23.46
85.114.131.235
85.114.159.118
88.99.219.174
98.98.134.243
99.86.4.52
002f1235c6484b5b45d65e285ac9623a469f9428889d6b7baa1b698593679321
00561f3d40eb57585e3c30d2b595d0f2d890ab22bff0cbbd779f8a0c42d0b32f
00809aa4800eb8e06c5d012ca85a754961a6a93966dd8ae964e8218809f07b2b
00c1589aade28c29bf3a73a986dbbd46497ab5ca0e8dd15a3dab2c5683f5a385
00c5621a3f56c052959f8f0591b65e893f132b49b1447fde20767966cacbfbfe
01dcaf85f2ae23a30115cf4a663e90b4a507dc688c4c17f9ebddc3cf19fee780
03a0e4a85c470c697b9cab256a97ff2704a034b9394b9d67c4aaf6c5d421b5d8
041d7db1f2f6a660ae214e8be3e3e5d5c0a5d61f7a7000649ccd13441bee5bef
0445e6a9403b7230fb3b80ec6e4a846ec870caddf316ef53001a0bed7e1db253
04a0d2f4aacc34ed91e45e51c5e93b00483484c78f954bf3c8fc384a12047ccf
05090f3db4732f8facdbfcd98ac4b748bdb92950095ca7c4bc482564d007595a
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
07773674da8a5d7de6575be849321af69c60333d821b2e531b8b6aad8cb8deba
0780e2017aa5a52d57069f07bd2b817a437b56dc76d9e8b1a3f8aa258f7f06ba
0785da147ba638c347911291259410c39293b751a86a0b2fbc818a38c5684010
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
08409d08d8d118c6c6d1c375e079bfce656ac367ff4d1dd9551fff110033c185
08eb0b76b3ff067c15793863861b784f9b92b017402e156cf86c2d7410be6b85
08ec332c446e727696ff53c4c9ee2f3f5f605ce5672021e9691f89bd12c02f43
08fe9a1596f8dde4ab173d6f5baeeae18bb8d6dfabe51537f99d8547f8fbd76f
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
09a54c2a7ea5b66617bebbf0db36f8bd6274463477533355a49a38a2c9d26da5
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c48bf7497e2799db68a7bf097c1162d440f53071faab472405b7afd88e0b127
0c92f9053f62acd470bd30f32e4954cb7dd4f1f5dee578ebddec4884a7757a63
0c9652b3df1fcaba87c244caf25fb0c1d129cfedc8c42bb67c06df3ee8afb09a
0cff03129f16a73a8ff89d06578b0b1a1127bddb582fd05f0ab62f8ccc6b62f7
0f7e62ad12c151131fc348d23cb4cb0f66bdda6c4710ac44de3090e7f2e8ef5b
0ff6b83e67efbd51581ea1d99ebff57169b8b174d9b1785f7ad53d415c5e44ee
104a0eba3d8060883c603631ea50b129cf41743d619b37bd208153ce35e4c4f1
10bf3affce2e9c834ca6b5e04e920f9610fbed48c492da3b6756c30eb1790202
111041158b9290ae7cc0c6da69d7c4f5600e8a73b4c7399d675df7f15ba7b063
11e2e5366682cfbc1724040eebd26a62af7717641125b00a97dfa880807dc351
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
12abda8dd3b6a00d0afd893e62ed9b4dbad0f5b2d0dc900e992622d0ea7f44e9
12e8c565006ccfecbed1b2c446a396f19cbd172d4bac5e2823536bc7ff9c4296
134f4a39b11972e436ad81464caa48cf07310f1d14e4397a763c4b30782ea3bf
1359dd3d9b9ec1eb8874305a5bf2393a0059e57d7de12cb20e1927c17bd4c0db
13b7f277264c786a6a8089e7248df0262d3c0bd1bedb64b3cb48dc1a21c75bda
14332976209a1f217a72e58f745ba569e6b6bfded10c7b83953b5282945c9da2
145c7970d3a7b49c6e87ef61e22d83fcbe280cc3f478b28444db70ac358e2eb4
163201a725db302ec666c1821720e696a86664bbde5d6dfec34662a3d7380332
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
19959980600c65d0e3b66afdd0a27d9eb9c1de2032468eaaeff9f731da03e070
1a3e5b78fe853a772d885789f5179af806cb9ced6140483dff7e2cf998f40865
1aa56732c8650e0428f71aaf8f34af692aa6ddbd7d69c2b027ad3dced5c1ae74
1abe6c632e3674085b965c9188ef68b1b0febdb524972aa3a0b583dbdcb6ee4a
1ae610dc9e81bb73c9e8bcbc550d08469000307f1fdae98cf0bf038f28fc4789
1b13ba0e7781f63dd85f9c09f666b3404bfd385e74a77e780dbf3bde7d13f1c6
1b33436a8be416841d81046f6e5815878898636530bf6c9299ae04be235e3861
1b59b519aadb3949082264df9916f65d92d85c1cd5b294576f66958879778242
1b80f8cd7a57f91ef28853282221a218a1df3073495c5fb6dde9134d2817a396
1c4777fe3a673a05492e27d08032cc91c23ac5389897c9235b09b8b0f5a74db3
1c8e3fef0c262beff7660dce66d6e4329ffdc293c2fb9b0bbc614eec3db17c01
1ca0df715ccbd64f3743f0d0d7c10e07bf14a6145d5349dfe162da8f52603b3c
1cd58a827318c4a29b32a0db15c8c39d5651b42d8cad227519ad81bce4adb944
1ce8bf8e34655a01a9f3f70fac7fc0f21339b305de94022fe8ff555cda443190
