norsecorp.com Open in urlscan Pro
2606:4700:3031::ac43:a8b9 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://signal3domain.online/click?redirect=http://www.Norsecorp.com&dID=1642766188871&linkName=www.Norsecorp.com
Effective URL:
http://norsecorp.com/
Submission: On January 21 via api (January 21st 2022, 3:37:44 pm UTC) from US — Scanned from DE

Summary HTTP 56 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 24 IPs in 2 countries across 20 domains to perform 56 HTTP transactions. The main IP is 2606:4700:3031::ac43:a8b9, located in United States and belongs to CLOUDFLARENET, US. The main domain is norsecorp.com.

This is the only time norsecorp.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	3.230.196.167 3.230.196.167	14618 (AMAZON-AES) (AMAZON-AES)
1 1	2606:4700:303... 2606:4700:3032::6815:3eee	13335 (CLOUDFLAR...) (CLOUDFLARENET)
15	2606:4700:303... 2606:4700:3031::ac43:a8b9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 6	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
1	2606:4700:303... 2606:4700:3036::ac43:a1d1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:811::200a	15169 (GOOGLE) (GOOGLE)
4	151.139.128.11 151.139.128.11	20446 (HIGHWINDS3) (HIGHWINDS3)
1	2600:9000:226... 2600:9000:2261:ae00:2:cb38:840:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2620:116:800d... 2620:116:800d:21:ee05:6a01:4b41:8c89	16509 (AMAZON-02) (AMAZON-02)
1 2	2600:9000:231... 2600:9000:2315:800:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1 2	2620:116:800d... 2620:116:800d:21:3175:5196:e3fd:8c1d	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:831::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::2004	15169 (GOOGLE) (GOOGLE)
1	185.255.84.150 185.255.84.150	() ()
3	104.22.69.131 104.22.69.131	() ()
1	147.75.61.140 147.75.61.140	() ()
1	198.148.27.134 198.148.27.134	() ()
1	178.250.0.165 178.250.0.165	() ()
1	18.184.27.79 18.184.27.79	() ()
1	51.89.9.251 51.89.9.251	() ()
1	37.252.173.22 37.252.173.22	() ()
56	24

1 3.230.196.167 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-230-196-167.compute-1.amazonaws.com

signal3domain.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3032::6815:3eee (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.norsecorp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2606:4700:3031::ac43:a8b9 (United States)

ASN13335 (CLOUDFLARENET, US)

norsecorp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.181.226 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3036::ac43:a1d1 (United States)

ASN13335 (CLOUDFLARENET, US)

go.ezodn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 151.139.128.11 (United States)

ASN20446 (HIGHWINDS3, US)

a5d6i8s2.rocketcdn.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2261:ae00:2:cb38:840:93a1 (United States)

ASN16509 (AMAZON-02, US)

go.ezoic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:ee05:6a01:4b41:8c89 (United States)

ASN16509 (AMAZON-02, US)

edge.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2315:800:6:44e3:f8c0:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:3175:5196:e3fd:8c1d (United States) 1 redirects

ASN16509 (AMAZON-02, US)

pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

b8c62013b01464369e7170c6d03c131c.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.255.84.150 (None, )

ASN- ()

hb-api.omnitagjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.22.69.131 (None, )

ASN- ()

prebid.smilewanted.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 147.75.61.140 (None, )

ASN- ()

prebid.a-mo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.148.27.134 (None, )

ASN- ()

bid.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.165 (None, )

ASN- ()

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.184.27.79 (None, )

ASN- ()

btlr.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.89.9.251 (None, )

ASN- ()

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.252.173.22 (None, )

ASN- ()

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	norsecorp.com 1 redirects www.norsecorp.com norsecorp.com	132 KB
8	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 100 b8c62013b01464369e7170c6d03c131c.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 124	38 KB
6	doubleclick.net 1 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 184	146 KB
4	google.com adservice.google.com — Cisco Umbrella Rank: 80 www.google.com — Cisco Umbrella Rank: 13	2 KB
4	rocketcdn.me a5d6i8s2.rocketcdn.me	103 KB
3	smilewanted.com prebid.smilewanted.com	587 B
3	google.de adservice.google.de — Cisco Umbrella Rank: 8028	1 KB
3	quantserve.com 1 redirects edge.quantserve.com — Cisco Umbrella Rank: 12126 pixel.quantserve.com — Cisco Umbrella Rank: 424	11 KB
2	quantcount.com 1 redirects rules.quantcount.com — Cisco Umbrella Rank: 898	855 B
1	adnxs.com ib.adnxs.com	11 KB
1	onetag-sys.com onetag-sys.com	359 B
1	sharethrough.com btlr.sharethrough.com	111 B
1	criteo.com bidder.criteo.com	213 B
1	contextweb.com bid.contextweb.com	183 B
1	a-mo.net prebid.a-mo.net	345 B
1	omnitagjs.com hb-api.omnitagjs.com	703 B
1	ezoic.net go.ezoic.net — Cisco Umbrella Rank: 10357	2 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 47	1 KB
1	ezodn.com go.ezodn.com — Cisco Umbrella Rank: 9052	105 KB
1	signal3domain.online 1 redirects signal3domain.online	532 B
56	20

	Domain	Requested by
15	norsecorp.com	norsecorp.com
6	securepubads.g.doubleclick.net	1 redirects norsecorp.com securepubads.g.doubleclick.net
4	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com
4	a5d6i8s2.rocketcdn.me	norsecorp.com
3	prebid.smilewanted.com	go.ezodn.com
3	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com
3	adservice.google.com	securepubads.g.doubleclick.net
3	adservice.google.de	securepubads.g.doubleclick.net
2	pixel.quantserve.com	1 redirects norsecorp.com
2	rules.quantcount.com	1 redirects norsecorp.com
1	ib.adnxs.com	go.ezodn.com
1	onetag-sys.com	go.ezodn.com
1	btlr.sharethrough.com	go.ezodn.com
1	bidder.criteo.com	go.ezodn.com
1	bid.contextweb.com	go.ezodn.com
1	prebid.a-mo.net	go.ezodn.com
1	hb-api.omnitagjs.com	go.ezodn.com
1	www.google.com	tpc.googlesyndication.com
1	b8c62013b01464369e7170c6d03c131c.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	edge.quantserve.com	norsecorp.com
1	go.ezoic.net	norsecorp.com
1	fonts.googleapis.com	norsecorp.com
1	go.ezodn.com	norsecorp.com
1	www.norsecorp.com	1 redirects
1	signal3domain.online	1 redirects
56	25

This site contains links to these domains. Also see Links.

Domain
silktide.com
www.ezoic.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-31` - `2022-07-30`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
*.rocketcdn.me R3	`2022-01-03` - `2022-04-03`	3 months	crt.sh
*.ezoic.net Amazon	`2022-01-16` - `2023-02-14`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-12-27` - `2022-03-21`	3 months	crt.sh
omnitagjs.com Sectigo RSA Domain Validation Secure Server CA	`2021-05-24` - `2022-06-23`	a year	crt.sh
*.a-mo.net R3	`2021-12-20` - `2022-03-20`	3 months	crt.sh
*.contextweb.com DigiCert SHA2 Secure Server CA	`2020-05-07` - `2022-05-12`	2 years	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-12-01` - `2022-02-26`	3 months	crt.sh
*.sharethrough.com Amazon	`2021-08-13` - `2022-09-11`	a year	crt.sh
*.onetag-sys.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-01-10` - `2023-01-03`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh

This page contains 4 frames:

Primary Page: http://norsecorp.com/
Frame ID: 86A10A7A4C1B55D61D9508CF50640145
Requests: 51 HTTP requests in this frame

Frame: https://b8c62013b01464369e7170c6d03c131c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 248F6A8EC8D108854EE2F25C2941BB97
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: DB1EF8AA3106A8B6E5B7560BDB2E187F
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: A1D575FE027ABA9E05FCF97281C35F35
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

NorseCorp - NorseCorp.com

Page URL History Show full URLs

https://signal3domain.online/click?redirect=http://www.Norsecorp.com&dID=1642766188871&linkName=www.Norse... HTTP 301
http://www.norsecorp.com/ HTTP 301
http://norsecorp.com/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/
wp-embed\.min\.js\?ver=([\d.]+)

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Osano (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cookieconsent\.min\.js

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

Quantcast Measure (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.quantserve\.com/quant\.js

Page Statistics

56
Requests

64 %
HTTPS

56 %
IPv6

20
Domains

25
Subdomains

24
IPs

2
Countries

552 kB
Transfer

1570 kB
Size

20
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: http://silktide.com/cookieconsent
Title: Cookie Consent plugin for the EU cookie law

Search URL Search Domain Scan URL

URL: https://www.ezoic.com/what-is-ezoic/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://signal3domain.online/click?redirect=http://www.Norsecorp.com&dID=1642766188871&linkName=www.Norsecorp.com HTTP 301
http://www.norsecorp.com/ HTTP 301
http://norsecorp.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://securepubads.g.doubleclick.net/tag/js/gpt.js HTTP 301
https://securepubads.g.doubleclick.net/tag/js/gpt.js

Request Chain 18

http://rules.quantcount.com/rules-p-31iz6hfFutd16.js HTTP 301
https://rules.quantcount.com/rules-p-31iz6hfFutd16.js

Request Chain 21

http://pixel.quantserve.com/pixel;r=1363267399;labels=Domain.norsecorp_com%2CDomainId.312642;rf=0;a=p-31iz6hfFutd16;url=http%3A%2F%2Fnorsecorp.com%2F;uht=2;fpan=1;fpa=P0-105610269-1642779458692;pbc=;ns=0;ce=1;qjs=1;qv=92a3679b-20211110211611;cm=;gdpr=0;ref=;d=norsecorp.com;je=0;sr=1600x1200x24;dst=0;et=1642779458692;tzo=0;ogl=locale.en_US%2Ctype.website%2Ctitle.NorseCorp%2Cdescription.Best%20LapTops%20and%20Accessories%202021%2Curl.https%3A%2F%2Fnorsecorp%252Ecom%2F%2Csite_name.NorseCorp HTTP 301
https://pixel.quantserve.com/pixel;r=1363267399;labels=Domain.norsecorp_com%2CDomainId.312642;rf=0;a=p-31iz6hfFutd16;url=http%3A%2F%2Fnorsecorp.com%2F;uht=2;fpan=1;fpa=P0-105610269-1642779458692;pbc=;ns=0;ce=1;qjs=1;qv=92a3679b-20211110211611;cm=;gdpr=0;ref=;d=norsecorp.com;je=0;sr=1600x1200x24;dst=0;et=1642779458692;tzo=0;ogl=locale.en_US%2Ctype.website%2Ctitle.NorseCorp%2Cdescription.Best%20LapTops%20and%20Accessories%202021%2Curl.https%3A%2F%2Fnorsecorp%252Ecom%2F%2Csite_name.NorseCorp

56 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
norsecorp.com/
Redirect Chain

https://signal3domain.online/click?redirect=http://www.Norsecorp.com&dID=1642766188871&linkName=www.Norsecorp.com
http://www.norsecorp.com/
http://norsecorp.com/