1d8d650cbafe69c07b17b6b8528bc60f9109110ce8d49e5b330a24e48367e71a
1dfefd75c2258708a700b7b621b2d4bf8e10a9d148983c1a67b8c254d18a5766
1e1927a9580b4b0088e1e4f0701521b910e1fd1fd1f52c060dcf6f15f0080459
1e4888cce84b12f519ea6a2123dc8a3e27097a2fec4b8adbe9294dde6af8250a
1fac0a8214bf90455697f0e7db726dbf5e22773aa13258751ec2cff3524ce374
1fd0e8b5b583480a0a931798fc2f0493b81ba0cb810961c68e6ae838e2ca5cc6
20abd6cc97e400a1d98063ba6dcefe285f086cc2454bdd43b3784d9d7c3020aa
226a2fc6ae1507b3f50ad446d0a19066e86e9fbd18428d288d9eeb280a99c109
232d3fbf590a584138bb563319747dbef0c9e41db91f19ff45d41e785a5f4f98
233d78f023d1fc60dd75c66081b51c2554146c58c84b72db46c48f41088b7cd5
24afc3775f4665be2c61aec64e7d71965aa9cc7ebf912da6d53de91afde19a23
257ff71d0dbc9ba651c5a42f4f2b4c4a5b36b2f87a02aabfb5592f7246a18fdb
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2648ee50d6b51a31e914bc9309f92884fc0b7870274fc3be73693eb9dd9326b1
28246fc455ed80a6d38f2779e518e2fb49031680c01ae393a7cae3d04462daf0
287671b61678a24eab2a323e016bddc1f6532d7c445bafe2876b05dc70a88b14
2926a19e485994c6dd7fd221f8baa3e96e2831bbeb46fc75df445094975f39e7
2a54e29a4b1f0cdf4f5cb2e77963987ff5051d96515bf7ee4cf0a17a28756539
2a86736e52d37322c8215d376acd9329dea7048978232389591206771ad3ca6e
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
2ac4ad8ef55dee2db8525d8dfa1332cc011eb973a021b9409a9a2f673aa15c15
2caca3a8f4096611a9078977b7b23ff759142bf5aad2c10c94be4212bc60e5d3
2d5e67a38c9a11424cac19ce192c9fd124a6d74e64d3791a01561dbd3e39c0b4
2d88070bfa5f758c46cccdf74d265444d16fea4c110b46fb7796c5cdf8f499b5
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e56b19929f523df3cd45eafd7aafba54e0c00b460e7f129860a262f2b6d6cb0
2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
3083fb6b3c52a3aa42a16a169bb5880bf2863ee12ebde92411f1786c57002946
30ece5ac4e330eb0d7d2f0ff3096f914def5a156abfd9f6f0352d03bcf40311b
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a
340e11080b288b524fc976fdc70da0c4aa6b0ab5d65bb514aa0211dce326b045
35262e99f3fa80a555031466dfab2dd447d9b8ae1d408060eb4d101ae36d1875
35ad51e18520b7b83fc27d25da4fb2ef25452e23f8331cca9f9b84430f4a60d9
36a74661dfb652c289dd3bdccf3c31dc9ba453a328a4318aa72a34f1454f0842
3709ebe60de1f8a845ff4b5cee02785bf6697deeb0cbb76d2495d82a2a2d081e
370e7505063f09eb8f1664dba12c8be80d61b62963ab13c3060b43752a29e093
3736910735da204d07466305b577e77b3ba74a715e890b01c6c4781637516f88
37390b6680be1c6194ccfe43f7340b3088c27d6f5398666379d9569a9aa95d72
37495dddf76381833c30f35fffab5ea89f7207184cc939b7c2ba640e7d9d5194
37bc930c63149650677d732eea9526432bd8494c55737f45c98e7f8ad7c1e7ff
384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7
39198f1730d2e4e4188a177586ebc753590bea656f86ee2131c467eb7755d03d
3adeed165d2538b15c845a0f7dd480990f715db805c1926157613081204f18a7
3d493fa9f9e615e1f6a32da4987ffaa49ad6322ed34f30881c9370a35d0545c4
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3e23d9feebcd3c59dcc4d426b6df049bf4f8765bbfec90b2f185d0c8c9841c2f
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3f437b633ab25ec6171af77bbe050f8d85c71f1bd162b10de964aa327bd572cf
3f94657c31d73d3f8cfaf1b079185edbac32188f5e263ca38154d8f7a4fb21e5
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
409f00b3e0e67a78e96143832aa5edebb1615ef2df31aa5501c200ac4194c643
4123286ddf4737410cf8c0a221113d893446d78ccac8eaab928150d428f055bc
41b9b9d488e3a57902a671111dd089363c2f7d3a41ec3177f196abbb7cbac078
41bb251f8f9ca9b814770618ccaeb6d9586a479b98ba88740fa50c9e661f92a8
41ed06c2268f9e19b513c051ee21502768ffe5dc1e323fac3717f3b55ea8a16e
42c1c369b05f0ed047726f0ced4ab65fa8807cd12ef8c3fe0c3fe99c2bc6e8eb
43772d0c0912ae0105fe6e233954f712abfd00988887b9fdf82155ff6f7f6a08
4379780ec7a60ee9e3be3daae1679424e45bbcad947348e5eed4393dce45b0fc
43f804d38a294c6df1ce8ee64fb95ad0ff5a8d6d5685d9537df02212668a1dff