302 KB
55 KB

454ms
272ms

Document
text/html

2606:4700:3031::ac43:a8b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://norsecorp.com/
Protocol: HTTP/1.1
Server: 2606:4700:3031::ac43:a8b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PleskLin
Resource Hash: d9f85775d451f3dc25b079ec24c1f5eda45903fe10b44daec50dce663f1fdf5e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Date: Fri, 21 Jan 2022 15:37:39 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
display: pub_site_sol
expires: Thu, 20 Jan 2022 15:37:38 GMT
last-modified: Fri, 21 Jan 2022 15:11:29 GMT
pagespeed: off
response: 200
vary: Accept-Encoding Accept-Encoding,Cookie,User-Agent,Accept
x-ez-minify-html: 5.96% 309538 / 329160
x-ezoic-cdn: Miss
x-middleton-display: pub_site_sol
x-middleton-response: 200
x-origin-cache-control: max-age=0
x-powered-by: PleskLin
x-sol: pub_site
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=916cxI6p%2BA%2BF2GjJr7OBwhuUAmClj93x1WkQToSF8CV14%2Fcg8JJ8LoLql45xPD7bOxK3PDcbUj35wYNbUWx%2BeZy2TjtJaiRdWsFhJZ5P2n2oxd9ymVC4Zpe9JJ%2FsAYgwWxzRytNNJoMSzxL%2F"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 6d11a0013c138b96-FRA
Content-Encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Redirect headers

Date: Fri, 21 Jan 2022 15:37:38 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: max-age=3600
display: staticcontent_sol
expires: Fri, 21 Jan 2022 16:37:38 GMT
location: http://norsecorp.com/
pagespeed: off
response: 301
vary: Accept-Encoding Accept,Accept-Encoding,User-Agent,Origin
x-ez-minify-html: NaN% 0 / 0
x-ezoic-cdn: Miss
x-middleton-display: staticcontent_sol
x-middleton-response: 301
x-origin-cache-control: max-age=3600
x-powered-by: PHP/8.0.14, PleskLin
x-redirect-by: WordPress
x-sol: pub_site
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hjdjucmRTg9PPleSF94PPJGEY2MVQGpC%2BJsggnExsw%2FoTvrELFJ4tYScY7dPL98RApKxwCHQQrZXuGBcbKly%2FKcQ5NmQcL5Tej5BWgVymLWwFhdmBy2PFbRfGHljk8VkOd%2FfLHyDTKR0B2kk%2BmxUiw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 6d119ffe9d8f6940-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2

200

gpt.js Show response
securepubads.g.doubleclick.net/tag/js/
Redirect Chain

http://securepubads.g.doubleclick.net/tag/js/gpt.js
https://securepubads.g.doubleclick.net/tag/js/gpt.js

79 KB
27 KB

178ms
92ms

Script
text/javascript

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: norsecorp.com
URL: http://norsecorp.com/

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

e2cf28a5cc075cb602d1fc628e07c33e1446bc58a89e32dc604bf560f4cb2698

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://norsecorp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 21 Jan 2022 15:37:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26997
x-xss-protection: 0
server: sffe
etag: "1108 / 729 of 1000 / last-modified: 1642766792"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 21 Jan 2022 15:37:39 GMT

Redirect headers

Date: Fri, 21 Jan 2022 15:16:58 GMT
X-Content-Type-Options: nosniff
Server: sffe
Age: 1241
Content-Type: text/html; charset=UTF-8
Location: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Cache-Control: public, max-age=1800
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 249
X-XSS-Protection: 0
Expires: Fri, 21 Jan 2022 15:46:58 GMT

GET
H/1.1 200
OK dall.js Show response
go.ezodn.com/hb/ 339 KB
105 KB 62ms
33ms Script
application/javascript 2606:4700:3036::ac43:a1d1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://go.ezodn.com/hb/dall.js?b=adyoulike,amx,criteo,oftmedia,onemobile,onetag,pubmatic,pulsepoint,sharethrough,smilewanted,yahoossp&cb=195-0-33
Requested by: Host: norsecorp.com
URL: http://norsecorp.com/
Protocol: HTTP/1.1
Server: 2606:4700:3036::ac43:a1d1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7aef5068f61e4747286d251a0c58705239a7ce6ec0a2e079e90259918ed0551f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://norsecorp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 21 Jan 2022 15:37:39 GMT
content-encoding: gzip
CF-Cache-Status: HIT
Last-Modified: Wed, 05 Jan 2022 09:03:14 GMT
Server: cloudflare
Age: 1406065
vary: Accept-Encoding, Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KB7uvlKuTHa%2B1OEWiFPdE3omH0vJ0GJRyGb0Ji4UwxRK89sjEmRn4GF2irDWr3N6LR01bjI8c8GpLYLTtwW5OvQXgHAZlHMGyEsWRFYYEJqf0DBfpoDbO%2BND%2FAlg9xMNYZssIIMZMoBNW10%3D"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control: public, max-age=31536000
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 6d11a00348e032bc-CDG
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 corp-logo.jpg
norsecorp.com/ezoimgfmt/a5d6i8s2.rocketcdn.me/wp-content/uploads/2021/12/ 6 KB
7 KB 57ms
33ms Image
image/webp 2606:4700:3031::ac43:a8b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://norsecorp.com/ezoimgfmt/a5d6i8s2.rocketcdn.me/wp-content/uploads/2021/12/corp-logo.jpg?ezimgfmt=ng%3Awebp%2Fngcb3%2Frs%3Adevice%2Frscb3-1
Requested by: Host: norsecorp.com
URL: http://norsecorp.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:a8b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 490590f2014802f63e54e8415e6733372c617450da2d740a76d1a12718669728

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://norsecorp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 21 Jan 2022 15:37:39 GMT
via: 1.1 7ed7afde326861e358c3c83359e99894.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 68040
x-amzn-requestid: a7f8a910-ecfc-4053-ae60-06700707f099
x-ezoic-cdn: Hit ds;mm;0d7e00850d5222f67a6e426810e2f5f0;2-312642-4;5cf3ffb7-87eb-4ce8-429a-2f5062147121
x-cache: Miss from cloudfront
x-middleton-display: staticcontent_sol
x-amzn-trace-id: Root=1-61db5825-5675626f3a10767a3012b354;Sampled=0
access-control-allow-methods: GET
x-middleton-response: 200
x-amz-apigw-id: Lsq18E60IAMFm4Q=
x-amz-cf-id: mk0ZcAbPAVtd0VUnx8xHRVg0Hm1CNPdyk4BUsYDrGISleezrVsIi3A==
response: 200
last-modified: Thu, 20 Jan 2022 20:43:39 GMT
server: cloudflare
x-origin-cache-control
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6R8QXOVGb228NPbk8%2FEHGj8UZB8FQPlMlsSM7mTaOF%2Fn8AozjjIAc01GIpDv6cQCMRTNSpb7NVCM4vyeNZHRSHP1ehQngEtepHQXk1egywmqpdWW8Xw7sKgDotKYicSexU2cQxhT2lF%2F8c7O"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: public, max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA6-C1
cf-ray: 6d11a003a8752b89-FRA
access-control-allow-headers: Content-Type, Authorization
display: staticcontent_sol

GET
H2 200 css
fonts.googleapis.com/ 20 KB
1 KB 136ms
50ms Stylesheet
text/css 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat:300,300italic,400,400italic,500,500italic,600,600italic,700,700italic,800,800italic&subset=latin,cyrillic,cyrillic-ext,greek,greek-ext,latin-ext|PT+Serif:300,300italic,400,400italic,500,500italic,700,700italic,800,800italic|Playfair+Display+SC:300,300italic,400,400italic,500,500italic,700,700italic,800,800italic|Raleway:300,300italic,400,400italic,500,500italic,700,700italic,800,800italic&display=optional

Requested by

Host: norsecorp.com
URL: http://norsecorp.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f57c348232fa255e3ac9820f1ab9c664d45b6ccc0fc0103d71a05052d27bb2b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://norsecorp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 21 Jan 2022 15:37:39 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Fri, 21 Jan 2022 15:37:39 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 21 Jan 2022 15:37:39 GMT

GET
H/1.1 200
OK banger.js Show response
norsecorp.com/porpoiseant/ 53 KB
13 KB 45ms
44ms Script
application/javascript 2606:4700:3031::ac43:a8b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://norsecorp.com/porpoiseant/banger.js?cb=195-0&bv=95&v=57&PageSpeed=off
Requested by: Host: norsecorp.com
URL: http://norsecorp.com/
Protocol: HTTP/1.1
Server: 2606:4700:3031::ac43:a8b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 54e0533688c42c8b7312dbfe753cbfe500989129f1fef0e0edfc8505d3fd22c5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://norsecorp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 21 Jan 2022 15:37:39 GMT
content-encoding: gzip
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Transfer-Encoding: chunked
x-middleton-display: sol-js
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
CF-RAY: 6d11a0038a0b8b96-FRA
Last-Modified: Fri, 21 Jan 2022 15:37:39 GMT
Server: cloudflare
vary: Accept-Encoding, Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FBkA2mH9zMXYtM0xF8x4yV3GfOJXg39DhGIhGBEp5SnaxiF69mnEV9WsuC8rE9cQe3DbnaIPV5OF41pJc2eiJ0IbNh1JxgbkJMXeJip08Fw6vvTF%2BavBBYhDWX5EpyJtUGBZNsj8X30nVEV9"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
cache-control: public, max-age=31536000
x-robots-tag: noindex

GET
H/1.1 200
OK cookieconsent.min.js Show response
norsecorp.com/ezoic/ 4 KB
3 KB 51ms
50ms Script
application/javascript 2606:4700:3031::ac43:a8b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://norsecorp.com/ezoic/cookieconsent.min.js
Requested by: Host: norsecorp.com
URL: http://norsecorp.com/
Protocol: HTTP/1.1
Server: 2606:4700:3031::ac43:a8b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 10d4b728888654e0b85c706a9310b551087d3321fb8ebfff147d07b13fa73bf0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://norsecorp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 21 Jan 2022 15:37:39 GMT
content-encoding: gzip
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 1922
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
Server: cloudflare
etag: "11a4-5c701b9c2cf40-gzip"
x-robots-tag: noindex
vary: Accept-Encoding, Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sR0hyvVgIUQF2J7lU678sQUUlH1qHr9%2F%2Bq5q8aafPKuUDOqesgcPNPjLNn5C9K4wWez0zn0jDZMguut%2BHQjIGeSkfjxwNU3ZKEh%2BJ0JXcKFjr5408YFaOTrHKzyaf42PcLwS9CMqK88jrk1s"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
cache-control: public, max-age=31536000
Accept-Ranges: bytes
CF-RAY: 6d11a00329368b96-FRA
expires: Sat, 21 Jan 2023 15:37:39 GMT

GET
H2 200 wp-embed.min.js Show response
a5d6i8s2.rocketcdn.me/wp-includes/js/ 1 KB
2 KB 81ms
18ms Script
application/javascript 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://a5d6i8s2.rocketcdn.me/wp-includes/js/wp-embed.min.js?ver=5.8.3
Requested by: Host: norsecorp.com
URL: http://norsecorp.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: cloudflare / PleskLin, RocketCDN
Resource Hash: eaaab5a6e7104dc29a8c385cede966014b966b747506f776fd579e9eedce4b43

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://norsecorp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 21 Jan 2022 15:37:39 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 86
x-powered-by: PleskLin, RocketCDN
x-ezoic-cdn: Hit ds;mm;d2dc90b6eaa897807ca5e2a8f58f9205;2-312642-4;3069952e-257d-411f-7087-261ccacc34af
x-middleton-display: staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 770
x-origin-cache-control: max-age=31536000, public
response: 200
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: cloudflare
etag: "60500a72-592-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-hw: 1642779459.cds151.am5.hn,1642779459.cds204.am5.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3q%2Fc0ba32tJX8Ziae5E9BnpTyCQ5Q2HGwF93do8UVIxCMMF4LY%2FuU4AH6Qp%2BAytNsH4Td92dmmnLYMepeOcfwBlZMFnt%2BwAiIHrkwFWY%2Bj4izgrd%2B%2FFMvPY8PC6VlqLM"}],"group":"cf-nel","max_age":604800}
x-ez-minify-js: 0.21% 1423 / 1426
accept-ranges: bytes
cf-ray: 6cbe53841a754c4a-AMS
link: <https://norsecorp.com/wp-includes/js/wp-embed.min.js>; rel="canonical"
display: staticcontent_sol

GET
H2 200 lazyload.min.js Show response
a5d6i8s2.rocketcdn.me/wp-content/plugins/wp-rocket/assets/js/lazyload/17.5/ 8 KB
3 KB 97ms
34ms Script
application/javascript 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://a5d6i8s2.rocketcdn.me/wp-content/plugins/wp-rocket/assets/js/lazyload/17.5/lazyload.min.js
Requested by: Host: norsecorp.com
URL: http://norsecorp.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: cloudflare / PleskLin, RocketCDN
Resource Hash: 8ceb3992861ed1fda25855c2e500e76842ae0d788405e50e3a9f45df36499cf6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://norsecorp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 21 Jan 2022 15:37:39 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1230871
x-powered-by: PleskLin, RocketCDN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zZ8SDxxtkokJVALKqjDzJ6Oz%2FF26OMixF6Lejr5QrTmzq8FrXFWoVxzdW6lBNjw29is80Q4TZk%2FARLMsqr9OCer2s0gBt4YGsyCYiTCRylYQ%2FsAbk2rtwKgGEeU62Kbl"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 2883
last-modified: Tue, 30 Nov 2021 13:05:41 GMT
server: cloudflare
etag: W/"61a621a5-2063"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-hw: 1642779459.cds151.am5.hn,1642779459.cds118.am5.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 6c0c136feb4bfa80-AMS
link: <https://norsecorp.com/wp-content/plugins/wp-rocket/assets/js/lazyload/17.5/lazyload.min.js>; rel="canonical"

GET
H/1.1 200
OK cmbv2.js Show response
norsecorp.com/detroitchicago/ 82 KB
25 KB 94ms
88ms Script
application/javascript 2606:4700:3031::ac43:a8b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://norsecorp.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1c-2y1d-1y1f-5y21-3y34-23y53-1&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1cx1dx1fx21x34x53
Requested by: Host: norsecorp.com
URL: http://norsecorp.com/
Protocol: HTTP/1.1
Server: 2606:4700:3031::ac43:a8b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 606b2e8df43a5d29595409574de9b68a4bc814c017d81827053f0ad0476f710b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://norsecorp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 21 Jan 2022 15:37:39 GMT
content-encoding: gzip
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Transfer-Encoding: chunked
x-middleton-display: sol-js
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
CF-RAY: 6d11a0038fd87045-FRA
Last-Modified: Fri, 21 Jan 2022 15:37:39 GMT
Server: cloudflare
vary: Accept-Encoding, Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jmfwTui5KoIV5Exq7Zt5bX7d4I%2FNAWQAGVxtH66ca4%2B97parKzZMtE0Zu4R8vMIH%2FgMZC6%2BSSsTur8NbVB9LRNuYrpIQGe2YVca4W8KbS3RRX7cA3C5eCguO3%2Fmw4VKdSMWVi5OUXi9wk1RP"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
cache-control: public, max-age=31536000
x-robots-tag: noindex

GET
H2 200 penciicon.ttf
a5d6i8s2.rocketcdn.me/wp-content/themes/soledad/fonts/ 41 KB
22 KB 78ms
19ms Font
application/font-sfnt 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://a5d6i8s2.rocketcdn.me/wp-content/themes/soledad/fonts/penciicon.ttf
Requested by: Host: norsecorp.com
URL: http://norsecorp.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: cloudflare / PleskLin, RocketCDN
Resource Hash: 14d58600f8072475498254d3d389a0522150add829da0f109178137c43286cf5

Request headers

Referer: http://norsecorp.com/
Origin: http://norsecorp.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 21 Jan 2022 15:37:39 GMT
content-encoding: gzip
cf-cache-status: MISS
nel: {"report_to":"cf-nel","max_age":604800}
x-powered-by: PleskLin, RocketCDN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=JQCezTYxIO1VtLrwRdpUURCwppt3e0HGES62jtYl%2BG%2FU95Cg2cgXm4vxpagMgGJxCqrhD1YiswLZ6bt2V%2BXmFCX0Wq4G1fERnHdqNrKWNut%2F4dHeTJxiu03qvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 21340
last-modified: Thu, 08 Jul 2021 19:02:05 GMT
server: cloudflare
etag: W/"60e74bad-a374"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-hw: 1642779459.cds121.am5.hn,1642779459.cds130.am5.c
content-type: application/font-sfnt
access-control-allow-origin: *
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 66bb9c10ce51008f-AMS
link: <https://norsecorp.com/wp-content/themes/soledad/fonts/penciicon.ttf>; rel="canonical"

GET
H2 200 fontawesome-webfont.woff2
a5d6i8s2.rocketcdn.me/wp-content/themes/soledad/fonts/ 75 KB
76 KB 87ms
28ms Font
font/woff2 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://a5d6i8s2.rocketcdn.me/wp-content/themes/soledad/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: norsecorp.com
URL: http://norsecorp.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: cloudflare / PleskLin, RocketCDN
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Referer: http://norsecorp.com/
Origin: http://norsecorp.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 21 Jan 2022 15:37:39 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 119638
x-powered-by: PleskLin, RocketCDN
x-ezoic-cdn: Hit ds;mm;25fcd00c65e47020021683b87d586a5e;2-312642-0;a324a300-c317-474a-6c9b-2bfb0d2a15d8
x-middleton-display: staticcontent_sol, staticcontent_sol
x-middleton-response: 200
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 77160
x-origin-cache-control: max-age=10368000
response: 200
last-modified: Mon, 06 Dec 2021 15:49:35 GMT
server: cloudflare
etag: W/"61ae310f-12d68-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-hw: 1642779459.cds121.am5.hn,1642779459.cds016.am5.c
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=10368000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HF9qlfL6rOu6Sh9G2O%2BvOtKRWSWq8o1AZ0dKMlgv2f91nVUqnVFEtHIos8mnFAJJ0r1HqnWcWY07WFq3RIkI0OW6q1BlNazUHPAkM%2Fyadrr4O2S1YTa4%2BKbSSW17a9nz"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 6bd2b89f8a0041b6-AMS
link: <https://norsecorp.com/wp-content/themes/soledad/fonts/fontawesome-webfont.woff2>; rel="canonical"
display: staticcontent_sol, staticcontent_sol

GET
H2 200 ezoic.png
go.ezoic.net/utilcave_com/img/ 1 KB
2 KB 88ms
18ms Image
image/png 2600:9000:2261:ae00:2:cb38:840:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://go.ezoic.net/utilcave_com/img/ezoic.png
Requested by: Host: norsecorp.com
URL: http://norsecorp.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2261:ae00:2:cb38:840:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e1a156c3daa4ae0c41f21ef266131ca5a34d56695e3d860b232da142ef031234

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://norsecorp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Mon, 17 Jan 2022 07:27:28 GMT
via: 1.1 29a3bbd8332d2baa21b0652a77f11198.cloudfront.net (CloudFront)
x-sol: middleton
age: 375011
x-cache: Hit from cloudfront
x-middleton-display: staticcontent_sol
content-length: 1181
x-amz-cf-id: EzIvWicFAsUFIMV6gMBkcPvITtyM8Y3GjVNxiHEbA6kVKhtUOejxVg==
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
server: nginx
etag: "49d-5bd497273b080-gzip-gzip"
vary: Accept-Encoding,Accept-Encoding
content-type: image/png
cache-control: max-age=604800
x-amz-cf-pop: TXL50-P4
display: staticcontent_sol
expires: Mon, 24 Jan 2022 07:27:28 GMT

GET
H/1.1 200
OK houston.js Show response
norsecorp.com/detroitchicago/ 4 KB
2 KB 35ms
35ms Script
application/javascript 2606:4700:3031::ac43:a8b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://norsecorp.com/detroitchicago/houston.js?gcb=0&cb=16
Requested by: Host: norsecorp.com
URL: http://norsecorp.com/
Protocol: HTTP/1.1
Server: 2606:4700:3031::ac43:a8b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a89057208861e739c4ea6ea2e1126afd5b41c89f22548e5afeb74b7c71614777

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://norsecorp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 21 Jan 2022 15:37:39 GMT
content-encoding: gzip
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 6d11a003dad78b96-FRA
x-middleton-display: sol-js
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 1459
Last-Modified: Fri, 21 Jan 2022 15:37:39 GMT
Server: cloudflare
vary: Accept-Encoding, Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FIwERrBeHPshXdAbuB144b91GxKHL1wP0RD7prAqpXIyKv0TIacVeNI%2B4SGTuNqOonroXI9SIyo1EJJeqGpdWAz8pxJtTwdzH8UnijsH6dcRgrmclo%2Bh8X7u0hpxqZgbuUyFOhV6K64PPP9D"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
cache-control: public, max-age=31536000
Accept-Ranges: bytes
x-robots-tag: noindex

GET
H/1.1 200
OK nmash.js
norsecorp.com/porpoiseant/ 24 KB
7 KB 78ms
71ms Other
application/javascript 2606:4700:3031::ac43:a8b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://norsecorp.com/porpoiseant/nmash.js?v=95
Requested by: Host: norsecorp.com
URL: http://norsecorp.com/
Protocol: HTTP/1.1
Server: 2606:4700:3031::ac43:a8b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ffb648200f12e9e83c7a7d94892271c74f23b39d6f77b9df5e21c96166a41ecb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://norsecorp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 21 Jan 2022 15:37:39 GMT
content-encoding: gzip
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Transfer-Encoding: chunked
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
CF-RAY: 6d11a0040b5c4a5b-FRA
last-modified: Fri, 21 Jan 2022 04:14:22 GMT
Server: cloudflare
etag: "6003-5d60fda88f4fd;5d60fda88f4fd-gzip"
vary: Accept-Encoding, Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CBUwOHpJ2dsiE38jjQcD6KfYgrIER4l6lDR%2BnZfIRXRxKOnBAnhTZB75qzTmDCypg%2BnqpQ3RoSMLurfXRnKdCSHo%2Bj01s0nsn%2Fw%2FVXp0rHOTC9Uuq1fVu5HF94lv8xcDiZxFOdByMisUt%2BGl"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
cache-control: public, max-age=31536000
x-robots-tag: noindex