449d4d51c1b8b7ea8584ee082652d1087678f67989ddb073e2fb9fce5ea13e08
452d8ad86a3b916edb7511ba91d8e472f91efa62b2c911aedcf2397011f0816c
4640f441530cf0255d4e19cfef296aea111982dc44f64b511782d3b737492d3e
465214a4b929506e490a9fcfb588d2e6441a8b1591c7ca85a5f7c0e525ace697
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
46d6f26d8aec2034b41b51d68be347c7601c8b5399fd7ad56508ffd1e31db075
476eb398666953b1eb8f720fce8373dcd7b3143c0942e9449fa41fea325ccef6
48544d39ceaebb01d8e31886a19c82330f02125740397558bb0baa16b81b8c6f
4860a85748d926c4bfc65348067b41e5262bc1289750fdd2928e20e19addc078
48a171b6ea8df8aa67c5f58b8ec3a9afcf419fcddc6a272aef561f8c8f4c580b
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
48a391f29bc14459aa881d701beed00820c0b7ef72aa0a85fc08d6e21d169ec1
49473980386c8bd3319f8330bc217b6caccba02632b2031607f7b052255faac6
498b3f2a0357fbd50a80eb18b23ab4b461b791d640e5560b799f08ed960748a9
49b2428c2d1e0b1b8a92e5189f0306451a73a881a74a8abc0789420530f68252
49bdaab7518178471ae9d17c477529200b4935cfde5d603b9e649ce78b9eec9c
4a286c727562b9842b342007b705ddf3c3586983a4f09352a21d886f87ee48d2
4a6e9aea39f6bc726aafb74977e1f6fa754432922aecc18301f5e291d0e33c48
4a87ab137847708c417f2fe0e4b40b13045387e5450b590e36569844e7d2749a
4a91eabb9f41d2164e9885c128153192439203b10873fa7071980e58131e0d23
4ac31f223f44761b6db3628161b0099bbf06ffe5a54ce45cb71bdd1f4b7a2473
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b8f230af668f20a7b50021f1edb1fac1c96cab1aa576933a2064e5d7807179b
4dc80fcaf6db01fa29ced797dbb0947bb3bb95b1a88f893f389cf17144166075
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e61c4c6f2c0c52c9b5dadb303f0db1128715c2e8819a50b1d24c6d7089fbebb
4eb5fefb8416c598f01847e5b53605cc6d3ffb3784067dba4185954a19ef2fe5
4f37ac34a066f99ea3c0f34e28ce14deb812a8c12042fdd6f23f08fa1a4d768f
4f5b11a8ed95cc5ef94a4a6fe4d32f704dfeca16300ca4c67cdcffaa01aa2481
4fd330d3626d3ff9fd822d3d2e32c34c53540b8c00ff55811a0ffd74b7567724
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
51b07863bc58fba2d34a65bbfa245173f05ae20226c64d0b25d85993c1376d3e
51eaf649e037fafcd0277a848ff4b54c4216e8799b7e72c53e1d7265c6a116c6
523d262589ca8b105b99ed6e9ac93e080910c0eb956d90c703e56d26fb9b2f87
52571c91fe462198f5c5bf4a93926a3d00f7b910cd65fbbe44c17cc487fab126
525e7c89461afb3f73ea7030fbceba4f9e9383570159926acee637b4f86b8148
53126ffde60eb0b572aa8055e02f09a2714909595b97eba996b7eeb09d2caeb8
5381ba904f9aaf519819c403881a5189991b9cd7bffa3c4681c58dbcfe972da9
53fd29aa898a338e420a878bf7eaa2f91fa8ce775f356bafadc70989c5344d1b
54489629ab63051ecaa392b0ae99224fd2019e284fc23cd1a58b755b7d183ab3
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
57130e887446d43791ef89e20d1b124abf0bb46c1582523c5f37865ae6b8dc1a
579445f908efc814f2967128c9b439fa377d567f2305697cec038d9dcae261cd
582e283baa4cce4006055beb2eb8fe257c1ec5ef573a40f173b880636089e8cd
58d0fe6f00ed5f12073027fabbed88ebebb8c6d0b178a5d5ba9369949659995d
59c979a599383c5d585d64e81b048a10e9c7b317310984bd8d1628919c8a2b13
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5b30e03baec01143cb26447b0497f9e0cf2a77e62070be0cea502c434eea7554
5bdcb70ab6e8f1deaec232a3ec3f08c34f6c8195211107025424a1e2c6183b6f
5d485f783c7cc440cba21bb750ce67e191bce0783bfc6cff5f98e236e401b7ab
5d7c7d25a0da74c0dd466120c3c09bd94cb982fc66ebc4a78675339f37323bf5
5da042d5812f163384470df8b5fbca46e8364922c47407a8dbdcf114066fc6ab
5df79eddbef90ad7812dabb7e205681d726406b290b06033adf10ee06929097e
5f375509c1452589c13e5d6dc5f3b39d297dfd6930148ac1a8e9930d3102da53
6057d2f6a2e6adc5409b6989fc40e3987b5dfe26a4a1ea0c67c010d3b39ef470
60b9d4305db4ec8d879e28528cf1fd875dfc2dc7d7b6478b12eb3c205f19e9f4
60bf02832688d14251ec1c7b8acfda233a91f927f26c7202bdaba781a1f0fcdf
60eb5df2834bdbb6a7c0c36dd892635558792886b6285c6d0eb8fa9026357d90