GET
H/1.1 200
OK imp.gif Show response
norsecorp.com/detroitchicago/ 43 B
869 B 44ms
44ms XHR
image/gif 2606:4700:3031::ac43:a8b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://norsecorp.com/detroitchicago/imp.gif?e=%7B%22ad_cache_level%22%3A1%2C%22ad_count_adjustment%22%3A3%2C%22ad_lazyload_version%22%3A-1%2C%22ad_load_version%22%3A1%2C%22ad_location_ids%22%3A%220%2C34%2C4%22%2C%22ad_transform_level%22%3A0%2C%22adx_ad_count%22%3A3%2C%22bidder_method%22%3A0%2C%22bidder_version%22%3A3%2C%22city%22%3A%22Frankfurt%20am%20Main%22%2C%22country%22%3A%22DE%22%2C%22days_since_last_visit%22%3A-1%2C%22display_ad_count%22%3A3%2C%22domain_id%22%3A312642%2C%22ds_adsize_opt_id%22%3A-1%2C%22engaged_time_visit%22%3A0%2C%22ezcache_level%22%3A1%2C%22ezcache_skip_code%22%3A7%2C%22form_factor_id%22%3A1%2C%22framework_id%22%3A1%2C%22has_bad_image%22%3A0%2C%22has_bad_words%22%3A0%2C%22iab_category%22%3A%22%22%2C%22is_from_recommended_pages%22%3Afalse%2C%22is_return_visitor%22%3Afalse%2C%22is_sitespeed%22%3A1%2C%22last_page_load%22%3A%22%22%2C%22last_pageview_id%22%3A%22%22%2C%22lt_cache_level%22%3A0%2C%22max_ads%22%3A7%2C%22metro_code%22%3A0%2C%22optimization_version%22%3A0%2C%22page_ad_positions%22%3A%221173%2C1174%2C1175%22%2C%22page_view_count%22%3A0%2C%22page_view_id%22%3A%22fca7c997-c464-4974-5b00-3be8f84a4691%22%2C%22position_selection_id%22%3A39%2C%22postal_code%22%3A%2260326%22%2C%22pv_event_count%22%3A0%2C%22response_size_orig%22%3A268433%2C%22response_time_orig%22%3A24%2C%22serverid%22%3A%2218.157.73.30%3A27838%22%2C%22state%22%3A%22HE%22%2C%22sub_page_ad_positions%22%3A%221173%2C1174%2C1175%22%2C%22t_epoch%22%3A1642779458%2C%22template_id%22%3A134%2C%22time_on_site_visit%22%3A0%2C%22url%22%3A%22http%3A%2F%2Fnorsecorp.com%2F%22%2C%22user_id%22%3A0%2C%22word_count%22%3A865%2C%22worst_bad_word_level%22%3A0%7D
Requested by: Host: norsecorp.com
URL: http://norsecorp.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1c-2y1d-1y1f-5y21-3y34-23y53-1&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1cx1dx1fx21x34x53
Protocol: HTTP/1.1
Server: 2606:4700:3031::ac43:a8b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://norsecorp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 21 Jan 2022 15:37:39 GMT
CF-Cache-Status: BYPASS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jtHPaPaMSYublU9Xey4YwTIeZx1WrPvKcfcZCYy%2BX%2FZZ3Uz11VbpWsmjV7RjeGcD7Mi67bX7eVMm7hh89%2BqwuZfQSGO0X4wtd%2BrlxdUd6j7gq9QLYXuUPIzbZT%2Fu6OzrENAgbPIeUgmoVJd8"}],"group":"cf-nel","max_age":604800}
Content-Type: image/gif
x-middleton-display: imp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 6d11a00429867045-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 43
expires: Thu, 20 Jan 2022 15:37:42 GMT

GET
H/1.1 200
OK quant.js Show response
edge.quantserve.com/ 24 KB
10 KB 72ms
8ms Script
application/javascript 2620:116:800d:21:ee05:6a01:4b41:8c89
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://edge.quantserve.com/quant.js
Requested by: Host: norsecorp.com
URL: http://norsecorp.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1c-2y1d-1y1f-5y21-3y34-23y53-1&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1cx1dx1fx21x34x53
Protocol: HTTP/1.1
Server: 2620:116:800d:21:ee05:6a01:4b41:8c89 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 487fce51fd801415c362f3f9f2df43c445a4b9ba38f9b6d49dfc898dc85ede94

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://norsecorp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 21 Jan 2022 15:37:39 GMT
Content-Encoding: gzip
Etag: "FMCWFRCBdbNj8Eh2c0G78Q=="
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: private, max-age=604800
Transfer-Encoding: chunked
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
Accept-Ranges: bytes
Expires: Fri, 28 Jan 2022 15:37:39 GMT

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c90cff659645a312a28804965f3dbc34061338f7234ff5d6ddb2c57e9eadec15

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://norsecorp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/webp

GET
H/1.1 200
OK cmbdv2.js Show response
norsecorp.com/detroitchicago/ 46 KB
12 KB 42ms
42ms Script
application/javascript 2606:4700:3031::ac43:a8b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://norsecorp.com/detroitchicago/cmbdv2.js?gcb=195-0&cb=03-5y0c-5y18-4y35-23&cmbcb=20&sj=x03x0cx18x35
Requested by: Host: norsecorp.com
URL: http://norsecorp.com/
Protocol: HTTP/1.1
Server: 2606:4700:3031::ac43:a8b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: adce05c7ea64af30a2b0636f3f18aa3d88a5d168222bc52a9419f6e6b1b710ac

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://norsecorp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 21 Jan 2022 15:37:39 GMT
content-encoding: gzip
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Transfer-Encoding: chunked
x-middleton-display: sol-js
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
CF-RAY: 6d11a0043bca8b96-FRA
Last-Modified: Fri, 21 Jan 2022 15:37:39 GMT
Server: cloudflare
vary: Accept-Encoding, Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NisqAgzZXW69wDDERrufl%2FJX0%2FtLfYK9GeN41ZazLlJfFN1gd7osToTaLwGz4o8OR6W8nQAg8bh4n%2FhLIVa090UHgNCwxW5l1OdPtEd8xb9nKJDP3hICzapMRmL1w2tCfriNJ8S9z2dxbFU%2B"}],"group":"cf-nel","max_age":604800}
Content-Type: application/javascript
cache-control: public, max-age=31536000
x-robots-tag: noindex

GET
H2

200

rules-p-31iz6hfFutd16.js Show response
rules.quantcount.com/
Redirect Chain

http://rules.quantcount.com/rules-p-31iz6hfFutd16.js
https://rules.quantcount.com/rules-p-31iz6hfFutd16.js

3 B
428 B

31ms
9ms

Script
application/javascript

2600:9000:2315:800:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-31iz6hfFutd16.js
Requested by: Host: norsecorp.com
URL: http://norsecorp.com/
Protocol: H2
Server: 2600:9000:2315:800:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://norsecorp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 20 Jan 2022 23:30:18 GMT
via: 1.1 b17dca9c320b96e12b996848d121ffe4.cloudfront.net (CloudFront)
age: 58042
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 3
last-modified: Sat, 04 Mar 2017 19:50:24 GMT
server: AmazonS3
etag: "8a80554c91d9fca8acb82f023de02f11"
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
x-amz-cf-id: VFf-7-ct1Lyv8KCCoJn967TpMxr4oRtHLlg-hdWbAg4hwHOcczW2QA==

Redirect headers

Date: Fri, 21 Jan 2022 15:37:39 GMT
Via: 1.1 0247123ccdc6a2a86167d7f4de30885a.cloudfront.net (CloudFront)
Server: CloudFront
X-Amz-Cf-Pop: DUS51-P2
X-Cache: Redirect from cloudfront
Content-Type: text/html
Location: https://rules.quantcount.com/rules-p-31iz6hfFutd16.js
Connection: keep-alive
Content-Length: 183
X-Amz-Cf-Id: UD1ZviTOllpyTO_QOaEsp20tcnUWKqJHmvIMR4__eBOUMdRuWWxHLA==

GET
H2 200 pubads_impl_2022011002.js Show response
securepubads.g.doubleclick.net/gpt/ 352 KB
118 KB 41ms
40ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Requested by

Host: securepubads.g.doubleclick.net
URL: http://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

sffe /

Resource Hash

e87e542e34fc3af7847f53ae5c258f82ff2d8739646ed8d249c9a54ede9f7128

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://norsecorp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 21 Jan 2022 15:30:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 407
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 121009
x-xss-protection: 0
last-modified: Mon, 10 Jan 2022 21:10:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 21 Jan 2023 15:30:52 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 91 B
107 B 92ms
47ms XHR
application/json 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=norsecorp.com

Requested by

Host: securepubads.g.doubleclick.net
URL: http://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

31a1a29646c7d478a506abe5bf890093f59268b3630b3cee30e76bc06d92f644

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://norsecorp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 21 Jan 2022 15:37:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 82
x-xss-protection: 0
expires: Fri, 21 Jan 2022 15:37:39 GMT

GET
H2

200

pixel;r=1363267399;labels=Domain.norsecorp_com%2CDomainId.312642;rf=0;a=p-31iz6hfFutd16;url=http%3A%2F%2Fnorsecorp.com%2F;uht=2;fpan=1;fpa=P0-105610269-1642779458692;pbc=;ns=0;ce=1;qjs=1;qv=92a3679...
pixel.quantserve.com/
Redirect Chain

http://pixel.quantserve.com/pixel;r=1363267399;labels=Domain.norsecorp_com%2CDomainId.312642;rf=0;a=p-31iz6hfFutd16;url=http%3A%2F%2Fnorsecorp.com%2F;uht=2;fpan=1;fpa=P0-105610269-1642779458692;pbc...
https://pixel.quantserve.com/pixel;r=1363267399;labels=Domain.norsecorp_com%2CDomainId.312642;rf=0;a=p-31iz6hfFutd16;url=http%3A%2F%2Fnorsecorp.com%2F;uht=2;fpan=1;fpa=P0-105610269-1642779458692;pb...

35 B
373 B

30ms
12ms

Image
image/gif

2620:116:800d:21:3175:5196:e3fd:8c1d
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=1363267399;labels=Domain.norsecorp_com%2CDomainId.312642;rf=0;a=p-31iz6hfFutd16;url=http%3A%2F%2Fnorsecorp.com%2F;uht=2;fpan=1;fpa=P0-105610269-1642779458692;pbc=;ns=0;ce=1;qjs=1;qv=92a3679b-20211110211611;cm=;gdpr=0;ref=;d=norsecorp.com;je=0;sr=1600x1200x24;dst=0;et=1642779458692;tzo=0;ogl=locale.en_US%2Ctype.website%2Ctitle.NorseCorp%2Cdescription.Best%20LapTops%20and%20Accessories%202021%2Curl.https%3A%2F%2Fnorsecorp%252Ecom%2F%2Csite_name.NorseCorp

Requested by

Host: norsecorp.com
URL: http://norsecorp.com/

Protocol

Server

2620:116:800d:21:3175:5196:e3fd:8c1d , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://norsecorp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 21 Jan 2022 15:37:39 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

Redirect headers

Location: https://pixel.quantserve.com/pixel;r=1363267399;labels=Domain.norsecorp_com%2CDomainId.312642;rf=0;a=p-31iz6hfFutd16;url=http%3A%2F%2Fnorsecorp.com%2F;uht=2;fpan=1;fpa=P0-105610269-1642779458692;pbc=;ns=0;ce=1;qjs=1;qv=92a3679b-20211110211611;cm=;gdpr=0;ref=;d=norsecorp.com;je=0;sr=1600x1200x24;dst=0;et=1642779458692;tzo=0;ogl=locale.en_US%2Ctype.website%2Ctitle.NorseCorp%2Cdescription.Best%20LapTops%20and%20Accessories%202021%2Curl.https%3A%2F%2Fnorsecorp%252Ecom%2F%2Csite_name.NorseCorp
Date: Fri, 21 Jan 2022 15:37:39 GMT
Cache-Control: private, no-transform, max-age=86400
Connection: keep-alive
Content-Length: 0
Expires: Sat, 22 Jan 2022 15:37:39 GMT

GET
H/1.1 200
OK dark-bottom.css
norsecorp.com/ezoic/styles/ 3 KB
2 KB 28ms
28ms Stylesheet
text/css 2606:4700:3031::ac43:a8b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://norsecorp.com/ezoic/styles/dark-bottom.css
Requested by: Host: norsecorp.com
URL: http://norsecorp.com/ezoic/cookieconsent.min.js
Protocol: HTTP/1.1
Server: 2606:4700:3031::ac43:a8b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 94edf973e9deb80b5eccf17f8f3108eafe15209fe25fe417e8f8962a4d8f48b3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://norsecorp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 21 Jan 2022 15:37:39 GMT
content-encoding: gzip
CF-Cache-Status: MISS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 6d11a005ef5d4a5b-FRA
Connection: keep-alive
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 841
last-modified: Tue, 13 Jul 2021 14:05:09 GMT
Server: cloudflare
etag: "bd7-5c701b9c2cf40-gzip"
vary: Accept-Encoding, Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cUfo7IfKy%2F7BoDer%2BBYdbqhXBYPC3cdNtFq7uLIMba1CYKbDHaXDpD27vvcPdr1qGin3ldg%2FyQW1%2B8Rq7JDZXizjpnSzawGRcFHBnV%2FTeMDcjKqB7szsPZHHlGlodPIqaccxXhwVhWkTSiVl"}],"group":"cf-nel","max_age":604800}
Content-Type: text/css
cache-control: public, max-age=31536000
Accept-Ranges: bytes
x-robots-tag: noindex

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 162ms
50ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=norsecorp.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://norsecorp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 21 Jan 2022 15:37:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 138ms
48ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=norsecorp.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://norsecorp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 21 Jan 2022 15:37:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 454 B
272 B 471ms
471ms XHR
text/plain 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=287171963738214&correlator=1039727267911666&output=ldjh&impl=fifs&eid=31063820%2C31063823&vrg=2022011002&ptt=17&sc=0&sfv=1-0-38&ecs=20220121&iu_parts=1254144%3A22606262140%2Cnorsecorp_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280&prev_scp=a%3D%257C3%257C%26iid1%3D5872395982827638%26eid%3D5872395982827638%26t%3D134%26d%3D312642%26t1%3D134%26pvc%3D0%26ap%3D1174%26sap%3D1174%26as%3Drevenue%26plat%3D1%26bra%3Dmod12-c%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dnorsecorp_com-box-1-5872395982827638%26eb_br%3Df1e225445ec024e41bfd8ce2ba4aa91b%26eba%3D1%26ebss%3D10061%26bv%3D13%26bvm%3D0%26bvr%3D3%26shp%3D3%26acptad%3D1%26br1%3D10000%26br2%3D10000%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D63%2C14%2C28%2C4%2C51%2C0%2C88%2C0%2C71%2C30%2C0%2C31%2C901%2C902%2C903%26deal1%3D27%2C28%2C29%2C30%2C760%2C761%2C813%2C815%2C816%2C817%2C818%2C819%2C899%2C917%2C918%2C919%2C1794&eri=1&cookie_enabled=1&bc=23&abxe=1&dt=1642779458996&lmt=1642777889&dlt=1642779458329&idt=454&frm=20&biw=1600&bih=1200&oid=2&adxs=1047&adys=363&adks=548144645&ucis=1&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fnorsecorp.com%2F&vis=1&scr_x=0&scr_y=0&psz=340x294&msz=336x280&ga_vid=1998640265.1642779459&ga_sid=1642779459&ga_hid=1124825451&ga_fc=false&fws=4&ohw=1600&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

4d553d2a35cfc9479ffc7eacf11d53dc97a7f6190fecfff0dcd28acca93381f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://norsecorp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 21 Jan 2022 15:37:40 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 242
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://norsecorp.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 12 KB
9 KB 143ms
53ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022011002&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f3752e2040543ce4035d2efa29ee803501dc94588238a6fbcfc38e34b16e4701

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://norsecorp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 21 Jan 2022 15:37:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9230
x-xss-protection: 0

GET
H2 200 container.html Show response
b8c62013b01464369e7170c6d03c131c.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 248F 6 KB
4 KB 231ms
72ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://b8c62013b01464369e7170c6d03c131c.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://norsecorp.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Fri, 21 Jan 2022 15:37:39 GMT
expires: Sat, 21 Jan 2023 15:37:39 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 179ms
87ms Script
text/javascript 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://norsecorp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 21 Jan 2022 15:37:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 21 Jan 2022 15:37:39 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame DB1E 13 KB
5 KB 82ms
37ms Document
text/html 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://norsecorp.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 21 Jan 2022 15:22:31 GMT
expires: Sat, 21 Jan 2023 15:22:31 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 909
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame A1D5 783 B
1 KB 136ms
49ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

634516e8f5e275d5b6cd54fa11cc086ac80a85a040a812c44ebca0abf2899fc9

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-7gH4vfi7U0HSJ4TsScMRHg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://norsecorp.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Fri, 21 Jan 2022 15:37:40 GMT
date: Fri, 21 Jan 2022 15:37:40 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-7gH4vfi7U0HSJ4TsScMRHg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 VYSAmqkCqqI2p1vG7N0EZhME2mSBj47Ds8I6nIhDmP4.js Show response
pagead2.googlesyndication.com/bg/ Frame DB1E 35 KB
13 KB 86ms
40ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/VYSAmqkCqqI2p1vG7N0EZhME2mSBj47Ds8I6nIhDmP4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5584809aa902aaa236a75bc6ecdd04661304da64818f8ec3b3c23a9c884398fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 21 Jan 2022 15:30:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 406
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13526
x-xss-protection: 0
last-modified: Wed, 12 Jan 2022 16:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 21 Jan 2023 15:30:54 GMT

GET
H/1.1 200
OK greenoaks.gif Show response
norsecorp.com/detroitchicago/ 0
812 B 44ms
43ms XHR
text/plain 2606:4700:3031::ac43:a8b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://norsecorp.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJmY2E3Yzk5Ny1jNDY0LTQ5NzQtNWIwMC0zYmU4Zjg0YTQ2OTEiLCJkb21haW5faWQiOiIzMTI2NDIiLCJ0X2Vwb2NoIjoxNjQyNzc5NDU4LCJkYXRhIjpbeyJuYW1lIjoiZGV2aWNlX3dpZHRoIiwidmFsIjoiMTYwMCJ9LHsibmFtZSI6ImRldmljZV9oZWlnaHQiLCJ2YWwiOiIxMjAwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiZmNhN2M5OTctYzQ2NC00OTc0LTViMDAtM2JlOGY4NGE0NjkxIiwiZG9tYWluX2lkIjoiMzEyNjQyIiwidF9lcG9jaCI6MTY0Mjc3OTQ1OCwiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjItMDEtMjEifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiIxNSJ9LHsibmFtZSI6InRfbG9jYWxfZGF5X29mX3dlZWsiLCJ2YWwiOiI1In0seyJuYW1lIjoidF9sb2NhbF90aW1lem9uZSIsInZhbCI6IjAifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJmY2E3Yzk5Ny1jNDY0LTQ5NzQtNWIwMC0zYmU4Zjg0YTQ2OTEiLCJkb21haW5faWQiOiIzMTI2NDIiLCJ0X2Vwb2NoIjoxNjQyNzc5NDU4LCJkYXRhIjpbeyJuYW1lIjoibGFuZ3VhZ2VfdGFnIiwidmFsIjoiZW4tVVMifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJmY2E3Yzk5Ny1jNDY0LTQ5NzQtNWIwMC0zYmU4Zjg0YTQ2OTEiLCJkb21haW5faWQiOiIzMTI2NDIiLCJ0X2Vwb2NoIjoxNjQyNzc5NDU4LCJkYXRhIjpbeyJuYW1lIjoibGFuZ3VhZ2VfcHJpbWFyeV9zdWJ0YWciLCJ2YWwiOiJlbiJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6ImZjYTdjOTk3LWM0NjQtNDk3NC01YjAwLTNiZThmODRhNDY5MSIsImRvbWFpbl9pZCI6IjMxMjY0MiIsInRfZXBvY2giOjE2NDI3Nzk0NTgsImRhdGEiOlt7Im5hbWUiOiJuYXZpZ2F0aW9uX3R5cGUiLCJ2YWwiOiIwIn0seyJuYW1lIjoicmVkaXJlY3RfY291bnQiLCJ2YWwiOiIwIn1dfV0=
Requested by: Host: norsecorp.com
URL: http://norsecorp.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1c-2y1d-1y1f-5y21-3y34-23y53-1&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1cx1dx1fx21x34x53
Protocol: HTTP/1.1
Server: 2606:4700:3031::ac43:a8b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://norsecorp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 21 Jan 2022 15:37:40 GMT
CF-Cache-Status: BYPASS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
vary: Accept-Encoding, Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BzVx9DqyhszRU16z6844DxXyEFtr4lI1aDQlBsBLiZgnUq1D3odlM9N6fyxgI%2FgJrwLtO5rbmX5K0c5ZgZ2oVah12nQNq9A%2BVe6Fqyb95Pd2hubdTLBDsjqBQ0UsASKoxFgZaXk63kPrb2Fo"}],"group":"cf-nel","max_age":604800}
Content-Type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 6d11a00a28d34a5b-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 0
expires: Thu, 20 Jan 2022 15:37:39 GMT