6139dddd3b6b6b847bccd476918dc8fb4f4f5a10908e5707c704f155e0918e84
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
633b875d225dcad3d57a563834f83b4c49fa0e315511050e5846baf6a02934b9
63c3f35eed8f9fae951373f4f0642d09521b1b86c8d3a6d679047bc5440790fb
63e6202e0e20fafa3f600ddce93331b32cea3b47789a59f0e66653e10ebcf028
641d183a71e76e3aa6da3a2d31be2cbd1590a99e0df6ba2bdcde740f3cb5e79c
642a400039a41170589c933fd106710a2100d06d2c0d5e8150d21a5d89f30ce8
648effa15e3979f231a237d422388c122f5b25c5228776009be6d3802fb38aad
657167e520d451316ece919aca23fec1febdb362a3d3e3fc4167650994162810
67332ef2cea8b2c3ada817e3230526766c2e246254e1fc6c7a12b5bc7877b979
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2
680d3d4711f6d6dafbc2ed29ef27934b2a176699fb7c8a69ad0813d54e4dc24f
6830cab957b385629f34f0e1cd176c249375be5ba307ce6ec1e85b192098b4f0
68c831b3324ca6fea43d48681ac2b9338b794ecdb60ff7fa7059a997d4007604
69c7440a91991e71e2594b76c9a058c39e0126145a9a7e1a9bfc3d15059d4f7a
6b3da89922d333d106b84fefeebd7b16bfebf4cfbd7bef37fa10a47c471ae64c
6b9d7cae8b70d4cd6beeb93cc0fbfd8778f94473c5e87299491f513bf3d7c9b9
6e88924d7fb722281b8da6fb82687db30e8c19c35f3ae66515ef1e0bd1af47ae
6f0081b3e2cc9c0dc0ccf0864c85b37b80b55754339a711ee1c595defc833fdf
6f25619d3b1d1c77455851ea1f8051fadf8fedd8886b5e8066ad648b46aef2ff
6f917ef15ec223173e9da8db68c85664819c68625a790c56c63f046b6c240440
6f9a070acffcced835a2ad0f016bc04f02754dc7032647d3e0ba35a77c0dc8ff
701de9034825c64ca25016b34df3071046480de246bc8087814b4c9b79c17be5
7048a4604321f35939f9cc468728f11aa0500336f2ee8bbe528e94f82bf4415a
70c8863d1f8191f5eae09e3895ec780548d805598b5375b401d957c8b873b39e
71be6629a069a87727896d49e682c05e4676545732bdb6d91d7ebb92c2068253
71f45eb66e033a7ed8c080e0633386f934749f6f0583a20d84d43f788845fd4a
720adfe48f595070e9a8490d5fd91fa091a4d6b3cfea9677eb92906f1f6134aa
725a68fb2976065cd12cc2452075ca554d830f932a392ab7570c79f227e6e942
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
72924098ac79c3e04b1178fa39f2149ec5b726057cffca2cfe0e67a2e297a33c
72a2dbe7a8c52c5a28e33842d1abc2227b5508e86d4362d6472c7ac23a860ffe
72a64af6c85d8ab9bb2b508571c6a70080750c4891634dcbe36cb95737ca0f48
741201f1dd055218343fad7b034dc52b30b84ac6af67e9a30edccddb4ce9f516
7415786522c29f25daf05496a7df8f6a594d951b4a4db25845a0cca22b244380
74486a32f9931e4de8821c9a1276c0be67dd38d4d93c408f2f1afb215fc6a6ea
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
75064d77cc5f5c4b7f6d89dcf63bbdf22cc937498ecba3775c65b9e89c77c7a6
7550484b8be6ddfa7c7ea0778d64e7dca976ccc74f0d0c8c058f796d244f1eef
75756355c8fcfccf30c6d8d782705713f70e804d7fd27b7263f44712a6ab053a
760406934c7f1e7f57d9b4ac69bb9e23b51a31efabaa7e68abd34298163a56e6
76043d66d53eba14dd3f9e79b968ccd9256fb819baac13bcb73b99abc8bbd484
7654e657caa0293b96b42be72a7c15f113c1d9770a68e346f689b7354249cdad
76b2bb0279e8e3ef31f9f66d4c49f9eeb3c9397935d545bd1923b5723f024dde
7743c2cd070a04da34186a5847db1e8638d42f41485cffb4c3a0df9ba404e8dc
77aff5793d453962bac0dec9f50d18a7c59fc982ccf8e35fb6a73d3a1f0b4693
78384465ed789c6a76c58ea1fdec8042b6ec90dd1a192afdd9c335bc2094b78b
78ed4597e2349287e8b68b827116e75a209e8b538bb082e9af907e0024735861
791aaec16b483ddbbdbb1d928183daf3f22d464493ef48840701dbe59cde10cd
79a530f58491704112a0945b0e21d296434e20b1169e3faea9c495fde56377d9
7a092aa6da21f38f6e9975fb378f690ce4e02df715cdd82f6f6ed7bef2f60988
7b307f2ce73aec07bfa1ab1d6462f491de0497c8819b1d6fed66eda9638a3530
7b3aa85db7929378a752626dd3296d9105488aa2e9e5993ac40023739bed10c7
7b56d35f59e78b65b242ba7c49dc35837980e931b52de592a75e77e2b7b5f798
7bc0c4519150a490750c0f9f77857d5af952bca0bad56e3db6d24bd79f18b4e7
7ce4cfe49bd4275e9e080671c07da769ede7359411f9e9ac8898a13dc071408b
7d93b38042ee49a0bbefc94df30cc82e02efaed10792e72597ff498d9c903c09
7dc4ad821e2c98e7c031cf480de481b35f640f5675a7bda45d2450e3afc29894