GET
H/1.1 200
OK greenoaks.gif Show response
norsecorp.com/detroitchicago/ 0
818 B 51ms
50ms XHR
text/plain 2606:4700:3031::ac43:a8b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://norsecorp.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJmY2E3Yzk5Ny1jNDY0LTQ5NzQtNWIwMC0zYmU4Zjg0YTQ2OTEiLCJkb21haW5faWQiOiIzMTI2NDIiLCJ0X2Vwb2NoIjoxNjQyNzc5NDU4LCJkYXRhIjpbeyJuYW1lIjoicGVyZl9pc190cmFja2VkIiwidmFsIjoiMSJ9LHsibmFtZSI6InBlcmZfbmF2X3RvX2Nvbm5lY3QiLCJ2YWwiOiI4NTcifSx7Im5hbWUiOiJwZXJmX2Nvbm5lY3RfdG9fcmVzcF9zdGFydCIsInZhbCI6IjExMjkifSx7Im5hbWUiOiJwZXJmX3Jlc3BfdGltZSIsInZhbCI6IjEyIn0seyJuYW1lIjoicGVyZl9pbnRlcmFjdGl2ZSIsInZhbCI6IjEzOSJ9LHsibmFtZSI6InBlcmZfY29udGVudGxvYWRlZCIsInZhbCI6IjE2NSJ9LHsibmFtZSI6InBlcmZfY29tcGxldGUiLCJ2YWwiOiI0NTgifV19LHsidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJmY2E3Yzk5Ny1jNDY0LTQ5NzQtNWIwMC0zYmU4Zjg0YTQ2OTEiLCJkb21haW5faWQiOiIzMTI2NDIiLCJ0X2Vwb2NoIjoxNjQyNzc5NDU4LCJkYXRhIjpbeyJuYW1lIjoiZmlyc3RfcGFpbnQiLCJ2YWwiOiIxMjUzIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiZmNhN2M5OTctYzQ2NC00OTc0LTViMDAtM2JlOGY4NGE0NjkxIiwiZG9tYWluX2lkIjoiMzEyNjQyIiwidF9lcG9jaCI6MTY0Mjc3OTQ1OCwiZGF0YSI6W3sibmFtZSI6ImZpcnN0X2NvbnRlbnRmdWxfcGFpbnQiLCJ2YWwiOiIxMjUzIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiZmNhN2M5OTctYzQ2NC00OTc0LTViMDAtM2JlOGY4NGE0NjkxIiwiZG9tYWluX2lkIjoiMzEyNjQyIiwidF9lcG9jaCI6MTY0Mjc3OTQ1OCwiZGF0YSI6W3sibmFtZSI6ImNvbm5lY3Rpb25fZWZmZWN0aXZlX3R5cGUiLCJ2YWwiOiI0ZyJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6ImZjYTdjOTk3LWM0NjQtNDk3NC01YjAwLTNiZThmODRhNDY5MSIsImRvbWFpbl9pZCI6IjMxMjY0MiIsInRfZXBvY2giOjE2NDI3Nzk0NTgsImRhdGEiOlt7Im5hbWUiOiJjb25uZWN0aW9uX2Rvd25saW5rIiwidmFsIjoiOS45In1dfV0=
Requested by: Host: norsecorp.com
URL: http://norsecorp.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1c-2y1d-1y1f-5y21-3y34-23y53-1&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1cx1dx1fx21x34x53
Protocol: HTTP/1.1
Server: 2606:4700:3031::ac43:a8b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://norsecorp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 21 Jan 2022 15:37:40 GMT
CF-Cache-Status: BYPASS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
vary: Accept-Encoding, Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4J216yOCwWULaH2781NKcR3sOpDR1EAMEEB5FNiq6Bt3%2FjQEyjfowUYjZiOnBX13xZx7uNmTm9RpidHmVS%2BBaAlPPS0uFkmdDHm3EAoPMDsIDmJInIeiSe5l%2FP%2FiXQkFSkC45SJYHYMJG3%2B7"}],"group":"cf-nel","max_age":604800}
Content-Type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 6d11a00a3a098b96-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 0
expires: Thu, 20 Jan 2022 15:37:39 GMT

GET
H/1.1 200
OK greenoaks.gif Show response
norsecorp.com/detroitchicago/ 0
818 B 38ms
37ms XHR
text/plain 2606:4700:3031::ac43:a8b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://norsecorp.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiJmY2E3Yzk5Ny1jNDY0LTQ5NzQtNWIwMC0zYmU4Zjg0YTQ2OTEiLCJkb21haW5faWQiOiIzMTI2NDIiLCJ0X2Vwb2NoIjoxNjQyNzc5NDU4LCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9ydHQiLCJ2YWwiOiIwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiZmNhN2M5OTctYzQ2NC00OTc0LTViMDAtM2JlOGY4NGE0NjkxIiwiZG9tYWluX2lkIjoiMzEyNjQyIiwidF9lcG9jaCI6MTY0Mjc3OTQ1OCwiZGF0YSI6W3sibmFtZSI6InRpbWVyX2ZpcnN0X2FkX3JlcXVlc3QiLCJ2YWwiOiIxMTMxIn1dfV0=
Requested by: Host: norsecorp.com
URL: http://norsecorp.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1c-2y1d-1y1f-5y21-3y34-23y53-1&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1cx1dx1fx21x34x53
Protocol: HTTP/1.1
Server: 2606:4700:3031::ac43:a8b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://norsecorp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 21 Jan 2022 15:37:40 GMT
CF-Cache-Status: BYPASS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
vary: Accept-Encoding, Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Cr2P5yxEjKsM08aWVO%2Byn%2FHoQSLURxolxI8O53r2ZoqTzklsBp1SLsLMrF1VOBV%2BXxMB6nncIrnY2kq6T9%2B51HG7lUmYgw8X%2FQqvgUPSygHUtdMVecTYvGFQxdiF0mTobOr1ZcsmUanaa8nv"}],"group":"cf-nel","max_age":604800}
Content-Type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 6d11a00a28f77045-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 0
expires: Thu, 20 Jan 2022 15:37:41 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame A1D5 0
0 88ms
88ms Image
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022011002&jk=287171963738214&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame DB1E 0
9 B 36ms
36ms Image
text/plain 2a00:1450:4001:831::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?PK5D9w
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 21 Jan 2022 15:37:40 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 75ms
75ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022011002&jk=287171963738214&bg=!XV6lXhrNAAZ_DxPPfw87ACkAdvg8WqRSdhyrw1gO0hs8ke2Yenkq1vcfVyz8PBNd_ErEszk82JZteQIAAACBUgAAAAJoAQeZArzZj9egIGlL6rwGr_h7YRTcqNvBdeTjhMJHwUJ9Zs85lwaKPUJ-m23YxhOrieL7nYxZcDYHRYdPDCaN13xcjbRM3AwPZQSHO5DGDxLNHC7oLXaK3CSsrvE7XFBfWhbAJDkIttcK0inQ9fOD8bd0DmVPApb2ZzmMuult_AlpejNS6fQZ_CUEOC-vYoJxYD1WVia2Vg-xribahnycwRHhnTVZy6Lsnl6RC4VzniTlHeH9Cqc3xvdQb9URkQvVBXN8KkqJG4rse3yYmEAYTQcSaw0ND0p87FvclgHDjjnd9whvxu_rUHkNQPfp7l59vAjyR8Ju3O_ObT2IuItJpjRraS46NeyfP2DTeWvLO8mTZhhW2UQ9QweMCXM2NLijdZ_lYxboINRuUlNPFJAEfcDNUKsk43sOHPFanO08Tcjx6P4MRHQTrctyoOEnfnHlzQ4_GQ5twOlEpCkdgLffsCj41uRmMRsAWXrCfbQ00tr12gU-29Q4Qrq3nEsuZ63Pyv5cBHhPWv4YdqLDQQ4UfMUJzRXfpziQ2vgjUDdR7WWdW0JptQE4SnnCfPLJC_8_p_oyE9rDrhcZk1PDdPIJUZ4WU7sO9vl2OnLSosU8nnQX_naLjvYGy80mozjzlzmV_uaa0Awhc2NeBgdtGW4Q-Jd9M7bqhhw6iraf09Tcx1JPw2Rf8KksF_9p2MMSptbJVWx7s-XxmUwJ_kvgbHtMYs-eCq-fI4ol4ujX_t9aClX7MoxbT5bOQ8nrWNBtfABWleIA5Uw-EyWm9BEArG-74oYYaPj76LH8-6txZaSV0UKRCA51r5s_hrJahrWPDFCxpigFDSp0claDjkTodD8wkhUjDB9v33Phzsqym5b27jhMJCcrI_61hPseR0jH1zIhFsTim3KmzRpQP8TCpROCifPqMjXQ5Ha1D8dLSl4m00G6

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://norsecorp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 21 Jan 2022 15:37:40 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 95ms
49ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=norsecorp.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://norsecorp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 21 Jan 2022 15:37:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 97ms
50ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=norsecorp.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://norsecorp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 21 Jan 2022 15:37:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 443 B
263 B 627ms
626ms XHR
text/plain 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=287171963738214&correlator=3958982098483449&output=ldjh&impl=fifs&eid=31063820%2C31063823&vrg=2022011002&ptt=17&sc=0&sfv=1-0-38&ecs=20220121&iu_parts=1254144%3A22606262140%2Cnorsecorp_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280&ris=3&rcs=1&prev_scp=a%3D%257C3%257C%26iid1%3D5872395982827638%26eid%3D5872395982827638%26t%3D134%26d%3D312642%26t1%3D134%26pvc%3D0%26ap%3D1174%26sap%3D1174%26as%3Drevenue%26plat%3D1%26bra%3Dmod12-c%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dnorsecorp_com-box-1-5872395982827638%26eb_br%3D116f73d8738ced0c5546d5313109581e%26eba%3D1%26ebss%3D10061%26bv%3D13%26bvm%3D0%26bvr%3D3%26shp%3D3%26acptad%3D1%26br1%3D5000%26br2%3D10000%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D63%2C14%2C28%2C4%2C51%2C0%2C88%2C0%2C71%2C30%2C0%2C31%2C901%2C902%2C903%26deal1%3D27%2C28%2C29%2C30%2C760%2C761%2C813%2C815%2C816%2C817%2C818%2C819%2C899%2C917%2C918%2C919%2C1794%2C26%26lb%3D10000%26reqt%3D1642779462095&eri=1&cookie=ID%3D50e7fab6738a1e29-22d47f0927cd00f5%3AT%3D1642779459%3AS%3DALNI_MY-ZjE3tblcg0eQ3IFb-M7Hbj747g&bc=23&abxe=1&dt=1642779462101&lmt=1642777889&dlt=1642779458329&idt=454&frm=20&biw=1600&bih=1200&oid=2&adxs=1047&adys=363&adks=548144645&ucis=1&ifi=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fnorsecorp.com%2F&vis=1&scr_x=0&scr_y=0&psz=340x294&msz=336x280&ga_vid=1998640265.1642779459&ga_sid=1642779459&ga_hid=1124825451&ga_fc=false&fws=4&ohw=1600&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

c4fdf79922f0ec42cea129fb14f593854e3d38033b6a36ca6394a83e78ad7f91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://norsecorp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Fri, 21 Jan 2022 15:37:43 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 232
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: http://norsecorp.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 v1 Show response
hb-api.omnitagjs.com/hb-api/prebid/ 356 B
703 B 235ms
80ms XHR
application/json 185.255.84.150

General

Check archive.org

Show headers Download Go to

Full URL

https://hb-api.omnitagjs.com/hb-api/prebid/v1?RefererUrl=http%3A%2F%2Fnorsecorp.com%2F&CanonicalUrl=https%3A%2F%2Fnorsecorp.com%2F&PublisherDomain=http%3A%2F%2Fnorsecorp.com

Requested by

Host: go.ezodn.com
URL: http://go.ezodn.com/hb/dall.js?b=adyoulike,amx,criteo,oftmedia,onemobile,onetag,pubmatic,pulsepoint,sharethrough,smilewanted,yahoossp&cb=195-0-33

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.255.84.150 -, , ASN (),

Reverse DNS

Software

ayl-lb-fra02 /

Resource Hash

17f123f5cb0f67ca20a1ddb7ec81b9cf1a6c54930c6ffb5cad518d5fc794139e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://norsecorp.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 21 Jan 2022 15:37:44 GMT
x-content-type-options: nosniff
server: ayl-lb-fra02
vary: Accept-Encoding
access-control-allow-methods: OPTIONS, POST
content-type: application/json; charset=utf-8
access-control-allow-origin: http://norsecorp.com
access-control-max-age: 3600
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-envoy-upstream-service-time: 62
access-control-allow-headers: Accept-Encoding, Content-Type
content-length: 356
expires: 0

POST
H2 200 / Show response
prebid.smilewanted.com/ 0
434 B 195ms
41ms XHR
application/json 104.22.69.131

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.smilewanted.com/
Requested by: Host: go.ezodn.com
URL: http://go.ezodn.com/hb/dall.js?b=adyoulike,amx,criteo,oftmedia,onemobile,onetag,pubmatic,pulsepoint,sharethrough,smilewanted,yahoossp&cb=195-0-33
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.22.69.131 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://norsecorp.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 21 Jan 2022 15:37:44 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/json
access-control-allow-origin: http://norsecorp.com
access-control-allow-credentials: true
cf-ray: 6d11a0238ac74309-FRA
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

POST
H2 200 / Show response
prebid.smilewanted.com/ 0
76 B 196ms
43ms XHR
application/json 104.22.69.131

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.smilewanted.com/
Requested by: Host: go.ezodn.com
URL: http://go.ezodn.com/hb/dall.js?b=adyoulike,amx,criteo,oftmedia,onemobile,onetag,pubmatic,pulsepoint,sharethrough,smilewanted,yahoossp&cb=195-0-33
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.22.69.131 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://norsecorp.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 21 Jan 2022 15:37:44 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/json
access-control-allow-origin: http://norsecorp.com
access-control-allow-credentials: true
cf-ray: 6d11a0238acb4309-FRA
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

POST
H2 200 / Show response
prebid.smilewanted.com/ 0
77 B 207ms
54ms XHR
application/json 104.22.69.131

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.smilewanted.com/
Requested by: Host: go.ezodn.com
URL: http://go.ezodn.com/hb/dall.js?b=adyoulike,amx,criteo,oftmedia,onemobile,onetag,pubmatic,pulsepoint,sharethrough,smilewanted,yahoossp&cb=195-0-33
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.22.69.131 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://norsecorp.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 21 Jan 2022 15:37:44 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: application/json
access-control-allow-origin: http://norsecorp.com
access-control-allow-credentials: true
cf-ray: 6d11a0238ace4309-FRA
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With

POST
H2 204 c Show response
prebid.a-mo.net/a/ 0
345 B 505ms
303ms XHR
text/plain 147.75.61.140

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: go.ezodn.com
URL: http://go.ezodn.com/hb/dall.js?b=adyoulike,amx,criteo,oftmedia,onemobile,onetag,pubmatic,pulsepoint,sharethrough,smilewanted,yahoossp&cb=195-0-33
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.75.61.140 -, , ASN (),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://norsecorp.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: http://norsecorp.com
date: Fri, 21 Jan 2022 15:37:43 GMT
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
server: envoy
x-envoy-upstream-service-time: 205
vary: origin, Accept-Encoding

POST
H2 204 ortb Show response
bid.contextweb.com/header/ 0
183 B 299ms
94ms XHR
text/plain 198.148.27.134

General

Check archive.org

Show headers Download Go to

Full URL: https://bid.contextweb.com/header/ortb?src=prebid
Requested by: Host: go.ezodn.com
URL: http://go.ezodn.com/hb/dall.js?b=adyoulike,amx,criteo,oftmedia,onemobile,onetag,pubmatic,pulsepoint,sharethrough,smilewanted,yahoossp&cb=195-0-33
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 198.148.27.134 -, , ASN (),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://norsecorp.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: http://norsecorp.com
access-control-expose-headers: Access-Control-Allow-Origin
access-control-allow-credentials: true
x-envoy-upstream-service-time: 1
x-no-bid-reason: Passback by decision
date: Fri, 21 Jan 2022 15:37:44 GMT
server: envoy

POST
H2 204 cdb Show response
bidder.criteo.com/ 0
213 B 249ms
17ms XHR
text/plain 178.250.0.165

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=34&wv=6.0.0&cb=79329586736

Requested by

Host: go.ezodn.com
URL: http://go.ezodn.com/hb/dall.js?b=adyoulike,amx,criteo,oftmedia,onemobile,onetag,pubmatic,pulsepoint,sharethrough,smilewanted,yahoossp&cb=195-0-33

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.0.165 -, , ASN (),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: http://norsecorp.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 21 Jan 2022 15:37:43 GMT
server: Finatra
vary: Origin
access-control-allow-origin: http://norsecorp.com
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; preload;
timing-allow-origin: *

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
111 B 160ms
12ms XHR
text/plain 18.184.27.79

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: go.ezodn.com
URL: http://go.ezodn.com/hb/dall.js?b=adyoulike,amx,criteo,oftmedia,onemobile,onetag,pubmatic,pulsepoint,sharethrough,smilewanted,yahoossp&cb=195-0-33
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.184.27.79 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://norsecorp.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: http://norsecorp.com
date: Fri, 21 Jan 2022 15:37:44 GMT
access-control-allow-credentials: true
vary: Origin

POST
H2 200 prebid-request Show response
onetag-sys.com/ 15 B
359 B 157ms
10ms XHR
application/json 51.89.9.251

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/prebid-request

Requested by

Host: go.ezodn.com
URL: http://go.ezodn.com/hb/dall.js?b=adyoulike,amx,criteo,oftmedia,onemobile,onetag,pubmatic,pulsepoint,sharethrough,smilewanted,yahoossp&cb=195-0-33

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.251 -, , ASN (),

Reverse DNS

Software

Resource Hash

663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: http://norsecorp.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
access-control-allow-origin: http://norsecorp.com
cache-control: no-transform, no-cache
access-control-allow-credentials: true
content-type: application/json
access-control-allow-headers: content-type, origin, referer, user-agent
content-length: 41

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 19 KB
11 KB 279ms
136ms XHR
application/json 37.252.173.22

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: go.ezodn.com
URL: http://go.ezodn.com/hb/dall.js?b=adyoulike,amx,criteo,oftmedia,onemobile,onetag,pubmatic,pulsepoint,sharethrough,smilewanted,yahoossp&cb=195-0-33

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.173.22 -, , ASN (),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

1ffe4458e458d433dfa6054f86481a2ed105a8f694d888434480cd5cb415d762

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: http://norsecorp.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Content-Type: text/plain

Response headers

Date: Fri, 21 Jan 2022 15:37:44 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 185.213.155.165; 185.213.155.165; 536.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 14910797-ce35-49db-95e6-8afb4c7c5d63
Server: nginx/1.17.9
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: http://norsecorp.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 49ms
48ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=norsecorp.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://norsecorp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 21 Jan 2022 15:37:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 49ms
49ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=norsecorp.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022011002.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://norsecorp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 21 Jan 2022 15:37:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET ads
securepubads.g.doubleclick.net/gampad/ 0
0

GET
H/1.1 200
OK army.gif Show response
norsecorp.com/porpoiseant/ 0
822 B 88ms
88ms XHR
text/plain 2606:4700:3031::ac43:a8b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://norsecorp.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNTg3MjM5NTk4MjgyNzYzOCIsImRvbWFpbl9pZCI6IjMxMjY0MiIsInVuaXQiOiJkaXYtZ3B0LWFkLW5vcnNlY29ycF9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2NDI3Nzk0NTgsImFkX3Bvc2l0aW9uIjoxMTc0LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImZjYTdjOTk3LWM0NjQtNDk3NC01YjAwLTNiZThmODRhNDY5MSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJ3b3Jkc19iZWZvcmUiLCJ2YWwiOiI4In1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: norsecorp.com
URL: http://norsecorp.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1c-2y1d-1y1f-5y21-3y34-23y53-1&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1cx1dx1fx21x34x53
Protocol: HTTP/1.1
Server: 2606:4700:3031::ac43:a8b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://norsecorp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 21 Jan 2022 15:37:44 GMT
CF-Cache-Status: BYPASS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
vary: Accept-Encoding, Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BIN4xg%2BExpb7IJNMNZJlpcjz97b8QvU4K5nmKef1Jfm2q%2Fx42ciXNCTOf6ICl12cZJK%2BIivoww%2FwgbwqYiMxtrbyc%2FIFOhu6cSsGg9U%2BIYMJbW6Y%2FrBPo7D6SqGAml0At78DVonCSEZ6esQY"}],"group":"cf-nel","max_age":604800}
Content-Type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 6d11a0254ec08b96-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 0
expires: Thu, 20 Jan 2022 15:37:39 GMT