7dce1af26b89987a2c3d66673230823eccbc6e2dadc2ca608dbfea12b1c59f77
7e5b4dd28e58e76dbe83eb2b357fdad7e54b85a9def9bf953063d5970a91ee6a
7e8726aba04a3ce80d5e053075b99879808e4bd38675b2f8309ca794ccffe03b
7ef5d3b920fd544781be8b46e4d6a161a1b4d48132f3baf5353de113a1a4d001
7f653b3ce9d3277457fc6da4edb246ae2f6c913f088c42dcb8cd2e96267aa21a
801c81b956934441ec8e6dc3dab9e49aa300021114b1e743c96e5c59cc29b50a
8031aaf823460f4fcc21cbbbfd4ff728a7ce4bd847fa26c0e3755e3f0b94d810
81097875d2c45f38ab8460111afa8cb1723e6a0ee1a2a9b2e4066833f39890bf
82709cc1cd991e26967b850fd332310bcd1df1732c0469c1ec8645d34767b43b
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
838a956679899c86ae68617e7b25e7de046d9a52bddd55c7dc59b8eb81953565
83a7723430f74e8a151bd7fcc800fc80b511d413e3af110ef0d5e443a6e60209
83a818561b7f93e0f7664504ef5993250ab3f2e6420b5d73cf708fba0f5665e4
843ca27aa5a55f23f36493f7a6c93bd16bae165e07e4be441ea45723b586eae2
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
85240f4ca4ce3926dfd9d68ffdc8c4e969b5428878920159a7a77927c60b8c9d
861e4cd27539274eedfdd65212a140a4c7ccea88e004d23f5234e4db48bc73ae
865b3edd4c3bca3bc6cdc089ccdea0443754434c01dd96084a0eaae4e1da3aa4
87a78c078551441e39774745fecc8666c5a158e9ae75a89175059b80216601b0
87dd8761626cf628f262abd3d86b1f2829854d2d497b24a7322811e664124146
884241c7b65d73edaf18230673b273e83d36bf4aafad202b556fbcb086427899
88564507655af146da38c51488f494e6bd017c94ef9046a04b7dd2692deb5966
890573fad34b6da411a61454be50ca2edaa7bb9126f1f8e8d12bf322721f8a52
89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4
8a85ee91769d3a837be5f825fc676683165f589c34b4b88bce785ba8c8a040b4
8b33fed241c7e1b330ef1fbc693f13f9f25b876ea99e004e02347356aaba929c
8b8e1a97986ac2cd89b2470bd6b1025bf7d35c1b39e74839376d046f3a455769
8b977453576454f813e2b75ad6740c94f853ecd0760b5abec6a334d8623e2d13
8cfec012df6cd29172f4b3020c481b94e149ddd8bd3d4dbc9da39bd1791e470d
8d2707526bbc14b7c6e83b6d093f6df912485ac5863c7e217f0b9ef811d91433
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e16ad2005bc4c19f8560189ef6e7b7475f2b3def2c60a57f9041fac5b4f94cf
8e6c57c83b9a309c566d01c3e8d4c185a00b4fc3c79962a191a3e97d4d4c541c
8ec3cdfcdc79223ee04ed060812314854cb3b3d9d1914390c755934366fc3693
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
8ed86e2b928c1b3c7035f47e16f70e3e71131b34c86b59e783a0559fcc8de4b6
8f817d3caad3802fae729ef9a1416690be5eba91af59d44ab2ce2a6e00f62bb4
9115c14e8e621dd1fbf6a9c87ee7c834de1d51420bd2e0edad5174cac3e1371b
91723f4bf15139392fd9425731b5d795958f6e5ce883aeba7abe8c95b57bbd2e
91ad26b5c0957975f48585654f032afa6e3f6242a63ab8314d1de785ce076146
92642e75cd4765ffb7a24d303305eee7965acaa648f5d670df837b96f2476a15
9354d00aaf4f47e50cef883a3eb1bdf8946f308d0dc5076886defd6ee93fb35f
936c621d678e7516b793eee07b8847446f96e00ceda5c6583a8598b07042345e
939f15aa3264213b1f5a015b77fe316ce2031cbdb0c35d190d7eec9803fec941
94f8e16904bccd826c6647eb16be13a4c9e3ed322c4a0569c8ba5078a424d890
962564f65642886f325700226cde5ce3037d3465eba70afc6eae6015782f3602
98a3ab26574717a95d200c12658c4dbbb28109a057cc52f8a100e6da2b645963
9929932627f757a2bf923b61a9a461fde8dbe2038e6c18c4f228ae9ba1b4191a
995787da18d7959d1540540c965d25fb16da757bd873e9cd14dd322bf9a162a1
99bea178b89d7cba46b4970e76ebca630486c955f20f1aa7b1ab11396bca4a0e
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a3f3c50810204a4252112b471f5d710f56d43e63854d7460d83c7dca6080c65
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b4c058fb79090fd6d15dbf4305ce4c94b794da0edc9cdf3ca16c266fd018504
9b556be9b0a4a4245548d841972d5ca3c34fcc79d80041627d69fd884047b49b
9c379b0b7354573c99a9e5a00a56fbe5a854adf2b0d615b458fa36802c604edc
9c63890b7f3f2e513fa085cd7b198f9ab91721a9e8aa7180806ff4aa7b4089a4
9cd28222b76db9ecead97bdea2b69bce8777da737c9e242502def4a5f1c96675