GET
H/1.1 200
OK army.gif Show response
norsecorp.com/porpoiseant/ 0
822 B 46ms
45ms XHR
text/plain 2606:4700:3031::ac43:a8b9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://norsecorp.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiNTg3MjM5NTk4MjgyNzYzOCIsImRvbWFpbl9pZCI6IjMxMjY0MiIsInVuaXQiOiJkaXYtZ3B0LWFkLW5vcnNlY29ycF9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2NDI3Nzk0NTgsImFkX3Bvc2l0aW9uIjoxMTc0LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6ImZjYTdjOTk3LWM0NjQtNDk3NC01YjAwLTNiZThmODRhNDY5MSIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6IjEwNDcifSx7Im5hbWUiOiJwb3NfeSIsInZhbCI6IjM2MyJ9LHsibmFtZSI6ImlzX2Zsb2F0aW5nIiwidmFsIjoiZmFsc2UifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: norsecorp.com
URL: http://norsecorp.com/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1c-2y1d-1y1f-5y21-3y34-23y53-1&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1cx1dx1fx21x34x53
Protocol: HTTP/1.1
Server: 2606:4700:3031::ac43:a8b9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://norsecorp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 21 Jan 2022 15:37:44 GMT
CF-Cache-Status: BYPASS
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
vary: Accept-Encoding, Accept-Encoding
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7kqmZmqFsCMGPLj%2BKKfC%2BdEqIPEH9sm6EZrEXosA9Wo7FaDmMhxMsL1IgAKG4ID%2FTkS%2FKFs9J13fPojSkzWSXhd3etppEgr%2B7ETAcMtj3hAJbB8Cikd%2BkUZnp5Ra64%2B39tdjO38JYn0Q28XK"}],"group":"cf-nel","max_age":604800}
Content-Type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: private, max-age=0, must-revalidate, no-cache, no-store
Connection: keep-alive
Accept-Ranges: bytes
CF-RAY: 6d11a0252f2f4a5b-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length: 0
expires: Thu, 20 Jan 2022 15:37:43 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=287171963738214&correlator=3538596886777909&output=ldjh&impl=fifs&eid=31063820%2C31063823&vrg=2022011002&ptt=17&sc=0&sfv=1-0-38&ecs=20220121&iu_parts=1254144%3A22606262140%2Cnorsecorp_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280&ris=2&rcs=2&prev_scp=a%3D%257C3%257C%26iid1%3D5872395982827638%26eid%3D5872395982827638%26t%3D134%26d%3D312642%26t1%3D134%26pvc%3D0%26ap%3D1174%26sap%3D1174%26as%3Drevenue%26plat%3D1%26bra%3Dmod12-c%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dnorsecorp_com-box-1-5872395982827638%26eb_br%3D72c13a89ac876aaffdde39253459460b%26eba%3D1%26ebss%3D10061%26bv%3D13%26bvm%3D0%26bvr%3D3%26shp%3D3%26acptad%3D1%26br1%3D1800%26br2%3D10000%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D63%2C14%2C28%2C4%2C51%2C0%2C88%2C0%2C71%2C30%2C0%2C31%2C901%2C902%2C903%26deal1%3D27%2C28%2C29%2C30%2C760%2C761%2C813%2C815%2C816%2C817%2C818%2C819%2C899%2C917%2C918%2C919%2C1794%2C26%2C21%2C22%2C23%2C24%2C25%2C26%26lb%3D5000%26reqt%3D1642779462745&eri=1&cookie=ID%3D50e7fab6738a1e29%3AT%3D1642779459%3AS%3DALNI_MaihFRgvjH7ro0LyqfrmNcGJbE7DQ&bc=23&abxe=1&dt=1642779463752&lmt=1642777889&dlt=1642779458329&idt=454&frm=20&biw=1600&bih=1200&oid=2&adxs=1047&adys=363&adks=548144645&ucis=1&ifi=3&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=http%3A%2F%2Fnorsecorp.com%2F&vis=1&scr_x=0&scr_y=0&psz=340x294&msz=336x280&ga_vid=1998640265.1642779459&ga_sid=1642779459&ga_hid=1124825451&ga_fc=false&fws=4&ohw=1600&btvi=0&nvt=1

Verdicts & Comments Add Verdict or Comment

204 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

20 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.norsecorp.com/	1970-01-20 00:19:41	Name: ppwp_wp_session Value: 587fc6f6d6917a71e4cdc94b9c8cb6d1%7C%7C1642781258%7C%7C1642780898
.norsecorp.com/	1970-01-20 00:19:41	Name: ezoadgid_312642 Value: -1
.norsecorp.com/	1970-01-20 00:19:46	Name: ezoref_312642 Value:
.norsecorp.com/	1970-01-20 00:19:46	Name: ezoab_312642 Value: mod12-c
.norsecorp.com/	1970-01-20 00:22:32	Name: active_template::312642 Value: pub_site.1642779458
.norsecorp.com/	1970-01-20 00:19:41	Name: ezopvc_312642 Value: 1
.norsecorp.com/	1970-01-20 00:21:05	Name: ezepvv Value: 0
.norsecorp.com/	1970-01-20 00:19:41	Name: ezovid_312642 Value: 1925185258
.norsecorp.com/	1970-01-20 00:19:41	Name: lp_312642 Value: http://norsecorp.com/
.norsecorp.com/	1970-01-20 00:22:32	Name: ezovuuidtime_312642 Value: 1642779458
.norsecorp.com/	1970-01-20 00:19:41	Name: ezovuuid_312642 Value: d6b08910-1279-4629-54b0-3e78d835db86
norsecorp.com/	1970-01-22 13:38:51	Name: ezds Value: ffid%3D1%2Cw%3D1600%2Ch%3D1200
norsecorp.com/	1970-01-22 13:38:51	Name: ezohw Value: w%3D1600%2Ch%3D1200
norsecorp.com/	1969-12-31 23:59:59	Name: ezouspvv Value: 0
norsecorp.com/	1969-12-31 23:59:59	Name: ezouspva Value: 0
.quantserve.com/	1970-01-20 09:49:53	Name: mc Value: 61ead343-71cdf-0a7f3-81f77
.norsecorp.com/	1970-01-20 09:44:08	Name: __qca Value: P0-105610269-1642779458692
norsecorp.com/	1970-01-20 09:05:15	Name: ezux_lpl_312642 Value: 1642779458798\|fca7c997-c464-4974-5b00-3be8f84a4691\|false
.doubleclick.net/	1970-01-20 09:41:15	Name: IDE Value: AHWqTUmRN1nFzecPad-N-2l_nXuiiusvPtODH1ZrganPRJuDec2OTKR_MfbIkh2OgU8
.norsecorp.com/	1970-01-20 09:41:15	Name: __gads Value: ID=50e7fab6738a1e29:T=1642779459:S=ALNI_MaihFRgvjH7ro0LyqfrmNcGJbE7DQ

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: http://norsecorp.com/ Message: The resource http://go.ezodn.com/hb/dall.js?b=adyoulike,amx,criteo,oftmedia,onemobile,onetag,pubmatic,pulsepoint,sharethrough,smilewanted,yahoossp&cb=195-0-33 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: http://norsecorp.com/ Message: The resource https://fonts.googleapis.com/css?family=Montserrat:300,300italic,400,400italic,500,500italic,600,600italic,700,700italic,800,800italic&subset=latin,cyrillic,cyrillic-ext,greek,greek-ext,latin-ext\|PT+Serif:300,300italic,400,400italic,500,500italic,700,700italic,800,800italic\|Playfair+Display+SC:300,300italic,400,400italic,500,500italic,700,700italic,800,800italic\|Raleway:300,300italic,400,400italic,500,500italic,700,700italic,800,800italic&display=optional was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a5d6i8s2.rocketcdn.me
adservice.google.com
adservice.google.de
b8c62013b01464369e7170c6d03c131c.safeframe.googlesyndication.com
bid.contextweb.com
bidder.criteo.com
btlr.sharethrough.com
edge.quantserve.com
fonts.googleapis.com
go.ezodn.com
go.ezoic.net
hb-api.omnitagjs.com
ib.adnxs.com
norsecorp.com
onetag-sys.com
pagead2.googlesyndication.com
pixel.quantserve.com
prebid.a-mo.net
prebid.smilewanted.com
rules.quantcount.com
securepubads.g.doubleclick.net
signal3domain.online
tpc.googlesyndication.com
www.google.com
www.norsecorp.com
securepubads.g.doubleclick.net
104.22.69.131
142.250.181.226
147.75.61.140
151.139.128.11
178.250.0.165
18.184.27.79
185.255.84.150
198.148.27.134
2600:9000:2261:ae00:2:cb38:840:93a1
2600:9000:2315:800:6:44e3:f8c0:93a1
2606:4700:3031::ac43:a8b9
2606:4700:3032::6815:3eee
2606:4700:3036::ac43:a1d1
2620:116:800d:21:3175:5196:e3fd:8c1d
2620:116:800d:21:ee05:6a01:4b41:8c89
2a00:1450:4001:808::2002
2a00:1450:4001:811::200a
2a00:1450:4001:812::2004
2a00:1450:4001:828::2001
2a00:1450:4001:829::2002
2a00:1450:4001:830::2002
2a00:1450:4001:831::2001
3.230.196.167
37.252.173.22
51.89.9.251
10d4b728888654e0b85c706a9310b551087d3321fb8ebfff147d07b13fa73bf0
14d58600f8072475498254d3d389a0522150add829da0f109178137c43286cf5
17f123f5cb0f67ca20a1ddb7ec81b9cf1a6c54930c6ffb5cad518d5fc794139e
1ffe4458e458d433dfa6054f86481a2ed105a8f694d888434480cd5cb415d762
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
31a1a29646c7d478a506abe5bf890093f59268b3630b3cee30e76bc06d92f644
487fce51fd801415c362f3f9f2df43c445a4b9ba38f9b6d49dfc898dc85ede94
490590f2014802f63e54e8415e6733372c617450da2d740a76d1a12718669728
4d553d2a35cfc9479ffc7eacf11d53dc97a7f6190fecfff0dcd28acca93381f3
54e0533688c42c8b7312dbfe753cbfe500989129f1fef0e0edfc8505d3fd22c5
5584809aa902aaa236a75bc6ecdd04661304da64818f8ec3b3c23a9c884398fe
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
606b2e8df43a5d29595409574de9b68a4bc814c017d81827053f0ad0476f710b
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
634516e8f5e275d5b6cd54fa11cc086ac80a85a040a812c44ebca0abf2899fc9
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
7aef5068f61e4747286d251a0c58705239a7ce6ec0a2e079e90259918ed0551f
8ceb3992861ed1fda25855c2e500e76842ae0d788405e50e3a9f45df36499cf6
94edf973e9deb80b5eccf17f8f3108eafe15209fe25fe417e8f8962a4d8f48b3
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a89057208861e739c4ea6ea2e1126afd5b41c89f22548e5afeb74b7c71614777
adce05c7ea64af30a2b0636f3f18aa3d88a5d168222bc52a9419f6e6b1b710ac
c4fdf79922f0ec42cea129fb14f593854e3d38033b6a36ca6394a83e78ad7f91
c90cff659645a312a28804965f3dbc34061338f7234ff5d6ddb2c57e9eadec15
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
d9f85775d451f3dc25b079ec24c1f5eda45903fe10b44daec50dce663f1fdf5e
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
e1a156c3daa4ae0c41f21ef266131ca5a34d56695e3d860b232da142ef031234
e2cf28a5cc075cb602d1fc628e07c33e1446bc58a89e32dc604bf560f4cb2698
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e87e542e34fc3af7847f53ae5c258f82ff2d8739646ed8d249c9a54ede9f7128
eaaab5a6e7104dc29a8c385cede966014b966b747506f776fd579e9eedce4b43
f3752e2040543ce4035d2efa29ee803501dc94588238a6fbcfc38e34b16e4701
f57c348232fa255e3ac9820f1ab9c664d45b6ccc0fc0103d71a05052d27bb2b6
ffb648200f12e9e83c7a7d94892271c74f23b39d6f77b9df5e21c96166a41ecb

norsecorp.com Open in urlscan Pro 2606:4700:3031::ac43:a8b9 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

56 Requests

64 %HTTPS

56 %IPv6

20 Domains

25 Subdomains

24 IPs

2 Countries

552 kBTransfer

1570 kBSize

20 Cookies

2 Outgoing links

Page URL History

Redirected requests

56 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

norsecorp.com Open in urlscan Pro
2606:4700:3031::ac43:a8b9 Public Scan

Screenshot
Live screenshot

Full Image

56
Requests

64 %
HTTPS

56 %
IPv6

20
Domains

25
Subdomains

24
IPs

2
Countries

552 kB
Transfer

1570 kB
Size

20
Cookies

56 HTTP transactions
1 data transactions