9dbd44f73b9f851ac4ba10edd410d3ce975eed7f74baafb4470257d59f90625a
9e3918ffc62d5c1eee4056fc38483ff1f44fc93688fe1c69f7f2dacc8df26ef3
9f7b0125ef9acccbfefc22c575aa0fe9fb415a8fc0a0615c44c94d3aba383923
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a06490c702d36a1529a88824f408d512ccb8bab6614836e615f8c548c8976c4d
a070ec5d5d045cb6be2b058c76a03159a6ec5ec50d83653eaef33856a22a50a3
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a1467c6ed682df808cf830c429ebaec42c32c2033369aa48446fb9e7f592769d
a2b9eefee68fa18c6be3c3bbe11d769b5affc01b84ea94c7ec68ae4ffacd858a
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a4a8319f6700e5e28a7c214cc99bf7e8fbca403c19317fa73fcc18f5a057f449
a5489bbe1d24e4564789598649fa2916bb1949c1c42d1bf818c65a9aefee7f9e
a5a411d9638ded410191f31c6172ff6c1ce2af23b809d322dc42e1ea21412c3d
a5b0834c54e491fcd04fefaff1d8121a698602015cb2b649fba710ba7d610a18
a5b518aed57899d2c75577a03eeb5872eb62f493fa0dcc4059e369358f6e8198
a5d9bc65c8e2961fe877111c0fdc0544dacabb282c016be9630a133ea7cc8e78
a631c91529e4828882fdea85da4f31be2fde050382c50b26ca0878c26668928b
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
a720496c2abaf03ae96da1c52a4ff0277a88fba49778e5958c0fdd37efbbfba4
a73af5aeefe4ab9b11046eb3dcf22aac0b007b3af5471c0acf158dd63e143d81
a73fe18d02cda6c90fde12de4d3ce1ac52ec0d8879c84f65748dbd1ff5a23081
a740bc0c9e44265f8f5c6507170078fa4ab4c692a8e5284aae172f9370a08226
a74d9ef4aed69029444e8433d85a7e6df17f90c21afe3331b4a8929720e4e396
a829e85f81b8b34a49a526ecdc03b18f26604d679f50c825e34cb2636013900c
a8f4e9b2f7e68eaa04ba92e92434dcdde07840de52b88986cdfcb19330d4d6ac
a96e199df136d37da26e9fea5d58884482237121d0b9077fb96db13bbeba9dcb
a9b847c681a24b03ba8acc0b4dcd8aab9acf8c4d3131be784d488e2402d57427
aabf3581c2006f4834a49dfa705f42fe4e10f7acbfd44be8c8ba5ec4fd331660
abaa484421865309a7781e540844f1b5260ed131080f8dd9f083d8f18beea107
abb158091f326c30eba27a787b330d3f1d96a0a625b7d00be7305f00688b62cb
ac6819ddbdc4c3a3845e32f55947158747e75113248edc9644fa65c4ed9934ad
ac75af1fd6d2dd6fbdb02d2f7df44ad790061f9231899ea27c6fa779a9d15365
ac788033aa123a9e47570575d8e05090580cfacc91dc6e07523f443ac49123a9
ad4781a7a8a0213ffbfda27884eb31924f8f55c52565c6440c2f517d8e32ddbf
ad69f2c2dab8b483c052adefe6a3c523cd50b5ed697c4f829a9aff37c3c132c3
adedd2344705d690f045ed0be660d11dfa1b3bf313752b5d25e4b6f0a7b8b7b1
ae684e653cf5edc8bec110ff0669b6daa58f690d550735f98954697799f963da
af058bc0a949d80a2234f297e983e6fb3438a7f360daf4cdecd3d717ce047ea7
af4b954cf45e99d5eccbea113dc2b66799cf8db96c3e8dfc33d145398743727b
af7a66542220ecfb2b8fa0286b60ffa95c1c8047df094654a90e1ff75f848ef5
b0543b1569a30e570e585647f553f48599be283bedc5018ecfc2ba7de1f0d729
b0b14302b3544a070d422bcd27864c45ed78cd2a7379888364e53ae5f476f198
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1a92cc32b861676d73dee67a54d16f367fbe774354b1c25189348ee4a85a98e
b1d4d1509431c0c3bdeba9c801efc2c4dc88b502cddf4d4f5835328b57b443f8
b2af32f323ea3d058e5a0e7fa8e2634cad235b28d9c5a555a6063a7dd917d240
b38cf97403913a9bb6db37db631333a033152ceaf711f75eaf6c961eeab882cf
b536132accecec4c02cbbbd9ac2b477869b6ba0cd72fab7cee97034ea2ecff7f
b6342f094b5d3b9c180f8fd9ad4d2d9c56e4270b2c648f8ec883393d5b899c6e
b6ccd14ba8a0224fa486fe0b41f22224cc0c7d77cbc027fae59610e2442e5dcb
b70328b3b53e1936fae544e04d9d3d65f86efec591f7dd3b2ca7e19582d8bdf9
b7506715d8ff403a7e4a56b46e757ecd12c8a59e4c48d8f0478b62186f51bb1a
b84677c9d507861ede2db86349957b3fff926d3857fb11595ab96d8866314798
b8c1412f0d2a976635c63760e265d3d7a926b14efaeb21a770648ec8afe51295
bb19a4e165f0dd3ab9ea9d1f11cc2e4e8f7b77ee8042fd4f04e61535e0173ef0
bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a
bcbcd8f050e7629dbf6663a2d4b8013bad3ab03d2d32ab5f918741241cc01235
bd5a390ca4dbd0bfb3d4359cbd6d4264ea40a316d879529ed82d030f62003002
bd94b067d8b7054e2843e9e9f36f37bfcfcbccdd6af9b802b17592e25ec0364c
bea63616949c80ff0dfdbb1e8547f1585882fc691483317b06441688e3e5f14a
beadeaf7af5139b66f167aabf4494ece88a874fb63a8abc901fb420a3c98d518
bf3b9586388ca250dead7595436f0de31a4608469c1cd526aa8ae10206f50203
bf5de2a37e1b850ca9cc3b1a55bccd36def2be3524d0c5acb67b61f26aac8a96
bffd0d611f4f4d8f88285bbe5a5fcca7c53215ef136bd4ffacead53e5b2144ac
c04524ea70ff018157d8ccc0e26d14ce7d658feae7e8a0be356e73a7d9734d1f
c04ce59d9c0ef75453ede3bc73be9675c4a71260bdff7965e921ac2e78dc6539
c1059d522f4c639f77427fa309b77d7c5f02e42a44d45e2edc5113394cb51822
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c290e019a065a6ea35765f1aaf7382400c733662fae4de335a9a944b5bc5bc2d
c2ae6a18b973d0fbd53cd575408e3720cec1b94418b180ab6b83a82611eb1906
c2dc4e0d867778bccfb8c6f5da5f09a83e9d2b1b3f8275b44e9668bc1c283934
c393438c42a8da364ae5b6456c31add84859b53a0a62239796a5c7d78ce8f46c
c5d9f11f95196250f6797acef21bd147fe22a802940735d88ac2a7a9308247ac
c6a21b176540feb83d0e3ec1caf2bc67a966b5bd100636a96c67746cbd2a4e52
c74d4c8be63fda641c0e0255ad3c7416862f17e31442a1a0ddd7645bc2d69d3c
c7bc8098c1b013492c04c1f333e56d3980945b0882c7f57441bf0688362eef29
c905a799c91593b68a840f7aae0bd411b7f0d2d475c8f5f5a780d54018fb61b8
c93c88a9b0ecf4b158610988b79ffdc52501b1e995f14eb4dfc09c7eb9c3f6de
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
cb12266c8acc6741d969c1e042bf7bd04cc326714970e125ba455e3d8d31994f
cb21cb57088177c6d8735d579be0e5789ecf3feac69e02ec6e491f8d1a588b8b
cba432fb6049713a37723932c0af7a57b174a9b8600f43aa46e4d19d6c56cf4c
cbf2228ab439f89b83feb79ea549213521a81212fde9ff67f9c73d002d586198
cce2837b1120026f55d8065b6d1f4cdd7084c12a755d6674dbe7942cefa54d13
ce0b96f89eae40bb3b56648de2c8225856d1574aec4dda6a231f09a1c08ad1bc
ce405e27630dd0f75c2e2c282ae3e830664f61189dcfc63fed3efa38831f9902
ce7aa9a76e1ef06e22d13a5c8678b9b7440f5b1f854ecb62b447ad383927abb6
cf0b11a32ec6207691e307ee8166ce170c99a340a98efece4b3c094b4b90f196
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d00b5477d00f8736d2e6d3fdab41ede97e8574d75b74a6a8b3d192a90a060b63
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d17774d8aadb3697bc1fd13ff0ea6beb1d48c5bdf76e34c77831e7d1bd9e9152
d1cefd6e7f577c8f6c44462356badd8df8e2cbe5caaf8150ea65bca6711195fb
d2da8c71cfc9b35209e6b25ef5f1ff60f255d0c56abf78ebda497a30cad2c57d
d357fce995c15b49f1cda94524b2e28d0f0bab27b7e7800c37e64b7074f75709
d3c727e5bf0454c49ce65e9ed585839348e0db8c85ad0d9c67ce3907fa8f1023
d3da337a403ec8e40a98595e5089f1935b39cc04da24a7fb701e37bec044bd55
d5afe6c33d091af7c18129d4a4e0b04e1e788bca54ab3444c83a7ed5c808f4fe
d6edee2b4523aeb3582e3afb76d7072f4e1a8de09ec7d4ef37166c3d1544f673
d6f0572e43f8d8bd0aafc1548f912b534fa787b37232ef1303ab3e7fb344e075
d7459fa18280a3e39c5ffd0eb2445c3d375d0dda10100a51ec20faba34beb92f
d77b5f2ca03eb8dab2acc515548b7b1ce7eeb4ca2189268552649e0391ee8c21
d806e9e11b3c848d4b72bd33f961764cb8c9557ca6351749f90275ea05183055
dab27ef73784b63a1d555436f0a1c17e8e333568d031e74270cb2ddf2b599dbf
dcbd4882f0c4557f44d9d7340ab5a08c7b8cdf3dc5cba9996a18c95160acbd5d
ddf8be177e7b79aaeb98ffa04b2c4f8a1c05058cb59a55387ad22612c968ee32
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de8cf49bb686972e8b8cf4e7c2156bbb340da75e1d4c3ddabe1578e2d5195a24
deb8fb5f788a02003259546a7cc16c3cbc86c93299b04f4cef8cb10cda0bba71
dfcb60c803ac7edaa1670cbf7445c9f6ec4019c7b7445bd2f2a533de61838ff4
e046b5ad85590608ce986ee762bee5fb1d146dd193647689f5089e20e6346ef7
e0b7c41d2d6fa7cd9e0212559a7ded8eb1b13ef6b7b4d26dd15789cfe0b125a5
e0bfcf41c566f571ea252620518b4bee4496dba2b1df9a1aa3e436f81592e1b0
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
e1545dd0c2cfbfc070ea032404c746ce55c86ae551bd70b057a114d605f39ec4
e189eb8fb761166a6d657a8dbea2c5d73e224e565716f36406ec7f7b68cd78c7
e2938ed72160f5efe7fd38e3be3ba4c274e5fd74b9a372ed8e8f9e1bbf108db2
e2b4a9403148c10a8dc4f4a7740a235d1c8baf4bf87cc1c0cd23de4b03f27d51
e321ed2eb5db83a024580fdb802c32f9319b8d82adbd07b39299d27118b62d86
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4e0bd7d15af62b9d2a3b213d727c5f89ae9e0475622e4daf225f8533cb2c717
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e6269c74faf4e92126e6e69f925e200718eb51014c734cca380b0849e68d0b8e
e634cdea6fc8a42921753f7da1799c4719b763400d8891a778bdcc519e43c919
e64a107cd561670cd079ebec398973b9e1d2db0e8355f7bd537e7cf93f8df7ed
e6544827c76834421e5f8212bad944529c60a2562ffe2fc21f3054773669babd
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
e9115b01e43fa7b3d6d77de1e601c51c247f5494816264e6c5c48fb0b5c3c4da
e944aa2add7d89134400d6d51b9b0954ad0e988edd934eccff8907ab90e1c853
e9f4804016ce37219673d8ff2f1720cf85d410d80f25c30c95d2c63af87b356c
eab2aae155acddc9e3b5546a99b71443d14decfb2a222e64793629fb9e947505
eab2dbe6f6732288580b12082eb29259355dd87cadd9d2bc796ff02b088feb10
eb537885dbfca64234e47ef9c1a0e8a8c076248554be0e6a52b7c299e4d13817
eb5e546a000458768c8082463ac22b85a5144bdfebb735d67828f4446b33144d
eba039adfb6a97b8a4e3b1225d2b4ba287b2872562f993aaf87f1bd0e1cb2b8b
eccf57b62dbae261e99c42c11f1d643aa66362fc72a0696be044a75466ba5202
ed8c3beaa9da129a85dee30d9e907b9d05ef57610d1158817a18108027f7d65d
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
ee6d3b54a9065c8ff1c55528d83a8b11aa932915d3004f3dab2c5355027bbf3f
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efbf6b8f727d86f895f4e286be5a67d91a9f80b567534103f85635d2af0d2fa6
efc2a99fb14c06752ab6385062f4ee2b4314c060dbd9975d0fb266db3f1bb8dd
efe07ef16a3c928477d486d33b681e6258bf89947de2dd34b3413677bdf20f01
efff86878ca9d39cf24f6db8869883220b29bca6eec484cd2c1ab198205d25b3
f0360050e503a5f308f03aa804a207831ae8d40bfd1eec2911c9ce7b9d812450
f1f660e3feb06ed4ba7173188c369b7442e55edfced06cf97212ba649624c371
f259e459023f1a54dc223e498a06ca8109b83faaf54bd3897c87b6a1ae47edea
f324377940583ba7a0f81123404cc032334edf5ace8e9f5d58da1cc340e41027
f4cf99006988509d9e94b1fc6420bb3896244a7dadbc49f2eb44e28396ee4815
f5ac04f16be2eb0fbb4477e9e100a88674bda296ce7acf2419ec2898858b37f1
f634879d16aebaccf0bbe9b68d1155073fa1412141a66eb27e26efb0e2e9bbcb
f6b339f595ef77c30861bb54152c9215d18cec2ee0d9dd8a6cbc9f301f3b1c4c
f6e92812141d757d7e04a4b348e5e6dcaa12daf4550f928575cf188308f6fb44
f83b40bd271aacaae918717e09b4c81d3ba99b81b6d7e04bc9d221b4a44f0432
f910e4ad88c6833f05ccb40b8c17fdd0834f1e467a64bf7bf81cf91e4e0ebd99
f961fc2ce93baef2fb4de117dfc488d3738b06e9c1d62b4527d18012ec95241e
f9d374ef87ca2b8179870daa8739f8b060fc77446a4109ec87dc523bd8059ea4
fba14e068756cb018cf50ef23628ab6135f0485606798af1711bc1999bad3d6f
fc0a2bbdba77b4db6f9b5bf4481c171bee16adb106be302b58763f535f11b469
fd4baf763043b388f2c14d9f4cadd1b5bb14459c59e6e700dc0951570d9d6f39
fdc79b8c47c6d5c20def82fa5f6a91e3cbe3057bff3f8b14b5c2c71dc9b57ec4
ff9477d93493093c56d5e3f08c3d69fef348f5cfa94fd226b3f32e0cc5c1331f
ffae8fb9199235cf70171d14a964159b4eda2da695a258c2586de98e3cb27bb2
ffc733276efc796c146eccf6bc3b111f917b8e2203d25df67884786903b64c05

www.newtimes.co.rw Open in urlscan Pro 2606:4700:20::681a:956 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

1232 Requests

89 %HTTPS

38 %IPv6

85 Domains

149 Subdomains

115 IPs

12 Countries

23616 kBTransfer

42507 kBSize

118 Cookies

6 Outgoing links

Page URL History

Redirected requests

1232 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 23 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.newtimes.co.rw Open in urlscan Pro
2606:4700:20::681a:956 Public Scan

Screenshot
Live screenshot

Full Image

1232
Requests

89 %
HTTPS

38 %
IPv6

85
Domains

149
Subdomains

115
IPs

12
Countries

23616 kB
Transfer

42507 kB
Size

118
Cookies

1232 HTTP transactions
23 data transactions